BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//conference.wireshark.org//sharkfest-24-eu//talk//PJCUHK
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-sharkfest-24-eu-PJCUHK@conference.wireshark.org
DTSTART;TZID=CET:20241106T171500
DTEND;TZID=CET:20241106T181500
DESCRIPTION:As infrastructure managers\, we often have to deal with malware
 s. Although we do our best to avoid or block them\, some slip through the 
 net anyway. Let's imagine that you or a member of your team got their hand
 s on one of these malicious binaries. How can you find out what its purpos
 e was? You can try to uncompile the binary or explore it in hexadecimal mo
 de\, two tried and tested but time-consuming methods. Let's try a new appr
 oach and analyze the malware's behavior by running it in an isolated envir
 onment and collecting all its syscalls using eBPF. The final step will be 
 to explore the captures with Logray\, a project forked from Wireshark\, es
 pecially made to analyze syscall packets captures.
DTSTAMP:20260508T114345Z
LOCATION:Ballroom A+B+C
SUMMARY:Let’s dissect malwares by collecting their syscalls with eBPF - T
 homas Labarussias
URL:https://conference.wireshark.org/sharkfest-24-eu/talk/PJCUHK/
END:VEVENT
END:VCALENDAR