Pour la première fois, le CERT-XMCO est partenaire média de la conférence Virus Bulletin qui se déroulera sur trois jours du 2 au 4 Octobre 2019 au Novotel London West à Londres. Les conférences sont réparties sur 2 tracks techniques simultanées et une troisième réservée aux Small Talks.
Cette conférence réunit les principaux acteurs de la Threat Intelligence pour 3 jours d’échanges. De nombreuses thématiques seront abordées, allant des botnets à l’éthique, mais également la recherche autour d’APT ou de nouveaux outils.
Deux évènements seront également organisés afin de favoriser les contacts. Une première réception sera réalisée dans le centre de Londres, au bar The Anthologist offrant un contexte informel d’échange. Le second prendra la forme d’un diner organisé sur le lieu de la conférence le second jour de conférence.
[distance1]
Ci-dessous, quelques unes des principales conférences plannifiées :
[layerslider id= »1″]
[distance1]
La liste complète des conférences est disponible à l’adresse https://www.virusbulletin.com/conference/vb2019/programme/ et propose les sujets suivants :
Mercredi 2 octobre :
- Keynote address: Tales from the NCSC: the daily battle to defend a country in cyberspace
- A vine climbing over the Great Firewall: a long-term attack against China,
- An inside look at a cybercriminal investigation
- APT cases exploiting vulnerabilities in region-specific software,
- Inside Magecart: the history behind the covert card-skimming assault on the e-commerce industry,
- [Small Talk] RetroMal: analysing malware on the earliest computing platforms,
- Absolutely routed!! Why routers are the new bullseye in cyber attacks,
- Domestic Kitten: an Iranian surveillance program,
- Problem child: common patterns in malicious parent-child relationships,
- DNS on fire,
- A study of Machete cyber espionage operations in Latin America,
- [Small Talk] The AMTSO Standard and corporate security testing,
- Never before had Stierlitz been so close to failure, Sergei Shevchenko (Sophos)
- Operation Soft Cell – a worldwide campaign against telecommunication providers, Amit Serper & Mor Levi & Assaf Dahan (Cybereason)
- [Small Talk] Countering tech abuse together, Vyacheslav Zakorzhevsky (Kaspersky) & Rachel G. (National Network to End Domestic Violence)
- Static analysis methods for detection of Microsoft Office exploits, Chintan Shah (McAfee)
- Abusing third-party cloud services in targeted attacks, Daniel Lunghi & Jaromir Horejsi (Trend Micro)
- The push for increased surveillance from fiction and its impact on privacy, Miriam Cihodariu (Heimdal Security) & Andrei Bogdan Brad (Code4Romania)
- Fantastic information and where to find it: a guidebook to open-source OT reconnaissance, Daniel Kapellmann Zafra (FireEye)
Jeudi 3 octobre :
- Shinigami’s revenge: the long tail of Ryuk malware, Gabriela Nicolao & Luciano Martins (Deloitte)
- [Small Talk] Threat Intelligence Practitioners’ Summit – welcome & opening remarks followed by keynote: Fuelling AI with threat intelligence, Martijn Grooten (Virus Bulletin) & Mika Stahlberg (F-Secure)
- Defeating APT10 compiler-level obfuscations, Takahiro Haruyama (Carbon Black)
- [Small Talk] Panel: How can you operationalize threat intelligence?, Alex Hinchcliffe (Palo Alto Networks) & Selena Larson (Dragos) & Mark Kennedy (Symantec) & Pascal Geenens (Radware)
- Catch me if you can: detection of injection exploitation by validating query and API integrity, Abhishek Singh & Ramesh Mani (Prismo Systems)
- Keynote: Technical developments in sharing – a discussion of STIX 2.0 and MITRE’s ATT&CK Framework, Richard Struse (MITRE)
