VB2022 programme

The VB2022 programme is still evolving, please check back here for updates!


Wednesday 28 September 2022

Time Green room Red room
 Yellow room
10:40 - 10:50 Opening address    
10:50 - 11:30 Keynote: TBA    
11:30 - 12:00 The threat is stronger than the execution: the realities of hacktivism in the 2020s Blake Djavaherian (CrowdStrike) TBA TBA 
12:00 - 12:30 Uncovering a broad criminal ecosystem powered by one of the largest botnets, Glupteba Luca Nagy (Google) TBA TBA 
12:30 - 14:00 Lunch 
14:00 - 14:30 Zeroing in on XENOTIME: analysis of the entities responsible for the Triton event Joe Slowik (Gigamon)  TBA  TBA 
14:30 - 15:00 Prilex: the pricey prickle credit card complex Fabio Assolini & Fabio Marenghi (Kaspersky)  TBA  TBA 
15:00 - 15:30 Last-minute paper (TBA) TBA  TBA 
15:30 - 16:00  Tea/Coffee  
16:00 - 16:30 Exploit archaeology: a forensic history of in-the-wild NSO Group exploits  Donncha Ó Cearbhaill (Amnesty International) & Bill Marczak (Citizen Lab) TBA  TBA 
16:30 - 17:00 Last-minute paper (TBA) TBA  TBA 
17:00 - 17:30 Hunting the Android/BianLian botnet Axelle Apvrille (Fortinet)  TBA  TBA 

Thursday 29 September 2022

Time Green room Red room
Yellow room
09:00 - 09:30 EvilPlayout: attack against Iran’s state TV and radio broadcaster Alexandra Gofman, Israel Gubi & Itay Cohen (Check Point) 

CTA Threat Intelligence Practitioners' Summit: Welcome address Michael Daniel (Cyber Threat Alliance)

followed by

Keynote: ''What if?" Jaya Baloo (Avast)

TBA 
09:30 - 10:00 Russian wipers in the cyberwar against Ukraine Alexander Adamov (NioGuard Security Lab)  CTA Threat Intelligence Practitioners' Summit: Finding IOCs in unexpected places John Alexander (Mayo Clinic) TBA 
10:00 - 10:30 Legal premise to kill cyber intelligence: a case study of the defence by escape incident management approach Nathaniel Adewole (Cocreation Hub)  CTA Threat Intelligence Practitioners' Summit: Threat intelligence sharing in practice – lessons learned from the Cyber Threat Alliance Neil Jenkins (CTA) TBA 
10:30 - 11:00 Tea/Coffee 
11:00 - 11:30 War of the worlds: a study in a ransomware IR learnings & victories Peter Kruse & Jan Kaastrup (CSIS Security Group)  CTA Threat Intelligence Practitioners' Summit: Panel: A Vulcan mindmeld: from your mind to my mind Kathi Whitbey (Palo Alto Networks), Righard Zwienenberg (ESET), Noortje Henrichs (Netherlands NCSC) & Derek Manky (Fortinet) TBA 
11:30 - 12:00 Last-minute paper (TBA) CTA Threat Intelligence Practitioners' Summit: TBA Paul Vitchock (FBI) TBA 
12:00 - 12:30 Script kiddy on the deep & dark web: looks serious? But empty suit! Dasom Kim, Yeonghyeon Jeong, Yujin Lee & Jeongyeon Lim (S2W)  CTA Threat Intelligence Practitioners' Summit: From threat intelligence to active defence based on Industroyer.V2 Gergely (Geri) Revay (Fortinet) TBA 
12:30 - 14:00 Lunch
14:00 - 14:30 SHAREM: shellcode analysis framework with emulation, a disassembler, and timeless debugging Bramwell Brizendine, Jason Hince, Austin Babcock, Tarek Abdelmotaleb, Sascha Walker & Shelby VandenHoek (VERONA Labs)  CTA Threat Intelligence Practitioners' Summit: Fireside chat: IMAGINE - changing the narrative in threat intelligence collaboration Kathi Whitbey (Palo Alto Networks), Nicole Samantha van der Meulen (Europol), Selena Larson (Proofpoint) & Jeannette Jarvis (Cyber Threat Alliance) TBA 
14:30 - 15:00 Combating control flow flattening in .NET malware Georgy Kucherin (Kaspersky)  CTA Threat Intelligence Practitioners' Summit: Enhanced threat Intelligence for runtime detection Michael Gorelik (Morphisec) TBA 
15:00 - 15:30 (Encryption) time flies when you're having fun: the case of the exotic BlackCat ransomware Aleksandar Milenkoski (Cybereason)  CTA Threat Intelligence Practitioners' Summit: Tips for vetting and generating value in automated TI  Samir Mody (K7) TBA 
15:30 - 16:00 Tea/Coffee
16:00 - 16:30 Sha Zhu Pan: cocktail of cryptocurrency, social engineering and fake apps targeting Android and iPhone users Jagadeesh Chandraiah & Xinran Wu (Sophos)  CTA Threat Intelligence Practitioners' Summit: Closing keynote Michael Daniel (Cyber Threat Alliance) TBA 
16:30 - 17:00 Web3 + scams = it's a match! Zoltan Balazs (CUJO AI)    TBA 

Friday 30 September 2022

Time Green room Red room
Yellow room
09:00 - 09:30 The ATT&CK DarkHotel playbook: hunt and breach & attack simulation Shengbin Bao (Zhongfu Info) TBA  Short talks
(more details coming soon)
09:30 - 10:00 Operation Dragon Castling: suspected APT group hijacks WPS Office updater to target East Asian betting companies Luigino Camastra & Igor Morgenstern (Avast)  TBA 
10:00 - 10:30 Last-minute paper (TBA) TBA 
10:30 - 11:00 Tea/Coffee
11:00 - 11:30 Last-minute paper (TBA)  TBA  Short talks
(more details coming soon)
11:30 - 12:00 ScarCruft's information-gathering activities Tae-woo Lee, Dongwook Kim & Seulgi Lee (Korea Internet & Security Agency (KrCert/CC))  TBA 
12:00 - 12:30 Last-minute paper (TBA)  TBA 
12:30 - 14:00 Lunch
14:00 - 14:30 Unmasking WindTape Patrick Wardle (Objective-See)    Short talks
(more details coming soon)
14:30 - 15:00 Tracking the entire iceberg - long-term APT malware C2 protocol emulation and scanning Takahiro Haruyama (VMware)  Reserve paper*
15:00 - 15:30 Tea/Coffee 
15:30 - 16:00 Lazarus & BYOVD: evil to the Windows core Peter Kalnai & Matěj Havránek (ESET)  Reserve paper*  
16:00 - 16:20  Conference closing session Reserve paper*  

*Reserve papers

Should these papers not be required to replace papers on the main programme, they will be presented in Room 2 on Friday 30 September.