Botconf 2018 – Day 2 Wrap Up
The second day of botconf was an interesting day. The presentations were on the quite diverse topics. Here is the write up of what I will remember.
From a social engineering point of view the presentation on the topic of malicious documents by Dr. Nimal Singh and Deepen Desai was very interesting. We all know it is a classic in the malicious arsenal but malicious documents have been an issue since the second half of the 1990’s and thus an update view on the issue was welcome.
Sysmon and Powershell
Tom Ueltchi is a regular speaker on botconf. This year he had another very interesting talk prepared for us on how he goes and hunt in his network with sysmon and powershell. It is not the first talk I saw on the topic but the way Tom explained was different, he talked about his experience implementing it.
The lightning talks was a challenge set by the botconf organization at the end of day 1. If you had a slide deck and was able to present on an interesting topic the floor was yours and the audience would vote on the most impressive talk. I wrote down the names of a couple of tools people presented but the one that stood out for me was somebody basically taking over a botnet and explaining how he figured out who the actual botnet herder was.
Although in a sense different from all the other botnet-take down presentations, it was the speed of the story and the way it was brought that was refreshing. No screenshots of IDA Pro but straight to the “mistake” and how the researcher was able to exploit it.