Back to VB2025 conference page
| Time | Green room | Red room |
Small Talks |
| 10:30 - 10:40 |
Conference opening session |
||
| 10:40 - 11:20 | Opening keynote: Code Red: How KnowBe4 exposed a North Korean IT infiltration scheme Martin Kraemer (KnowBe4) (takes place in the Green room) |
||
| 11:20 - 11:50 | Silent killers: unmasking a large-scale legacy driver exploitation campaign Jiří Vinopal (Check Point Research) | Everyday tools, extraordinary crimes: the ransomware exfiltration playbook María José Erquiaga (Cisco), Darin Smith (Talos), Robert Harris (Cisco), Raymond McCormick (Talos) & Josh Pyorre (Talos) | TBA |
| 11:50 - 12:20 | Practical AWS antiforensics Santiago Abastante (SolidarityLabs) | The Wolf of Wall Steal: inside crypto traffer group operations Anna Pham (Palo Alto Networks Unit 42) & Joan Garcia (Universitat Politecnica de Valencia) | |
| 12:20 - 14:00 | Lunch | ||
| 14:00 - 14:30 | Demystifying the Playboy RaaS Gijs Rijnders (Dutch National Police) | Evading in plain sight: how adversaries beat user-mode protection engines for over a decade Omri Misgav (independent) | TBA |
| 14:30 - 15:00 | From Latin America to the world: ransomware TTPs, prolonged intrusions, and regional adaptation Isabel Manjarrez (Kaspersky) | Invisible thieves in the front yard – from an advanced evasive edge-device attack to potential mitigation methods Ting-Wei Hsieh (CHT Security Co) | |
| 15:00 - 15:30 | Google Calendar as C2 infrastructure: a China-nexus campaign with stealthy tactics Tim Chen & Still Hsu (TeamT5) |
Goodbye loaders, hello RMM: the rise of legit software in ecrime campaigns Selena Larson & Ole Villadsen (Proofpoint) | TBA |
| 15:30 - 16:00 | Tea/Coffee | ||
| 16:00 - 16:30 | Silent Lynx: uncovering a cyber espionage campaign in Central Asia Subhajeet Singha & Sathwik Ram Prakki (Seqrite Labs) | Last-minute presentation (TBA) | TBA |
| 16:30 - 17:00 | Last-minute presentation (TBA) | The dark prescription: inside the infrastructure of illegal online pharmacies Martin Chlumecký & Lubos Bever (Gen Digital) | |
| 17:00 - 17:30 | Panel: Tales from the Old West Righard Zwienenberg (ESET), Jan Hruska (Virus Bulletin), Pavel Baudis (Gen Digital) & Tjark Auerbach (Lakeside Quants)
|
Partner presentation | TBA |
| 17:30 - 18:30 | Posters will be displayed throughout the day in the conference foyer, with a poster presentation session at the end of the day. | ||
| 19:30 - 21:00 | VB2025 drinks reception | ||
| Time | Green room | Red room |
Threat Intelligence Practitioners' Summit |
| 09:00 - 09:30 | Unmasking the GrassCall campaign: the hackers behind job recruitment cyber scams Dixit Panchal & Soumen Burma (Quick Heal Technologies) | Attacker identity revealed: insights from rogue VMs & BYOVD in EDR evasion Navin Thomas, Renzon Cruz & Cuong Dinh (Palo Alto Networks) |
CTA Threat Intelligence Practitioners' Summit: Welcome Michael Daniel (Cyber Threat Alliance) Keynote: TBA |
| 09:30 - 10:00 | Cracked by the GRU: how Russia’s notorious Sandworm unit weaponizes pirated software usage to target Ukraine Arda Büyükkaya (EclecticIQ) | Hunting potential C2 commands in Android malware via Smali string comparison and control flow analysis JunWei Song (Recorded Future) | CTA Threat Intelligence Practitioners' Summit: Smashing smishing by quashing quishing Andrew Brandt (Netcraft) |
| 10:00 - 10:30 | Last-minute presentation (TBA) | Vo1d rising: inside the botnet controlling 1.68 M+ Android TVs worldwide Alex Turing (QI-ANXIN) | CTA Threat Intelligence Practitioners' Summit: Collective intelligence in OT cybersecurity: transforming threat insights into proactive defence AJ Eserjose (OT-ISAC) |
| 10:30 - 11:00 | Tea/Coffee | ||
| 11:00 - 11:30 | Arachnid alert: Latrodectus loader crawls through defences Albert Zsigovits (VMRay) | When avatars come alive: understanding hybrid threat actors Itay Cohen (Palo Alto Networks Unit 42) & Omer Benjakob (Haaretz) | CTA Threat Intelligence Practitioners' Summit: The battlegrounds are moving faster than we are – can we turn this oil-tanker on a dime? Tim West (WithSecure) |
| 11:30 - 12:00 | Inside Akira, ransomware's Rust experiment Ben Herzog (Check Point Software Technologies) | Rogue hirer, rogue hiree: workplace cyber threats to individuals and businesses Chris Boyd (Rapid7) | CTA Threat Intelligence Practitioners' Summit: How MITRE is AI, anyway? Samir Mody (K7 Computing) |
| 12:00 - 12:30 | Last-minute presentation (TBA) | You definitely don’t want to CopyPaste this: FakeCaptcha ecosystem Dmitrij Lenz & Roberto Dasilva (Google) | CTA Threat Intelligence Practitioners' Summit: Fireside chat: The tortured “cybersecurity” poets department Cat Self (MITRE), Jeanette Miller, Jeannette Jarvis (Cyber Threat Alliance), Selena Larson (Proofpoint) |
| 12:30 - 14:00 | Lunch | ||
