CARO workshop 2017
Please find the descriptions of the presentations in the Keynotes/Abstracts section of the website...

Wednesday 10 May 2017

19:00-22:00   Welcome Reception

Thursday 11 May 2017

09:00-09:05   Welcome and logistics

09:05-09:15   Opening Address

09:15-10:00   Keynote: Booby-Trapping The Hacker's Tools, Peter Kruse (CSIS)

10:00-10:45   Nigerian BEC : Tools Techniques and Procedures, Gabor Szappanos (Sophos)

10:45-11:00   Coffee/Tea break

11:00-11:45   An Incursion in the Malware Packer Market, Cătălin Valeriu Liță, Doina Cosovan (Security Scorecard)

11:45-12:05   Going back to the “Router”, Chun Feng (Microsoft), Kafeine (ProofPoint)

12:10-12:30   Contain Me If You Can!, Abhijit P. Kulkarni, Prakash D. Jagdale (Quickheal)

12:30-13:45   Lunch

13:45-14:30   The life story of an IPT - Inept Persistent Threat actor, Adam Haertle (UPC)

14:30-14:50   How to get money for infecting and rooting your own Android device, Roman Unuchek (Kaspersky Lab)

14:55-15:15   Tracking exploit kit criminals, Sanchit Karve (McAfee)

15:15-15:30   Coffee/Tea break

15:30-15:50   Klaus Brunnstein Award of Appreciation Presentation:
                       Think like a hacker! – Mobile Application Threats,
Paweł Kuryłowicz (AGH University of Science and Technology, Cracow, Poland)

15:55-16:15   I OWN YOU(R device) – Use and Abuse of Root privileges by Android Malware, J. Chandraiah (Sophos)

16:15-17:00   Spora: New Kid On The Block, Előd Kironský, Jakub Křoustek (AVAST)

19:30-22:30   Dinner and Drinks

Friday 12 May 2017

09:10-09:15   Welcome and logistics

09:15-10:00   Keynote: Reversing the Power, Peter Kosinar (ESET)

10:00-10:45   Hunting down MazarBOT, Lukas Stefanko (ESET), Peter Kruse (CSIS)

10:45-11:00   Coffee/Tea break

11:00-11:45   A forensic approach to testing rootkit protection, Simon Edwards (SE Labs)

11:45-12:05   Down but not out: The crypters that refuse to let VB6 malware die, Sanchit Karve (McAfee)

12:10-12:30   Tracking online counterfeiters, Emilio Casbas (

12:30-13:45   Lunch

13:45-14:30   Criminal Preferences From a Grab Bag of New gTLDs , Merike Kaeo (FarSight)

14:30-15:15   Owning the attackers, slowly, Liam O’Murchu (Symantec)

15:15-15:30   Coffee/Tea break

15:30-16:15   Getting to the Root of Malware to Feed the Insatiable Machine, Gregory Panakkal (K7 Computing)

16:15-17:00   Rooting out what really happened last December, Anton Cherepanov, Robert Lipovský (ESET)

17:00:17:05   Thank you and final logistics

17:05-17:10   CARO 2018 Announcement: Where, When and Who

17:10-17:15   Closing

20:00-xx:xx   After Party

Reserve Presentations:
Disttrack-tion’ Alert: Beaconing A Ground-Zero Attack,
Nicholas Ramos, Erwin Dusojan (Trend Micro)
Stegano Exploit Kit, Ladislav Janko, Robert Lipovsky (ESET)

Note: the schedule is subject to change without notice, please check regularly for updates! Although all listed speakers have confirmed their attendance, in the event that the speaker is not able to present, the vacant slot will be filled with a replacement presentation