Table of Contents
Every August, thousands of hackers, security researchers, and technology enthusiasts descend on Las Vegas for DEF CON â the world's largest hacker conference. Within DEF CON's sprawling network of "villages" and tracks, one stands out as the focal point for the malware analysis community: Malware Village.
What Is Malware Village?¶
Malware Village is a dedicated track within DEF CON specifically focused on malware analysis, reverse engineering, threat intelligence, and incident response. It was established to provide a dedicated space where practitioners can share advanced technical knowledge that might not fit into DEF CON's main track talks or other village environments.
The village features:
- Research presentations: Deep-dive technical talks from malware analysts, threat intelligence researchers, and incident responders
- Capture The Flag (CTF) competitions: Malware-focused CTF challenges where participants analyze actual malware samples to solve problems
- Workshops: Hands-on sessions teaching practical malware analysis skills
- Community networking: One of the best places to meet others working in malware analysis, threat intelligence, and reverse engineering
Types of Talks at Malware Village¶
The talks at Malware Village tend to be highly technical and practitioner-focused. Common topics include:
Novel malware family analysis: Detailed reverse engineering of newly discovered or previously unpublished malware â covering code structure, C2 protocols, obfuscation techniques, and attribution indicators.
New analysis techniques: Presentations on improved methods for defeating anti-analysis techniques, new approaches to dynamic analysis, or novel ways to extract intelligence from malware samples.
Threat intelligence and attribution: Research connecting technical indicators to threat actor groups, campaigns, and geopolitical context.
Tools and automation: Presentations on new open-source tools for malware analysis, YARA rule development, automated sandbox analysis, and threat hunting at scale.
Incident response case studies: Post-incident analysis of significant attacks, covering how organizations were compromised, what the malware did, and how it was investigated.
The Malware Village CTF¶
The Malware Village CTF is one of the most distinctive aspects of the event. Unlike typical Jeopardy-style security CTFs, the Malware Village CTF presents challenges specifically centered around malware analysis:
- Analyzing a malware sample to extract its C2 domain
- Reverse engineering an obfuscated script to find a hidden configuration
- Reconstructing the attack chain from forensic artifacts
- Identifying the malware family from behavioral indicators
These challenges are excellent practice for real-world malware analysis skills and attract participants from students to experienced professionals.
How to Get Involved¶
Attending¶
DEF CON holds an annual open registration â tickets are sold on-site at the event (cash only, historically). DEF CON typically takes place in August at the Las Vegas Convention Center. Malware Village is included with general DEF CON admission.
Check the DEF CON website (defcon.org) for dates, ticket information, and the full village schedule.
Presenting¶
Malware Village accepts talk submissions through a Call for Papers (CFP) process that opens several months before the conference. The CFP is announced on the Malware Village website and social media channels. The village organizers look for:
- Original, unpublished research
- Technical depth â the audience is expert practitioners
- Novel techniques, tools, or threat intelligence
- Practical applicability to real-world analysis work
Participating in the CTF¶
The CTF is open to all DEF CON attendees and typically runs throughout the village's operating hours. No registration is required for most CTF formats â just show up and start participating.
The Broader Malware Research Community¶
Malware Village is part of a broader community of practitioners who share research year-round through:
- VirusTotal blog and researcher community
- Abuse.ch community platforms (MalwareBazaar, URLhaus, ThreatFox)
- Malware Traffic Analysis (malware-traffic-analysis.net) â regular practice exercises
- Twitter/X malware research community (search #threatintel, #malware)
- GitHub â open-source analysis tools and YARA rule repositories
FAQ¶
Is Malware Village only for expert analysts?
No. While many presentations are highly technical, the village also features introductory workshops and the CTF is designed to welcome participants at multiple skill levels.
Can I download malware samples from Malware Village?
Some research presentations share samples or IOCs, typically through platforms like MalwareBazaar or VirusTotal. Malware Village itself doesn't maintain a public sample repository.
Is Malware Village affiliated with DEF CON officially?
Yes â it's an officially recognized DEF CON village, though it has its own organizing team independent of the main DEF CON conference organizers.
Are talk recordings published?
Many Malware Village talks are recorded and published on the village's YouTube channel after the event.
This article is published by ScamSandbox to help users understand and avoid malware threats and online scams.