Home 
Watch live 
Watch on demand 
Take a workshop 
Chat 
Contact us 
CTA TIPS 
QI-ANXIN Welcome to VB2021 localhost!
The 31st VB Conference is HERE - it’s free, it’s online and it’s packed with features.
Welcome to VB2021 localhost, the annual and world-renowned Virus Bulletin international conference gone virtual!
Like any VB conference, VB localhost features the latest and best research on malware, malicious actors and threat intelligence, but this time we bring you both live streamed and on-demand content, as well as the company of your fellow security researchers from around the world, in the comfort of your own home.
The live programme of the conference will be broadcast live from 16:00 to 20:30 UTC each day. You can join at any time, and re-watch, rewind or pause the live stream. Meanwhile, in the on-demand programme you will find a wide selection of presentations that you can watch at your leisure. This year we also bring you the option to take part in workshops, and our co-host, CTA, brings you 12 presentations in the Threat Intelligence Practitioners' Summit (TIPS).
What's more, you can join us and your fellow attendees on Discord for discussion, networking, QA and fun!
| CATEGORY | TIME (UTC) | TITLE | SPEAKER(S) |
|---|---|---|---|
Live Day 1 THURSDAY 07 OCTOBER |
16:00 UTC 16:30 UTC |
Keynote: Breaking down barriers: using an intelligence mindset no matter who you are | Katie Nickels (Red Canary) |
Live Day 1 THURSDAY 07 OCTOBER |
16:30 UTC 17:00 UTC |
Lyceum reborn: counterintelligence in the Middle East | Aseel Kayal (Kaspersky), Mark Lechtik (Kaspersky) & Paul Rascagneres (Kaspersky) |
Live Day 1 THURSDAY 07 OCTOBER |
17:00 UTC 17:30 UTC |
Hackers-for-hire in West Africa: a threat actor spreads its wings | Donncha Ó Cearbhaill (Amnesty International) |
Live Day 1 THURSDAY 07 OCTOBER |
17:45 UTC 18:15 UTC |
How CARBON SPIDER embraced ransomware | Eric Loui (CrowdStrike) & Joshua Reynolds (CrowdStrike) |
Live Day 1 THURSDAY 07 OCTOBER |
18:15 UTC 18:45 UTC |
Back to Black(Tech): an analysis of recent BlackTech operations and an open directory full of exploits | Sveva Vittoria Scenarelli (PwC) & Adam Prescott (PwC) |
Live Day 1 THURSDAY 07 OCTOBER |
19:00 UTC 19:30 UTC |
Breaking modern software protectors through exploitation | Nino Isakovic (Microsoft) & Dart Torstino (Microsoft) |
Live Day 1 THURSDAY 07 OCTOBER |
19:30 UTC 20:00 UTC |
Reversing Go binaries with Ghidra | Dorka Palotay (CUJO AI) & Albert Zsigovits (CUJO AI) |
Live Day 1 THURSDAY 07 OCTOBER |
20:00 UTC 20:30 UTC |
“Fool Us!”, or is it “Us Fools!”? … 11 “Fools” years later… | Righard Zwienenberg (ESET) & Eddy Willems (G DATA) |
Live Day 2 FRIDAY 08 OCTOBER |
16:00 UTC 16:30 UTC |
What cyber threat intelligence analysts can learn from Sherlock Holmes | Selena Larson (Proofpoint) |
Live Day 2 FRIDAY 08 OCTOBER |
16:30 UTC 17:00 UTC |
Who owns your hybrid Active Directory? Hunting for adversary techniques! | Thirumalai Natarajan Muthiah (Mandiant Consulting) & Anurag Khanna (CrowdStrike Services) |
Live Day 2 FRIDAY 08 OCTOBER |
17:00 UTC 17:30 UTC |
Multi-universe of adversary: multiple campaigns of the Lazarus group and their connections | Seongsu Park (Kaspersky) |
Live Day 2 FRIDAY 08 OCTOBER |
17:45 UTC 18:15 UTC |
Anatomy of native IIS malware | Zuzana Hromcová (ESET) |
Live Day 2 FRIDAY 08 OCTOBER |
18:15 UTC 18:45 UTC |
Meet Indra: uncovering the hackers behind attacks on Iran Railways | Itay Cohen (Check Point) & Alexandra Gofman (Check Point) |
Live Day 2 FRIDAY 08 OCTOBER |
19:00 UTC 19:30 UTC |
NFT artists – a new prime target for cryptocurrency cybercrime? | Abril Rozwadowsky (Deloitte) |
