VB2022 programme

Please check here for any updates to the programme.


Wednesday 28 September 2022

Time Green room Red room
Foyer
10:40 - 10:50

Opening address
Jan Hruska Co-founder, Virus Bulletin

  Posters will be displayed in the conference foyer, with a poster presentation session at the end of the day
10:50 - 11:30 Keynote address: Why are you telling me this? Hakan Tanriverdi (Bayerischer Rundfunk)  
11:30 - 12:00 The threat is stronger than the execution: the realities of hacktivism in the 2020s Blake Djavaherian (Mandiant)  
12:00 - 12:30 Uncovering a broad criminal ecosystem powered by one of the largest botnets, Glupteba Luca Nagy (Google) PARTNER PRESENTATION: Building resilience through threat intelligence Cristina Vatamanu (Bitdefender)
12:30 - 14:00 Lunch
14:00 - 14:30 Zeroing in on XENOTIME: analysis of the entities responsible for the Triton event Joe Slowik (Gigamon)  
14:30 - 15:00 Prilex: the pricey prickle credit card complex Kaspersky researchers  
15:00 - 15:30 Not Safe for Windows (NSFW): a China-based threat with a lot to say Jono Davis (PwC)  
15:30 - 16:00 Tea/Coffee
16:00 - 16:30 Exploit archaeology: a forensic history of in-the-wild NSO Group exploits Donncha Ó Cearbhaill (Amnesty International) & Bill Marczak (Citizen Lab)  
16:30 - 17:00 You OTA know: combating malicious Android system updaters Łukasz Siewierski & Alec Guertin (Google)  
17:00 - 17:30 Hunting the Android/BianLian botnet Axelle Apvrille (Fortinet)  
17:30 - 18:30     Poster presentations
19:30 - 21:00 VB2022 drinks reception

Thursday 29 September 2022

Time Green room Red room (Threat Intelligence Practitioners' Summit)
Foyer
09:00 - 09:30 REMOTE PRESENTATION: EvilPlayout: attack against Iran’s state TV and radio broadcaster Alexandra Gofman, Israel Gubi & Itay Cohen (Check Point)

CTA Threat Intelligence Practitioners' Summit: Welcome address Michael Daniel (Cyber Threat Alliance)

followed by

Keynote: ''What if?" Jaya Baloo (Avast)

Posters will be displayed in the conference foyer, with a poster presentation session at the end of the day
    
