Time | Green room | Red room |
Small Talks |
10:30 - 10:40 |
Conference opening session |
||
10:40 - 11:20 | Opening keynote: Solving puzzles: protecting high-risk communities Runa Sandvik (Granitt) (takes place in the Green room) |
||
11:20 - 11:50 | From code to crime: exploring threats in GitHub Codespaces Jaromir Horejsi & Nitesh Surana (Trend Micro) | Breaking boundaries: investigating vulnerable drivers and mitigating risks Jiří Vinopal (Check Point) | |
11:50 - 12:20 | Project 0xA11C: deoxidizing the Rust malware ecosystem Nicole Fishbein (Intezer) & Juan Andrés Guerrero-Saade (SentinelOne) | P-wave of malicious code signing Yuta Sawabe, Shogo Hayashi & Rintaro Koike (NTT Security Holdings) | |
12:20 - 14:00 | Lunch | ||
14:00 - 14:30 | Android Flutter malware Axelle Apvrille (Fortinet) | CrackedCantil: a malware symphony delivered by cracked software; performed by loaders, infostealers, ransomware, et al. Lena Yu (World Cyber Health) | Threat intelligence for high-risk communities Martijn Grooten (Internews) |
14:30 - 15:00 | Supercharge your malware analysis workflow Ryan Samaroo & Jean-Pierre Vigneault (Canadian Centre for Cyber Security) | Marketplace scams: neanderthals hunting mammoths with Telekopye Jakub Souček & Radek Jizba (ESET) | |
15:00 - 15:30 | Leveraging AI to enhance the capabilities of SHAREM Shellcode Analysis Framework Bramwell Brizendine (University of Alabama in Huntsville) | Dark deals: unveiling the underground market of exploits Anna Pavlovskaia & Vladislav Belousov (Kaspersky) | |
15:30 - 16:00 | Tea/Coffee | ||
16:00 - 16:30 | CeranaKeeper: a relentless shape-shifting group targeting Thailand Romain Dumont (ESET) | Tracking FIN7 malware honeypots, new AI deepfake lures Zach Edwards (Silent Push) | Workshop: Writing malware configuration parsers Mark Lim & Zong-Yu Wu (Palo Alto Networks) |
16:30 - 17:00 | Spot the difference: Earth Kasha's new LODEINFO campaign and the correlation analysis with APT10 umbrella Hiroaki Hara (Trend Micro) | Unveiling the dark side of set-top boxes: the Bigpanzi cybercrime syndicate Alex Turing (QI-ANXIN) | |
17:00 - 17:30 | Arming WinRAR: deep dive into APTs exploiting WinRAR's 0-day vulnerability – a SideCopy case study Sathwik Ram Prakki (Quick Heal) | ||
17:30 - 18:30 | Posters will be displayed throughout the day in the conference foyer, with a poster presentation session at the end of the day. | ||
19:30 - 21:00 | VB2024 drinks reception |
Time | Green room | Red room |
Small Talks / Threat Intelligence Practitioners' Summit |
09:00 - 09:30 | Automatically detect and support against anti-debug with IDA/Ghidra to streamline debugging process Takahiro Takeda (LAC Corp) | Over the cassowary's nest – dissecting Turla's latest revision of the Kazuar backdoor Daniel Frank & Tom Fakterman (Palo Alto Networks) |
CTA Threat Intelligence Practitioners' Summit: |
09:30 - 10:00 | An open-source cloud DFIR kit – Dredge! Santiago Abastante (Solidarity Labs) | Cybercrime turned cyber espionage: the many faces of the RomCom group Vlad Stolyarov (Google TAG) & Dan Black (Google Cloud (Mandiant)) | CTA Threat Intelligence Practitioners' Summit: Operation Endgame Nick Kiefer (BKA) & Bogdan Badiu (EC3) |
10:00 - 10:30 | The Impersonators Gabor Szappanos & Steeve Gaudreault (Sophos) | Reviewing the 2022 KA-SAT incident & implications for distributed communication environments Joe Slowik (The MITRE Corporation) | CTA Threat Intelligence Practitioners' Summit: Stix and stones: enabling faster intelligence gathering with GenAI and OASIS Kieran Hughes (Rapid7) |
10:30 - 11:00 | Tea/Coffee | ||
