vb


VB 2016 Conference was held this year at the Hyatt Regency Hotel in Denver, CO, USA. This conference is an annual event where IT security researchers from around world gather to share their knowledge, learn, and discuss trends in the global threat landscape. This year we had the privilege to attend as well as meet, hang out with, and share ideas with some of the field’s top researchers. The conference scheduled a great lineup of speakers and presentations, so it was tough to pick which topic to attend. We are going to share some here some... [Read More]
by RSS Floser Bacurio Jr. and Rommel Joven  |  Oct 18, 2016  |  Filed in: Industry Trends
My personal favorite talk was on exploiting Pebble smartwatches ("Exploit Millions of Pebble Smartwatches for Fun and Profit" by Zhang and Wei). Our expectations are usually higher in one's own field of expertise, but this one is really great work. Pebble smartwatch talk at VB 2016 Basically, the authors found an inner assembly routine in Pebble's operating system which allows to elevate one's privileges. If you are familiar with ROP, this is a privilege elevation gadget. Normally, this routine is called by Pebble... [Read More]
by RSS Axelle Apvrille  |  Oct 14, 2016  |  Filed in: Industry Trends
VB 2016 Presentation – Oct 5-7, Denver When we first saw and analyzed Locky back in February, we immediately had a hunch that it was the work of seasoned criminals. The tell-tale signs were strong: massive spam runs were used to spread the ransomware, the malware used domain generation algorithm, the HTTP C2 communication was encrypted (the first version, that is), and the ransomware note was multilingual. The conclusion of our first Locky blog reads: “We also predict that Locky ransomware will be a major player in the ransomware... [Read More]
by RSS Floser Bacurio, Rommel Joven and Roland Dela Paz  |  Sep 30, 2016  |  Filed in: Security Research
Razvan Benchea and Dragos Gavrilut in the middle of their presentation I am very happy to have been at VB 2013 once again. The talks were quite interesting. If you were not able to attend, here's the write-up of some presentations I went to. This post is the first in a three part series. Click here for Part 2 and here for Part 3 Andrew Lee - Ethics and the AV industry in the age of WikiLeaks (Keynote) Andrew showed that surveillance programs were not new (the FISA Act dates back to 1978) and that they exist in numerous countries (not only the... [Read More]
by RSS Axelle Apvrille  |  Oct 10, 2013  |  Filed in: Security Research
To commemorate the 20th anniversary of the VB conference, the organization set out to honor some of the most influential security researchers of the past decade. The VB2010 Awards included six categories: greatest contribution to the anti-malware industry, greatest contribution to the anti-spam industry, best educator in the anti-malware industry, most innovative idea in the anti-malware/anti-spam industry, lifetime achievement, and, finally, best newcomer. Guillaume Lovet, senior manager, threat response team for FortiGuard Labs and technical... [Read More]
by RSS Rick Popko  |  Nov 05, 2010  |  Filed in: Security Research