09:30 - 10:00 Russian wipers in the cyberwar against Ukraine Alexander Adamov (NioGuard Security Lab) CTA Threat Intelligence Practitioners' Summit: Finding IOCs in unexpected places John Alexander (Mayo Clinic)
10:00 - 10:30 REMOTE PRESENTATION: The long arm of the prisoner: social engineering from Kenyan prisons Patricia Musomba & Tim Dagori (iHub) CTA Threat Intelligence Practitioners' Summit: Threat intelligence sharing in practice – lessons learned from the Cyber Threat Alliance Neil Jenkins (CTA)
10:30 - 11:00 Tea/Coffee
11:00 - 11:30 War of the worlds: a study in a ransomware IR learnings & victories Peter Kruse & Jan Kaastrup (CSIS Security Group) CTA Threat Intelligence Practitioners' Summit: Panel: A Vulcan mindmeld: from your mind to my mind Kathi Whitbey (Palo Alto Networks), Righard Zwienenberg (ESET), Noortje Henrichs (Netherlands NCSC) & Derek Manky (Fortinet)
11:30 - 12:00 Creepy things that glow in the dark: a deep look at POLONIUM's undocumented tools Matias Porolli (ESET), Robert Lipovsky (ESET) CTA Threat Intelligence Practitioners' Summit: Exploiting COVID-19: how threat actors hijacked a pandemic Selena Larson & Daniel Blackford (Proofpoint)
12:00 - 12:30 Script kiddy on the deep & dark web: looks serious? But empty suit! Dasom Kim, Yeonghyeon Jeong, Yujin Lee & Jeongyeon Lim (S2W) CTA Threat Intelligence Practitioners' Summit: From threat intelligence to active defence based on Industroyer.V2 Gergely (Geri) Revay (Fortinet)
12:30 - 14:00 Lunch
14:00 - 14:30 SHAREM: shellcode analysis framework with emulation, a disassembler, and timeless debugging Bramwell Brizendine (University of Alabama in Huntsville), Jason Hince, Austin Babcock, Tarek Abdelmotaleb, Sascha Walker & Shelby VandenHoek (VERONA Lab) CTA Threat Intelligence Practitioners' Summit: Fireside chat: IMAGINE - changing the narrative in threat intelligence collaboration Kathi Whitbey (Palo Alto Networks), Nicole Samantha van der Meulen (Europol), Selena Larson (Proofpoint) & Jeannette Jarvis (Cyber Threat Alliance)
14:30 - 15:00 Combating control flow flattening in .NET malware Georgy Kucherin (Kaspersky) CTA Threat Intelligence Practitioners' Summit: Enhanced CTI with runtime memory forensics Michael Gorelik (Morphisec)
15:00 - 15:30 (Encryption) time flies when you're having fun: the case of the exotic BlackCat ransomware Aleksandar Milenkoski (Cybereason) CTA Threat Intelligence Practitioners' Summit: Tips for vetting and generating value in automated TI Samir Mody (K7)
15:30 - 16:00 Tea/Coffee
16:00 - 16:30 Sha Zhu Pan: cocktail of cryptocurrency, social engineering and fake apps targeting Android and iPhone users Jagadeesh Chandraiah & Xinran Wu (Sophos) CTA Threat Intelligence Practitioners' Summit: Closing keynote Michael Daniel (Cyber Threat Alliance)
16:30 - 17:00 Web3 + scams = it's a match! Zoltan Balazs (CUJO AI)  
17:00 - 18:00     Poster presentations
19:30 - 23:00 VB2022 gala dinner

Friday 30 September 2022

Time Green room Red room
Foyer
09:00 - 09:30 REMOTE PRESENTATION: The ATT&CK DarkHotel playbook: hunt and breach & attack simulation Shengbin Bao (Zhongfu Info) Good-bye macros: peeking into a threat landscape without Office macros Hossein Jazi (Malwarebytes)  Posters will be displayed in the conference foyer, with a poster presentation session at the end of the day

09:30 - 10:00 Operation Dragon Castling: suspected APT group hijacks WPS Office updater to target East Asian betting companies Luigino Camastra & Igor Morgenstern (Avast) Keeping up with the Emotets: configuration extraction and analysis Jason Zhang, Oleg Boyarchuk & Stefano Ortolani (VMware)
10:00 - 10:30 Lessons learned from six Lapsus$ incident (responses) Gabriela Nicolao & Santiago Abastante (Deloitte)  
10:30 - 11:00 Tea/Coffee
11:00 - 11:30 Your own personal Panda: inside the CVE-2022-1040 attack Andrew Brandt (Sophos) WORKSHOP: Modern threat hunting presented by Fernando Diaz Urbano, VirusTotal  
11:30 - 12:00 ScarCruft's information-gathering activities Tae-woo Lee, Dongwook Kim & Seulgi Lee (Korea Internet & Security Agency (KrCert/CC))
12:00 - 12:30 Operation MINAZUKI: underwater invasive espionage Yoshihiro Ishikawa & Takuma Matsumoto (LAC)
12:30 - 14:00 Lunch
14:00 - 14:30 Unmasking WindTape Patrick Wardle (Objective-See) The impact of mobile networks on the 2022 Russian invasion of Ukraine Cathal Mc Daid (Enea AdaptiveMobile Security)
14:30 - 15:00 Tracking the entire iceberg - long-term APT malware C2 protocol emulation and scanning Takahiro Haruyama (VMware) An inconvenient truth about Apple security updates Joshua Long (Intego)
15:00 - 15:30 Tea/Coffee
15:30 - 16:00 Lazarus & BYOVD: evil to the Windows core Peter Kalnai & Matěj Havránek (ESET)  
16:00 - 16:20 Conference closing session
Jan Hruska Co-founder, Virus Bulletin
 
16:20 - 17:20     Poster presentations