We held a conference in Lisbon in October 2025, featuring member and guest presentations, panels, AMTSO updates and discussions.
In a superb setting with excellent content (and amazing weather), and 45+ attendees including AMTSO members and invited guests from the local cybersecurity world, the conference was a huge success.
Recordings of all sessions have been made available to AMTSO members, we are posting edited highlights as they become available.
We welcome feedback from attendees to help us improve future events – if you joined us in Lisbon, please fill out the feedback form.
The event included lunches and coffee breaks on each day, and a social event on the first evening, with ample opportunities for networking. AMTSO member companies were invited to send up to two representatives per member company free of charge. Many non-member security firms including local security specialists were also invited to join us and learn from our speakers and discussions.
Presentations which can be publicly shared are being posted to our YouTube channel as they become available. You’ll find links to published recordings in the speaker and session sections below, and on our news pages.
Venue: Altis Grand Hotel, Lisbon, Portugal
Schedule:
Dr Alexander (Oleksandr) Adamov is the Founder and CEO of NioGuard Security Lab (nioguard.com), a cybersecurity research laboratory. With over 20 years of experience in cyber attack analysis, gained through his work in the antivirus industry, he has taught cybersecurity at the universities of Ukraine (nure.ua) and Sweden (bth.se) for the last 15 years. His laboratory focuses on applying AI and machine learning to solve cybersecurity problems. NioGuard Security Lab is a member of the Anti-Malware Testing Standards Organization (AMTSO). Dr Adamov regularly speaks at major cybersecurity events, including the Virus Bulletin Conference, OpenStack Summit, UISGCON, OWASP and BSides.
See Alexander’s presentation from our Lisbon event!
Nick is a member of the Android Anti-Malware Team at Google where he focuses on off-market malware and phishing applications. When Nick isn’t reversing malware he’s day-dreaming about endpoint detection strategies, lockpicking, and carbs (mostly beer, but bread too). An interesting fact about Nick is that he has an eclectus parrot who keeps escaping from his house in Seattle.
Luis boasts a distinguished career in the security industry that spans decades, with a specialized focus on the anti-malware domain. Currently serving as the Security Evangelist for Gen (Avast, AVG, Avira, and Norton), Luis’ expertise is widely recognized. As Chairman of the Board of Directors for AMTSO (the Anti-Malware Testing Standards Organization) and a board member for MUTE (Malicious URLs Tracking and Exchange), Luis’ leadership has been instrumental in shaping the landscape of cybersecurity. A passionate orator, Luis has graced the stages of premier industry events such as AVAR, Virus Bulletin, HackInTheBox, APWG, CARO, etc., captivating audiences with insightful perspectives
He has also presented his research at security conferences, including AVAR, Botconf, CARO, FIRST, RSA, and Virus Bulletin.
Stefan began his journey as a security software tester, specializing in targeted attacks. He has a proven track record of building and leading high-performing teams, developing advanced testing methodologies that drive innovation and set industry benchmarks. Previously CTO of SE Labs, has founded Artifact Security a new testing company that focuses on innovation in new security aproaches.
See Stefan’s presentation from our Lisbon event!
David Ellis is Vice President of Research and Corporate Relations at SecureIQLab, a cybersecurity validation company. There, David handles third party participation in SecureIQLab’s antimalware testing and validation processes. David also brings extensive experience in developing testing and validation metrics based on entity feedback, as well as documenting testing methodologies.
See David’s presentation from our Lisbon event!
Tal’s professional cyber security experience goes 20+ years back. Dealing with threats as a cyber security engineer at various companies, through technical selling of cyber security solutions to enterprise and governments, to innovating new solutions and productizing it, all the way to co-founding malanta.ai, the first Pre-Attack Prevention platform.
Tzur is a Cyber Threat analyst with vast experience in research and hunting. As such he has both the technical capability and the disruptive mindset that will cause any attacker (human or AI agent) to reconsider.
Tzur believes that power comes with responsibility and therefore he is continuously contributing to the security and cyber resilience of companies and public sector organizations.
In the last few years, he is mainly focused in the areas of OSINT, Deep Web and General Security research.
