Welcome to the VB2021 conference!

Welcome to VB2021 localhost!

The 31st VB Conference is HERE - it’s free, it’s online and it’s packed with features.

Welcome to VB2021 localhost, the annual and world-renowned Virus Bulletin international conference gone virtual!

Like any VB conference, VB localhost features the latest and best research on malware, malicious actors and threat intelligence, but this time we bring you both live streamed and on-demand content, as well as the company of your fellow security researchers from around the world, in the comfort of your own home.

The live programme of the conference will be broadcast live from 16:00 to 20:30 UTC each day. You can join at any time, and re-watch, rewind or pause the live stream. Meanwhile, in the on-demand programme you will find a wide selection of presentations that you can watch at your leisure. This year we also bring you the option to take part in workshops, and our co-host, CTA, brings you 12 presentations in the Threat Intelligence Practitioners' Summit (TIPS).

What's more, you can join us and your fellow attendees on Discord for discussion, networking, QA and fun!

Programme
All Live Day 1 Live Day 2 On Demand TIPS
CATEGORY TIME (UTC) TITLE SPEAKER(S)
Live Day 1
THURSDAY 07 OCTOBER
16:00 UTC
16:30 UTC
Keynote: Breaking down barriers: using an intelligence mindset no matter who you are Katie Nickels (Red Canary)
Live Day 1
THURSDAY 07 OCTOBER
16:30 UTC
17:00 UTC
Lyceum reborn: counterintelligence in the Middle East Aseel Kayal (Kaspersky), Mark Lechtik (Kaspersky) & Paul Rascagneres (Kaspersky)
Live Day 1
THURSDAY 07 OCTOBER
17:00 UTC
17:30 UTC
Hackers-for-hire in West Africa: a threat actor spreads its wings Donncha Ó Cearbhaill (Amnesty International)
Live Day 1
THURSDAY 07 OCTOBER
17:45 UTC
18:15 UTC
How CARBON SPIDER embraced ransomware Eric Loui (CrowdStrike) & Joshua Reynolds (CrowdStrike)
Live Day 1
THURSDAY 07 OCTOBER
18:15 UTC
18:45 UTC
Back to Black(Tech): an analysis of recent BlackTech operations and an open directory full of exploits Sveva Vittoria Scenarelli (PwC) & Adam Prescott (PwC)
Live Day 1
THURSDAY 07 OCTOBER
19:00 UTC
19:30 UTC
Breaking modern software protectors through exploitation Nino Isakovic (Microsoft) & Dart Torstino (Microsoft)
Live Day 1
THURSDAY 07 OCTOBER
19:30 UTC
20:00 UTC
Reversing Go binaries with Ghidra Dorka Palotay (CUJO AI) & Albert Zsigovits (CUJO AI)
Live Day 1
THURSDAY 07 OCTOBER
20:00 UTC
20:30 UTC
“Fool Us!”, or is it “Us Fools!”? … 11 “Fools” years later… Righard Zwienenberg (ESET) & Eddy Willems (G DATA)
Live Day 2
FRIDAY 08 OCTOBER
16:00 UTC
16:30 UTC
What cyber threat intelligence analysts can learn from Sherlock Holmes Selena Larson (Proofpoint)
Live Day 2
FRIDAY 08 OCTOBER
16:30 UTC
17:00 UTC
Who owns your hybrid Active Directory? Hunting for adversary techniques! Thirumalai Natarajan Muthiah (Mandiant Consulting) & Anurag Khanna (CrowdStrike Services)
Live Day 2
FRIDAY 08 OCTOBER
17:00 UTC
17:30 UTC
Multi-universe of adversary: multiple campaigns of the Lazarus group and their connections Seongsu Park (Kaspersky)
Live Day 2
FRIDAY 08 OCTOBER
17:45 UTC
18:15 UTC
Anatomy of native IIS malware Zuzana Hromcová (ESET)
Live Day 2
FRIDAY 08 OCTOBER
18:15 UTC
18:45 UTC
Meet Indra: uncovering the hackers behind attacks on Iran Railways Itay Cohen (Check Point) & Alexandra Gofman (Check Point)
Live Day 2
FRIDAY 08 OCTOBER
19:00 UTC
19:30 UTC
NFT artists – a new prime target for cryptocurrency cybercrime? Abril Rozwadowsky (Deloitte)
Live Day 2
FRIDAY 08 OCTOBER
