Virus BulletinPalo Alto Networks' Mark Lim & Zong-Yu Wu present details - also presented at #VB2023 - of malware configuration extractors written in Python & designed to scan & extract configuration data from memory dumps associated with specific malware samples. https://unit42.paloaltonetworks.com/malware-configuration-extraction-techniques-guloader-redline-stealer/
In a paper also presented at #VB2023, Sekoia's Erwan Chevalier & Guillaume Couchard look into infection chains used by commodity malware and how generic detection rules can help in the fight against botnets. https://blog.sekoia.io/when-a-botnet-cries-detecting-botnet-infection-chains/
When a Botnet Cries: Detecting Botnet Infection Chains
Infection chains used by commodity malware are constantly evolving and use various tricks to bypass security measures and/or user awareness. BumbleBee, QNAPWorm, IcedID and Qakbot are all often used as first-stage malicious code, allowing other more specific payloads to be dropped. The following paper was submitted and presented by Erwan Chevalier and Guillaume Couchard (Threat […]
Chester Wisniewski 🇨🇦A conversation on the non-technical options we have to rein in ransomware operators from Virus Bulletin in October #vb2023 with Paul Ducklin (Ind), Samir Mody (K7), Kathi Whitbey (Palo Alto) and Kathryn Sherman (FBI) and moderated by moi. #InfoSec #Ransomware https://www.youtube.com/watch?v=qQu9Pwh1ABc
Panel discussion: Addressing the ransomware threat from outside the lab Chester Wisniewski et al.
Newly released: recording of Martijn van den Berk's #VB2023 presentation "W3LL phishing kit – the tools, the criminal ecosystem, and the market impact". Watch out for more VB2023 presentations being released on our YouTube channel in the coming days. https://www.youtube.com/watch?v=tQY6vXPNcw4
W3LL phishing kit – the tools, the criminal ecosystem, and the market impact - Martijn van den Berk
Newly released: recording of Jiří Vinopal's #VB2023 presentation "R2R stomping – are you ready to run". Watch out for more VB2023 presentations being released on our YouTube channel in the coming days. https://www.youtube.com/watch?v=clD1dXENeAo
R2R stomping – are you ready to run - Jiří Vinopal (Check Point Research)
Newly released: recording of Daniel Plohmann's #VB2023 presentation on applied one-to-many code similarity analysis using MCRIT. Watch out for more VB2023 presentations being released on our YouTube channel in the coming days. https://www.youtube.com/watch?v=CMu1r5IhpYE
Applied one-to-many code similarity analysis using MCRIT - Daniel Plohmann (Fraunhofer FKIE)
Newly released: recording of Itay Cohen's #VB2023 presentation "The Dragon who sold his Camaro reversing a custom router implant", in which he presents details of the reverse engineering process for the “Horse Shell” router implant. Watch out for more VB2023 presentations being released on our YouTube channel in the coming days. https://www.youtube.com/watch?v=7fzR7eWYxsc
The Dragon who sold his Camaro reversing a custom router implant - Itay Cohen (Check Point)
Newly released: recording of Samir Mody & Hariharan S's #VB2023 presentation on exploring the efficacy of community-driven TI: a real world approach. Watch out for more VB2023 presentations being released on our YouTube channel in the coming days. https://www.youtube.com/watch?v=RJf2MHQUES8
Exploring the efficacy of community-driven TI: a real world approach - Samir Mody & Hariharan S (K7)
Newly released: recording of Chris Boyd's #VB2023 presentation on the history & tactics of visa-centric scams in search, spam, & social apps. Watch out for more VB2023 presentations being released on our YouTube channel in the coming days. https://www.youtube.com/watch?v=rLDcKHsvXOY
The history & tactics of visa-centric scams in search, spam, & social apps Chris Boyd (Malwarebytes)
Newly released: recording of Alexander Adamov's #VB2023 presentation on Turla and Sandworm come filelessly. Watch out for more VB2023 presentations being released in the coming days on our YouTube channel! https://www.youtube.com/watch?v=4GxKiFIOohA