Grayson Milbourne is the Security Intelligence Director at OpenText Cybersecurity focusing on comprehensive security solutions. Over the past 20 years, Grayson has worked in various areas of the company including time as the Director of Threat Research. His areas of security intelligence expertise include malware analysis, data science and security education. In his current role, Grayson has been focusing on efficacy development where he ensures OpenText Cybersecurity products are able to defend against the most cutting-edge threats. Additionally, he supports the Sales and Marketing efforts with thought leadership and threat metrics that result in industry papers, ebooks, webinars, podcasts and blogs. Grayson has been a longtime advocate for better 3rd party testing of security products and represents OpenText Cybersecurity at the Anti-Malware Testing and Standards organization, AMTSO. Through his efforts in participation, AMTSO released testing standards that greatly improved testing quality when followed. Grayson is an avid participant in the security community and drives awareness of current threats by speaking at major events such as RSA and Virus Bulletin. Beyond his passion for protecting people from cyberthreats, Grayson loves aviation and holds a private pilot license. His other passions include, strategic boards games, skiing and playing golf. He lives in Louisville, Colorado with his wife, Danielle and their two cats, Theodore and Aiden.
He has also presented his research at security conferences, including AVAR, Botconf, CARO, FIRST, RSA, and Virus Bulletin.
See Grayson’s presentation from our Lisbon event!
Jan Miller is CTO of Threat Analysis at OPSWAT. His journey in malware analysis started with a passion for reverse engineering and low-level programming, which led him to co-found sandbox-focused startups like Payload Security, which was acquired by CrowdStrike, and FileScan.io, which is now part of OPSWAT. These ventures taught him the importance of scalability, adaptability, and transparency in sandboxing technologies.
Dani has had a passion for malware reverse engineering and threat intelligence research since college. He has worked as incident responder and threat intelligence research, but since the beginning of his career he has mainly focused on malware analysis for any role.
Currently, he combines threat research with malware analysis automation as threat research lead at OPSWAT’s Metadefender Sandbox (also known as filescan.io). He loves chasing threat actors, tracking infection campaigns, and defeating the latest malware techniques in this never-ending whack-a-mole game against the threat actors.
Jan Sirmer is Director of Threat Defense and Operations at GEN Digital. He specializes in analyzing malicious Java threats, Android applications and exploits, macro viruses, web-based, and other non-executable threats. Over the course of his career, Jan has authored numerous blog posts on phishing attacks, malicious web exploits, and Android malware.
He has also presented his research at security conferences, including AVAR, Botconf, CARO, FIRST, RSA, and Virus Bulletin.
See Jan’s presentation from our Lisbon event!
Gabor Szappanos graduated from the Eotvos Lorand University of Budapest with degree in physics. His first job was in the Computer and Automation Research Institute, developing diagnostic software and hardware for nuclear power plants. He started antivirus work in 1995, and was developing freeware antivirus solutions in his spare time. He joined VirusBuster in 2001 where he was responsible for taking care of macro virus and script malware, becoming the Head of the virus lab in 2002. Between 2008 and 2015 he was a member of the board of directors in AMTSO (Anti Malware Testing Standards Organization). In 2012 he joined Sophos, where he works as a threat research director.
See Gabor’s presentation from our Lisbon event!
Roman is a reverse engineer with the Android Malware Research Team at Google where he is focused on projects that hunt down malicious apps as part of Google Play Protect. For more than 10 years Roman detecting and analyzing mobile malware focusing on large botnets and advanced threats. In the past Roman presented at different conferences including RSA, VB, CARO, AVAR and Kaspersky SAS.
Alexander Vukcevic is the Head of CyberSafety Programs & Threat Innovation at Gen Digital, leading efforts to protect millions of users from scams, malware, and emerging online threats. He began his career at Avira in 2000, building and managing international research teams and later serving as Director of Protection Labs, where he focused on new detection technologies and external testing.
Alex also serves as CTO, and Board Member of the AMTSO, actively contributing to global cybersecurity standards. A recognized industry voice, he frequently speaks at conferences and in media on threat intelligence, innovation, and user protection.
Expand the sections below for more details of each talk topic. Links are included in those sections for which recordings have been made publicly available, the recordings can also be found on our YouTube channel.
The cybersecurity landscape is undergoing a radical transformation as LLMs and Reinforcement Learning (RL) techniques enter the offensive toolkit of advanced threat actors. While defensive security research has made significant progress in applying AI to detection and triage, adversaries are now turning the same technologies against us – introducing malware that can learn, adapt, and generate novel attack patterns on the fly.