11:00 - 11:30 | The deck is stacked: analysis of OracleBamboo's SPYDEALER Android backdoor Paul Rascagneres & Charles Gardner (Volexity) | The dark dream of the Lumma malware developer Raman Ladutska (Check Point) | CTA Threat Intelligence Practitioners' Summit: Certified malware: a case for industry TI sharing of DigSig metadata Samir Mody (K7) |
11:30 - 12:00 | IcePeony with the '996' work culture Rintaro Koike (NTT Security Holdings) & Shota Nakajima (Cyber Defense Institute) | Mind the (air) gap: GoldenJackal gooses government guardrails Matias Porolli (ESET) | CTA Threat Intelligence Practitioners' Summit: Bye bye WarZone RAT (for now); capturing cybercriminals through #CoordindatedDisruption, Part 2 Sara Eberle (Sophos) & Mike Bordini (FBI Cybercrime) |
12:00 - 12:30 | Hospitals, airports and telcos – modern approach to attributing hacktivism attacks Itay Cohen (Check Point) | Modern-day witchcraft: a new breed of hybrid attacks by ransomware operators Vaibhav Deshmukh, Ashutosh Raina & Sudhanshu Dubey (Microsoft) | CTA Threat Intelligence Practitioners' Summit: Fireside chat: Achtung Baby! Cybersecurity insights with U2 (you too) Jeannette Jarvis (Cyber Threat Alliance), Selena Larson (Proofpoint), Jeanette Miller-Osborn (Netwitness) & Kathi Whitbey (Palo Alto Networks Unit 42) |
12:30 - 14:00 | Lunch | ||
14:00 - 14:30 | Unmasking DarkPlum: inside the operations of DPRK's elite cyber espionage group Amata Anantaprayoon & Rintaro Koike (NTT Security Holdings) | Who plays on AZORult? An unknown attacker collects various data and spreads additional payloads with AZORult for around five years Masaki Kasuya (BlackBerry) | CTA Threat Intelligence Practitioners' Summit: Unveiling cybersecurity impact: the role of published security findings in strengthening internet defence strategies Slawek Grzonkowski (Tenable) |
14:30 - 15:00 | Sugarcoating KANDYKORN: a sweet dive into a sophisticated MacOS backdoor Salim Bitam (Elastic) | Ghosts from the past: become Gh0stbusters in 2024 Hiroshi Takeuchi (MACNICA) | CTA Threat Intelligence Practitioners' Summit: Panel: Briskets or biscuits: how to construct your CTI team Noortje Henrichs (NCSC Netherlands), Hossein Jazi (Fortinet), Kathi Whitbey (Palo Alto Networks Unit 42) & Righard Zwienenberg (ESET) |
15:00 - 15:30 | Go-ing arsenal: a closer look at Kimsuky's Go strategic advancement Jiho Kim & Sebin Lee (S2W) | All quiet on the signalling front? Dispatches from the front-line of telecom network security Cathal Mc Daid (Enea) |
CTA Threat Intelligence Practitioners' Summit: |
15:30 - 16:00 | Tea/Coffee | ||
16:00 - 16:30 | Getting cozy with milk and WARMCOOKIES Daniel Stepanic (Elastic) | A web of surveillance Jurre van Bergen (Amnesty International) | CTA Threat Intelligence Practitioners' Summit: Indicator wranglin’ – an approach to dynamically typing IOCs with poor data context Noah Dunn (Palo Alto Networks Unit 42) |
16:30 - 17:00 | A wild RAT appears: reversing DinodasRAT on Linux Anderson Leite & Fabio Marenghi (Kaspersky) | BEC and phishing targets local election candidate (me!) Andrew Brandt (Sophos) | CTA Threat Intelligence Practitioners' Summit: Adaptive protection put to the test Zsombor Kovacs (MRG Effitas) & Liam O'Murchu (Symantec by Broadcom) |
17:00 - 17:30 | CTA Threat Intelligence Practitioners' Summit: Wrap-up Michael Daniel (Cyber Threat Alliance) |
||
17:30 - 18:30 | Posters will be displayed throughout the day in the conference foyer, with a poster presentation session at the end of the day. | ||
19:30 - 23:00 | Pre-dinner drinks reception followed by VB2024 gala dinner & entertainment |
Should these papers not be required to replace papers on the main programme, they will be presented in the Small Talks room on Friday 4 October.