My impression of Botconf 2024

This year was Botconf’s 11th edition, located in Nice, where I gave a four hour workshop regarding DotNet Malware Analysis. This year, the talks were often rated as TLP:GREEN or higher, within the traffic light protocol, meaning that the recordings of the talks on Botconf’s YouTube channel are somewhat more limited, which in turn limits the details in this blog, compared to similar blogs, such as Botconf in 2023.

Before diving into specifics, I want to state that there were too interactions to make it into this blog. As such, a lack of a mention is more so due to brevity from my side, not because of a lack of interest.

Bea Venzon’s talk, titled Rhadamanthys: The new stealer making WAVs in the eCrime landscape, went into the stealer, and shared interesting insights with regards to collected telemetry. Given the TLP:GREEN rating, details from this talk are omitted. This talk was Bea’s first public talk, which I think was a job very well done!

Dominika Regéciová’s talk, titled GenRex Demonstration: Level Up Your Regex Game, dives into regular expressions. She gave talks at Botconf in 2022 and 2023 regarding scanning optimisations and what (not) to do. This talk is an explanation and demonstration of GenRex, the source-code of which is also publicly available. In short, it allows one to create regular expressions based on strings. It can be used in Python scripts, allowing one to easily create regexes. Her blog about Botconf can be found here.

The workshop from Intel471’s Souhail Hammou and Miroslav Stampar, titled Writing Configuration Extractors: Navigating Challenges in Extracting Malware Artifacts, marked the release of CodeRex, which can be used to make generic regular expressions for a given hexadecimal string that represents assembly code. This project is written in Python too.

Both GenRex and CodeRex can be combined when writing a custom tool, allowing one to create regular expressions for code and strings!

My colleague and old roommate Duy-Phuc Pham presented his PhD thesis results together with his co-author Damien Morion. The talk, titled IoT Malware and Rookit Detections Using Electromagnetic Insights: Unveiling the Unseen, dives into the usage of machine learning to detect differences in electromagnetic radiation externally. Based on this, it is impossible for malware on a device to know if it is monitored, although random heuristics could influence the detection capabilities, without the malware knowing if it is within such an environment.

The talk from Kelsey Merriman and Pim Trouerbach, titled Pikabot’s Sophisticated Evasion: We Catch Em All and rated TLP:AMBER, provided a deep dive into the malware’s evolution. Sadly, further details are restricted.

The speaker’s dinner and the gala were very well organised, as was the conference itself. The organisers outdid themselves once again, and I cannot wait to go to Angers for the 12th edition of the conference!


To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], or DM me on Twitter @Libranalysis.