19:30 UTC
20:00 UTC
Mitigating exploits using Apple’s Endpoint Security Csaba Fitzl (Offensive Security)
Live Day 2
FRIDAY 08 OCTOBER
20:00 UTC
20:30 UTC
Arm’d and dangerous Patrick Wardle (Objective-See)
On demand
A deep dive into Water Roc, one of the most relentless ransomware groups Feike Hacquebord (Trend Micro), Fernando Merčes (Trend Micro) & Ian Kenefick (Trend Micro)
On demand
A detailed analysis of a new version of Darkside ransomware (v. 2.1.2.3) Vlad Pasca (LIFARS)
On demand
All roads lead to Rome: the Conti manual leak dissection Gabriela Nicolao (Deloitte) & Luciano Martins (Deloitte)
On demand
Android stalkerware: hunting automation, analysis and detection Shankar Raman Ravindran (NortonLifeLock)
On demand
Bugs in malware – uncovering vulnerabilities found in malware payloads Nirmal Singh (Zscaler) & Uday Pratap Singh (Zscaler)
On demand
CTO (Call Tree Overviewer): yet another function call tree viewer Hiroshi Suzuki (Internet Initiative Japan)
On demand
Endpoint security checkbox: a stealthy approach to cyberdefence Nathaniel Adewole (Esentry System)
On demand
Evolution after prosecution: Psychedelic APT41 Aragorn Tseng (TeamT5), Charles Li (TeamT5), Peter Syu (TeamT5) & Tom Lai (TeamT5)
On demand
From match fixing to data exfiltration – a story of Messaging as a Service (MaaS) Robert Neumann (Acronis) & Gergely Eberhardt (Search-Lab)
On demand
Hunting web skimmers with VirusTotal and YARA Jérôme Segura (Malwarebytes)
On demand
Introducing subCrawl – a framework for the analysis and clustering of hacking tools found using open directories Josh Stroschein (Independent researcher), Patrick Schläpfer (HP) & Alex Holland (HP)
On demand
LazyScripter: from Empire to double RAT Hossein Jazi (Malwarebytes)
On demand
Operation Bookcodes – targeting South Korea Tae-woo Lee (Korea Internet & Security Agency), Dongwook Kim (Korea Internet & Security Agency) & Byeongjae Kim (Korea Internet & Security Agency)
On demand
Operation Newton: Hi Kimsuky? Did an Apple(seed) really fall on Newton’s head? Jaeki Kim (S2W), Sojun Ryu (S2W) & Kyoung-ju Kwak (S2W)
On demand
Pay2Key – the newly discovered ransomware traced all the way to Iran Gil Mansharov (Check Point) & Ben Herzog (Check Point)
On demand
Ransomware: a correlation between infection vectors and victims Doina Cosovan (Security Scorecard), Cătălin Liță (Security Scorecard), Jue Mo (Security Scorecard) & Ryan Sherstobitoff (Security Scorecard)
On demand
Reverse Android malware like a Jedi Master Axelle Apvrille (Fortinet)
On demand
Sandworm: reading the indictment between the lines Anton Cherepanov (ESET) & Robert Lipovsky (ESET)
On demand
Security: the hidden cost of Android stalkerware Lukas Štefanko (ESET)
On demand
Shades of Red: RedXOR Linux backdoor and its Chinese origins Avigayil Mechtinger (Intezer) & Joakim Kennedy (Intezer)
On demand
ShadowPad: the masterpiece of privately sold malware in Chinese espionage Yi-Jhen Hsieh (SentinelOne) & Joey Chen (SentinelOne)
On demand
STK, A-OK? Stopping messaging attacks on vulnerable SIMs Cathal Mc Daid (AdaptiveMobile Security)
On demand
The ‘ghost hand’ attack Fabio Marenghi (Kaspersky) & Fabio Assolini (Kaspersky)
On demand
The baffling Berserk Bear: a decade’s activity targeting critical infrastructure Joe Slowik (Gigamon)
On demand
The keksec’s botnets we observed in the past year Ye Jin (Qihoo 360) & Lingming Tu (Qihoo 360)
On demand
Threat hunting: from SolarWinds to Hafnium APT Niv Yona (Cybereason) & Eli Salem (Cybereason)
On demand