- Let’s translate firewall/endpoints for you: XAI on security products, Tongbo Luo & Jimmy Su (JD.com) & Kailiang Ying (Syracuse University) & Xinyu Ma (Flappypig Team) & Zhaoyan Xu (Palo Alto Networks)
- [Small Talk] Fireside chat: View from the C-Suite: How is the cybersecurity industry evolving?, Joe Levy & Andrew Brandt (Sophos)
- Webcam interception and protection in kernel mode in Windows (partner presentation), Michael Maltsev (Reason Cybersecurity)
- [Small Talk] Keynote: Nexus between OT and IT threat intelligence, Selena Larson (Dragos)
- The art of the cashout: the evolution of attacks on payment systems, Saher Naumaan (BAE Systems Applied Intelligence) & Irving Méreau (SWIFT)
- [Small Talk] Panel: Bursting the myths about threat intelligence sharing, Kathi Whitbey (Palo Alto Networks) & Orla Cox (Symantec) & Dan Saunders (NTT)
- Exploring Emotet, an elaborate everyday enigma, Luca Nagy (Sophos)
- [Small Talk] Keynote: Building secure sharing systems that treat humans as features not bugs, Andrea Limbago (Virtru)
- [Small Talk] Panel: Where is threat intelligence headed?, Derek Manky (Fortinet) & Samir Mody (K7 Computing) & Heather King (CTA)
- The cake is a lie! Uncovering the secret world of malware-like cheats in video games, Santiago Martin Pontiroli (Kaspersky Lab)
- Cyber espionage in the Middle East: unravelling OSX.WindTail, Patrick Wardle (Jamf)
- Oops! It happened again!, Righard Zwienenberg (ESET) & Eddy Willems (G DATA)
- Medical IoT for diabetes and cybercrime, Axelle Apvrille & Aamir Lakhani (Fortinet)
Vendredi 4 octobre
- 2,000 reactions to a malware attack – accidental study, Adam Haertle (BadCyber.com / ZaufanaTrzeciaStrona.pl)
- Play fuzzing machine – hunting iOS and macOS kernel vulnerabilities automatically and smartly, Lilang Wu & Moony Li (Trend Micro)
- [Small Talk] I’m not going to die during this conference call: reflections on availability and burnout, Jamie Tomasello (Duo Security)
- Attribution is in the object: using RTF object dimensions to track APT phishing weaponizers, Michael Raggi (Proofpoint) & Ghareeb Saad (Anomali)
- Rich headers: leveraging the mysterious artifact of the PE format, Peter Kalnai & Michal Poslusny (ESET)
- [Small Talk] Call the shots! Let’s fight crime together, Speaker TBA (NHTCU)
- Why companies need to focus on a problem they do not know they have, Richard Matti (NetClean)
- Geost botnet. The discovery story of a new Android banking trojan from an OpSec error, Sebastian Garcia (Czech Technical University in Prague) & Maria Jose Erquiaga (UNCUYO University) & Anna Shirokova (Avast)
- Joining forces: transforming the Industry through diversity and data, Kathleen Whitbey (Palo Alto Networks) & Heather King (Cyber Threat Alliance) & Jeannette Jarvis (Fortinet)
- Asterisk: a targeted VOIPspionage campaign, Lotem Finkelstein & Oded Awaskar (Check Point)
- Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation state adversary, Palo Alto Networks)
- We need to talk – opening a discussion about ethics in infosec, Ivan Kwiatkowski (Kaspersky Lab)
- Different ways to cook a Crab…, John Fokker & Alexandre Mundo (McAfee)
- King of the hill: nation-state counterintelligence for victim deconfliction, Juan Andres Guerrero-Saade (Chronicle)
- Keynote address: The security products we deserve, Haroon Meer & Adrian Sanabria (Thinkst)
[distance1]
Rendez-vous à cette adresse afin de réserver vos billets !
Vous retrouverez en suite sur notre blog un premier retour sur ces 3 jours de conférence. Enfin, un résumé plus complet sera disponible dans un prochain numéro de l’ActuSécu.