VB2024 programme


Wednesday 2 October 2024

Time Green room Red room
Small Talks
10:30 - 10:40

Conference opening session
(takes place in the Green room)

10:40 - 11:20 Opening keynote: Solving puzzles: protecting high-risk communities Runa Sandvik (Granitt)
(takes place in the Green room)
  
11:20 - 11:50 From code to crime: exploring threats in GitHub Codespaces Jaromir Horejsi & Nitesh Surana (Trend Micro) Breaking boundaries: investigating vulnerable drivers and mitigating risks Jiří Vinopal (Check Point)  
11:50 - 12:20 Project 0xA11C: deoxidizing the Rust malware ecosystem Nicole Fishbein (Intezer) & Juan Andrés Guerrero-Saade (SentinelOne) P-wave of malicious code signing Yuta Sawabe, Shogo Hayashi & Rintaro Koike (NTT Security Holdings)   
12:20 - 14:00 Lunch 
14:00 - 14:30 Android Flutter malware Axelle Apvrille (Fortinet) CrackedCantil: a malware symphony delivered by cracked software; performed by loaders, infostealers, ransomware, et al. Lena Yu (World Cyber Health) Threat intelligence for high-risk communities Martijn Grooten (Internews) 
14:30 - 15:00 Supercharge your malware analysis workflow Ryan Samaroo & Jean-Pierre Vigneault (Canadian Centre for Cyber Security) Marketplace scams: neanderthals hunting mammoths with Telekopye Jakub Souček & Radek Jizba (ESET)
15:00 - 15:30 Leveraging AI to enhance the capabilities of SHAREM Shellcode Analysis Framework Bramwell Brizendine (University of Alabama in Huntsville) Dark deals: unveiling the underground market of exploits Anna Pavlovskaia & Vladislav Belousov (Kaspersky)  
15:30 - 16:00 Tea/Coffee 
16:00 - 16:30 CeranaKeeper: a relentless shape-shifting group targeting Thailand Romain Dumont (ESET) Tracking FIN7 malware honeypots, new AI deepfake lures Zach Edwards (Silent Push) Workshop: Writing malware configuration parsers Mark Lim & Zong-Yu Wu (Palo Alto Networks)
16:30 - 17:00 Spot the difference: Earth Kasha's new LODEINFO campaign and the correlation analysis with APT10 umbrella Hiroaki Hara (Trend Micro) Unveiling the dark side of set-top boxes: the Bigpanzi cybercrime syndicate Alex Turing (QI-ANXIN)
17:00 - 17:30 Arming WinRAR: deep dive into APTs exploiting WinRAR's 0-day vulnerability – a SideCopy case study Sathwik Ram Prakki (Quick Heal)    
17:30 - 18:30  Posters will be displayed throughout the day in the conference foyer, with a poster presentation session at the end of the day.
19:30 - 21:00 VB2024 drinks reception

Thursday 3 October 2024

Time Green room Red room
Small Talks / Threat Intelligence Practitioners' Summit
09:00 - 09:30 Automatically detect and support against anti-debug with IDA/Ghidra to streamline debugging process Takahiro Takeda (LAC Corp) Over the cassowary's nest – dissecting Turla's latest revision of the Kazuar backdoor Daniel Frank & Tom Fakterman (Palo Alto Networks)

CTA Threat Intelligence Practitioners' Summit:
Welcome address Michael Daniel (Cyber Threat Alliance)

followed by

Keynote: No more secrets in cybersecurity: implementing ‘radical transparency’ Suzanne Spaulding (CSIS)

09:30 - 10:00 An open-source cloud DFIR kit – Dredge! Santiago Abastante (Solidarity Labs) Cybercrime turned cyber espionage: the many faces of the RomCom group Vlad Stolyarov (Google TAG) & Dan Black (Google Cloud (Mandiant)) CTA Threat Intelligence Practitioners' Summit: Operation Endgame Nick Kiefer (BKA) & Bogdan Badiu (EC3)
10:00 - 10:30 The Impersonators Gabor Szappanos & Steeve Gaudreault (Sophos) Reviewing the 2022 KA-SAT incident & implications for distributed communication environments Joe Slowik (The MITRE Corporation) CTA Threat Intelligence Practitioners' Summit: Stix and stones: enabling faster intelligence gathering with GenAI and OASIS Kieran Hughes (Rapid7)

