VB2014: more of the same, plus something a little different
Posted by Virus Bulletin on Dec 9, 2013
Hackers, network security researchers encouraged to submit abstracts for the conference.
The issuing of the call for papers for a VB conference is always an important event for us, but some changes to the conference format for VB2014 mean we are even more excited this year than usual.
As the threat landscape has evolved over the years (and the IT security industry with it), we have seen some of those changes reflected in the papers submitted for the VB conference.
The VB conference started in 1991 as a forum for the brains of the anti-virus industry to share their knowledge, and while its objectives remain the same today - to present factual information, demonstrate defensive procedures and discuss future developments and countermeasures - the topics covered have broadened over the years. Recently, VB conference delegates have heard talks on cyber terrorism, social engineering, network-level attacks and pentesting.
Virus Bulletin has always been about sharing knowledge and ideas and we feel that now is the time to broaden the scope of the VB conference a little further.
As usual, VB2014 will be a three-day conference with presentations running in two parallel streams. But whereas in previous years the streams were labelled as 'technical' and 'corporate', this time they will be split into themed sessions covering both traditional AV issues and some slightly broader aspects of IT security:
'Malware & botnets'
Those with an interest in the more traditional anti-malware topics will find plenty to interest them on the programme. In the stream dedicated to 'malware & botnets', presentations will analyse individual malware families and botnets, whether they target a single organization or anyone with a vulnerable device. Talks that take a more broader view and look, for instance, at malware infection rates or the threat landscape, will also fit into this stream.
'Anti-malware tools & methods'
We are proud to be part of an industry in which the sharing of defensive tools and methods among competitors has long been standard. Discussions of such tools and methods will fit within the 'anti-malware tools & methods' stream. Again, papers that take a broader view, for instance those on testing anti-malware solutions, will also be placed here.
The rise of mobile malware in recent years has led to an increase in interest in this topic. The 'mobile devices' stream is for papers on mobile malware and any other aspect of mobile security.
Spam & social networks'
Ten years after VB started to focus on spam, the majority of emails sent continue to be unsolicited, while the rise of social media has also made social networks a prime target for attackers. Papers on both subjects will fit in the 'spam & social networks' stream.
One of the new areas of focus for the conference is 'network security'. Whether you're worried about the NSA tapping your communications, or about large numbers of DNS responses being sent to DDoS your network, the security of Internet and intranet connections cannot be ignored. Among the topics that will fit into this stream are the security of IPv6, the use and abuse of privacy networks like Tor, network encryption, DNS security, DDoS attacks and more.
'Hacking & vulnerabilities'
Finally, we invite hackers and vulnerability researchers to submit papers for the 'hacking & vulnerabilities' stream. Have you been awarded a bug bounty? Have you done research into the vulnerability of medical devices or industrial control systems? Do you have an exciting pentesting story to tell, or one about how your responsible disclosure was received by the affected vendor? Have you hacked your way into an attacker's network to find out how it operates? Or can you demonstrate how vulnerable we all are to your hacking skills? This stream is for these topics.
Of course, we are aware that many presentations won't be 'boxed' so easily, and in the interest of accepting the most interesting and relevant papers we will always be flexible when it comes to assigning papers to the various streams. (So don't be discouraged from submitting an abstract if you don't feel that your paper fits into the streams listed.)
Finally, as in previous years, a section of the program will be set aside for last-minute papers - which will not be categorised in the same way, and which will not be selected until much closer to the conference, with the aim of being able to include much more up-to-the-minute material.
The full call for papers can be found here, and proposals for the conference can now be submitted. You have until 7 March 2014 to do so.
We are looking forward to receiving your abstracts - and to seeing you in Seattle.
Posted on 09 December 2013 by Martijn Grooten
A VB2019 paper by FireEye researcher Daniel Kapellmann Zafra explained how open source intelligence (OSINT) can be used to learn crucial details of the inner workings of many a system. Today we publish Daniel's paper and the recording of his…
Though active for not much longer than a year, GandCrab had been one of the most successful ransomware operations. In a paper presented at VB2019 in London, McAfee researchers John Fokker and Alexandre Mundo looked at the malware code, its evolution…
At VB2019 in London, Check Point researchers Aseel Kayal and Lotem Finkelstein presented a paper detailing an Iranian operation they named 'Domestic Kitten' that used Android apps for targeted surveillance. Today we publish their paper and the video…
At VB2019 in London, LINE's HeungSoo Kang explained how cryptocurrency exchanges had been attacked using Firefox zero-days. Today, we publish the video of his presentation.
In a paper presented at VB2019, Cisco Talos researchers Warren Mercer and Paul Rascagneres looked at two recent attacks against DNS infrastructure: DNSpionage and Sea Turtle. Today we publish their paper and the recording of their presentation.