Program Overview

Times below are reflected in UTC. Please check your local times.

Monday, April 19th

Summit Day 1 - all times in UTC
13:00 – 13:05

Welcome and Intros

13:05 – 13:35

OSINT In the Box on DFIR Investigations with Tsurugi Linux

Giovanni Rattaro (Vectra AI); Marco Giorgi (Freelance)

13:35 – 14:00
 US

Adventures in Open DNS Resolution: Threat Intelligence for the Public Good

John Bambenek (Bambenek Consulting, US)

14:00 – 14:30
 US

Special Sauce: The Bespoke Specialization of Cybercriminals

Brandon Levene (Google, US)

14:30 – 15:00
 TW

Targeting Critical Infrastructure - Ransom as a Smokescreen

CK Chen, Minsky Chan (CyCraft Technology, TW)

15:00 – 15:30
 LU

Industrialize the Tracking of Botnet Operations – A Practical Case with Large Coin-Mining Threat-Actor(s)

Alexandre Dulaunoy , Jean-Louis Huynen (CIRCL, LU)

15:30 – 16:15

Initial Access Brokers – An Excess of Access for Ransomware Operators

James Chappell

16:30 – 17:00
 US

[TLP:AMBER] To the Moon! The Cyber Kill Chain Meets Blockchain

Jacqueline Koven (Chainalysis, US)

Tuesday, April 20th

Summit Day 2 - all times in UTC
13:00 – 13:05

Welcome and Intros

13:05 – 13:50
 JP

Relation Between Multiple Malvertisement Methods of Zloader Malware

Takehiko Kogen (LAC/LACERT, JP, JP)

14:00 – 14:30
 DE NO

A Datamodel for Enabling Automation in Knowledge Representation and Exchange

Dr. Martin Eian, Fredrik Borg, Geir Skjøtskift (mnemonic); Morton Swimmer (Trend Micro, DE); Siri Bromander (mnemonic as, University of Oslo, NO)

14:30 – 15:00
 TW DE

Red Flags in Analyzing Hosting Infrastructure

Dr. Fyodor Yarochkin (Trend Micro, TW); Vladimir Kropotov (Trend Micro, DE)

15:00 – 15:30
 US

Influence Operations 101

Krassimir Tzvetanov (Purdue University, US)

15:30 – 16:00

CTI Analyst’s Guide to Threat Based Prioritization of Security Improvements

Bence Horvath (Ernst & Young); Robert Moody (The Home Depot)

16:00 – 16:30
 NL

[TLP:AMBER] RTM: Sink-Holing the Botnet

Rustam Mirkasymov (Group-IB, NL)

16:30 – 17:00
 US

Conceptualizing a Continuum of Attribution

Joe Slowik (DomainTools, US)

Wednesday, April 21st

Summit Day 3 - all times in UTC
13:00 – 13:05

Welcome and Intros

13:05 – 13:50

Modern ThreatHunting

Vicente Diaz (VirusTotal - Google)

14:00 – 14:45
 US

VERIS A4 Threat Model

John Grim (Verizon, US)

15:00 – 15:45

Intelligence is Good. Requirements-Driven Intelligence is Better

Maurits Lucas (Intel 471)

15:30 – 17:00
 US

Panel: What is CTI?

Krassimir Tzvetanov (Purdue University, US)