VB2023 programme

The VB2023 programme is still evolving, please check back here for updates!


Wednesday 4 October 2023

Time Green room Red room
Small Talks
10:30 - 10:40

Opening address
(takes place in the Green room)

10:40 - 11:20 Keynote address: Solving cyber insecurity Martin Lee (Cisco Talos)
(takes place in the Green room)
  
11:20 - 11:50 TetrisPhantom: targeted attacks using secure USB Noushin Shabab (Kaspersky) RedStinger: new APT discovered amid Russia-Ukraine conflict Roberto Santos (Independent researcher) & Hossein Jazi (Fortinet)  
11:50 - 12:20 Tales from a cloud CSIRT – let's deep dive into a Kubernetes (k8s) infection Santiago Abastante (Solidarity Labs) The evolution of TA551 Berk Albayrak (PRODAFT)  
12:20 - 14:00 Lunch 
14:00 - 14:30 Let's go door with KCP Yoshihiro Ishikawa & Takuma Matsumoto (LAC) Possible supply chain attack targeting South Asian government delivers Shadowpad Daniel Lunghi (Trend Micro) Applied one-to-many code similarity analysis using MCRIT Daniel Plohmann (Fraunhofer FKIE)
14:30 - 15:00 Unravelling the MOVEit vulnerability: a journey from exploitation to Clop ransomware infestation Prashant Tilekar (Forescout Technologies) SharpTongue: pwning your foreign policy, one interview request at a time Tom Lancaster (Volexity)
15:00 - 15:30 Abusing Electron-based applications in targeted attacks Jaromir Horejsi (Trend Micro) Darkbit decoded: analysis of an Iranian-sponsored attack Itay Cohen & Ben Herzog (Check Point) PARTNER PRESENTATION: Reversing Nim binaries Holger Unterbrink (Cisco Talos)
15:30 - 16:00 Tea/Coffee 
16:00 - 16:30 Lazarus campaigns and backdoors in 2022-2023 Peter Kálnai (ESET)  Sheep's clothing of deep & dark web operators: there are no secrets you can hide forever Youjin Lee, Kyunghee Kim, Jungyeon Lim & Dasom Kim (S2W) Data mining, darknet and chat monitoring – a deep dive into Telegram monitoring and the latest features of the AIL framework Steve Clement (Luxembourg House of Cybersecurity) & Aurélien Thirion (CIRCL)

16:30 - 17:00 Everything happens for a reason: the choices made by ransomware operators Jono Davis (PwC) Hit the bullseye: detecting browser exploits abusing the X memory in WebAssembly Tao Yan & Edouard Bochin (Palo Alto Networks)
17:00 - 17:30 Side loading is not dead: the Chinese and the Korean way Gabor Szappanos (Sophos) Browser extensions as an emerging threat vector: unveiling the MANGO malware Bahare Sabouri (Google)  
17:30 - 18:30  Posters will be displayed throughout the day in the conference foyer, with a poster presentation session at the end of the day.
19:30 - 21:00 VB2023 drinks reception

Thursday 5 October 2023

Time Green room Red room
Small Talks / Threat Intelligence Practitioners' Summit
09:00 - 09:30 South Korean Android banking menace – FakeCalls Raman Ladutska (Check Point) The history and tactics of visa-centric scams in search, spam, and social apps Chris Boyd (Malwarebytes)

CTA Threat Intelligence Practitioners' Summit:
Welcome address Michael Daniel (Cyber Threat Alliance)

followed by

Keynote: Evolution vs extinction & the 10th man Dave Lewis (Cisco)

