| Time | Green room | Red room |
Small Talks |
| 10:30 - 10:40 |
Conference opening session |
||
| 10:40 - 11:20 | Opening keynote address (TBA) (takes place in the Green room) |
||
| 11:20 - 11:50 | Silent killers: unmasking a large-scale legacy driver exploitation campaign Jiří Vinopal (Check Point Research) | Everyday tools, extraordinary crimes: the ransomware exfiltration playbook María José Erquiaga (Cisco), Darin Smith (Talos), Robert Harris (Cisco), Raymond McCormick (Talos) & Josh Pyorre (Talos) | TBA |
| 11:50 - 12:20 | Practical AWS antiforensics Santiago Abastante (SolidarityLabs) | The Wolf of Wall Steal: inside crypto traffer group operations Anna Pham (Palo Alto Networks Unit 42) & Joan Garcia (Universitat Politecnica de Valencia) | |
| 12:20 - 14:00 | Lunch | ||
| 14:00 - 14:30 | Demystifying the Playboy RaaS Gijs Rijnders (Dutch National Police) | Evading in plain sight: how adversaries beat user-mode protection engines for over a decade Omri Misgav (independent) | TBA |
| 14:30 - 15:00 | From Latin America to the world: ransomware TTPs, prolonged intrusions, and regional adaptation Isabel Manjarrez (Kaspersky) | Invisible thieves in the front yard – from an advanced evasive edge-device attack to potential mitigation methods Ting-Wei Hsieh (CHT Security Co) | |
| 15:00 - 15:30 | Google Calendar as C2 infrastructure: a China-nexus campaign with stealthy tactics Tim Chen & Still Hsu (TeamT5) |
Goodbye loaders, hello RMM: the rise of legit software in ecrime campaigns Selena Larson & Ole Villadsen (Proofpoint) | TBA |
| 15:30 - 16:00 | Tea/Coffee | ||
| 16:00 - 16:30 | Silent Lynx: uncovering a cyber espionage campaign in Central Asia Subhajeet Singha & Sathwik Ram Prakki (Seqrite Labs) | Last-minute presentation (TBA) | TBA |
| 16:30 - 17:00 | Last-minute presentation (TBA) | The dark prescription: inside the infrastructure of illegal online pharmacies Martin Chlumecky & Lubos Bever (Gen Digital) | |
| 17:00 - 17:30 | Panel: Tales from the Old West Righard Zwienenberg (ESET), Jan Hruska (Virus Bulletin), Pavel Baudis (Gen Digital) & Tjark Auerbach (Lakeside Quants)
|
Partner presentation | TBA |
| 17:30 - 18:30 | Posters will be displayed throughout the day in the conference foyer, with a poster presentation session at the end of the day. | ||
| 19:30 - 21:00 | VB2025 drinks reception | ||
| Time | Green room | Red room |
Threat Intelligence Practitioners' Summit |
| 09:00 - 09:30 | Unmasking the GrassCall campaign: the hackers behind job recruitment cyber scams Dixit Panchal & Soumen Burma (Quick Heal Technologies) | Attacker identity revealed: insights from rogue VMs & BYOVD in EDR evasion Navin Thomas, Renzon Cruz & Cuong Dinh (Palo Alto Networks) | TBA |
| 09:30 - 10:00 | Cracked by the GRU: how Russia’s notorious Sandworm unit weaponizes pirated software usage to target Ukraine Arda Büyükkaya (EclecticIQ) | Hunting potential C2 commands in Android malware via Smali string comparison and control flow analysis JunWei Song (Recorded Future) | TBA |
| 10:00 - 10:30 | Last-minute presentation (TBA) | Vo1d rising: inside the botnet controlling 1.68 M+ Android TVs worldwide Alex Turing (QI-ANXIN) | TBA |
| 10:30 - 11:00 | Tea/Coffee | ||
| 11:00 - 11:30 | Arachnid alert: Latrodectus loader crawls through defences Albert Zsigovits (VMRay) | When avatars come alive: understanding hybrid threat actors Itay Cohen (Palo Alto Networks Unit 42) & Omer Benjakob (Haaretz) | TBA |
| 11:30 - 12:00 | Inside Akira, ransomware's Rust experiment Ben Herzog (Check Point Software Technologies) | Rogue hirer, rogue hiree: workplace cyber threats to individuals and businesses Chris Boyd (Rapid7) | TBA |
| 12:00 - 12:30 | Last-minute presentation (TBA) | You definitely don’t want to CopyPaste this: FakeCaptcha ecosystem Dmitrij Lenz & Roberto Dasilva (Google) | TBA |
