BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.botconf.org//botconf-2026//talk//M8YJ8P
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-botconf-2026-M8YJ8P@cfp.botconf.org
DTSTART;TZID=CET:20260416T170500
DTEND;TZID=CET:20260416T170800
DESCRIPTION:What happens when a MaaS (Malware-as-a-Service) operator deploy
 s a commercial packer like Virbox Protector to shield their Android bankin
 g trojan\, but forgets to secure the rest of their operation? In this ligh
 tning talk\, we walk through a real-world case where advanced anti-analysi
 s protections initially broke our internal pipelines\, only for a simple p
 ivoting technique to reveal a debug build of the same malware\, completely
  unprotected. From there\, we fully reversed the core malware logic\, unco
 vered an unauthenticated API endpoint leaking live botnet data\, and mappe
 d detailed infection statistics across targeted countries. The key takeawa
 y: commercial packers can harden the payload\, but they cannot patch a poo
 rly managed botnet infrastructure. Sometimes\, all it takes is thinking ou
 tside the box.
DTSTAMP:20260429T222310Z
LOCATION:Amphitheater
SUMMARY:LT16-Breaking MaaS in 3 Minutes - Federico Valentini
URL:https://cfp.botconf.org/botconf-2026/talk/M8YJ8P/
END:VEVENT
END:VCALENDAR