VB2024 programme


Wednesday 2 October 2024

Time Green room Red room
Small Talks
10:30 - 10:40

Opening address
(takes place in the Green room)

10:40 - 11:20 Keynote, TBA
(takes place in the Green room)
  
11:20 - 11:50 From code to crime: exploring threats in GitHub Codespaces Jaromir Horejsi & Nitesh Surana (Trend Micro) Breaking boundaries: investigating vulnerable drivers and mitigating risks Jiří Vinopal (Check Point)  
11:50 - 12:20 Project 0xA11C: deoxidizing the Rust malware ecosystem Nicole Fishbein (Intezer) & Juan Andrés Guerrero-Saade (SentinelOne) P-wave of malicious code signing Yuta Sawabe, Shogo Hayashi & Rintaro Koike (NTT Security Holdings)   
12:20 - 14:00 Lunch 
14:00 - 14:30 Android Flutter malware Axelle Apvrille (Fortinet) CrackedCantil: a malware symphony delivered by cracked software; performed by loaders, infostealers, ransomware, et al. Lena Yu (ANY.RUN)  
14:30 - 15:00 Supercharge your malware analysis workflow Ryan Samaaroo & Jean-Pierre Vigneault (Canadian Centre for Cyber Security) Marketplace scams: neanderthals hunting mammoths with Telekopye Jakub Souček & Radek Jizba (ESET)  
15:00 - 15:30 Leveraging AI to enhance the capabilities of SHAREM Shellcode Analysis Framework Bramwell Brizendine (University of Alabama in Huntsville) Dark deals: unveiling the underground market of exploits Anna Pavlovskaia & Vladislav Belousov (Kaspersky)  
15:30 - 16:00 Tea/Coffee 
16:00 - 16:30 CeranaKeeper: a relentless shape-shifting group targeting Thailand Romain Dumont (ESET)  Last-minute paper, TBA Workshop: Writing malware configuration parsers Mark Lim & Zong-Yu Wu (Palo Alto Networks)
16:30 - 17:00 Spot the difference: Earth Kasha's new LODEINFO campaign and the correlation analysis with APT10 umbrella Hiroaki Hara (Trend Micro) Unveiling the dark side of set-top boxes: the Bigpanzi cybercrime syndicate Alex Turing (QI-ANXIN)
17:00 - 17:30 Arming WinRAR: deep dive into APTs exploiting WinRAR's 0-day vulnerability – a SideCopy case study Sathwik Ram Prakki (Quick Heal) Partner presentation, TBA  
17:30 - 18:30  Posters will be displayed throughout the day in the conference foyer, with a poster presentation session at the end of the day.
19:30 - 21:00 VB2024 drinks reception

Thursday 3 October 2024

Time Green room Red room
Small Talks / Threat Intelligence Practitioners' Summit
09:00 - 09:30 Automatically detect and support against anti-debug with IDA/Ghidra to streamline debugging process Takahiro Takeda (LAC Corp) Over the cassowary's nest – dissecting Turla's latest revision of the Kazuar backdoor Daniel Frank & Tom Fakterman (Palo Alto Networks)

CTA Threat Intelligence Practitioners' Summit:
Welcome address Michael Daniel (Cyber Threat Alliance)

followed by

Keynote (TBA)

09:30 - 10:00 An open-source cloud DFIR kit – Dredge! Santiago Abastante (Solidarity Labs) Cybercrime turned cyber espionage: the many faces of the RomCom group Vlad Stolyarov (Google TAG) & Dan Black (Google Cloud (Mandiant)) CTA Threat Intelligence Practitioners' Summit (session details TBA)

10:00 - 10:30 Last-minute paper, TBA Reviewing the 2022 KA-SAT incident & implications for distributed communication environments Joe Slowik (The MITRE Corporation) CTA Threat Intelligence Practitioners' Summit (session details TBA)

