VB2025 programme


Wednesday 24 September 2025

Time Green room Red room
Small Talks
10:30 - 10:40

Conference opening session
(takes place in the Green room)

10:40 - 11:20 Opening keynote address (TBA)
(takes place in the Green room)
  
11:20 - 11:50 Silent killers: unmasking a large-scale legacy driver exploitation campaign Jiří Vinopal (Check Point Research) Everyday tools, extraordinary crimes: the ransomware exfiltration playbook María José Erquiaga (Cisco), Darin Smith (Talos), Robert Harris (Cisco), Raymond McCormick (Talos) & Josh Pyorre (Talos)  TBA 
11:50 - 12:20 Practical AWS antiforensics Santiago Abastante (SolidarityLabs) The Wolf of Wall Steal: inside crypto traffer group operations Anna Pham (Palo Alto Networks Unit 42) & Joan Garcia (Universitat Politecnica de Valencia)
12:20 - 14:00 Lunch 
14:00 - 14:30 Demystifying the Playboy RaaS Gijs Rijnders (Dutch National Police) Evading in plain sight: how adversaries beat user-mode protection engines for over a decade Omri Misgav (independent)  TBA
14:30 - 15:00 From Latin America to the world: ransomware TTPs, prolonged intrusions, and regional adaptation Isabel Manjarrez (Kaspersky) Invisible thieves in the front yard – from an advanced evasive edge-device attack to potential mitigation methods Ting-Wei Hsieh (CHT Security Co)
15:00 - 15:30 Google Calendar as C2 infrastructure: a China-nexus campaign with stealthy tactics Tim Chen & Still Hsu (TeamT5)
Goodbye loaders, hello RMM: the rise of legit software in ecrime campaigns Selena Larson & Ole Villadsen (Proofpoint)  TBA
15:30 - 16:00 Tea/Coffee 
16:00 - 16:30 Silent Lynx: uncovering a cyber espionage campaign in Central Asia Subhajeet Singha Sathwik Ram Prakki (Seqrite Labs) Last-minute presentation (TBA)  TBA
16:30 - 17:00 Last-minute presentation (TBA) The dark prescription: inside the infrastructure of illegal online pharmacies Martin Chlumecky & Lubos Bever (Gen Digital)
17:00 - 17:30 Panel: Tales from the Old West Righard Zwienenberg (ESET), Jan Hruska (Virus Bulletin), Pavel Baudis (Gen Digital) & Tjark Auerbach (Lakeside Quants)
 
Partner presentation  TBA
17:30 - 18:30  Posters will be displayed throughout the day in the conference foyer, with a poster presentation session at the end of the day.
19:30 - 21:00 VB2025 drinks reception

Thursday 25 September 2025

Time Green room Red room
Threat Intelligence Practitioners' Summit
09:00 - 09:30 Unmasking the GrassCall campaign: the hackers behind job recruitment cyber scams Dixit Panchal Soumen Burma (Quick Heal Technologies) Attacker identity revealed: insights from rogue VMs & BYOVD in EDR evasion Navin ThomasRenzon Cruz & Cuong Dinh (Palo Alto Networks)  TBA
09:30 - 10:00 Cracked by the GRU: how Russia’s notorious Sandworm unit weaponizes pirated software usage to target Ukraine Arda Büyükkaya (EclecticIQ) Hunting potential C2 commands in Android malware via Smali string comparison and control flow analysis JunWei Song (Recorded Future) TBA 
10:00 - 10:30 Last-minute presentation (TBA) Vo1d rising: inside the botnet controlling 1.68 M+ Android TVs worldwide Alex Turing (QI-ANXIN) TBA
10:30 - 11:00 Tea/Coffee 
11:00 - 11:30 Arachnid alert: Latrodectus loader crawls through defences Albert Zsigovits (VMRay) When avatars come alive: understanding hybrid threat actors Itay Cohen (Palo Alto Networks Unit 42) & Omer Benjakob (Haaretz) TBA
11:30 - 12:00 Inside Akira, ransomware's Rust experiment Ben Herzog (Check Point Software Technologies) Rogue hirer, rogue hiree: workplace cyber threats to individuals and businesses Chris Boyd (Rapid7) TBA
12:00 - 12:30 Last-minute presentation (TBA)  You definitely don’t want to CopyPaste this: FakeCaptcha ecosystem Dmitrij Lenz & Roberto Dasilva (Google) TBA
12:30 - 14:00 Lunch 
14:00 - 14:30 The Phantom Circuit: the Lazarus Group’s evolution in supply chain compromise Ryan Sherstobitoff (SecurityScorecard) From p0f to JA4+: modern network fingerprinting for real-world defence Vlad Iliushin (ELLIO) TBA 
14:30 - 15:00 DeceptiveDevelopment and North Korean IT workers: from primitive crypto theft to sophisticated AI-based deception Matej Havranek (ESET)  Last-minute presentation (TBA) TBA 
15:00 - 15:30  Last-minute presentation (TBA) TBA TBA 
15:30 - 16:00 Tea/Coffee 
16:00 - 16:30 Deep dive into the abuse of DL APIs to create malicious AI models and how to detect them Mohamed NabeelAlex Starov (Palo Alto Networks) Vietnamese hacking group: a rising of information stealing campaigns going global Chetan Raghuprasad & Joey Chen (Cisco Talos) TBA 
16:30 - 17:00