09:30 - 10:00 Terror in Peru: the Zanubis banking trojan Fernando Diaz Urbano (VirusTotal)   FirePeony: a ghost wandering around the Royal Road Rintaro Koike & Shogo Hayashi (NTT Security Holdings) CTA Threat Intelligence Practitioners' Summit:
Exploring the efficacy of community-driven TI: a real-world approach Samir Mody & Hariharan S (K7) 
10:00 - 10:30 Looking into TUT's tomb: the universe of threats in LATAM Camilo Gutiérrez Amaya & Fernando Tavella (ESET) Mac-ing sense of the 3CX supply chain attack: analysis of the macOS payloads Patrick Wardle (Objective-See) CTA Threat Intelligence Practitioners' Summit:
Little crumbs can lead to giants Christiaan Beek (Rapid7) 
10:30 - 11:00 Tea/Coffee 
11:00 - 11:30 Don't flatten yourself: restoring malware with Control-Flow Flattening obfuscation Geri Revay (Fortinet) When a botnet cries: detecting botnet infection chains Guillaume Couchard & Erwan Chevalier (Sekoia.io)  CTA Threat Intelligence Practitioners' Summit:
Operation Cookiemonster – the law enforcement response to the notorious Genesis Market Marijn Schuurbiers (Europol)
11:30 - 12:00 DNS "takeover": the full journey and redemption John Jensen & Ines Vestia (Silent Push) Look out! Outlook's gonna get you! Anurag Shandilya (K7 Computing)  CTA Threat Intelligence Practitioners' Summit: 
Panel: All for value and value for all – 'responding RFIs: the merit lies in the difficulty' Douglas Santos (Fortinet), Kathi Whitbey (Palo Alto Networks), Noortje Henrichs (National Cybersecurity Centre, Netherlands), Righard Zwienenberg (ESET)
12:00 - 12:30 "Undocumented"[2:] MSI format. Take it. We are gganbu, aren't we? Daniel (Jinyoung) Choi (Avira, part of Gen) $100 hardware backdoors – your old routers may be happily spilling corporate secrets Cameron Camp (ESET) CTA Threat Intelligence Practitioners' Summit: 
Why joining forces can help solve the crime… or not
Sara Eberle (Sophos) & Doug Domin (FBI)
12:30 - 14:00 Lunch 
14:00 - 14:30 R2R stomping – are you ready to run? Jiří Vinopal (Check Point Research)  Stolen cookies, stolen identity: how malware makers are exploiting the insecurity of browser data storage Joshua Long (Intego) CTA Threat Intelligence Practitioners' Summit:
Fireside chat: Dream on: exploring the community effect in cybersecurity 
Kathi Whitbey (Palo Alto Networks), Selena Larson (Proofpoint), Jeannette Jarvis (Cyber Threat Alliance)
14:30 - 15:00 Deobfuscating virtualized malware using Hex-Rays Decompiler Georgy Kucherin (Kaspersky) May the Shadow Force be with Maggie – Shadow Force Group characteristics and relationship to Maggie Minseok (Jacky) Cha, Junseok Kim & Jaejin Lee (AhnLab) CTA Threat Intelligence Practitioners' Summit: 
AI-based digital evidence enhancement technology for profiling attack groups and techniques to respond to cybersecurity threats
Kihong Kim, Changgyun Kim & Hyunjong Lee (SANDS Lab)

15:00 - 15:30 Dancing the night away with named pipes Daniel Stepanic (Elastic) USB flows in the Great River: classic tradecraft is still alive Hiroshi Takeuchi (MACNICA)

CTA Threat Intelligence Practitioners' Summit:
The global state of scams in 2023 Jorij Abraham (GASA)

