| Time | Green room | Red room |
Small Talks |
| 10:30 - 10:40 |
Opening address |
||
| 10:40 - 11:20 | Keynote, TBA (takes place in the Green room) |
||
| 11:20 - 11:50 | From code to crime: exploring threats in GitHub Codespaces Jaromir Horejsi & Nitesh Surana (Trend Micro) | Breaking boundaries: investigating vulnerable drivers and mitigating risks Jiří Vinopal (Check Point) | |
| 11:50 - 12:20 | Project 0xA11C: deoxidizing the Rust malware ecosystem Nicole Fishbein (Intezer) & Juan Andrés Guerrero-Saade (SentinelOne) | P-wave of malicious code signing Yuta Sawabe, Shogo Hayashi & Rintaro Koike (NTT Security Holdings) | |
| 12:20 - 14:00 | Lunch | ||
| 14:00 - 14:30 | Android Flutter malware Axelle Apvrille (Fortinet) | CrackedCantil: a malware symphony delivered by cracked software; performed by loaders, infostealers, ransomware, et al. Lena Yu (ANY.RUN) | |
| 14:30 - 15:00 | Supercharge your malware analysis workflow Kevin Hardy-Cooper & Ryan Samaaroo (Canadian Centre for Cyber Security) | Marketplace scams: neanderthals hunting mammoths with Telekopye Jakub Souček & Radek Jizba (ESET) | |
| 15:00 - 15:30 | Leveraging AI to enhance the capabilities of SHAREM Shellcode Analysis Framework Bramwell Brizendine (University of Alabama in Huntsville) | Dark deals: unveiling the underground market of exploits Anna Pavlovskaia & Vladislav Belousov (Kaspersky) | |
| 15:30 - 16:00 | Tea/Coffee | ||
| 16:00 - 16:30 | CeranaKeeper: a relentless shape-shifting group targeting Thailand Romain Dumont (ESET) | Last-minute paper, TBA | Workshop: Writing malware configuration parsers Mark Lim & Zong-Yu Wu (Palo Alto Networks) |
| 16:30 - 17:00 | Spot the difference: Earth Kasha's new LODEINFO campaign and the correlation analysis with APT10 umbrella Hiroaki Hara (Trend Micro) | Unveiling the dark side of set-top boxes: the Bigpanzi cybercrime syndicate Alex Turing (QI-ANXIN) | |
| 17:00 - 17:30 | Arming WinRAR: deep dive into APTs exploiting WinRAR's 0-day vulnerability – a SideCopy case study Sathwik Ram Prakki (Quick Heal) | Partner presentation, TBA | |
| 17:30 - 18:30 | Posters will be displayed throughout the day in the conference foyer, with a poster presentation session at the end of the day. | ||
| 19:30 - 21:00 | VB2024 drinks reception | ||
| Time | Green room | Red room |
Small Talks / Threat Intelligence Practitioners' Summit |
| 09:00 - 09:30 | Automatically detect and support against anti-debug with IDA/Ghidra to streamline debugging process Takahiro Takeda (LAC Corp) | Over the cassowary's nest – dissecting Turla's latest revision of the Kazuar backdoor Daniel Frank & Tom Fakterman (Palo Alto Networks) |
CTA Threat Intelligence Practitioners' Summit (session details TBA) |
| 09:30 - 10:00 | An open-source cloud DFIR kit – Dredge! Santiago Abastante (Solidarity Labs) | Cybercrime turned cyber espionage: the many faces of the RomCom group Vlad Stolyarov (Google TAG) & Dan Black (Google Cloud (Mandiant)) | CTA Threat Intelligence Practitioners' Summit (session details TBA) |
| 10:00 - 10:30 | Last-minute paper, TBA | Reviewing the 2022 KA-SAT incident & implications for distributed communication environments Joe Slowik (The MITRE Corporation) | CTA Threat Intelligence Practitioners' Summit (session details TBA) |
| 10:30 - 11:00 | Tea/Coffee | ||
| 11:00 - 11:30 | SPYDEALER used for mobile Chinese domestic surveillance Paul Rascagneres & Charles Gardner (Volexity) | Last-minute paper, TBA | CTA Threat Intelligence Practitioners' Summit (session details TBA) |
| 11:30 - 12:00 | Last-minute paper, TBA | Last-minute paper, TBA | CTA Threat Intelligence Practitioners' Summit (session details TBA) |
| 12:00 - 12:30 | Hospitals, airports and telcos – modern approach to attributing hacktivism attacks Itay Cohen (Check Point) | Modern-day witchcraft: a new breed of hybrid attacks by ransomware operators Vaibhav Deshmukh, Ashutosh Raina & Sudhanshu Dubey (Microsoft) | CTA Threat Intelligence Practitioners' Summit (session details TBA) |