This talk will present both foundational and newly emergent threats from AI-powered malware, beginning with early work (EWDTS 2020) in which reinforcement learning was used to teach a ransomware agent how to evade detection. We will then transition to real-world use cases, including the 2024 confirmation by Microsoft and OpenAI that nation-state actors were leveraging LLMs in cyber operations, and the groundbreaking APT28 campaign discovered by CERT-UA in July 2025. That attack operationalized a Hugging Face–hosted LLM (Qwen 2.5) to generate reconnaissance and document exfiltration commands dynamically, attempting to evade conventional AV defenses.
The second half of the talk will focus on testing methodologies. Today’s AV testing standards, from static signature tests to dynamic sandboxing, fail to account for the fluid, generative nature of AI-enhanced threats. We will expose these shortcomings and propose a new testing paradigm that integrates LLM-driven code generation, adaptive command execution, and adversarial prompt crafting.
Presented by Dr. Alexander Adamov of NioGuard Security Lab.
This presentation examines the alarming rise in sophisticated malware specifically designed to disable Endpoint Detection and Response (EDR) systems. Neutralizing the defense is a critical phase in modern multi-staged attacks that allows threat actors to operate undetected.
Based on incident response encounters we observed that threat actors use a wide variety of EDR evasion techniques. We can categorize these approaches into three major tiers: publicly available tools from open repositories like Github (e.g., Backstab, EDRSilencer, EDRSandBlast); repurposed components of legitimate security software (TDSSKiller, GMer, Huorong HRSword, Comodo Killswitch); and the custom-built solutions like AuKill and EDRKillShifter.
Each category presents unique defensive challenges—while custom solutions can be freely detected, repurposed legitimate software requires more nuanced approaches to avoid false positives and industry backlash. Yet, we have to handle those situations as well.
Our defensive methodology implements multiple protection layers that leverage contextual information, event timelines, and environmental factors. We combine static detections, behavioral protection, and reputation systems into meta-detections that correlate seemingly benign events to identify and block sophisticated attacks.
The presentation provides an insider’s view of this ongoing security cat-and-mouse game, featuring real-world case studies that demonstrate our defensive strategies against various EDR killer types. Security professionals will gain practical insights into identifying and mitigating these critical threats that often precede major security breaches.
Presented by Gabor Szappanos of Sophos.
Current validation approaches suffer from fundamental gaps in security assessment, with many organizations deploying AI systems that possess only superficial security measures. Our research reveals that most AI vendors lack deep understanding of critical security concepts such as excessive agency, model poisoning, and agent boundary violations. This knowledge deficit translates directly into inadequately secured production deployments that expose organizations to emerging AI-native attack vectors.
Through extensive industry engagement and case study analysis, we have developed a validation methodology that maps real-world security failures to established frameworks including the OWASP GenAI API Top 10. Our approach addresses systemic risks inherent in multi-agent deployments, including agent-to-agent communication vulnerabilities, weak integration boundaries, and race conditions that emerge from uncontrolled feedback loops.
The validation framework introduces novel assessment techniques including feedback loop analysis, auditable agent reasoning evaluation, and resilience testing for cascading failure scenarios. We present Model-Centric Protection (MCP) as a foundational validation criterion, ensuring that inference layers maintain security even when upstream APIs are compromised through control-plane enforcement mechanisms.
Our validation methodology emphasizes Secure-by-Design principles adapted specifically for multi-agent architectures, incorporating validation checkpoints that assess agent reasoning transparency, communication protocol integrity, and boundary enforcement capabilities. The framework provides actionable guidance for organizations seeking to validate AI solutions before deployment, offering structured approaches to threat modeling, security testing, and architectural assessment that address the unique challenges posed by autonomous and semi-autonomous AI systems in production environments.
Presented by David Ellis of SecureIQLab.
In the last year we have seen an increase in established security vendors adding AI assistants to their suite of products. Alongside this, a small industry of bespoke AI Security Assistant designed to help businesses. How can you measure the benfit they bring to a business? We’ve interviewed SOC analysts and business owners to seek the “right” answer. Evaluating security products is an expensive endeavour that a lot of business cannot afford. The promise of analysts being more efficient and reducing alert fatigue get thrown around. What are the metrics you can look at as an independent tester to give value to both enterprises and vendors alike?
Presented by Stefan Dumitrascu of Artifact Security.
Independent testing is meant to be impartial; but how independent is it, really?
In an industry where vendors pay for tests, influence test scopes, and use results for marketing, questions about bias and transparency are not just valid, they’re necessary. This roundtable invites open discussion on one of the most sensitive topics in the testing ecosystem: the hidden dynamics that shape what gets tested, how it’s tested, and which results get highlighted (or buried).