15:30 - 16:00 Tea/Coffee 
16:00 - 16:30 Ransoming and clipping for illicit cryptocurrency gains Chetan Raghuprasad (Cisco Talos) C2F2: a framework for detecting C2 frameworks at scale Sebastiano Mariani, Oleg Boyarchuk, Stefano Ortolani & Giovanni Vigna (VMware) CTA Threat Intelligence Practitioners' Summit: 
Panel: Securing the future: the vital role of computer security vendors in an AI-driven world Samir Mody (K7), Abhishek Karnik (McAfee), Selena Larson (Proofpoint)
16:30 - 17:00 Into the Cumulus: Scarcruft bolsters arsenal for targeting individual Android devices Sebin Lee, Sojun Ryu, Hyeokju Gwon & Youngjae Shin (S2W)  Unveiling activities of Tropic Trooper 2023: deep analysis of Xiangoop Loader and EntryShell payload Suguru Ishimaru (ITOCHU Cyber & Intelligence), Hajime Yanagishita (MACNICA) & Yusuke Niwa (ITOCHU Cyber & Intelligence)  CTA Threat Intelligence Practitioners' Summit: 
Emotet in 2023: a comprehensive overview for decision makers on the resurgence, evolution and threat landscape Jonas Walker (Fortinet)
17:00 - 17:30     CTA Threat Intelligence Practitioners' Summit: 
Closing keynote Michael Daniel (Cyber Threat Alliance)
17:30 - 18:30  Posters will be displayed throughout the day in the conference foyer, with a poster presentation session at the end of the day.
19:30 - 23:00 VB2023 gala dinner & entertainment - featuring the world's number one ethical pickpocket!

Friday 6 October 2023

Time Green room Red room
Small Talks
09:30 - 10:00 Intent-based approach to detect email account compromise Abhishek Singh & Fahim Abbasi (Cisco) Magniber's missteps: because even spiders trip over their own web Amata Anantaprayoon & Patrik Olson (NTT Security Holdings) Panel discussion: Addressing the ransomware threat from outside the lab Chester Wisniewski (Sophos), Paul Ducklin (Independent), Samir Mody (K7), Kathi Whitbey (Palo Alto Networks) & Kathryn Sherman (FBI)
10:00 - 10:30 Generic script emulation Kurt Natvig (Acronis) Building a cybersecurity AI dataset for a secure digital society Bomin Choi, Juhyuk Kim & Hoseok Ryu (KISA - Korean Internet & Security Agency)
10:30 - 11:00 Tea/Coffee 
11:00 - 11:30 The Dragon who sold his Camaro: reversing a custom router implant Itay Cohen & Radoslaw Madej (Check Point)  It all makes sense if you don't think about it – misinformation in malware analysis Łukasz Siewierski (Independent researcher) WORKSHOP: Modern threat hunting presented by Fernando Diaz Urbano, VirusTotal

11:30 - 12:00 Turla and Sandworm come filelessly Alexander Adamov (NioGuard Security Lab) MEGALO-(414E)-DON: uncovering data espionage, blackmailing and shell companies in mobile lending apps Jagadeesh Chandraiah (Sophos)
12:00 - 12:30 Teasing the secrets from threat actors: malware configuration extractors Mark Lim & Zong-Yu Wu (Palo Alto Networks) Web3 will bite you in the Web 2.0: exploring IPFS threats Morton Swimmer (Trend Micro) 
12:30 - 14:00 Lunch 
14:00 - 14:30 The Dropping Elephant never dropped Ye Jin (Kaspersky) W3LL phishing kit – the tools, the criminal ecosystem, and the market impact Martijn van den Berk & Nicholas Palmer (Group-IB)  Reserve paper* 
14:30 - 15:00 Reinventing the steal: Arid Viper now with a Rusty flavour Matias Porolli (ESET) Corporate users in the crosshairs as malvertising gains momentum again Jérôme Segura (Malwarebytes)  Reserve paper* 
15:00 - 15:30 Tea/Coffee 
15:30 - 16:10 Keynote address: The physics of information asymmetry Juan Andrés Guerrero-Saade (SentinelOne)
(takes place in the Green room)
16:10 - 16:20 Conference closing session  
(takes place in the Green room)
16:20 - 17:20  Posters will be displayed throughout the day in the conference foyer, with a poster presentation session at the end of the day.

*Reserve papers

Should these papers not be required to replace papers on the main programme, they will be presented in the Small Talks room on Friday 6 October.

 

Back to VB2023 conference page

Register for VB2023