UNC788: Iran’s decade of credential harvesting and surveillance operations Emiel Haeghebaert (FireEye)
On demand
Uncovering automatic Obfuscation-as-a-Service for malicious Android applications Masarah Paquet-Clouston (GoSecure), Vit Sembera (Trend Micro), Sebastian Garcia (Stratosphere Laboratory) & Maria Jose Erquiaga (Cisco Systems)
On demand
When malware changed its mind: an empirical study of variable program behaviours in the real world Erin Avllazagaj (University of Maryland, College Park), Ziyun Zhu (Facebook), Leyla Bilge (NortonLifeLock Research Group), Davide Balzarotti (EURECOM) & Tudor Dumitras (University of Maryland, College Park)
On demand
Where is the cuckoo egg? Ryuichi Tanabe (NTT Security (Japan) KK), Hajime Takai (NTT Security (Japan) KK) & Rintaro Koike (NTT Security (Japan) KK)
On demand
Your five most critical M365 vulnerabilities revealed and how to fix them (Partner Content) Andy Syrewicze (Hornetsecurity)
Threat Intelligence Practitioners' Summit
TIPS#1 Keynote: The Community Effect Samantha Madrid (Juniper)
Threat Intelligence Practitioners' Summit
TIPS#2 Now you see me, now you don’t Jonas Walker (Fortinet)
Threat Intelligence Practitioners' Summit
TIPS#3 Operation Diànxùn: a cyberespionage campaign targeting telecommunication companies Thibault Seret (McAfee) & Thomas Roccia (McAfee)
Threat Intelligence Practitioners' Summit
TIPS#4 Panel: A tale of two companies Kathi Whitbey (Palo Alto Networks), Righard Zwienenberg (ESET), Noortje Henrichs (Netherlands NCSC) & Derek Manky (Fortinet)
Threat Intelligence Practitioners' Summit
TIPS#5 Ransomware and working with the FBI Grace Pagan (FBI) & Dave Eisenreich (FBI)
Threat Intelligence Practitioners' Summit
TIPS#6 The use of dark patterns and psychological tricks in Android malware Anish Patil (SonicWall)
Threat Intelligence Practitioners' Summit
TIPS#7 Incident response with an XDR Jerome Athias (TEHTRIS)
Threat Intelligence Practitioners' Summit
TIPS#8 Where’s your data? Ransomware: protecting your ICS environment Kyle O'Meara (Dragos) & Anna Skelton (Dragos)
Threat Intelligence Practitioners' Summit
TIPS#9 Fireside chat: Good times, bad times, you know I’ve had my share: resilience in today’s ever-evolving cybersecurity landscape Kathi Whitbey (Palo Alto Networks), Angie Wilson (Microsoft), Selena Larson (Proofpoint) & Jeannette Jarvis (Cyber Threat Alliance)
Threat Intelligence Practitioners' Summit
TIPS#10 Peak Analyzer: an automated malware campaign detector Jason Zhang (VMware), Stefano Ortolani (VMware) & Giovanni Vigna (VMware)
Threat Intelligence Practitioners' Summit
TIPS#11 New PlugX Fingerprint-THOR Mike Harbison (Unit 42 Threat Intelligence, Palo Alto Networks)
Threat Intelligence Practitioners' Summit
TIPS#12 Keynote: Learning from failure: ransomware and future conflicts Matt Olney (Cisco)
Day 1
16:30-17:00 UTC
Aseel Kayal (Kaspersky), Mark Lechtik (Kaspersky) & Paul Rascagneres (Kaspersky)
Day 1
17:00-17:30 UTC
Donncha Ó Cearbhaill (Amnesty International)
Day 1
17:45-18:15 UTC
Eric Loui (CrowdStrike) & Joshua Reynolds (CrowdStrike)
Day 1
18:15-18:45 UTC
Sveva Vittoria Scenarelli (PwC) & Adam Prescott (PwC)
Day 1
19:00-19:30 UTC
Nino Isakovic (Microsoft) & Dart Torstino (Microsoft)
Day 1
19:30-20:00 UTC
Dorka Palotay (CUJO AI) & Albert Zsigovits (CUJO AI)
Day 1
20:00-20:30 UTC
Righard Zwienenberg (ESET) & Eddy Willems (G DATA)
Day 2
16:00-16:30 UTC
Selena Larson (Proofpoint)
Day 2
16:30-17:00 UTC
Thirumalai Natarajan Muthiah (Mandiant Consulting) & Anurag Khanna (CrowdStrike Services)
Day 2
17:45-18:15 UTC