We’ll explore:
• Should vendors have any say in what gets tested?
• What happens when testers rely financially on the companies they’re evaluating?
• Do transparency declarations and methodologies go far enough, or are they just window dressing?
• Can AMTSO or other bodies enforce standards for independence and disclosure?
We’ll also ask whether existing transparency efforts are enough to build trust with consumers, media, and regulators, or if it’s time to raise the bar.
This isn’t about finger-pointing. It’s about recognizing where the system falls short and asking: can we afford to keep pretending everything is fine?
Whether you’re a tester, vendor, or observer of the industry, this is your chance to join a long-overdue conversation.
Panel session chaired by Luis Corrons of Gen Digital.
Join us for a deep dive into how the Anti-Malware Testing and Standards Organization’s (AMTSO) Real-Time Threat List (RTTL) can evolve from a malware sample-sharing platform into a powerful source of real-time threat intelligence. This session explores the integration of RTTL with the Triage sandbox, an advanced malware analysis tool that extracts rich indicators of compromise (IoCs) such as C2 infrastructure, malware hosting URLs, and stolen credentials.
With contributions from over 15 security vendors, RTTL offers a unique opportunity for unbiased efficacy testing. But its true potential lies in what happens after submission. By analyzing over 350,000 RTTL samples detonated in Triage over the past year, we’ll uncover trends in execution success, IoC enrichment, and malware behavior.
Attendees will gain insight into how RTTL contributors can benefit from enhanced intelligence feeds, and how showcasing the value of Triage’s config extraction capabilities could encourage broader vendor participation. Whether through a collaborative donation model or strategic investment, this session makes the case for upgrading RTTL into a more impactful, community-driven threat intelligence resource.
Presented by Grayson Milbourne of OpenText Cybersecurity.
Consumer cyber safety is rapidly evolving, with humans increasingly becoming the primary attack surface. In today’s online environment, users face a constant barrage of scams that are growing in sophistication. Keeping up with the changing tactics of threat actors is a challenge even for experienced users, and traditional security solutions are often not enough to prevent manipulation through social engineering.
This presentation introduces a user-centric threat advisory tool designed to bridge this gap. Acting as standalone anti-scam feature and a second-opinion assistant, it helps users interpret potentially dangerous content such as suspicious messages or websites by offering clear, contextual explanations. Rather than replacing existing endpoint protection, it complements it by enhancing user awareness and supporting better decision-making in real time.
We will explore the core functional elements of the tool and evaluate its potential to reduce the impact of impersonating scams and social engineering attacks, an area where traditional AV solutions can struggle.
A key question raised is whether AI-driven solutions can operate effectively on their own, or whether human expertise remains essential to ensuring accuracy and usability. The presentation will examine how the combination of expert input and AI that goes beyond traditional detection methods by knowing context and/or analyzing the intent across SMS, email, and web can improve threat interpretation and user trust, particularly in edge cases where nuance matters.
Finally, we will touch on the implications for testing methodologies. When human interaction significantly influences the outcome, how should such tools be evaluated? This remains an open question, and the audience will be invited to contribute their perspective after the session.
Presented by Jan Sirmer of Gen Digital.
The Joker toll fraud family is one of the well known Android malware families. For more than six years they have been sending malicious apps to the Play Store during which time they have become very proficient at hiding their code and behavior from app analysis systems. They quickly adapt to Google detection infrastructure improvements and constantly change their behavior.
For one variant in particular it was identified that the actors were using newly registered domains and never reusing them for other apps. It is extremely hard to discover such domains because they use different registration details and domains have meaningful names sometimes. However we discovered a flaw in their infrastructure that allowed us to quickly identify new apps before they are distributed to users.
In this talk we’ll cover common tactics used by the Joker toll fraud family and go in depth on a flaw we discovered wherein the Joker threat actors would spin up new back end infrastructure making use of default configurations to service new app campaigns. Through this flaw we have been able to develop an early detection mechanism leveraging Censys APIs which allows us to identify new Toll Fraud apps in almost-real-time, and prevent the publication of malicious apps to the Play store to protect Android users.
Presented by Roman Unuchek and Nick Anderson of Google.