| 12:30 - 14:00 | Lunch | ||
| 14:00 - 14:30 | Byteing back: detection, dissection and protection against macOS stealers Patrick Wardle (Objective-See) | Who plays on AZORult? An unknown attacker collects various data and spreads additional payloads with AZORult for around five years Masaki Kasuya (BlackBerry) | CTA Threat Intelligence Practitioners' Summit (session details TBA) |
| 14:30 - 15:00 | Sugarcoating KANDYKORN: a sweet dive into a sophisticated MacOS backdoor Salim Bitam (Elastic) | Ghosts from the past: become Gh0stbusters in 2024 Hiroshi Takeuchi (MACNICA) | CTA Threat Intelligence Practitioners' Summit (session details TBA) |
| 15:00 - 15:30 | Go-ing arsenal: a closer look at Kimsuky's Go strategic advancement Jiho Kim & Sebin Lee (S2W) | Last-minute paper, TBA |
CTA Threat Intelligence Practitioners' Summit (session details TBA) |
| 15:30 - 16:00 | Tea/Coffee | ||
| 16:00 - 16:30 | Last-minute paper, TBA | Partner presentation, TBA | CTA Threat Intelligence Practitioners' Summit (session details TBA) |
| 16:30 - 17:00 | A wild RAT appears: reversing DinodasRAT on Linux Anderson Leite & Fabio Marenghi (Kaspersky) | Partner presentation, TBA | CTA Threat Intelligence Practitioners' Summit (session details TBA) |
| 17:00 - 17:30 | CTA Threat Intelligence Practitioners' Summit (session details TBA) |
||
| 17:30 - 18:30 | Posters will be displayed throughout the day in the conference foyer, with a poster presentation session at the end of the day. | ||
| 19:30 - 23:00 | Pre-dinner drinks reception followed by VB2024 gala dinner & entertainment | ||
| Time | Green room | Red room |
Small Talks |
| 09:30 - 10:00 | Confronting the surge of macOS stealers in 2024 Kseniia Yamburh & Mykhailo Hrebeniuk (MacPaw (Moonlock Lab)) | How to hunt geopolitically driven Bitter APT operations Shengbin Bao (Zhongfu Info) | Unveiling shadows: key tactics for tracking cyber threat actors, attribution, and infrastructure analysis Hossein Jazi (Fortinet) |
| 10:00 - 10:30 | SO that looks suspicious: leveraging process memory and kernel/usermode probes to detect Shared Object injection at scale on Linux Daniel Jary | TA577 walked just past you: indirect syscalls in Pikabot Emre Güler (VMRay) | |
| 10:30 - 11:00 | Tea/Coffee | ||
| 11:00 - 11:30 | Shadow play: WildCard's malware campaigns amidst Israel-Hamas conflict Nicole Fishbein & Ryan Robinson (Intezer) | Last-minute paper, TBA | Extending STIX 2.1 to capture malware incidents Desiree Beck (MITRE) |
| 11:30 - 12:00 | Down the GRAYRABBIT hole – exposing UNC3569 and its mastermind Steve Su, Aragorn Tseng, Chi-Yu You & Cristiana Brafman Kittner (Google) | Multimodal AI: the sixth sense for cyber defence Younghoo Lee (Sophos) | |
| 12:00 - 12:30 | Last-minute paper, TBA | Last-minute paper, TBA | |
| 12:30 - 14:00 | Lunch | ||
| 14:00 - 14:30 | The Mask has been unmasked again Georgy Kucherin & Marc Rivero López (Kaspersky) | Code blue: energy Righard Zwienenberg & Josep Albors (ESET) | Reserve paper* |
| 14:30 - 15:00 | Don't be a PUP-pet: exposing pay-per-install networks Dmitrij Lenz (Google) & James Wyke (Google Cloud (Mandiant)) | Life and DEaTH: building detection, forensics, and intelligence at scale Selena Larson & Konstantin Klinger (Proofpoint) | Reserve paper* |
| 15:00 - 15:30 | Tea/Coffee | ||
| 15:30 - 16:10 | Keynote, TBA (takes place in the Green room) |
||
| 16:10 - 16:20 | Conference closing session (takes place in the Green room) |
||
| 16:20 - 17:20 | Posters will be displayed throughout the day in the conference foyer, with a poster presentation session at the end of the day. | ||
Should these papers not be required to replace papers on the main programme, they will be presented in the Small Talks room on Friday 4 October.