Virus Bulletin 2017 – first time speaker impressions

While probably most of VB2017 participant are still enjoying Madrid, I had to leave home early and decided to use the opportunity of time spent at the airport to write down my impressions from the conference. I was both first time speaker and participant, so I hope some of you could find my story interesting.

Miracles happen

I am no stranger to speaking at conferences. Actually I did it dozens of times in last few years, but my experience was always limited to Poland only. Earlier this year I had the opportunity to speak at some international conferences that took place in my country (RISE and CARO). I chose my best presentation (story of a Polish script kiddie I have been following for the last few years), translated it to English and I got some encouraging feedback from the international audience. That made the decision to submit my paper to VB a lot easier. I did not count on being accepted as I am not a “proper” security researcher – just an unknown journalist from a country far away, telling stories and reading other people’s papers. To my surprise my paper was accepted. Miracles happen, so if you’re thinking about submitting your work to a well-known and respected conference, don’t hesitate. In the worst case scenario you’ll get some very valuable feedback from renowned experts – for free (just like I did from Botconf in the rejection email – I will use this guidance to submit a better paper next year). Pick your best story, prepare the slides, run it a few times where you can (in most countries there are plenty of conferences that will be happy to accept it), polish it, listen to the opinion of others, polish again and submit. You can be as surprised as I was when it gets approved.

The programme

I had some big expectations after checking the conference agenda. Although some well-known international speakers present from time to time in Poland, the agenda was full of people I only follow on Twitter and have never seen live before. They did not disappoint me. Being an IT security-oriented journalist makes enjoying conference talks a challenge, as I read all reports, papers and blog posts as soon as they are published, so usually I know most of the facts that are presented on slides a few days, weeks or months later. Fortunately listening to the authors of the research often permits to get some additional details that were not present in the original publication.

At VB2017 I got very lucky, as some of the presentations I attended presented really fresh research or facts previously unknown to the public. I need to mention at least three talks here. First, the keynote by John Graham-Cumming from Cloudflare was above expectations. Not only he presented a first-person experience from fighting Cloudbleed, but also told us about improvements Cloudflare did to better detect potential incidents in the future (core dumps turned out to be a really good indicator that was ignored before). Second talk bringing really fresh information was by Juan Andres Guerrero-Saade and Costin Raiu (both from Kaspersky Lab), who discussed fourth party collection. Their approach was really interesting, as they did not make big discoveries, instead they looked through already existing material and identified a new trend of APT players piggybacking on other APT players in multiple campaigns. Makes me rethink all the attribution theories. The third talk bringing new data was a last minute presentation by Jakub Křoustek and Jiří Bracek from Avast, covering the latest information about the CCleaner incident. They spoke honestly about what happened and presented a great lot of details that were not known before (you can follow an excellent thread by Joseph Cox covering their presentation live on Twitter).

Avast presenting activity timestamps from server collecting data

For the obvious reasons (I still did not fully master the multilocation) I was not able to attend all the talks, but I need to mention at least a few other presentations that kept me from looking at my phone (and I am really addicted to looking at my phone):

  • Dhia Mahjoub (Cisco Umbrella) and Jason Passwaters (Intel471) presented research on bulletproof hosting, showing how they track around a dozen actors behind those services and why it’s so hard to eliminate them (tracking their activity, while not easy, is still possible)
  • Claudio Guarnieri (Amnesty International) spoke about the importance of security for human rights activist around the world – while the problems are not new, looks like the security industry has a lot of work to be done to better understand the threat models faced by victims of oppressive governments and to provide them with really simple and secure solutions
  • Joseph Cox (The Daily Beast) spoke about another theoretically well know issue of consumer spyware, often enabling domestic violence
  • Filip Kafka (ESET) presented the case of an ISP performing MiTM attacks on selected customers and injecting them with modified binaries containing FinFisher malware (I really hope the name of this ISP will somehow leak to the public)
  • Anton Cherepanov and Robert Lipovsky from ESET presented their research on Industroyer with lots and lots of details that – as far as I can tell – were not published before. I could not follow all the technical details of the ICS protocols involved, but I’ve learned a lot about the most recent incident in Ukraine
ESET presenting Industroyer

The conference in general

From the participant’s perspective everything was as smooth as from the speaker’s perspective. All talks started on time – this is something I was not used to, as at most conferences I attended in Poland all the talks (even the first ones) where always delayed and sometimes the delay by the end of the day amounted to 45 minutes. Not at VB2017 – you could set your watch using the starting time of every entry in the agenda. I imagine this is hard – but now I have proof that even at a big conference like this one this is doable. This makes the whole experience a lot better. You can easily switch rooms during sessions, as talks in all the rooms start at the same time.

I did not come for food, but a full stomach is an important aspect of being able to listen to presentations. The organisers made sure no one has time to get hungry, there was plenty of everything from the early morning till the evening parties. Talking about parties – I wasn’t able to attend all of them, but I’ve heard that those who were, were satisfied. If I ever manage to present again, I hope I won’t get the 9 AM slot on the day after the first party. Anyway, there is nothing I can complain about – the city, the venue, everything was perfect. Close to a well-connected airport, with professional conference rooms, comfortable tables, leisure zones, all the bases were covered.

The people

In my home country when I go to a conference I meet more people I already know than those I meet for the first time. At VB2017 I knew only a few friends, but I met some really nice people from all over the world and made friends at the parties, at lunch and even in the elevator. Everyone was really nice to each other and – a bit of shame to admit – I was surprised people were leaving their phones or laptops on tables in the conference rooms when leaving for the breaks. I would never risk it at a Polish conference. I hope it will change some day.

Best support ever

The whole process, from the moment of submission, through all the formalities like paper preparation, communication with the conference organisers, trip preparation, working with the technical support team to make sure my slide setup fits my needs, everything went so smooth that I never had any trouble or even a doubt. All my questions were immediately answered, all potential problems addressed in a way that made me feel comfortable with my presentation. This is not a conference where you have to run looking for tech crew to provide the remote for the projector etc. Everything has been taken care of. As a presenter I felt really well and I was able to concentrate on the delivery of my slides. Big kudos to the whole VB team for making it happen.

Me presenting (thx Łukasz!)


If you hesitate but think about coming to VB, try to make it happen. In my opinion the best way is to submit a good CFP proposal – you gain more experience even if it gets rejected. And once you prepare it, you have a nice paper you can try to submit to other conferences as well. Nowadays the choice is huge and it’s worth trying. If my description of this conference seems like something you could enjoy and you (or your employer) can afford it, by all means come to VB next year, you won’t regret it.

If you want to start with something smaller, you can submit your paper to Polish conference as well. I sit on some organising committees, feel free to contact me (adam at and I can help in choosing the right one for your interests and preferences. Good speakers are always wanted and English should be fine at most events.

Leave a Reply

Your email address will not be published. Required fields are marked *