10:30 - 11:00 Tea/Coffee 
11:00 - 11:30 The deck is stacked: analysis of OracleBamboo's SPYDEALER Android backdoor Paul Rascagneres & Charles Gardner (Volexity) The dark dream of the Lumma malware developer Raman Ladutska (Check Point)  CTA Threat Intelligence Practitioners' Summit:
Certified malware: a case for industry TI sharing of DigSig metadata Samir Mody (K7)
11:30 - 12:00 IcePeony with the '996' work culture Rintaro Koike (NTT Security Holdings) & Shota Nakajima (Cyber Defense Institute) Mind the (air) gap: GoldenJackal gooses government guardrails Matias Porolli (ESET) CTA Threat Intelligence Practitioners' Summit:
Bye bye WarZone RAT (for now); capturing cybercriminals through #CoordindatedDisruption, Part 2 Sara Eberle (Sophos) & Mike Bordini (FBI Cybercrime)
12:00 - 12:30 Hospitals, airports and telcos – modern approach to attributing hacktivism attacks Itay Cohen (Check Point) Modern-day witchcraft: a new breed of hybrid attacks by ransomware operators  Vaibhav Deshmukh, Ashutosh Raina & Sudhanshu Dubey (Microsoft) CTA Threat Intelligence Practitioners' Summit:
Fireside chat: Achtung Baby! Cybersecurity insights with U2 (you too) Jeannette Jarvis (Cyber Threat Alliance), Selena Larson (Proofpoint), Jeanette Miller-Osborn (Netwitness) & Kathi Whitbey (Palo Alto Networks Unit 42)
12:30 - 14:00 Lunch 
14:00 - 14:30 Unmasking DarkPlum: inside the operations of DPRK's elite cyber espionage group Amata Anantaprayoon & Rintaro Koike (NTT Security Holdings) Who plays on AZORult? An unknown attacker collects various data and spreads additional payloads with AZORult for around five years Masaki Kasuya (BlackBerry) CTA Threat Intelligence Practitioners' Summit:
Unveiling cybersecurity impact: the role of published security findings in strengthening internet defence strategies Slawek Grzonkowski (Tenable)
14:30 - 15:00 Sugarcoating KANDYKORN: a sweet dive into a sophisticated MacOS backdoor Salim Bitam (Elastic) Ghosts from the past: become Gh0stbusters in 2024 Hiroshi Takeuchi (MACNICA) CTA Threat Intelligence Practitioners' Summit:
Panel: Briskets or biscuits: how to construct your CTI team Noortje Henrichs (NCSC Netherlands), Hossein Jazi (Fortinet), Kathi Whitbey (Palo Alto Networks Unit 42) & Righard Zwienenberg (ESET)
15:00 - 15:30 Go-ing arsenal: a closer look at Kimsuky's Go strategic advancement Jiho Kim & Sebin Lee (S2W) All quiet on the signalling front? Dispatches from the front-line of telecom network security Cathal Mc Daid (Enea)

CTA Threat Intelligence Practitioners' Summit:
Building resilience through collaboration: a data-driven and data-informed cyber threat intelligence sharing style guide based on STIX 2.1 Linda Beverly (Cyber Threat Alliance)

