The Latest in IT Security

Greetings from my first visit to Virus Bulletin


Hakuna matata everyone!

So i am here in sunny Barcelona for Virus Bulletin. Right now im taking a small break from all the interesting talks.

Im sitting here listening to some crazy good dubstep and reviewing all the presentations from yesterday, and it just hit me, this is actually my first time at this conference, previously ive only attended security conferences in the style of Blackhat, Defcon, HITB and others. The content is very different, and also the presentation styles. To be honest, I had no idea what to expect, but so far its really awesome!

Its been a blast to meet meet fellow researchers from the same industry and just to get a face on the persons behind the email addresses. If you are at Virus Bulletin and reading this, do not hesitate to find me! (i kinda screwed up today during lunch, so im the guy with the chocolate stain on the shirt. I guess its a sign that i should stop eating that 🙂

So, its currently day two, and so far so good. Yesterday i saw about eight presentations, mostly in the technical track, but today im mostly visiting the corporate tracks. I think its a good mixture to get information from both tracks. The only problem with two tracks is choosing which one you want to attend.

Im going through my notes and the presentations ive seen so far (in no particular order) is:

  • Predicting the future of stealth attacks by Rachit Mathur (McAfee)
  • Same botnet, same guys, new code by Pierre-Marc Bureau (ESET)
  • A study of malicious attacks on Facebook by a replacement for (Commtouch)
  • The dangers of per-user COM objects in Windows by Jon Larimer from (Google)
  • Strategies for monitoring FakeAV distribution networks by Onur Komili from (Sophos)
  • Malware mining from Igor Muttik from (McAfee)

I cannot really write about all of them, so i decided to pick one that was very interesting, and so far i must say that the one from Jon Larimer about the per-user COM objectives was smashing! Nice presentations style, and pretty interesting content. I mean the vulnerabilities has been disclosed but the concept was interesting. It kind of reminds me of the old LD_PRELOAD vulnerabilities for Unix/Linux. You can read more about the presentation here:

Leave a reply


MONDAY, MARCH 01, 2021

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments