Welcome to VB2020 localhost!
The 30th VB Conference is HERE - it’s free, it’s online and it’s packed with features.
Welcome to VB2020 localhost, the annual and world-renowned Virus Bulletin international conference gone virtual!
Like any VB conference, VB localhost features the latest and best research on malware, malicious actors and threat intelligence, but this time we bring you both live streamed and on-demand content for 3 days, as well as the company of your fellow security researchers from around the world, in the comfort of your own home.
The live programme of the conference will be broadcast live from 16:00 to 20:00 UTC each day. You can join anytime, and re-watch, rewind or pause the live stream. Meanwhile, in the on-demand programme you will fine a wide selection of presentations that you can watch at your leisure, and our co-host, CTA, brings you eight presentations in the Threat Intelligence Practitioners' Summit (TIPS).
What's more, you can join us and your fellow attendees on Discord for discussion, networking, QA and fun!
CATEGORY | TIME (UTC) | TITLE | SPEAKER(S) |
---|---|---|---|
Live Day 1 WEDNESDAY 30 SEPTEMBER |
16:00 UTC 16:30 UTC |
A new Chinese APT ‘Evasive Panda’ group targets India and Hong Kong using a new variant of MgBot malware | Hossein Jazi (Malwarebytes) & Jérôme Segura (Malwarebytes) |
Live Day 1 WEDNESDAY 30 SEPTEMBER |
16:30 UTC 17:00 UTC |
The eye on the Nile: Egypt’s civil society under attack | Aseel Kayal (Check Point Software Technologies) |
Live Day 1 WEDNESDAY 30 SEPTEMBER |
17:00 UTC 17:30 UTC |
The fall of Domino – a preinstalled hostile downloader | Łukasz Siewierski (Google) |
Live Day 1 WEDNESDAY 30 SEPTEMBER |
17:45 UTC 18:15 UTC |
The days before R-Day: ransomware toolsets | Gabor Szappanos (Sophos) & Vikas Singh (Sophos) |
Live Day 1 WEDNESDAY 30 SEPTEMBER |
18:15 UTC 18:45 UTC |
To catch a Banshee: how Kimsuky’s tradecraft betrays its complementary campaigns and mission | Sveva Vittoria Scenarelli (PwC) |
Live Day 1 WEDNESDAY 30 SEPTEMBER |
19:00 UTC 19:30 UTC |
Attribution: a puzzle | Paul Rascagneres (Cisco Talos) & Vitor Ventura (Cisco Talos) |
Live Day 1 WEDNESDAY 30 SEPTEMBER |
19:30 UTC 20:00 UTC |
Why the security world should take stalkerware seriously | David Ruiz (Malwarebytes) |
Live Day 2 THURSDAY 01 OCTOBER |
16:00 UTC 16:30 UTC |
Hunting for Android 1-days: analysis of rooting ecosystem | Eugene Rodionov (Google), Richard Neal (Google) & Lin Chen (Google) |
Live Day 2 THURSDAY 01 OCTOBER |
16:30 UTC 17:00 UTC |
Who stole my 100,000 dollars’ worth of Bitcoin wallets – catch them all with new deceptive bait | Tan Kean Siong (The Honeynet Project) |
Live Day 2 THURSDAY 01 OCTOBER |
17:00 UTC 17:30 UTC |
SilentFade: unveiling Chinese malware abusing Facebook ad platform | Sanchit Karve (Facebook) & Jennifer Urgilez (Facebook) |
Live Day 2 THURSDAY 01 OCTOBER |
17:45 UTC 18:15 UTC |
LATAM financial cybercrime: competitors in crime sharing TTPs | Jakub Souček (ESET) & Martin Jirkal (ESET) |
Live Day 2 THURSDAY 01 OCTOBER |
18:15 UTC 18:45 UTC |
Hello from the OT side! | Daniel Kapellmann Zafra (FireEye) |
Live Day 2 THURSDAY 01 OCTOBER |
19:00 UTC 19:30 UTC |
Growth and commoditization of remote access trojans | Veronica Valeros (Czech Technical University in Prague) & Sebastian García (Czech Technical University in Prague) |
Live Day 2 THURSDAY 01 OCTOBER |
19:30 UTC 20:00 UTC |
A true virus on macOS | Patrick Wardle (Jamf) |
Live Day 3 FRIDAY 02 OCTOBER |
16:00 UTC 16:30 UTC |
Graphology of an exploit – hunting for exploits by looking for the author’s fingerprints | Itay Cohen (Check Point Research) & Eyal Itkin (Check Point Research) |
Live Day 3 FRIDAY 02 OCTOBER |
16:30 UTC 17:00 UTC |
ML Security Evasion Competition 2020 | Zoltan Balazs (CUJO AI) & Hyrum Anderson (Microsoft) |
Live Day 3 FRIDAY 02 OCTOBER |
17:00 UTC 17:30 UTC |
Hunting for malware with command line logging and process trees | Ivan Vanja Svajcer (Cisco Talos) |
Live Day 3 FRIDAY 02 OCTOBER |
17:45 UTC 18:15 UTC |
Tonto Team: exploring the TTPs of an advanced threat actor operating a large infrastructure | Daniel Lunghi (Trend Micro) & Jaromir Horejsi (Trend Micro) |
Live Day 3 FRIDAY 02 OCTOBER |
18:15 UTC 18:45 UTC |
XDSpy: stealing government secrets since 2011 | Matthieu Faou (ESET) & Francis Labelle (ESET) |
Live Day 3 FRIDAY 02 OCTOBER |
19:00 UTC 19:30 UTC |
InvisiMole: first-class persistence through second-class exploits | Zuzana Hromcová (ESET) |
Live Day 3 FRIDAY 02 OCTOBER |
19:30 UTC 20:00 UTC |
Clippy left some traces | Christiaan Beek (McAfee) |
On Demand |
2030: backcasting the potential rise and fall of cyber threat intelligence | Jamie Collier (FireEye) | |
On Demand |
A new open-source hypervisor-level malware monitoring and extraction system – current state and further challenges | Michał Leszczyński (CERT Polska) & Krzysztof Stopczański (CERT Polska (Former)) | |
On Demand |
Advanced Pasta Threat: mapping threat actor usage of open-source offensive security tools | Paul Litvak (Intezer) | |
On Demand |
Anchor, Bazar, and the Trickbot connection | Daniel Frank (Cybereason) & Lior Rochberger (Cybereason) | |
On Demand |
Another threat actor day… | Paul Jung (Excellium Services) | |
On Demand |
APT Hackers-for-Hire: Time to update your Threat Models (Partner Content) | Liviu Arsene (Bitdefender) & Andra Cazacu (Bitdefender) | |
On Demand |
Behind the Black Mirror: simulating attacks with mock C2 servers | Scott Knight (VMware) | |
On Demand |
Chasing the digital pirates: unveiling the container threats | Tejas Girme (Qualys) | |
On Demand |
Clandestine hunter: two strategies for supply chain attack | Byeongjae Kim (Korea Internet & Security Agency), Taewoo Lee (Korea Internet & Security Agency), Sojun Ryu (Korea Internet & Security Agency) & Dongwook Kim (Korea Internet & Security Agency) | |
On Demand |
Compromising IoT C&C panels for unearthing infections | Dr Aditya K. Sood (F5 Networks) & Rohit Bansal (SecNiche Security Labs) | |
On Demand |
Context-aware detection: the future of cybersecurity? | Rohit Satpathy (The PC Security Channel) | |
On Demand |
Dancing samba with Dolphins: tracking a Brazilian threat actor moving to Europe | Carlos Rubio (Blueliv) | |
On Demand |
Dissecting fleeceware apps: the million-dollar money-making machine in Android and iOS | Jagadeesh Chandraiah (Sophos) | |
On Demand |
Emerging trends in malware downloaders | Dr. Nirmal Singh (Zscaler), Deepen Desai (Zscaler) & Avinash Kumar (Zscaler) | |
On Demand |
Emissary (Pandas) in the Middle East | James Shank (Team Cymru) & Jacomo Piccolini (Team Cymru) | |
On Demand |
Evolution of Excel 4.0 macro weaponization | James Haughom (VMware), Stefano Ortolani (VMware) & Baibhav Singh (VMware) | |
On Demand |
Ghost Mach-O: an analysis of Lazarus’ Mac-malware innovations | Dinesh Devadoss (K7 Computing) | |
On Demand |
GuLoader? No, CloudEyE. Flattening the attack curve of the top malicious dropper | Alexey Bukhteyev (Check Point Software Technologies) & Arie Olshtein (Check Point Software Technologies) | |
On Demand |
Hidden risks of advertisements | Doina Cosovan (Security Scorecard) & Cătălin Liță (Security Scorecard) | |
