VB2025
| Time | Green room |
Red room |
Small
Talks |
| 10:30 - 10:40 |
Conference opening session |
||
| 10:40 - 11:20 |
Opening keynote: Code Red: How KnowBe4 exposed a North Korean IT
infiltration scheme Martin
Kraemer (KnowBe4) (takes place in the Green room) |
||
| 11:20 - 11:50 | Silent killers: unmasking a large-scale legacy driver exploitation campaign Jiøí Vinopal (Check Point Research) | The attribution story of WhisperGate: an academic perspective Alexander (Oleksandr) Adamov (NioGuard, BTH, NURE) & Anders Carlsson (Blekinge Institute of Technology) | |
| 11:50 - 12:20 | Practical AWS antiforensics Santiago Abastante (SolidarityLabs) | The Wolf of Wall Steal: inside crypto traffer group operations Anna Pham (Huntress) & Joan Garcia (Universitat Politecnica de Valencia) | |
| 12:20 - 14:00 | Lunch | ||
| 14:00 - 14:30 | Demystifying the Playboy RaaS Gijs Rijnders (Dutch National Police) | Evading in plain sight: how adversaries beat user-mode protection engines for over a decade Omri Misgav (Independent researcher) | Collaborative response to emerging critical RCE vulnerabilities in exposed edge devices Piotr Kijewski (The Shadowserver Foundation) |
| 14:30 - 15:00 | From Latin America to the world: ransomware TTPs, prolonged intrusions, and regional adaptation Isabel Manjarrez (Kaspersky) | Invisible thieves in the front yard – from an advanced evasive edge-device attack to potential mitigation methods Ting-Wei Hsieh (CHT Security Co) | |
| 15:00 - 15:30 |
Google Calendar as C2 infrastructure: a China-nexus campaign with
stealthy tactics Tim
Chen & Still
Hsu (TeamT5) |
Goodbye loaders, hello RMM: the rise of legit software in ecrime campaigns Selena Larson & Ole Villadsen (Proofpoint) | |
| 15:30 - 16:00 | Tea/Coffee | ||
| 16:00 - 16:30 | Silent Lynx: uncovering a cyber espionage campaign in Central Asia Subhajeet Singha & Sathwik Ram Prakki (Seqrite Labs) | ClickFix: exploiting the clipboard for multi-stage payload delivery across OS platforms Prashant Tilekar (Forescout Technologies) | European PDNS readiness Viliam Peli & George Buhai (Whalebone) |
| 16:30 - 17:00 | Chinese APTs targeting semiconductor companies in South Asian countries Niranjan Jayanand & Deepak Nayak (CyberProof) | The dark prescription: inside the infrastructure of illegal online pharmacies Lubos Bever & Jan Rubín (Gen Digital) | |
| 17:00 - 17:30 |
Panel: Tales from the Old West Righard Zwienenberg (ESET), Jan
Hruska (Virus Bulletin), Pavel
Baudis (Gen Digital) & Tjark
Auerbach (Lakeside Quants) |
Unmasking the GrassCall campaign: the hackers behind job recruitment cyber scams Dixit Panchal & Soumen Burma (Quick Heal Technologies) | |
| 17:30 - 18:30 | Posters will be displayed throughout the day in the conference foyer, with a poster presentation session at the end of the day. | ||
| 19:30 - 21:00 | VB2025 drinks reception | ||
| Time | Green room |
Red room |
Threat Intelligence Practitioners' Summit |
| 09:00 - 09:30 | No payload for you: inside Sidewinder's selective exploitation strategy Eliad Kimhy & David Catalan (Acronis) | Attacker identity revealed: insights from rogue VMs & BYOVD in EDR evasion Navin Thomas, Renzon Cruz & Cuong Dinh (Palo Alto Networks) |
CTA Threat Intelligence
Practitioners' Summit: Welcome Michael
Daniel (Cyber Threat Alliance) Keynote: Actionable partnerships – is the game changing? Gonçalo Ribeiro (Europol - EC3) |
| 09:30 - 10:00 | Cracked by the GRU: how Russia’s notorious Sandworm unit weaponizes pirated software usage to target Ukraine Arda Büyükkaya (EclecticIQ) | Hunting potential C2 commands in Android malware via Smali string comparison and control flow analysis JunWei Song (Recorded Future) | CTA Threat Intelligence Practitioners' Summit: Smashing smishing by quashing quishing Andrew Brandt (Netcraft) |
