Please check here for any updates to the programme.
| Time | Green room | Red room |
Foyer |
| 10:40 - 10:50 |
Opening address |
Posters will be displayed in the conference foyer, with a poster presentation session at the end of the day | |
| 10:50 - 11:30 | Keynote address: Why are you telling me this? Hakan Tanriverdi (Bayerischer Rundfunk) | ||
| 11:30 - 12:00 | The threat is stronger than the execution: the realities of hacktivism in the 2020s Blake Djavaherian (Mandiant) | ||
| 12:00 - 12:30 | Uncovering a broad criminal ecosystem powered by one of the largest botnets, Glupteba Luca Nagy (Google) | PARTNER PRESENTATION: Building resilience through threat intelligence Cristina Vatamanu (Bitdefender) | |
| 12:30 - 14:00 | Lunch | ||
| 14:00 - 14:30 | Zeroing in on XENOTIME: analysis of the entities responsible for the Triton event Joe Slowik (Gigamon) | ||
| 14:30 - 15:00 | Prilex: the pricey prickle credit card complex Kaspersky researchers | ||
| 15:00 - 15:30 | Not Safe for Windows (NSFW): a China-based threat with a lot to say Jono Davis (PwC) | ||
| 15:30 - 16:00 | Tea/Coffee | ||
| 16:00 - 16:30 | Exploit archaeology: a forensic history of in-the-wild NSO Group exploits Donncha Ó Cearbhaill (Amnesty International) & Bill Marczak (Citizen Lab) | ||
| 16:30 - 17:00 | You OTA know: combating malicious Android system updaters Łukasz Siewierski & Alec Guertin (Google) | ||
| 17:00 - 17:30 | Hunting the Android/BianLian botnet Axelle Apvrille (Fortinet) | ||
| 17:30 - 18:30 | Poster presentations | ||
| 19:30 - 21:00 | VB2022 drinks reception | ||
| Time | Green room | Red room (Threat Intelligence Practitioners' Summit) |
Foyer |
| 09:00 - 09:30 | REMOTE PRESENTATION: EvilPlayout: attack against Iran’s state TV and radio broadcaster Alexandra Gofman, Israel Gubi & Itay Cohen (Check Point) |
CTA Threat Intelligence Practitioners' Summit: Welcome address Michael Daniel (Cyber Threat Alliance) followed by Keynote: ''What if?" Jaya Baloo (Avast) |
Posters will be displayed in the conference foyer, with a poster presentation session at the end of the day |
| 09:30 - 10:00 | Russian wipers in the cyberwar against Ukraine Alexander Adamov (NioGuard Security Lab) | CTA Threat Intelligence Practitioners' Summit: Finding IOCs in unexpected places John Alexander (Mayo Clinic) | |
| 10:00 - 10:30 | REMOTE PRESENTATION: The long arm of the prisoner: social engineering from Kenyan prisons Patricia Musomba & Tim Dagori (iHub) | CTA Threat Intelligence Practitioners' Summit: Threat intelligence sharing in practice – lessons learned from the Cyber Threat Alliance Neil Jenkins (CTA) | |
| 10:30 - 11:00 | Tea/Coffee | ||
| 11:00 - 11:30 | War of the worlds: a study in a ransomware IR learnings & victories Peter Kruse & Jan Kaastrup (CSIS Security Group) | CTA Threat Intelligence Practitioners' Summit: Panel: A Vulcan mindmeld: from your mind to my mind Kathi Whitbey (Palo Alto Networks), Righard Zwienenberg (ESET), Noortje Henrichs (Netherlands NCSC) & Derek Manky (Fortinet) | |
| 11:30 - 12:00 | Creepy things that glow in the dark: a deep look at POLONIUM's undocumented tools Matias Porolli (ESET), Robert Lipovsky (ESET) | CTA Threat Intelligence Practitioners' Summit: Exploiting COVID-19: how threat actors hijacked a pandemic Selena Larson & Daniel Blackford (Proofpoint) | |
| 12:00 - 12:30 | Script kiddy on the deep & dark web: looks serious? But empty suit! Dasom Kim, Yeonghyeon Jeong, Yujin Lee & Jeongyeon Lim (S2W) | CTA Threat Intelligence Practitioners' Summit: From threat intelligence to active defence based on Industroyer.V2 Gergely (Geri) Revay (Fortinet) | |