| 14:00 - 14:30 | The Phantom Circuit: the Lazarus Group’s evolution in supply chain compromise Ryan Sherstobitoff (SecurityScorecard) | From p0f to JA4+: modern network fingerprinting for real-world defence Vlad Iliushin (ELLIO) | CTA Threat Intelligence Practitioners' Summit: Attribution of cyber activity in the age of AI Michael Abramzon (Check Point Technologies) |
| 14:30 - 15:00 | DeceptiveDevelopment and North Korean IT workers: from primitive crypto theft to sophisticated AI-based deception Matej Havranek (ESET) | Last-minute presentation (TBA) | CTA Threat Intelligence Practitioners' Summit: Beyond machine translation: struggles and adaptations of North Korean IT workers in Japan's crowdsourcing market Takahiro Kakumaru & Yoshihiro Kori (NEC) |
| 15:00 - 15:30 | Last-minute presentation (TBA) | PepsiDog: inside the rise of a professional Chinese phishing actor Stefan Tanase & Ionut Bucur (CSIS Security Group) | CTA Threat Intelligence Practitioners' Summit: Panel: The wheels on the CVE go round and round: breaking the cycle of vulnerability fatigue Righard Zwienenberg (ESET), Robin Staa (NCSC-NL), John Alexander (Mayo Clinic), Geri Revay (Fortinet) |
| 15:30 - 16:00 | Tea/Coffee | ||
| 16:00 - 16:30 | Deep dive into the abuse of DL APIs to create malicious AI models and how to detect them Mohamed Nabeel & Alex Starov (Palo Alto Networks) | Last-minute presentation (TBA) | CTA Threat Intelligence Practitioners' Summit: Stop the flood: building a quality and trust-driven threat intelligence ecosystem Kihong Kim & SuhMahn Hur (SandsLab) |
| 16:30 - 17:00 |
Stealth over TLS: the emergence of ECH-based C&C in ECHidna malware Yuta Sawabe & Rintaro Koike (NTT Security Holdings) |
Partner presentation (TBA) | CTA Threat Intelligence Practitioners' Summit: From clusters to actors: a practical threat actor attribution framework Kyle Wilhoit & Robert Falcone (Palo Alto Networks) |
| 17:00 - 17:30 |
CTA Threat Intelligence Practitioners' Summit: Diff'ing the light fantastic – tracking typosquatting and disinformation in a resource-constrained environment James Slaughter (Fortinet) Followed by Wrap-up Michael Daniel (Cyber Threat Alliance) |
||
| 17:30 - 18:30 | Posters will be displayed throughout the day in the conference foyer, with a poster presentation session at the end of the day. | ||
| 19:30 - 23:00 | Pre-dinner drinks reception followed by VB2025 gala dinner & entertainment | ||
| Time | Green room | Red room |
Small Talks |
| 09:30 - 10:00 |
Tracking the IoT botnet's bloodline: code footprints don’t lie Chanbin Jeon, ChangGyun Kim & SeungBeom Lim (SANDS Lab) |
Prediction of future attack indicators based on the 2024 analysis of threats from malicious app distribution sites in South Korea Kyung Rae Noh (Korea Internet & Security Agency), Shinho Lee (Gachon University), Eui-Tak Kim (Gachon University), Yujin Shim (Korea Internet & Security Agency), Jonghwa Han (Korea Internet & Security Agency) & Jung-Sik Cho (Korea Internet & Security Agency) | TBA |
| 10:00 - 10:30 | Unmasking the unseen: a deep dive into modern Linux rootkits and their detection Ruben Groenewoud & Remco Sprooten (Elastic) | Last-minute presentation (TBA) | |
| 10:30 - 11:00 | Tea/Coffee | ||
| 11:00 - 11:30 | Sophistication or missed opportunity? Analysing XE Group’s long-term exploitation of zero-days with limited impact Justin Lentz (Solis Security) & Nicole Fishbein (Intezer) | Boosting URL detection with syntactic features in spam emails Antonia Scherz (Net at Work) | TBA |
| 11:30 - 12:00 | Dissecting evil twin RATs: tracking the long-term use of TA410's FlowCloud toolset Hiroshi Takeuchi (MACNICA) | Last-minute presentation (TBA) | |
| 12:00 - 12:30 | Last-minute presentation (TBA) | Unmasking TAG-124: dissecting a prevalent traffic distribution system in the cybercriminal ecosystem Julian-Ferdinand Vögele (Recorded Future) | *Reserve paper |
| 12:30 - 14:00 | Lunch | ||
| 14:00 - 14:30 | The Bitter end: unravelling 8 years of APT antics Abdallah Elshinbary (Threatray), Nick Attfield (Proofpoint), Konstantin Klinger (Proofpoint) & Jonas Wagner (Threatray) | Vietnamese hacking group: a rising of information stealing campaigns going global Chetan Raghuprasad & Joey Chen (Cisco Talos) | *Reserve paper |
| 14:30 - 15:00 | Last-minute presentation (TBA) | Grandoreiro: sounds like a Clint Eastwood movie but it's not Thibault Seret (Team Cymru) | *Reserve paper |
| 15:00 - 15:30 | Tea/Coffee | ||
| 15:30 - 16:10 | Closing keynote address (TBA): Paul Ducklin (independent) (takes place in the Green room) |
||
| 16:10 - 16:20 | Conference closing session (takes place in the Green room) |
||
| 16:20 - 17:20 | Posters will be displayed throughout the day in the conference foyer, with a poster presentation session at the end of the day. | ||
Should these papers not be required to replace papers on the main programme, they will be presented in the Small Talks room on Friday 26 September.