| 10:00 - 10:30 | Exploiting compiler theory to automate the extraction of IOCs from JavaScript malware Matthew Nunes (PwC) | Vo1d rising: inside the botnet controlling 1.68 M+ Android TVs worldwide Alex Turing (QI-ANXIN) | CTA Threat Intelligence Practitioners' Summit: Needle in a dumpster: uncovering a hidden link of CL-CRI-1040 exploiting the ToolShell vulnerabilities Hiroaki Hara & Mark Lim (Palo Alto Networks) |
| 10:30 - 11:00 | Tea/Coffee | ||
| 11:00 - 11:30 | Arachnid alert: Latrodectus loader crawls through defences Albert Zsigovits (VMRay) | When avatars come alive: understanding hybrid threat actors Itay Cohen (Palo Alto Networks Unit 42) & Omer Benjakob (Haaretz) | CTA Threat Intelligence Practitioners' Summit: Diff'ing the light fantastic – tracking typosquatting and disinformation in a resource-constrained environment James Slaughter (Fortinet) |
| 11:30 - 12:00 | Inside Akira, ransomware's Rust experiment Ben Herzog (Check Point) | Rogue hirer, rogue hiree: workplace cyber threats to individuals and businesses Chris Boyd (Rapid7) | CTA Threat Intelligence Practitioners' Summit: How MITRE is AI, anyway? Samir Mody (K7 Computing) |
| 12:00 - 12:30 | CVE-2025-33053, Stealth Falcon and Horus: a saga of Middle Eastern cyber espionage Alexandra Gofman (Check Point) | You definitely don’t want to CopyPaste this: FakeCaptcha ecosystem Dmitrij Lenz & Roberto Dasilva (Google) | CTA Threat Intelligence Practitioners' Summit: Fireside chat: The tortured “cybersecurity” poets department Jeannette Jarvis (Cyber Threat Alliance), Kathi Whitbey (Palo Alto Networks Unit 42), Jeanette Miller (Dataminr), Selena Larson (Proofpoint) |
| 12:30 - 14:00 | Lunch | ||
| 14:00 - 14:30 | The Phantom Circuit: the Lazarus Group’s evolution in supply chain compromise Ryan Sherstobitoff (SecurityScorecard) | DocSwap: security app that steals your security HyeongJun Kim (S2W) | CTA Threat Intelligence Practitioners' Summit: Stop the flood: building a quality and trust-driven threat intelligence ecosystem Kihong Kim & SuhMahn Hur (SANDS Lab) |
| 14:30 - 15:00 | DeceptiveDevelopment and North Korean IT workers: from primitive crypto theft to sophisticated AI-based deception Matej Havranek & Peter Kálnai (ESET) | Inside Pandora's Box: dissecting the latest arsenal and tactics of APT27 Naoki Takayama (Internet Initiative Japan) | CTA Threat Intelligence Practitioners' Summit: Beyond machine translation: struggles and adaptations of North Korean IT workers in Japan's crowdsourcing market Yoshihiro Kori & Takahiro Kakumaru (NEC) |
| 15:00 - 15:30 | Unmasking MetaRAT: a new PlugX variant in China-linked APT operation Yoshihiro Ishikawa & Takuma Matsumoto (LAC) | PepsiDog: inside the rise of a professional Chinese phishing actor Stefan Tanase & Ionut Bucur (CSIS Security Group) | CTA Threat Intelligence Practitioners' Summit: Panel: The wheels on the CVE go round and round: breaking the cycle of vulnerability fatigue Righard Zwienenberg (ESET), Robin Staa (NCSC-NL), John Alexander (Independent researcher), Geri Revay (Fortinet) |
| 15:30 - 16:00 | Tea/Coffee | ||
| 16:00 - 16:30 | Deep dive into the abuse of DL APIs to create malicious AI models and how to detect them Mohamed Nabeel & Alex Starov (Palo Alto Networks) | The silent infiltration: darknet analysis of corporate data exposures in East Asia Eric Hsieh, Yuki Hung & Boik Su (CyCraft Technology) | CTA Threat Intelligence Practitioners' Summit: From clusters to actors: a practical threat actor attribution framework Kyle Wilhoit & Robert Falcone (Palo Alto Networks) |
| 16:30 - 17:00 |