| 12:30 - 14:00 | Lunch | ||
| 14:00 - 14:30 | SHAREM: shellcode analysis framework with emulation, a disassembler, and timeless debugging Bramwell Brizendine (University of Alabama in Huntsville), Jason Hince, Austin Babcock, Tarek Abdelmotaleb, Sascha Walker & Shelby VandenHoek (VERONA Lab) | CTA Threat Intelligence Practitioners' Summit: Fireside chat: IMAGINE - changing the narrative in threat intelligence collaboration Kathi Whitbey (Palo Alto Networks), Nicole Samantha van der Meulen (Europol), Selena Larson (Proofpoint) & Jeannette Jarvis (Cyber Threat Alliance) | |
| 14:30 - 15:00 | Combating control flow flattening in .NET malware Georgy Kucherin (Kaspersky) | CTA Threat Intelligence Practitioners' Summit: Enhanced CTI with runtime memory forensics Michael Gorelik (Morphisec) | |
| 15:00 - 15:30 | (Encryption) time flies when you're having fun: the case of the exotic BlackCat ransomware Aleksandar Milenkoski (Cybereason) | CTA Threat Intelligence Practitioners' Summit: Tips for vetting and generating value in automated TI Samir Mody (K7) | |
| 15:30 - 16:00 | Tea/Coffee | ||
| 16:00 - 16:30 | Sha Zhu Pan: cocktail of cryptocurrency, social engineering and fake apps targeting Android and iPhone users Jagadeesh Chandraiah & Xinran Wu (Sophos) | CTA Threat Intelligence Practitioners' Summit: Closing keynote Michael Daniel (Cyber Threat Alliance) | |
| 16:30 - 17:00 | Web3 + scams = it's a match! Zoltan Balazs (CUJO AI) | ||
| 17:00 - 18:00 | Poster presentations | ||
| 19:30 - 23:00 | VB2022 gala dinner | ||
| Time | Green room | Red room |
Foyer |
| 09:00 - 09:30 | REMOTE PRESENTATION: The ATT&CK DarkHotel playbook: hunt and breach & attack simulation Shengbin Bao (Zhongfu Info) | Good-bye macros: peeking into a threat landscape without Office macros Hossein Jazi (Malwarebytes) | Posters will be displayed in the conference foyer, with a poster presentation session at the end of the day |
| 09:30 - 10:00 | Operation Dragon Castling: suspected APT group hijacks WPS Office updater to target East Asian betting companies Luigino Camastra & Igor Morgenstern (Avast) | Keeping up with the Emotets: configuration extraction and analysis Jason Zhang, Oleg Boyarchuk & Stefano Ortolani (VMware) | |
| 10:00 - 10:30 | Lessons learned from six Lapsus$ incident (responses) Gabriela Nicolao & Santiago Abastante (Deloitte) | ||
| 10:30 - 11:00 | Tea/Coffee | ||
| 11:00 - 11:30 | Your own personal Panda: inside the CVE-2022-1040 attack Andrew Brandt (Sophos) | WORKSHOP: Modern threat hunting presented by Fernando Diaz Urbano, VirusTotal | |
| 11:30 - 12:00 | ScarCruft's information-gathering activities Tae-woo Lee, Dongwook Kim & Seulgi Lee (Korea Internet & Security Agency (KrCert/CC)) | ||
| 12:00 - 12:30 | Operation MINAZUKI: underwater invasive espionage Yoshihiro Ishikawa & Takuma Matsumoto (LAC) | ||
| 12:30 - 14:00 | Lunch | ||
| 14:00 - 14:30 | Unmasking WindTape Patrick Wardle (Objective-See) | The impact of mobile networks on the 2022 Russian invasion of Ukraine Cathal Mc Daid (Enea AdaptiveMobile Security) | |
| 14:30 - 15:00 | Tracking the entire iceberg - long-term APT malware C2 protocol emulation and scanning Takahiro Haruyama (VMware) | An inconvenient truth about Apple security updates Joshua Long (Intego) | |
| 15:00 - 15:30 | Tea/Coffee | ||
| 15:30 - 16:00 | Lazarus & BYOVD: evil to the Windows core Peter Kalnai & Matěj Havránek (ESET) | ||
| 16:00 - 16:20 | Conference closing session Jan Hruska Co-founder, Virus Bulletin |
||
| 16:20 - 17:20 | Poster presentations | ||