Botconf conference celebrated its tenth year in Strasbourg, and it was simply a fantastic experience. I met with many great people, the selection of talks was perfect, and I enjoyed every day of the conference.
Strasbourg is the eighth-largest metro area in France and is the seat of several European institutions, such as the European Parliament and the European Court of Human Rights. I wish I could spend more in the historic center. For me, it is a magical place with beautiful black and white timber-framed buildings in the Petite France district and the astonishing sandstone Gothic Cathedral Cathédrale Notre-Dame de Strasbourg. When I saw the astronomical clock in one part of the cathedral, I thought I saw a copy of the Prague Astronomical Clock. There are differences, but both are breathtaking, and it was a pleasant surprise for me as I had no idea I would find it inside the cathedral.
There were plenty of interesting talks during the three days of the conference. Some of them are available on YouTube. I would recommend giving a watch to the following:
- Security Implications of QUIC by Paul Vixie and Ben April
- Cyber Swachhta Bharat- India’s answer to botnet and malware ecosystems? by Pratiksha Ashok
- Syslogk Linux Kernel Rootkit — Executing Bots via “Magic Packets” by David Álvarez Pérez
- Read The Manual Locker: A Private RaaS Provider by Max ‘Libra’ Kersten
- MCRIT: The MinHash-based Code Relationship & Investigation Toolkit by Daniel Plohmann and Daniel Enders
- Tracking Bumblebee’s Development by Suweera De Souza
Note that some of the talks were targeted at the present audience only. More reasons to come next year, right?
I talked about Yara’s performance issues and how to solve them, demonstrated in several case studies called Yara Studies: A Deep Dive into Scanning Performance. You can watch the recording, or there is also a paper published in The Journal on Cybercrime & Digital Investigations.
In my talk, I shared my experience while working with malware analysts with the goal of creating the best and faster Yara rules possible. The feedback and questions were fantastic, and it was clear that this topic interests many because Yara is sometimes not very helpful in guiding analysts to create better rules. I plan to write a blog post about this topic soon, so stay tuned for more details.
It was already announced that next year’s edition of Botconf will be held in Nice. I am definitely planning to attend, and I am looking forward to seeing you there.