Stealth over TLS: the emergence of ECH-based C&C in ECHidna malware Yuta Sawabe & Rintaro Koike (NTT Security Holdings) |
Shared secret: EDR killers in the kill chain Gabor Szappanos & Steeve Gaudreault (Sophos) | Measurement matters Michael Daniel (Cyber Threat Alliance) |
| 17:00 - 18:00 | Posters will be displayed throughout the day in the conference foyer, with a poster presentation session at the end of the day. | ||
| 19:30 - 23:00 | Pre-dinner drinks reception followed by VB2025 gala dinner & entertainment - featuring a unique mentalist blending mind reading with AI | ||
| Time | Green room |
Red room |
Small
Talks |
| 09:30 - 10:00 |
Tracking the IoT botnet's bloodline: code footprints don’t lie Chanbin Jeon, ChangGyun Kim & SeungBeom Lim (SANDS Lab) |
Prediction of future attack indicators based on the 2024 analysis of threats from malicious app distribution sites in South Korea Kyung Rae Noh (Korea Internet & Security Agency), Shinho Lee (Gachon University), Eui-Tak Kim (Gachon University), Yujin Shim (Korea Internet & Security Agency), Jonghwa Han (Korea Internet & Security Agency) & Jung-Sik Cho (Korea Internet & Security Agency) | |
| 10:00 - 10:30 | Unmasking the unseen: a deep dive into modern Linux rootkits and their detection Ruben Groenewoud & Remco Sprooten (Elastic) | Beyond the SERP: when black hat SEO campaigns evolve into a multi-faceted criminal threat Joey Chen (Cisco Talos) | |
| 10:30 - 11:00 | Tea/Coffee | ||
| 11:00 - 11:30 | Sophistication or missed opportunity? Analysing XE Group’s long-term exploitation of zero-days with limited impact Justin Lentz (Solis Security) & Nicole Fishbein (Intezer) | Boosting URL detection with syntactic features in spam emails Antonia Scherz (Net at Work) | Don’t fear journalists! Talk to me! Hacks, exploits & best practices for improving researcher-reporter ties Omer Benjakob (Haaretz) |
| 11:30 - 12:00 | Dissecting evil twin RATs: tracking the long-term use of TA410's FlowCloud toolset Hiroshi Takeuchi (MACNICA) | From billion queries to action: how DNS4EU transforms threat defence Sebastian Garcia & Tigran Oganesian (Czech Technical University) | |
| 12:00 - 12:30 | Intercepting entropy: hooking PRNG to recover ransomware encryption keys Raviv Rachmiel (Draastic) | Unmasking TAG-124: dissecting a prevalent traffic distribution system in the cybercriminal ecosystem Julian-Ferdinand Vögele (Recorded Future) | |
| 12:30 - 14:00 | Lunch | ||
| 14:00 - 14:30 | The Bitter end: unravelling 8 years of APT antics Abdallah Elshinbary (Threatray), Nick Attfield (Proofpoint), Konstantin Klinger (Proofpoint) & Jonas Wagner (Threatray) | Vietnamese hacking group: a rising of information-stealing campaigns going global Chetan Raghuprasad & Joey Chen (Cisco Talos) |
Binary facades: script extraction from compiled macOS malware Patrick Wardle (Objective-See) |
| 14:30 - 15:00 | Malicious GenAI Chrome extensions: unpacking data exfiltration and malicious behaviours Shresta B.Seetharam, Mohamed Nabeel & William Melicher (Palo Alto Networks) | Emmenhtal Loader: the silent enabler of modern malware campaigns Lovely Antonio, Ricardo Pineda & Louis Sorita (G Data AV Lab) | ScarCruft's new language: whispering in PubNub, crafting backdoor in Rust, striking with ransomware Jiho Kim & Jaeki Kim (S2W) |
| 15:00 - 15:30 | Tea/Coffee | ||
| 15:30 - 16:10 |
Closing keynote: Cybersecurity 2035: where will we be in 10 years'
time? Paul
Ducklin (Independent cybersecurity expert) (takes place in the Green room) |
||
| 16:10 - 16:20 |
Conference closing session (takes place in the Green room) |
||
| 16:20 - 17:20 | Posters will be displayed throughout the day in the conference foyer, with a poster presentation session at the end of the day. | ||