10:30 - 11:00 Tea/Coffee 
11:00 - 11:30 SPYDEALER used for mobile Chinese domestic surveillance Paul Rascagneres & Charles Gardner (Volexity) Last-minute paper, TBA  CTA Threat Intelligence Practitioners' Summit:
Certified malware: a case for industry TI sharing of DigSig metadata Samir Mody (K7)
11:30 - 12:00 Last-minute paper, TBA  Last-minute paper, TBA CTA Threat Intelligence Practitioners' Summit:
Capturing cybercriminals: inside collaborations between private and public sectors (and possibly a cybercriminal) Sara Eberle (Sophos) & Mike Bordini (FBI Cybercrime)
12:00 - 12:30 Hospitals, airports and telcos – modern approach to attributing hacktivism attacks Itay Cohen (Check Point) Modern-day witchcraft: a new breed of hybrid attacks by ransomware operators  Vaibhav Deshmukh, Ashutosh Raina & Sudhanshu Dubey (Microsoft) CTA Threat Intelligence Practitioners' Summit:
Fireside chat: Achtung Baby! Cybersecurity insights with U2 (you too) Jeannette Jarvis (Cyber Threat Alliance), Selena Larson (Proofpoint), Jeanette Miller-Osborn (Netwitness) & Kathi Whitbey (Palo Alto Networks Unit 42)
12:30 - 14:00 Lunch 
14:00 - 14:30 Byteing back: detection, dissection and protection against macOS stealers Patrick Wardle (Objective-See) Who plays on AZORult? An unknown attacker collects various data and spreads additional payloads with AZORult for around five years Masaki Kasuya (BlackBerry) CTA Threat Intelligence Practitioners' Summit:
Unveiling cybersecurity impact: the role of published security findings in strengthening internet defence strategies Slawek Grzonkowski (Tenable)
14:30 - 15:00 Sugarcoating KANDYKORN: a sweet dive into a sophisticated MacOS backdoor Salim Bitam (Elastic) Ghosts from the past: become Gh0stbusters in 2024 Hiroshi Takeuchi (MACNICA) CTA Threat Intelligence Practitioners' Summit:
Panel: Briskets or biscuits: how to construct your CTI team Noortje Henrichs (NCSC Netherlands), Hossein Hadian Jazi (Fortinet), Kathi Whitbey (Palo Alto Networks Unit 42) & Righard Zwienenberg (ESET)
15:00 - 15:30 Go-ing arsenal: a closer look at Kimsuky's Go strategic advancement Jiho Kim & Sebin Lee (S2W) Last-minute paper, TBA  

CTA Threat Intelligence Practitioners' Summit:
Building resilience through collaboration: a data-driven and data-informed cyber threat intelligence sharing style guide based on STIX 2.1 Linda Beverly (Cyber Threat Alliance)

15:30 - 16:00 Tea/Coffee 
16:00 - 16:30 Last-minute paper, TBA   Partner presentation, TBA CTA Threat Intelligence Practitioners' Summit:
Indicator wranglin’ – an approach to dynamically typing IOCs with poor data context Noah Dunn (Palo Alto Networks Unit 42)
16:30 - 17:00 A wild RAT appears: reversing DinodasRAT on Linux Anderson Leite & Fabio Marenghi (Kaspersky) Partner presentation, TBA  CTA Threat Intelligence Practitioners' Summit:
Adaptive protection put to the test Zsombor Kovacs (MRG Effitas) & Liam O'Murchu (Symantec by Broadcom)
17:00 - 17:30     CTA Threat Intelligence Practitioners' Summit:
Wrap-up Michael Daniel (Cyber Threat Alliance)
17:30 - 18:30  Posters will be displayed throughout the day in the conference foyer, with a poster presentation session at the end of the day.
19:30 - 23:00 Pre-dinner drinks reception followed by VB2024 gala dinner & entertainment

Friday 4 October 2024

Time Green room Red room
Small Talks
09:30 - 10:00 Confronting the surge of macOS stealers in 2024 Kseniia Yamburh & Mykhailo Hrebeniuk (MacPaw (Moonlock Lab)) How to hunt geopolitically driven Bitter APT operations Shengbin Bao (Zhongfu Info) Unveiling shadows: key tactics for tracking cyber threat actors, attribution, and infrastructure analysis Hossein Jazi (Fortinet)
10:00 - 10:30 SO that looks suspicious: leveraging process memory and kernel/usermode probes to detect Shared Object injection at scale on Linux Daniel Jary TA577 walked just past you: indirect syscalls in Pikabot Emre Güler (VMRay)
10:30 - 11:00 Tea/Coffee 
11:00 - 11:30 Shadow play: WildCard's malware campaigns amidst Israel-Hamas conflict  Nicole Fishbein & Ryan Robinson (Intezer) Last-minute paper, TBA Extending STIX 2.1 to capture malware incidents Desiree Beck (MITRE)
11:30 - 12:00 Down the GRAYRABBIT hole – exposing UNC3569 and its modus operandi Steve Su, Aragorn Tseng, Chi-Yu You & Cristiana Brafman Kittner (Google) Multimodal AI: the sixth sense for cyber defence Younghoo Lee (Sophos)
12:00 - 12:30  Last-minute paper, TBA  Last-minute paper, TBA  
12:30 - 14:00 Lunch 
14:00 - 14:30 The Mask has been unmasked again  Georgy Kucherin & Marc Rivero López (Kaspersky) Code blue: energy Righard Zwienenberg & Josep Albors (ESET)  Reserve paper*
 
14:30 - 15:00 Don't be a PUP-pet: exposing pay-per-install networks Dmitrij Lenz (Google) & James Wyke (Google Cloud (Mandiant))  Life and DEaTH: building detection, forensics, and intelligence at scale Selena Larson & Konstantin Klinger (Proofpoint) Reserve paper*
15:00 - 15:30 Tea/Coffee 
15:30 - 16:10 Keynote, TBA
(takes place in the Green room)
16:10 - 16:20 Conference closing session  
(takes place in the Green room)
16:20 - 17:20  Posters will be displayed throughout the day in the conference foyer, with a poster presentation session at the end of the day.

*Reserve papers

Should these papers not be required to replace papers on the main programme, they will be presented in the Small Talks room on Friday 4 October.

Back to VB2024 conference page

Register for VB2024

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.