The most harmful malware that spreads through Microsoft OS vulnerabilities is probably WannaCry. However, 15 years ago, there was a worm called Conficker, which also spread through Microsoft vulnerabilities. Conficker continues to spread widely on the Internet today.

In November 2008, Conficker worm propagated through the Microsoft RPC vulnerability. Even now, devices in the wild are still attacked for spreading Conficker worm samples against SMB servers on public networks. 

In this session, we will start from the suspicious traffic discovered on honeypots, analyze Conficker worm network propagation behavior, and investigate the attack source and exploit payload collected by us. We also explore the threat about this type of attacks to industrial control systems and propose possible defense solutions.

On November 1, 2023, FIRST officially released CVSS 4.0. CVSS is not only one of the most important indicators in the information security industry, but also an important reference information for users when facing vulnerabilities.

This speech will introduce the concept of CVSS and the changes in CVSS 4.0. In the future, when viewers encounter CVSS scores, they will not just see them as numbers to better understand the meaning behind them. In addition, we will mention some details that are often overlooked in CVSS, such as: 50% of CVEs are CVSS 7 or above, only a few CVEs with high/severe severity are exploited, and the reasons why CVSS scores are generally high.

Finally, through simulation examples, the audience is guided to analyze a vulnerability, analyze various CVSS indicators, and use the CVSS calucator to calculate scores.

In the ever-expanding global cyberspace, malicious activities coerce users into downloading harmful files from specific URLs, posing severe threats. Our research introduces an automated crawler agent as a countermeasure. It systematically analyzes malicious payloads captured by our threat hunting system, extracting vital intelligence on Command and Control (C&C) servers. Identified malicious files are efficiently downloaded for thorough scrutiny. The crawler agent has unveiled elusive files targeting diverse system architectures, surpassing traditional network payload analysis. Our integrated pipeline streamlines download and analysis, revealing specific network attack patterns in real time. This proactive approach empowers us to comprehend the latest malicious files within evolving network attack behaviors, enhancing cybersecurity against emerging threats.