| 12:30 - 14:00 | Lunch | ||
| 14:00 - 14:30 | The Phantom Circuit: the Lazarus Group’s evolution in supply chain compromise Ryan Sherstobitoff (SecurityScorecard) | From p0f to JA4+: modern network fingerprinting for real-world defence Vlad Iliushin (ELLIO) | TBA |
| 14:30 - 15:00 | DeceptiveDevelopment and North Korean IT workers: from primitive crypto theft to sophisticated AI-based deception Matej Havranek (ESET) | Last-minute presentation (TBA) | TBA |
| 15:00 - 15:30 | Last-minute presentation (TBA) | TBA | TBA |
| 15:30 - 16:00 | Tea/Coffee | ||
| 16:00 - 16:30 | Deep dive into the abuse of DL APIs to create malicious AI models and how to detect them Mohamed Nabeel & Alex Starov (Palo Alto Networks) | Vietnamese hacking group: a rising of information stealing campaigns going global Chetan Raghuprasad & Joey Chen (Cisco Talos) | TBA |
| 16:30 - 17:00 |
Stealth over TLS: the emergence of ECH-based C&C in ECHidna malware Yuta Sawabe & Rintaro Koike (NTT Security Holdings) |
Partner presentation (TBA) | TBA |
| 17:00 - 17:30 | TBA | ||
| 17:30 - 18:30 | Posters will be displayed throughout the day in the conference foyer, with a poster presentation session at the end of the day. | ||
| 19:30 - 23:00 | Pre-dinner drinks reception followed by VB2025 gala dinner & entertainment | ||
| Time | Green room | Red room |
Small Talks |
| 09:30 - 10:00 |
Tracking the IoT botnet's bloodline: code footprints don’t lie Chanbin Jeon, ChangGyun Kim & SeungBeom Lim (SANDS Lab) |
Prediction of future attack indicators based on the 2024 analysis of threats from malicious app distribution sites in South Korea Kyung Rae Noh (Korea Internet & Security Agency), Shinho Lee (Gachon University), Eui-Tak Kim (Gachon University), Yujin Shim (Korea Internet & Security Agency), Jonghwa Han (Korea Internet & Security Agency) & Jung-Sik Cho (Korea Internet & Security Agency) | TBA |
| 10:00 - 10:30 | Unmasking the unseen: a deep dive into modern Linux rootkits and their detection Ruben Groenewoud & Remco Sprooten (Elastic) | Last-minute presentation (TBA) | |
| 10:30 - 11:00 | Tea/Coffee | ||
| 11:00 - 11:30 | Sophistication or missed opportunity? Analysing XE Group’s long-term exploitation of zero-days with limited impact Justin Lentz (Solis Security) & Nicole Fishbein (Intezer) | Boosting URL detection with syntactic features in spam emails Antonia Scherz (Net at Work) | TBA |
| 11:30 - 12:00 | Dissecting evil twin RATs: tracking the long-term use of TA410's FlowCloud toolset Hiroshi Takeuchi (MACNICA) | Last-minute presentation (TBA) | |
| 12:00 - 12:30 | Last-minute presentation (TBA) | Unmasking TAG-124: dissecting a prevalent traffic distribution system in the cybercriminal ecosystem Julian-Ferdinand Vögele (Recorded Future) | *Reserve paper |
| 12:30 - 14:00 | Lunch | ||
| 14:00 - 14:30 | The Bitter end: unravelling 8 years of APT antics Abdallah Elshinbary (Threatray), Nick Attfield (Proofpoint), Konstantin Klinger (Proofpoint) & Jonas Wagner (Threatray) | Last-minute presentation (TBA) | *Reserve paper |
| 14:30 - 15:00 | Last-minute presentation (TBA) | Grandoreiro: sounds like a Clint Eastwood movie but it's not Thibault Seret (Team Cymru) | *Reserve paper |
| 15:00 - 15:30 | Tea/Coffee | ||
| 15:30 - 16:10 | Closing keynote address (TBA): Paul Ducklin (independent) (takes place in the Green room) |
||
| 16:10 - 16:20 | Conference closing session (takes place in the Green room) |
||
| 16:20 - 17:20 | Posters will be displayed throughout the day in the conference foyer, with a poster presentation session at the end of the day. | ||
Should these papers not be required to replace papers on the main programme, they will be presented in the Small Talks room on Friday 26 September.