| Time | Green room | Red room |
Small Talks / Threat Intelligence Practitioners' Summit |
| 09:00 - 09:30 | South Korean Android banking menace – FakeCalls Raman Ladutska (Check Point) | The history and tactics of visa-centric scams in search, spam, and social apps Chris Boyd (Malwarebytes) |
CTA Threat Intelligence Practitioners' Summit: followed by Keynote: Evolution vs extinction & the 10th man Dave Lewis (Cisco) |
| 09:30 - 10:00 | Terror in Peru: the Zanubis banking trojan Fernando Diaz Urbano (VirusTotal) | FirePeony: a ghost wandering around the Royal Road Rintaro Koike & Shogo Hayashi (NTT Security Holdings) | CTA Threat Intelligence Practitioners' Summit: Exploring the efficacy of community-driven TI: a real-world approach Samir Mody & Hariharan S (K7) |
| 10:00 - 10:30 | Looking into TUT's tomb: the universe of threats in LATAM Camilo Gutiérrez Amaya & Fernando Tavella (ESET) | Mac-ing sense of the 3CX supply chain attack: analysis of the macOS payloads Patrick Wardle (Objective-See) | CTA Threat Intelligence Practitioners' Summit: Little crumbs can lead to giants Christiaan Beek (Rapid7) |
| 10:30 - 11:00 | Tea/Coffee | ||
| 11:00 - 11:30 | Don't flatten yourself: restoring malware with Control-Flow Flattening obfuscation Geri Revay (Fortinet) | When a botnet cries: detecting botnet infection chains Guillaume Couchard & Erwan Chevalier (Sekoia.io) | CTA Threat Intelligence Practitioners' Summit: Operation Cookiemonster – the law enforcement response to the notorious Genesis Market Marijn Schuurbiers (Europol) |
| 11:30 - 12:00 | DNS "takeover": the full journey and redemption John Jensen & Ines Vestia (Silent Push) | Look out! Outlook's gonna get you! Anurag Shandilya (K7 Computing) | CTA Threat Intelligence Practitioners' Summit: Panel: All for value and value for all – 'responding RFIs: the merit lies in the difficulty' Douglas Santos (Fortinet), Kathi Whitbey (Palo Alto Networks), Noortje Henrichs (National Cybersecurity Centre, Netherlands), Righard Zwienenberg (ESET) |
| 12:00 - 12:30 | "Undocumented"[2:] MSI format. Take it. We are gganbu, aren't we? Daniel (Jinyoung) Choi (Avira, part of Gen) | SharpTongue: pwning your foreign policy, one interview request at a time Tom Lancaster (Volexity) | CTA Threat Intelligence Practitioners' Summit: Why joining forces can help solve the crime… or not Sara Eberle (Sophos) & Doug Domin (FBI) |
| 12:30 - 14:00 | Lunch | ||
| 14:00 - 14:30 | R2R stomping – are you ready to run? Jiří Vinopal (Check Point Research) | Stolen cookies, stolen identity: how malware makers are exploiting the insecurity of browser data storage Joshua Long (Intego) | CTA Threat Intelligence Practitioners' Summit: Fireside chat: Dream on: exploring the community effect in cybersecurity Kathi Whitbey (Palo Alto Networks), Selena Larson (Proofpoint), Jeannette Jarvis (Cyber Threat Alliance) |
| 14:30 - 15:00 | Deobfuscating virtualized malware using Hex-Rays Decompiler Georgy Kucherin (Kaspersky) | May the Shadow Force be with Maggie – Shadow Force Group characteristics and relationship to Maggie Minseok (Jacky) Cha, Junseok Kim & Jaejin Lee (AhnLab) | CTA Threat Intelligence Practitioners' Summit: AI-based digital evidence enhancement technology for profiling attack groups and techniques to respond to cybersecurity threats Kihong Kim, Changgyun Kim & Hyunjong Lee (SANDS Lab) |
| 15:00 - 15:30 | Dancing the night away with named pipes Daniel Stepanic (Elastic) | USB flows in the Great River: classic tradecraft is still alive Hiroshi Takeuchi (MACNICA) |
CTA Threat Intelligence Practitioners' Summit: |
| 15:30 - 16:00 | Tea/Coffee | ||
| 16:00 - 16:30 | Ransoming and clipping for illicit cryptocurrency gains Chetan Raghuprasad (Cisco Talos) | C2F2: a framework for detecting C2 frameworks at scale Sebastiano Mariani, Oleg Boyarchuk, Stefano Ortolani & Giovanni Vigna (VMware) | CTA Threat Intelligence Practitioners' Summit: Panel: Securing the future: the vital role of computer security vendors in an AI-driven world Samir Mody (K7), Abhishek Karnik (McAfee), Selena Larson (Proofpoint) |