Live Day 2 FRIDAY 08 OCTOBER |
19:30 UTC 20:00 UTC |
Mitigating exploits using Apple’s Endpoint Security | Csaba Fitzl (Offensive Security) |
Live Day 2 FRIDAY 08 OCTOBER |
20:00 UTC 20:30 UTC |
Arm’d and dangerous | Patrick Wardle (Objective-See) |
On demand |
A deep dive into Water Roc, one of the most relentless ransomware groups | Feike Hacquebord (Trend Micro), Fernando Merčes (Trend Micro) & Ian Kenefick (Trend Micro) | |
On demand |
A detailed analysis of a new version of Darkside ransomware (v. 2.1.2.3) | Vlad Pasca (LIFARS) | |
On demand |
All roads lead to Rome: the Conti manual leak dissection | Gabriela Nicolao (Deloitte) & Luciano Martins (Deloitte) | |
On demand |
Android stalkerware: hunting automation, analysis and detection | Shankar Raman Ravindran (NortonLifeLock) | |
On demand |
Bugs in malware – uncovering vulnerabilities found in malware payloads | Nirmal Singh (Zscaler) & Uday Pratap Singh (Zscaler) | |
On demand |
CTO (Call Tree Overviewer): yet another function call tree viewer | Hiroshi Suzuki (Internet Initiative Japan) | |
On demand |
Endpoint security checkbox: a stealthy approach to cyberdefence | Nathaniel Adewole (Esentry System) | |
On demand |
Evolution after prosecution: Psychedelic APT41 | Aragorn Tseng (TeamT5), Charles Li (TeamT5), Peter Syu (TeamT5) & Tom Lai (TeamT5) | |
On demand |
From match fixing to data exfiltration – a story of Messaging as a Service (MaaS) | Robert Neumann (Acronis) & Gergely Eberhardt (Search-Lab) | |
On demand |
Hunting web skimmers with VirusTotal and YARA | Jérôme Segura (Malwarebytes) | |
On demand |
Introducing subCrawl – a framework for the analysis and clustering of hacking tools found using open directories | Josh Stroschein (Independent researcher), Patrick Schläpfer (HP) & Alex Holland (HP) | |
On demand |
LazyScripter: from Empire to double RAT | Hossein Jazi (Malwarebytes) | |
On demand |
Operation Bookcodes – targeting South Korea | Tae-woo Lee (Korea Internet & Security Agency), Dongwook Kim (Korea Internet & Security Agency) & Byeongjae Kim (Korea Internet & Security Agency) | |
On demand |
Operation Newton: Hi Kimsuky? Did an Apple(seed) really fall on Newton’s head? | Jaeki Kim (S2W), Sojun Ryu (S2W) & Kyoung-ju Kwak (S2W) | |
On demand |
Pay2Key – the newly discovered ransomware traced all the way to Iran | Gil Mansharov (Check Point) & Ben Herzog (Check Point) | |
On demand |
Ransomware: a correlation between infection vectors and victims | Doina Cosovan (Security Scorecard), Cătălin Liță (Security Scorecard), Jue Mo (Security Scorecard) & Ryan Sherstobitoff (Security Scorecard) | |
On demand |
Reverse Android malware like a Jedi Master | Axelle Apvrille (Fortinet) | |
On demand |
Sandworm: reading the indictment between the lines | Anton Cherepanov (ESET) & Robert Lipovsky (ESET) | |
On demand |
Security: the hidden cost of Android stalkerware | Lukas Štefanko (ESET) | |
On demand |
Shades of Red: RedXOR Linux backdoor and its Chinese origins | Avigayil Mechtinger (Intezer) & Joakim Kennedy (Intezer) | |
On demand |
ShadowPad: the masterpiece of privately sold malware in Chinese espionage | Yi-Jhen Hsieh (SentinelOne) & Joey Chen (SentinelOne) | |
On demand |
STK, A-OK? Stopping messaging attacks on vulnerable SIMs | Cathal Mc Daid (AdaptiveMobile Security) | |
On demand |
The ‘ghost hand’ attack | Fabio Marenghi (Kaspersky) & Fabio Assolini (Kaspersky) | |
On demand |
The baffling Berserk Bear: a decade’s activity targeting critical infrastructure | Joe Slowik (Gigamon) | |
On demand |
The keksec’s botnets we observed in the past year | Ye Jin (Qihoo 360) & Lingming Tu (Qihoo 360) | |
On demand |