Zuzana Hromcová (ESET)
Day 2
18:15-18:45 UTC
Itay Cohen (Check Point) & Alexandra Gofman (Check Point)
Day 2
19:00-19:30 UTC
Abril Rozwadowsky (Deloitte)
Day 2
19:30-20:00 UTC
Csaba Fitzl (Offensive Security)
Day 2
20:00-20:30 UTC
Patrick Wardle (Objective-See)
On demand
Feike Hacquebord (Trend Micro), Fernando Merčes (Trend Micro) & Ian Kenefick (Trend Micro)
On demand
Gabriela Nicolao (Deloitte) & Luciano Martins (Deloitte)
On demand
Shankar Raman Ravindran (NortonLifeLock)
On demand
Nirmal Singh (Zscaler) & Uday Pratap Singh (Zscaler)
On demand
Hiroshi Suzuki (Internet Initiative Japan)
On demand
Nathaniel Adewole (Esentry System)
On demand
Aragorn Tseng (TeamT5), Charles Li (TeamT5), Peter Syu (TeamT5) & Tom Lai (TeamT5)
On demand
Robert Neumann (Acronis) & Gergely Eberhardt (Search-Lab)
On demand
Jérôme Segura (Malwarebytes)
On demand
Josh Stroschein (Independent researcher), Patrick Schläpfer (HP) & Alex Holland (HP)
On demand
Hossein Jazi (Malwarebytes)
On demand
Tae-woo Lee (Korea Internet & Security Agency), Dongwook Kim (Korea Internet & Security Agency) & Byeongjae Kim (Korea Internet & Security Agency)
On demand
Jaeki Kim (S2W), Sojun Ryu (S2W) & Kyoung-ju Kwak (S2W)
On demand
Gil Mansharov (Check Point) & Ben Herzog (Check Point)
On demand
Doina Cosovan (Security Scorecard), Cătălin Liță (Security Scorecard), Jue Mo (Security Scorecard) & Ryan Sherstobitoff (Security Scorecard)
On demand
Axelle Apvrille (Fortinet)
On demand
Anton Cherepanov (ESET) & Robert Lipovsky (ESET)
On demand
Avigayil Mechtinger (Intezer) & Joakim Kennedy (Intezer)
On demand
Yi-Jhen Hsieh (SentinelOne) & Joey Chen (SentinelOne)
On demand
Cathal Mc Daid (AdaptiveMobile Security)
On demand
Fabio Marenghi (Kaspersky) & Fabio Assolini (Kaspersky)
On demand
Ye Jin (Qihoo 360) & Lingming Tu (Qihoo 360)
On demand
Niv Yona (Cybereason) & Eli Salem (Cybereason)
On demand
Masarah Paquet-Clouston (GoSecure), Vit Sembera (Trend Micro), Sebastian Garcia (Stratosphere Laboratory) & Maria Jose Erquiaga (Cisco Systems)
On demand
Erin Avllazagaj (University of Maryland, College Park), Ziyun Zhu (Facebook), Leyla Bilge (NortonLifeLock Research Group), Davide Balzarotti (EURECOM) & Tudor Dumitras (University of Maryland, College Park)
On demand
Ryuichi Tanabe (NTT Security (Japan) KK), Hajime Takai (NTT Security (Japan) KK) & Rintaro Koike (NTT Security (Japan) KK)
Threat Intelligence Practitioners' Summit
Samantha Madrid (Juniper)
Threat Intelligence Practitioners' Summit
Jonas Walker (Fortinet)
Threat Intelligence Practitioners' Summit
Thibault Seret (McAfee) & Thomas Roccia (McAfee)
Threat Intelligence Practitioners' Summit
Kathi Whitbey (Palo Alto Networks), Righard Zwienenberg (ESET), Noortje Henrichs (Netherlands NCSC) & Derek Manky (Fortinet)
Threat Intelligence Practitioners' Summit
Grace Pagan (FBI) & Dave Eisenreich (FBI)
Threat Intelligence Practitioners' Summit
Anish Patil (SonicWall)
Threat Intelligence Practitioners' Summit
Jerome Athias (TEHTRIS)
Threat Intelligence Practitioners' Summit
Kyle O'Meara (Dragos) & Anna Skelton (Dragos)
Threat Intelligence Practitioners' Summit
Kathi Whitbey (Palo Alto Networks), Angie Wilson (Microsoft), Selena Larson (Proofpoint) & Jeannette Jarvis (Cyber Threat Alliance)
Threat Intelligence Practitioners' Summit
Jason Zhang (VMware), Stefano Ortolani (VMware) & Giovanni Vigna (VMware)
Threat Intelligence Practitioners' Summit
Mike Harbison (Unit 42 Threat Intelligence, Palo Alto Networks)
Threat Intelligence Practitioners' Summit
Matt Olney (Cisco)