| 16:30 - 17:00 | Into the Cumulus: Scarcruft bolsters arsenal for targeting individual Android devices Sebin Lee, Sojun Ryu, Hyeokju Gwon & Youngjae Shin (S2W) | Unveiling activities of Tropic Trooper 2023: deep analysis of Xiangoop Loader and EntryShell payload Suguru Ishimaru (ITOCHU Cyber & Intelligence), Hajime Yanagishita (MACNICA) & Yusuke Niwa (ITOCHU Cyber & Intelligence) | CTA Threat Intelligence Practitioners' Summit: Emotet in 2023: a comprehensive overview for decision makers on the resurgence, evolution and threat landscape Jonas Walker (Fortinet) |
| 17:00 - 17:30 | CTA Threat Intelligence Practitioners' Summit: Closing keynote Michael Daniel (Cyber Threat Alliance) |
||
| 17:30 - 18:30 | Posters will be displayed throughout the day in the conference foyer, with a poster presentation session at the end of the day. | ||
| 19:30 - 23:00 | VB2023 gala dinner & entertainment - featuring the world's number one ethical pickpocket! | ||
| Time | Green room | Red room |
Small Talks |
| 09:30 - 10:00 | Intent-based approach to detect email account compromise Abhishek Singh & Fahim Abbasi (Cisco) | Magniber's missteps: because even spiders trip over their own web Amata Anantaprayoon & Patrik Olson (NTT Security Holdings) | Panel discussion: Addressing the ransomware threat from outside the lab Chester Wisniewski (Sophos), Paul Ducklin (Independent), Samir Mody (K7), Kathi Whitbey (Palo Alto Networks) & Kathryn Sherman (FBI) |
| 10:00 - 10:30 | Generic script emulation Kurt Natvig (Acronis) | Building a cybersecurity AI dataset for a secure digital society Bomin Choi, Juhyuk Kim & Hoseok Ryu (KISA - Korean Internet & Security Agency) | |
| 10:30 - 11:00 | Tea/Coffee | ||
| 11:00 - 11:30 | The Dragon who sold his Camaro: reversing a custom router implant Itay Cohen & Radoslaw Madej (Check Point) | It all makes sense if you don't think about it – misinformation in malware analysis Łukasz Siewierski (Independent researcher) | WORKSHOP: Modern threat hunting presented by Fernando Diaz Urbano, VirusTotal |
| 11:30 - 12:00 | Turla and Sandworm come filelessly Alexander Adamov (NioGuard Security Lab) | MEGALO-(414E)-DON: uncovering data espionage, blackmailing and shell companies in mobile lending apps Jagadeesh Chandraiah (Sophos) | |
| 12:00 - 12:30 | Teasing the secrets from threat actors: malware configuration extractors Mark Lim & Zong-Yu Wu (Palo Alto Networks) | Web3 will bite you in the Web 2.0: exploring IPFS threats Morton Swimmer (Trend Micro) | |
| 12:30 - 14:00 | Lunch | ||
| 14:00 - 14:30 | The Dropping Elephant never dropped Ye Jin (Kaspersky) | W3LL phishing kit – the tools, the criminal ecosystem, and the market impact Martijn van den Berk (Group-IB) | (Unless needed to replace a paper earlier on the programme) Silent whispers of malware: unveiling hidden threats in legitimate network traffic Royce (Chienhua) Lu (Palo Alto Networks) |
| 14:30 - 15:00 | Reinventing the steal: Arid Viper now with a Rusty flavour Matias Porolli (ESET) | Corporate users in the crosshairs as malvertising gains momentum again Jérôme Segura (Malwarebytes) | (Unless needed to replace a paper earlier on the programme) Infostealers: investigate the cybercrime threat in its ecosystem Pierre Le Bourhis & Livia Tibirna (Sekoia.io) |
| 15:00 - 15:30 | Tea/Coffee | ||
| 15:30 - 16:10 | Keynote address: The physics of information asymmetry Juan Andrés Guerrero-Saade (SentinelOne) (takes place in the Green room) |
||
| 16:10 - 16:20 | Conference closing session (takes place in the Green room) |
||
| 16:20 - 17:20 | Posters will be displayed throughout the day in the conference foyer, with a poster presentation session at the end of the day. | ||
Should these papers not be required to replace papers on the main programme, they will be presented in the Small Talks room on Friday 6 October.