Conferences

Festi Botnet Analysis & Investigation

By Aleksandr Matrosov and Eugene Rodionov
The slide deck from a recent presentation at the AVAR conference summarizing ESET's comprehensive analysis of the Festi botnet.

Download

  

Win32/Flamer: Reverse Engineering and Framework Reconstruction

By Aleksandr Matrosov and Eugene Rodionov
The slide deck from a recent presentation at the Zero Nights conference analyzing the Flamer trojan in depth and examining its points of similarity to related malware (Stuxnet, Duqu, Gauss, Miniflame).

Download

  

My PC has 32,539 errors: how telephone support scams really work

By David Harley, Steven Burn, Martijn Grooten, and Craig Johnston
This is the slide deck to go with the paper presented at Virus Bulletin 2012 looking at the ongoing evolution of the PC tech support scam.

Download

  

Defeating antiforensics in contemporary complex threats

By Aleksandr Matrosov and Eugene Rodionov
This is the slide deck used for a presentation at the Virus Bulletin 2012 conference in September. The paper it accompanies presents a technical and in-depth analysis of the most widely-used anti-forensic technique, hidden encrypted storage, used by complex threats that are currently in the wild.

Download

  

Bootkit Threats: In Depth Reverse Engineering & Defense

By Eugene Rodionov and Aleksandr Matrosov, June 2012

A presentation for the REcon conference held in Montreal in 2012 describing the evolution and design of bootkits, and how they can be analyzed and countered.

Download

   

Carberp Evolution and BlackHole: Investigation Beyond the Event Horizon

By Aleksandr Matrosov, Eugene Rodionov, Dmitry Volkov and Vladimir Kropotov, May 2012

A joint presentation for the CARO workshop in Munich by researchers from ESET, Group-IB, and TNK-BP, summarizing their analysis of the technical features and criminal activity of Win32/Carberp and related malware.

Download

   

APT: Real Threat or Just Hype?

By David Harley, November 2011

Recording of the keynote panel at the Infosecurity 2011 Fall Virtual Conference, at which David presented on "APTitude Adjustment" as well as participating in the subsequent discussion.

Download

   

Daze of whine and neuroses (but testing is FINE)

By David Harley and Larry Bridwell, October 2011

Slides are now available from the Virus Bulletin 2011 presentations page as a PDF. This slide deck accompanies the Virus Bulletin paper that asks whether the Anti-Malware Testing Standards Organization (AMTSO) has outlived its usefulness, and what the future of detection testing might be.

Download

   

Modern Bootkit Trends: Bypassing Kernel-Mode Signing Policy

By Aleksandr Matrosov and Eugene Rodionov, October 2011

This presentation continues the authors' consideration of modern bootkit techniques for evading kernel mode code signing policy as applied to currently In-the-Wild malware.

Download

   

Defeating x64: Modern Trends of Kernel-Mode Rootkits

By Aleksandr Matrosov and Eugene Rodionov, September 2011

A presentation for the Ekoparty 2011 conference in Buenos Aires, looking in detail at the ways in which rootkit and bootkit authors try to evade kernel-mode code signing policy in 64-bit Windows versions.

Download

   

Security Software and Rogue Economics: The Presentation

By David Harley, May 2011

The presentation and speaker notes to accompany the paper presented at the EICAR 2011 conference. It contrasts existing malicious and legitimate technology and marketing, considering ways in which integration of security packages might mitigate the current wave of fake applications and services.

Download

   

Defeating x64: The Evolution of the TDL Rootkit

By Aleksandr Matrosov and Eugene Rodionov, May 2011

A presentation for Confidence 2011, held in May 2011 in Krakow, on the analysis and implications of the latest generation of the TDL rootkit (TDL4).

Download

   

Cybercrime in Russia: Trends and issues

By Robert Lipovsky, Aleksandr Matrosov and Dmitry Volkov, May 2011

An analysis of cybercrime threats, incidents, and issues in Russia presented at the CARO Workshop in Prague in May 2011.

Download

   

Infrastructure Attacks: The Next Generation?

By David Harley, April 2011

The slide deck for a presentation delivered at Infosecurity Europe 2011, examining the Stuxnet phenomenon and what it holds for the future. Updated to include speaker notes.

Download

   

Perception, Security and Worms in the Apple

By David Harley, Pierre-Marc Bureau, Andrew Lee, May 2010

The slide deck that accompanies the paper on Mac security presented by the authors at EICAR in May 2010.

Download

   

Real Performance?

By Ján Vrabec and David Harley, May 2010

The slide deck that accompanies the paper on performance testing presented by the authors at EICAR in May 2010.

Download

   

The Curious Art of Anti-Malware Testing

By David Harley, December 2009

A presentation on some of the problems with anti-malware testing and summarizing the mission and principles of the Anti-Malware Testing Standards Organization (AMTSO).

Presented to the Special Interest Group in Software Testing of the BCS Chartered Institute for IT (formerly the British Computer Society).

Download

   

Malware, Marketing and Education: Soundbites or Sound Practice?

By David Harley and Randy Abrams, December 2009

This presentation accompanies the paper of the same name, which considers the practical, strategic and ethical issues that arise when the security industry augments its marketing role by taking civic responsibility for the education of the community as a whole.

First presented at AVAR 2009 in Kyoto.

Download

   

Is there a lawyer in the lab?

By Juraj Malcho, September 2009

This presentation by the Head of ESET's Virus Laboratory explores the complex legal problems generated by applications that can't be called out-and-out malware, but are nevertheless potentially unsafe or unwanted.

Presented at the VB2009 conference in September 2009: the conference paper itself is available in "ESET Conference Papers" above, by kind permission of Virus Bulletin.

Download