Threat hunting: from SolarWinds to Hafnium APT | Niv Yona (Cybereason) & Eli Salem (Cybereason) | |
On demand |
UNC788: Iran’s decade of credential harvesting and surveillance operations | Emiel Haeghebaert (FireEye) | |
On demand |
Uncovering automatic Obfuscation-as-a-Service for malicious Android applications | Masarah Paquet-Clouston (GoSecure), Vit Sembera (Trend Micro), Sebastian Garcia (Stratosphere Laboratory) & Maria Jose Erquiaga (Cisco Systems) | |
On demand |
When malware changed its mind: an empirical study of variable program behaviours in the real world | Erin Avllazagaj (University of Maryland, College Park), Ziyun Zhu (Facebook), Leyla Bilge (NortonLifeLock Research Group), Davide Balzarotti (EURECOM) & Tudor Dumitras (University of Maryland, College Park) | |
On demand |
Where is the cuckoo egg? | Ryuichi Tanabe (NTT Security (Japan) KK), Hajime Takai (NTT Security (Japan) KK) & Rintaro Koike (NTT Security (Japan) KK) | |
On demand |
Your five most critical M365 vulnerabilities revealed and how to fix them (Partner Content) | Andy Syrewicze (Hornetsecurity) | |
Threat Intelligence Practitioners' Summit |
TIPS#1 Keynote: The Community Effect | Samantha Madrid (Juniper) | |
Threat Intelligence Practitioners' Summit |
TIPS#2 Now you see me, now you don’t | Jonas Walker (Fortinet) | |
Threat Intelligence Practitioners' Summit |
TIPS#3 Operation Diànxùn: a cyberespionage campaign targeting telecommunication companies | Thibault Seret (McAfee) & Thomas Roccia (McAfee) | |
Threat Intelligence Practitioners' Summit |
TIPS#4 Panel: A tale of two companies | Kathi Whitbey (Palo Alto Networks), Righard Zwienenberg (ESET), Noortje Henrichs (Netherlands NCSC) & Derek Manky (Fortinet) | |
Threat Intelligence Practitioners' Summit |
TIPS#5 Ransomware and working with the FBI | Grace Pagan (FBI) & Dave Eisenreich (FBI) | |
Threat Intelligence Practitioners' Summit |
TIPS#6 The use of dark patterns and psychological tricks in Android malware | Anish Patil (SonicWall) | |
Threat Intelligence Practitioners' Summit |
TIPS#7 Incident response with an XDR | Jerome Athias (TEHTRIS) | |
Threat Intelligence Practitioners' Summit |
TIPS#8 Where’s your data? Ransomware: protecting your ICS environment | Kyle O'Meara (Dragos) & Anna Skelton (Dragos) | |
Threat Intelligence Practitioners' Summit |
TIPS#9 Fireside chat: Good times, bad times, you know I’ve had my share: resilience in today’s ever-evolving cybersecurity landscape | Kathi Whitbey (Palo Alto Networks), Angie Wilson (Microsoft), Selena Larson (Proofpoint) & Jeannette Jarvis (Cyber Threat Alliance) | |
Threat Intelligence Practitioners' Summit |
TIPS#10 Peak Analyzer: an automated malware campaign detector | Jason Zhang (VMware), Stefano Ortolani (VMware) & Giovanni Vigna (VMware) | |
Threat Intelligence Practitioners' Summit |
TIPS#11 New PlugX Fingerprint-THOR | Mike Harbison (Unit 42 Threat Intelligence, Palo Alto Networks) | |
Threat Intelligence Practitioners' Summit |
TIPS#12 Keynote: Learning from failure: ransomware and future conflicts | Matt Olney (Cisco) |
Day 1
16:00-16:30 UTC
Katie Nickels (Red Canary)
Day 1
16:30-17:00 UTC
Aseel Kayal (Kaspersky), Mark Lechtik (Kaspersky) & Paul Rascagneres (Kaspersky)
Day 1
17:00-17:30 UTC
Donncha Ó Cearbhaill (Amnesty International)
Day 1
17:45-18:15 UTC
Eric Loui (CrowdStrike) & Joshua Reynolds (CrowdStrike)
Day 1
18:15-18:45 UTC
Sveva Vittoria Scenarelli (PwC) & Adam Prescott (PwC)
Day 1
19:00-19:30 UTC
Nino Isakovic (Microsoft) & Dart Torstino (Microsoft)
Day 1
19:30-20:00 UTC
Dorka Palotay (CUJO AI) & Albert Zsigovits (CUJO AI)
Day 1
20:00-20:30 UTC
