Home‎ > ‎


The agenda at any time can be subjected to changes without notification for organizational reasons.

Wednesday May 15, 2013
18:00-19:00 Registration
19:00-22:00 Welcome Drinks Reception

Thursday May 16, 2013
08:00-09:00 Registration
09:00-09:10 Opening, Righard Zwienenberg, ESET (Workshop Chair)
09:10-09:20 Welcome, Miroslav Trnka, Founder of ESET
09:20-10:20 Keynote: The Wolf and the Sheep, Peter Kruse, CSIS
10:20-10:40 What can we tell about the targets of targeted attacks?, Mikko Hypponen, F-Secure
10:40-11:00 Recent APT Campaigns and Their Relationships, Timo Steffens, Thomas Hungenberg, CERT-Bund
11:00-11:20 Coffee/Tea Break
11:20-12:05 Are You Going to “Scarborough Fair", Chun Feng, Microsoft
12:05-12:45 System and method of generically detecting the presence of emulated environments,
Richard Ford, FIT
12:45-12:50 IEEE Industry Connections Update about the CMX project, Igor Muttik, McAfee,
Mark Kennedy, Symantec
12:50-14:00 Lunch
14:00-14:45 Breaking the Bank: An Analysis of the 2012/2013 'Triple Crown' Financial Industry DDoS attacks,
Roland Dobbins, Arbor Networks
14:45-15:30 Malware Regional Threat Profile, Dave Monnier, Team Cymru
15:30-15:50 Coffee/Tea Break
15:50-16:35 Attacking the Hypervisor, Peter Szor, Deepak Gupta, McAfee, Xiaoning Li, Intel
16:35-17:20 Advanced Evasion Techniques by Win32/Gapz, Aleksandr Matrosov, Eugene Rodionov, ESET
17:20-17:40 Financial Malware: Overview of Attack and Defense Techniques, Alexey Monastyrsky,
Denis Nazarov, Kaspersky
17:40-18:10 Microsoft's War on Malware - Applying Automation and Measuring its success -
Dennis Batchelder, Microsoft

19:30-22:00 Dinner, the dinner is sponsored by Microsoft

Friday May 17, 2013
09:00-09:05 Opening
09:05-09:50 Dissecting Operation High Roller: Case Study of Targeted Attacks on Businesses World Wide,
Ryan Sherstobitoff, McAfee
09:50-10:35 Safenet- A New APT Threat, Nart Villeneuve, Kyle Wilhoit, Trend Micro
10:35-10:55 Targeted Attack Case Study: Signed Binaries in South Asia, Jean-Ian Boutin, ESET
10:55-11:15 Coffee/Tea Break
11:15-12:00 Operation “Red October” , Costin Raiu, Vitaly Kamluk, Kaspersky
12:00-12:45 The use of embedded Flash exploits in targeted attacks, Timo Hirvonen, F-Secure
12:45-12:50 IEEE Industry Connections Update about the Taggant project, Igor Muttik, McAfee,
Mark Kennedy, Symantec
12:50-14:00 Lunch
14:00-14:45 Common Traits for Advanced Persistent Threats, Bjarne Roe, Frode Hommedal, NSM NorCERT
14:45-15:30 Hypervisor-Based, Hardware-Assisted System Monitoring, Carsten Willems, Ralf Hund,
Ruhr-University Bochum
15:30-15:50 Coffee/Tea Break
15:50-16:10 Post factum investigation of a targeted attack, Jakub Kaminski, Microsoft
16:10-16:55 jEoPardized by Targeted Attacks, Gregory Panakkal, K7
16:55-17:40 Targeted attacks on Russian banks, Dmitriy Volkov, Group-IB
17:40-17:50 Thank You, Richard Marko, CEO of ESET
17:50-18:00 Closure, Righard Zwienenberg, ESET (Workshop Chair)
20:00-23:00 (or later) CARO 2013 After (Jam) Party

1st reserve presentation: The Rise of Surveillanceware, Roel Schouwenberg, Kaspersky
2nd reserve presentation: Android malware which attack specified individuals using stolen personal information, Donghyun Kang, Ahnlab