My impression of Botconf 2022

Botconf 2022 took place in France’s Nantes for four days, starting from April the 26th. The first day consisted of workshops, followed by three days of talks. The previous edition, in 2020, was online, making 2019 the last in-person edition. In this blog I will share my impression of the conference, the friends I met, and the COVID situation at hand.

A picture taken during my first talk

Table of contents

My general overview

The conference was perfectly organised, as is tradition. There were some strikes going on one morning, as is also tradition. Speaking of Botconf traditions, the food was superb, as was the gala. During the gala, there was the opportunity to get a tour in Les machines de l’île, which showed the steam-punk-like mechanical animals.

Before diving into my impression of the conference, I’d like to make my compliments to the organisation, who made it smooth sailing for the speakers, were available for questions, and responded quickly on e-mails and messages.

The conference centre’s banner, displaying Botconf 2022

This year, I presented three times, which I’ve been told is a record. My first talk was together with Rens ‘Kuiil’ van der Linden, where we presented his graduation thesis on identifying malware campaigns on a budget. The second talk dove into my See Ya Sharp: A Loader’s Tale research. And lastly, I gave a three-minute lightning talk on my Binary Analysis Course. The talks were interesting and sparked both my curiosity and my creativity. Below, I’ll provide some information on talks that stood out to me.

The insights into QBot, as given by Berk Albayrak and Ege Balci in one talk, and Markel Picado Ortiz and Carlos Rubio Ricote in another, provide a valuable resource for anyone interested in the impact and inner-workings of the malware.

The exhaustive work of György Lupták, Dorka Palotay, and Albert Zsigovits with regards to analysing Golang malware with Ghidra, shows the versatility of Ghidra, and provide a valuable resource for anyone analysing Golang malware, even those who prefer to use a different tool.

The talk A Fresh Look Into The Underground Card Shop Ecosystem, as presented by Beatriz Pimenta Klein and Lidia López Sanz, provided a look into underground marketplaces and their respective characteristics. The presentation’s take differs from the usual take, providing an interesting perspective.

Dominika Regéciová managed to provide an incredibly insightful talk about Yara, titled Yara: Down The Rabbit Hole Without Slowing Down. In the talk, a seemingly normal Yara rule is broken down, after which it is significantly improved. Her explanation makes the creation of an efficient rule seem effortless and easy.

The talk about Sandyblacktail, by Vasiliy Berdnikov, Aseel Kayal, Mark Lechtik, and Paul Rascagneres, provided a deep dive into a complex espionage framework, all shown on stunning slides. The talk was not meant to be made public, which is why I’ll refrain from posting details here, but the technical analysis, as well as the delivery, made it a great talk to watch.

The gala was at an outside venue, which was very comfortable in the late spring temperature. The food was superb, and there was a wide variety to pick from, including vegetarian options. The spaciously set-up tables allowed smaller groups to form, although people met-up in groups just standing in the open areas as well.

Nantes at night, as seen from my hotel room

Meeting friends old and new

Aside from the talks, Botconf is a great place to meet friends, old and new. During the workshop I gave in 2019, I met multiple people with whom I stayed in contact over the years, one of whom is Dominika. We agreed to meet up at the speaker’s dinner to catch up. During the wonderful meal, we also met Beatriz and Lidia. The five of us, including Rens, had a great time exchanging ideas, along with plenty of banter.

On the morning on the second day, Rens, Carlos, and I helped someone to start their car as we gave it a push down the road, after Beatriz correctly translated the request for us. My initial assumption was a shady taxi offer, which I initially declined. Additionally, the ever returning strikes were present on our way to the conference centre, even though the location changes by the year.

The view from this year’s hotel room

It had been three years since I met up with my former roommate, Pham, with whom I had some Pho Bo at a nearby restaurant during lunch. Additionally, I met numerous other people whom I hadn’t spoken for a while. In 2019, Mathieu and I took the long way home from the gala after both our phones died. This time we did not take the long way home, but it was great to meet up again!

Dominika, Beatriz, Lidia, and I spent the conference’s final evening eating Italian pizza on the grass next to the river, a fitting ending for a great conference. The morning after Rens and I met Ege on our way to the airport, after which I showed him around in Amsterdam for a bit.

COVID measures

The COVID restrictions have mostly dropped in France, barring masks on the airport. The conference had an open policy, where masks were optional. There was sufficient space to have open spaces between people, if so desired. The gala was completely outdoors, albeit under a high roof to avoid the rain. The informal and relaxed atmosphere of the conference made it free for all to make their own decisions.

To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit, or DM me on Twitter @Libranalysis.