Righard Zwienenberg (ESET) & Eddy Willems (G DATA)
Day 2
16:00-16:30 UTC
Selena Larson (Proofpoint)
Day 2
16:30-17:00 UTC
Thirumalai Natarajan Muthiah (Mandiant Consulting) & Anurag Khanna (CrowdStrike Services)
Day 2
17:00-17:30 UTC
Seongsu Park (Kaspersky)
Day 2
18:15-18:45 UTC
Itay Cohen (Check Point) & Alexandra Gofman (Check Point)
Day 2
19:00-19:30 UTC
Abril Rozwadowsky (Deloitte)
Day 2
19:30-20:00 UTC
Csaba Fitzl (Offensive Security)
On demand
Feike Hacquebord (Trend Micro), Fernando Merčes (Trend Micro) & Ian Kenefick (Trend Micro)
On demand
Vlad Pasca (LIFARS)
On demand
Gabriela Nicolao (Deloitte) & Luciano Martins (Deloitte)
On demand
Shankar Raman Ravindran (NortonLifeLock)
On demand
Nirmal Singh (Zscaler) & Uday Pratap Singh (Zscaler)
On demand
Hiroshi Suzuki (Internet Initiative Japan)
On demand
Nathaniel Adewole (Esentry System)
On demand
Aragorn Tseng (TeamT5), Charles Li (TeamT5), Peter Syu (TeamT5) & Tom Lai (TeamT5)
On demand
Robert Neumann (Acronis) & Gergely Eberhardt (Search-Lab)
On demand
Josh Stroschein (Independent researcher), Patrick Schläpfer (HP) & Alex Holland (HP)
On demand
Tae-woo Lee (Korea Internet & Security Agency), Dongwook Kim (Korea Internet & Security Agency) & Byeongjae Kim (Korea Internet & Security Agency)
On demand
Jaeki Kim (S2W), Sojun Ryu (S2W) & Kyoung-ju Kwak (S2W)
On demand
Gil Mansharov (Check Point) & Ben Herzog (Check Point)
On demand
Doina Cosovan (Security Scorecard), Cătălin Liță (Security Scorecard), Jue Mo (Security Scorecard) & Ryan Sherstobitoff (Security Scorecard)
On demand
Anton Cherepanov (ESET) & Robert Lipovsky (ESET)
On demand
Avigayil Mechtinger (Intezer) & Joakim Kennedy (Intezer)
On demand
Yi-Jhen Hsieh (SentinelOne) & Joey Chen (SentinelOne)
On demand
Cathal Mc Daid (AdaptiveMobile Security)
On demand
Joe Slowik (Gigamon)
On demand
Ye Jin (Qihoo 360) & Lingming Tu (Qihoo 360)
On demand
Niv Yona (Cybereason) & Eli Salem (Cybereason)
On demand
Emiel Haeghebaert (FireEye)
On demand
Masarah Paquet-Clouston (GoSecure), Vit Sembera (Trend Micro), Sebastian Garcia (Stratosphere Laboratory) & Maria Jose Erquiaga (Cisco Systems)
On demand
Erin Avllazagaj (University of Maryland, College Park), Ziyun Zhu (Facebook), Leyla Bilge (NortonLifeLock Research Group), Davide Balzarotti (EURECOM) & Tudor Dumitras (University of Maryland, College Park)
On demand
Ryuichi Tanabe (NTT Security (Japan) KK), Hajime Takai (NTT Security (Japan) KK) & Rintaro Koike (NTT Security (Japan) KK)
On demand
Andy Syrewicze (Hornetsecurity)
Threat Intelligence Practitioners' Summit
Samantha Madrid (Juniper)
Threat Intelligence Practitioners' Summit
Jonas Walker (Fortinet)
Threat Intelligence Practitioners' Summit
Thibault Seret (McAfee) & Thomas Roccia (McAfee)
Threat Intelligence Practitioners' Summit
Kathi Whitbey (Palo Alto Networks), Righard Zwienenberg (ESET), Noortje Henrichs (Netherlands NCSC) & Derek Manky (Fortinet)
Threat Intelligence Practitioners' Summit
Grace Pagan (FBI) & Dave Eisenreich (FBI)
Threat Intelligence Practitioners' Summit
Anish Patil (SonicWall)
Threat Intelligence Practitioners' Summit
Jerome Athias (TEHTRIS)
Threat Intelligence Practitioners' Summit
Kyle O'Meara (Dragos) & Anna Skelton (Dragos)
Threat Intelligence Practitioners' Summit
Kathi Whitbey (Palo Alto Networks), Angie Wilson (Microsoft), Selena Larson (Proofpoint) & Jeannette Jarvis (Cyber Threat Alliance)
Threat Intelligence Practitioners' Summit
Jason Zhang (VMware), Stefano Ortolani (VMware) & Giovanni Vigna (VMware)
Threat Intelligence Practitioners' Summit
Mike Harbison (Unit 42 Threat Intelligence, Palo Alto Networks)
Threat Intelligence Practitioners' Summit
Matt Olney (Cisco)