CARO workshop 2013


The agenda at any time can be subjected to changes without notification for organizational reasons.

Wednesday May 15, 2013 
18:00-19:00   Registration 
19:00-22:00   Welcome Drinks Reception 

Thursday May 16, 2013 
08:00-09:00   Registration 
09:00-09:10   Opening, Righard Zwienenberg, ESET (Workshop Chair)
09:10-09:20   Welcome, Miroslav Trnka, Founder of ESET 
09:20-10:20   Keynote: The Wolf and the Sheep, Peter Kruse, CSIS
10:20-10:40   What can we tell about the targets of targeted attacks?, Mikko Hypponen, F-Secure
10:40-11:00   Recent APT Campaigns and Their Relationships, Timo Steffens, Thomas Hungenberg, CERT-Bund
11:00-11:20   Coffee/Tea Break
11:20-12:05   Are You Going to “Scarborough Fair", Chun Feng, Microsoft
12:05-12:45   System and method of generically detecting the presence of emulated environments,
                       Richard Ford, FIT
12:45-12:50   IEEE Industry Connections Update about the CMX project, Igor Muttik, McAfee, 
                       Mark Kennedy, Symantec

12:50-14:00   Lunch
14:00-14:45   Breaking the Bank:  An Analysis of the 2012/2013 'Triple Crown' Financial Industry DDoS attacks,
                       Roland Dobbins, Arbor Networks
14:45-15:30   Malware Regional Threat Profile, Dave Monnier, Team Cymru
15:30-15:50   Coffee/Tea Break
15:50-16:35   Attacking the Hypervisor, Peter Szor, Deepak Gupta, McAfee, Xiaoning Li, Intel
16:35-17:20   Advanced Evasion Techniques by Win32/Gapz, Aleksandr Matrosov, Eugene Rodionov, ESET
17:20-17:40   Financial Malware: Overview of Attack and Defense Techniques, Alexey Monastyrsky, 
                       Denis Nazarov, Kaspersky 
17:40-18:10   Microsoft's War on Malware - Applying Automation and Measuring its success - 
                       Dennis Batchelder, Microsoft

19:30-22:00   Dinner, the dinner is sponsored by 

Friday May 17, 2013 
09:00-09:05   Opening
09:05-09:50   Dissecting Operation High Roller: Case Study of Targeted Attacks on Businesses World Wide,
                       Ryan Sherstobitoff, McAfee
09:50-10:35   Safenet- A New APT Threat, Nart Villeneuve, Kyle Wilhoit, Trend Micro
10:35-10:55   Targeted Attack Case Study: Signed Binaries in South Asia, Jean-Ian Boutin, ESET
10:55-11:15   Coffee/Tea Break
11:15-12:00   Operation “Red October” , Costin Raiu, Vitaly Kamluk, Kaspersky
12:00-12:45   The use of embedded Flash exploits in targeted attacks, Timo Hirvonen, F-Secure
12:45-12:50   IEEE Industry Connections Update about the Taggant project, Igor Muttik, McAfee,
                       Mark Kennedy, Symantec

12:50-14:00   Lunch
14:00-14:45   Common Traits for Advanced Persistent Threats, Bjarne Roe, Frode Hommedal, NSM NorCERT
14:45-15:30   Hypervisor-Based, Hardware-Assisted System Monitoring, Carsten Willems, Ralf Hund,
                       Ruhr-University Bochum
15:30-15:50   Coffee/Tea Break
15:50-16:10   Post factum investigation of a targeted attack, Jakub Kaminski, Microsoft  
16:10-16:55   jEoPardized by Targeted Attacks, Gregory Panakkal, K7
16:55-17:40   Targeted attacks on Russian banks, Dmitriy Volkov, Group-IB
17:40-17:50   Thank You, Richard Marko, CEO of ESET
17:50-18:00   Closure, Righard Zwienenberg, ESET (Workshop Chair)
20:00-23:00 (or later)  CARO 2013 After (Jam) Party

1st reserve presentation: The Rise of Surveillanceware, Roel Schouwenberg, Kaspersky
2nd reserve presentation: Android malware which attack specified individuals using stolen personal information, Donghyun Kang, Ahnlab