Stealth over TLS: the emergence of ECH-based C&C in ECHidna malware Yuta Sawabe Rintaro Koike (NTT Security Holdings)

Partner presentation (TBA) TBA 
17:00 - 17:30     TBA 
17:30 - 18:30  Posters will be displayed throughout the day in the conference foyer, with a poster presentation session at the end of the day.
19:30 - 23:00 Pre-dinner drinks reception followed by VB2025 gala dinner & entertainment

Friday 26 September 2025

Time Green room Red room
Small Talks
09:30 - 10:00

Tracking the IoT botnet's bloodline: code footprints don’t lie Chanbin JeonChangGyun Kim & SeungBeom Lim (SANDS Lab)

Prediction of future attack indicators based on the 2024 analysis of threats from malicious app distribution sites in South Korea Kyung Rae Noh (Korea Internet & Security Agency), Shinho Lee (Gachon University), Eui-Tak Kim (Gachon University), Yujin Shim (Korea Internet & Security Agency), Jonghwa Han (Korea Internet & Security Agency) & Jung-Sik Cho (Korea Internet & Security Agency)  TBA
10:00 - 10:30 Unmasking the unseen: a deep dive into modern Linux rootkits and their detection Ruben Groenewoud Remco Sprooten (Elastic) Last-minute presentation (TBA) 
10:30 - 11:00 Tea/Coffee 
11:00 - 11:30 Sophistication or missed opportunity? Analysing XE Group’s long-term exploitation of zero-days with limited impact Justin Lentz (Solis Security) & Nicole Fishbein (Intezer) Boosting URL detection with syntactic features in spam emails Antonia Scherz (Net at Work)  TBA
11:30 - 12:00 Dissecting evil twin RATs: tracking the long-term use of TA410's FlowCloud toolset Hiroshi Takeuchi (MACNICA) Last-minute presentation (TBA) 
12:00 - 12:30 Last-minute presentation (TBA)  Unmasking TAG-124: dissecting a prevalent traffic distribution system in the cybercriminal ecosystem Julian-Ferdinand Vögele (Recorded Future)  *Reserve paper
12:30 - 14:00 Lunch 
14:00 - 14:30 The Bitter end: unravelling 8 years of APT antics Abdallah Elshinbary (Threatray), Nick Attfield (Proofpoint), Konstantin Klinger (Proofpoint) & Jonas Wagner (Threatray) Last-minute presentation (TBA)   *Reserve paper
14:30 - 15:00 Last-minute presentation (TBA)  Grandoreiro: sounds like a Clint Eastwood movie but it's not Thibault Seret (Team Cymru)  *Reserve paper
15:00 - 15:30 Tea/Coffee 
15:30 - 16:10 Closing keynote address (TBA): Paul Ducklin (independent)
(takes place in the Green room)
16:10 - 16:20 Conference closing session  
(takes place in the Green room)
16:20 - 17:20  Posters will be displayed throughout the day in the conference foyer, with a poster presentation session at the end of the day.

*Reserve papers

Should these papers not be required to replace papers on the main programme, they will be presented in the Small Talks room on Friday 26 September.

Back to VB2025 conference page