15:30 - 16:00 Tea/Coffee 
16:00 - 16:30 Getting cozy with milk and WARMCOOKIES Daniel Stepanic (Elastic) A web of surveillance Jurre van Bergen (Amnesty International) CTA Threat Intelligence Practitioners' Summit:
Indicator wranglin’ – an approach to dynamically typing IOCs with poor data context Noah Dunn (Palo Alto Networks Unit 42)
16:30 - 17:00 A wild RAT appears: reversing DinodasRAT on Linux Anderson Leite & Fabio Marenghi (Kaspersky) BEC and phishing targets local election candidate (me!) Andrew Brandt (Sophos) CTA Threat Intelligence Practitioners' Summit:
Adaptive protection put to the test Zsombor Kovacs (MRG Effitas) & Liam O'Murchu (Symantec by Broadcom)
17:00 - 17:30     CTA Threat Intelligence Practitioners' Summit:
Wrap-up Michael Daniel (Cyber Threat Alliance)
17:30 - 18:30  Posters will be displayed throughout the day in the conference foyer, with a poster presentation session at the end of the day.
19:30 - 23:00 Pre-dinner drinks reception followed by VB2024 gala dinner & entertainment

Friday 4 October 2024

Time Green room Red room
Small Talks
09:30 - 10:00 Confronting the surge of macOS stealers in 2024 Kseniia Yamburh & Mykhailo Hrebeniuk (MacPaw (Moonlock Lab)) Octopus Prime: it didn't turn into a truck, but a widely spread Android botnet Thibault Seret (Team Cymru) Unveiling shadows: key tactics for tracking cyber threat actors, attribution, and infrastructure analysis Hossein Jazi (Fortinet)
10:00 - 10:30 SO that looks suspicious: leveraging process memory and kernel/usermode probes to detect Shared Object injection at scale on Linux Daniel Jary TA577 walked just past you: indirect syscalls in Pikabot Emre Güler (VMRay)
10:30 - 11:00 Tea/Coffee 
11:00 - 11:30 Shadow play: WildCard's malware campaigns amidst Israel-Hamas conflict  Nicole Fishbein & Ryan Robinson (Intezer) RevivalStone: new puzzle posed by Winnti group Yoshihiro Ishikawa & Takuma Matsumoto (LAC Co) Extending STIX 2.1 to capture malware incidents Desiree Beck (MITRE)
11:30 - 12:00 Down the GRAYRABBIT hole – exposing UNC3569 and its modus operandi Steve Su, Aragorn Tseng, Chi-Yu You & Cristiana Brafman Kittner (Google) Multimodal AI: the sixth sense for cyber defence Younghoo Lee (Sophos)
12:00 - 12:30 Byteing back: detection, dissection and protection against macOS stealers Patrick Wardle (Objective-See) The Phantom Syndicate: a hacking collective with a North Korean allegiance Olivia Lee (S2W) *Open by default: the hidden cost of convenience in network security Aurelio Picon (CUJO AI)
12:30 - 14:00 Lunch 
14:00 - 14:30 The Mask has been unmasked again  Georgy Kucherin & Marc Rivero López (Kaspersky) Code blue: energy Righard Zwienenberg & Josep Albors (ESET)  *Origins of a logger - Agent Tesla Berk Albayrak & Utku Çorbacı (Malwation)
 
14:30 - 15:00 Don't be a PUP-pet: exposing pay-per-install networks Dmitrij Lenz (Google) & James Wyke (Google Cloud (Mandiant))  Life and DEaTH: building detection, forensics, and intelligence at scale Selena Larson & Konstantin Klinger (Proofpoint) *Proactively hunting for low-reputed infrastructure used by large cybercrimes and APTs Mohamed Nabeel, Keerthiraj Nagaraj, Janos Szurdi & Alex Starov (Palo Alto Networks)
15:00 - 15:30 Tea/Coffee 
15:30 - 16:10 Closing keynote: May you live in interesting times Brian Honan (BH Consulting)
(takes place in the Green room)
16:10 - 16:20 Conference closing session  
(takes place in the Green room)
16:20 - 17:20  Posters will be displayed throughout the day in the conference foyer, with a poster presentation session at the end of the day.

*Reserve papers

Should these papers not be required to replace papers on the main programme, they will be presented in the Small Talks room on Friday 4 October.

Back to VB2024 conference page

Register for VB2024