Artificial intelligence is no longer just a tool for defenders. It’s a decisive force multiplier for attackers. A new adversary class is emerging: the AI.Attacker. Autonomous agents capable of reconnaissance, planning, and execution at machine speed. Unlike traditional threats, these systems adapt, self-learn, and scale campaigns beyond human operational limits. What once took days or weeks in the intrusion kill chain: recon → resource development → delivery → exploitation, can now collapse into minutes.
Yet this speed also exposes their Achilles’ heel: the pre-attack phase. Before execution, AI.Attackers require accurate, timely intelligence to map targets, identify vulnerabilities, and prepare infrastructure. This is the best, and often only, moment to disrupt them.
This talk presents real-world examples of AI-driven recon, resource development, and exploitation, then introduces a live demo of “AI.Attacker Recon and Exploitation Prevention” a technique and tooling suite that detects and prevent hostile AI reconnaissance. Attendees will leave with a forward-shifted defense model and practical tactics to prevent AI reconnaissance, tipping the balance before the first shot is fired.
Presented by Tal Kandel and Tzur Leibovitz of Malanta.ai.
Why have cybercriminals rely so heavily on .NET for malware development? This talk explores how .NET has quietly become one of the most abused languages or frameworks. With built-in support for dynamic compilation and in-memory execution, .NET offers attackers easy usage and flexibility for crafting modular, evasive malware. While existing .NET code is widely reused there is also a growing underground market of “Protector-as-a-Service” tools fueling the rapid adoption of .NET across cybercrime operations.
This talk dives into the internals of .NET from a malware analyst’s perspective to later explore how protectors—far beyond simple packers—enable advanced evasion and anti-analysis techniques. We’ll show how this poses a unique challenge for sandboxes and automated pipelines, which fail to scale when facing threats that require deeper, context-aware analysis beyond basic runtime execution.
To ground this in the real world, we’ll analyze Roboski (also known as TicTacToe), a .NET bitmap-based loader that is simple, effective, and indeed everywhere. Despite being years old, it still sneaks under the radar and is widely reused in the wild, serving as a key delivery tool for next-stage payloads.
This talk will blend threat research with malware internals, sharing actionable techniques to improve detection and dive deep into what’s hiding inside today’s .NET malware.
Presented by Daniel Ruiz of OPSWAT.
Review of recent AMTSO activities and achievements, summaries of current projects and working groups, open discussion of issues and challenges in testing, planning for future projects and activities.
Session held in main track, led by John Hawes (AMTSO) and AMTSO Working Group leads.
As the Real-Time Threat List (RTTL) continues to evolve as AMTSO’s central platform for sample and threat intelligence sharing, this workshop invites contributors, testers, and conference representatives to shape its next chapter. We will explore how RTTL can better serve the cybersecurity community through enhanced data-driven capabilities, contributor transparency, and expanded telemetry insights.
Key discussion points will include:
– CERT Needs: Understanding the CERT’s request for trend-based intelligence – such as threat vectors, clustered behaviours, and APT mapping – rather than raw samples.
– Contributor Expectations: What motivates contributors to share? How can RTTL improve visibility, feedback loops, and recognition?
– Data Expansion: Opportunities to enrich RTTL with metadata, telemetry pipelines, and vendor-mapped threat trends
– Design Roadmap: Preview of upcoming features including feed-level watchdogs, submission sorting, and machine learning-based quality checks
This session will be interactive and forward-looking, aiming to define a roadmap that balances operational efficiency with strategic intelligence value. All participants are encouraged to bring ideas, use cases, and feedback to help shape RTTL’s future.
Session held in main track for wider debate – led by Alexander Vukcevic (Gen).
A gathering of members of the AMTSO Scam & Phishing Working Group, plus interested guest participants. Discussion of progress in developing guidance for testing of scam and phishing proection technologies, and future plans for the project.
Sesssion held in main track – led by Stefan Dumitrascu (Artifact Security).
A gathering of members of the AMTSO Sandbox Evaluation Working Group, plus interested guest participants. Discussion of progress in adoption of the AMTSO Sandbox Evaluation Framework, and future plans for the project.
Sesssion not held due to unavailability of key personnel – discussion of Sandbox project held during AMTSO General Meeting.
Altis Grand Hotel, Lisbon, Portugal
Our conference was held across several spaces on the 13th floor of the Altis Grand Hotel, located in the heart of Portgual’s hilly, coastal capital city.
The setting and staging were excellent and the venue facilities superb, including spectacular city views from the 12th floor balcony just below the meeting space.
Our speakers and VIP dinner was held at Sacramento do Chiado, a short (but hilly) walk from the meeting venue.