On Demand |
Just-in-time deception to detect credential-stuffing bots | Abhishek Singh (Prismo Systems), Manish Sardiwal (Prismo Systems) & Ramesh Mani (Prismo Systems) | |
On Demand |
Lightweight emulation based IoC extraction for Gafgyt botnets | Ya Liu (Qihoo 360) | |
On Demand |
Like bees to a honeypot – a journey through honeypots | Matthias Meidinger (VMRay) | |
On Demand |
Most sophisticated technique of the year goes to… | Kalpesh Mantri (Quick Heal) | |
On Demand |
NetWalking on sunshine | Thibault Seret (McAfee) & Jeffrey Sman (McAfee) | |
On Demand |
One year later: challenges for young anti-malware products today | Sorin Mustaca (Endpoint Cybersecurity) | |
On Demand |
Operation LagTime IT: colourful Panda footprint | Fumio Ozawa (NTT Security), Shogo Hayashi (NTT Security) & Rintaro Koike (NTT Security) | |
On Demand |
Payment required: rare HTTP statuses and air-gaps avoidance from the authors of COMPFun | Denis Legezo (Kaspersky) | |
On Demand |
Ramsay: a cyber-espionage toolkit tailored for air-gapped networks | Ignacio Sanmillan (ESET) | |
On Demand |
She sells root shells by the C(++) shore | Costin Ionescu (Broadcom) | |
On Demand |
Standardized reporting with the Malware Behavior Catalog | Desiree Beck (MITRE) | |
On Demand |
Stealthy WastedLocker: eluding behaviour blockers, but not only | Alexander Adamov (NioGuard Security Lab) | |
On Demand |
TA505: attacking industries around the world | Minhee Lee (Financial Security Institute) & Daegyu Kang (Financial Security Institute) | |
On Demand |
Take care, spyware is slipping into your phones through Operation Poisoned News | Nelson William Gamazo Sanchez (Trend Micro), Lilang Wu (Trend Micro), Elliot Cao (Trend Micro) & Ecular Xu (Trend Micro) | |
On Demand |
The (f)utility of indicators | Gabriela Nicolao (Deloitte) | |
On Demand |
The NExt Big Sur(ge) on macOS | Abhijit Kulkarni (Incrux Technologies) & Prakash Jagdale (Incrux Technologies) | |
On Demand |
The rise of the info stealers | Shai Alfasi (Reason Security) & Dana Yosifovich (Reason Security) | |
On Demand |
Tracking rapid evolution? Copycat? Of an APT RAT in Asia | Hiroshi Takeuchi (Macnica Networks) | |
On Demand |
Transparency, trust and intention: what dismantling the heart of cyberattack public attribution reveals about warring minds | Monica Lopez (LPNP) | |
On Demand |
Unveiling the CryptoMimic | Hajime Takai (NTT Security), Shogo Hayashi (NTT Security) & Rintaro Koike (NTT Security) | |
TIPS |
TIPS #1 Opening Keynote: Collaborating with Competitors: A Better Strategy to Beat Adversaries | Joe Levy (Sophos) | |
TIPS |
TIPS #2 Business Email Compromise – Scalable Attribution Powering Industry and Law Enforcement Collaboration | Pete Renals (Palo Alto Networks) | |
TIPS |
TIPS #3 Creating Network Effects: Intelligence Sharing for Supply Chain Security | Andrea Little Limbago (Interos) | |
TIPS |
TIPS #4 Fireside Chat: Comfortably Numb | Kathi Whitbey (Palo Alto Networks), Jeannette Jarvis (CTA) & Selena Larson (Dragos) | |
TIPS |
TIPS #5 German Angst : Cybercrime Ecosystem in the DACH Region | Abdelkader Cornelius (Recorded Future) | |
TIPS |
TIPS #6 Panel: Flattening the Curve of Cyber-Risks | Kathi Whitbey (Palo Alto Networks), Derek Manky (Fortinet), Righard Zwienenberg (ESET) & Noortje Henrichs (NCSC) | |
TIPS |
TIPS #7 Ransomware Evolution in LATAM | Fernando Cajeme Acosta Zertuche (TELMEX Scitum) & Imelda Flores (TELMEX Scitum) | |
TIPS |
TIPS #8 Closing Keynote: Threatscaping like a CERT | Noortje Henrichs (NCSC) |