The IoT industry is often lambasted for lax security, however it does face unique challenges. This talk brings expertise from a veteran security engineer who has spent the last few months embedded (hah!) in an IoT manufacturer, working on security from the inside. We will explore some of the unique challenges in this space, and […]
Read moreAll smart devices, from cars to IoT, are based around processors. Often these processors are not considered as part of the threat model when designing a product. Instead, there is an implicit trust that they just work and that the security features in the datasheet do what they say. This is especially problematic when the […]
Read moreThreat hunting in the cloud is something that is not often talked about from a security strategy perspective. This talk will specifically cover techniques that can be used to support hunting within cloud environments. Recently, we have seen both Amazon and Microsoft release traffic mirroring capabilities within cloud environments which has allowed traditional network security solutions […]
Read moreThe evolution to a mobile and cloud-first approach to IT has made the old perimeter-centric view of security obsolete. We are opening our systems, information, and businesses to access from anywhere at any time. In this new reality we need to securely enable, manage, and govern access for all users, from employees to partners, customers, […]
Read moreThis presentation focuses on the malicious actors’ efforts to introduce and spread malicious apps through the Google Play app store, and how various players (consumers, internet providers, security firms, etc.) can help to thwart these efforts. One of the most common ways of conducting cyber security attacks (beside phishing) is through trojenized applications that end […]
Read moreThe goal of the talk is to answer a few questions we often see or hear : “ATT&CK is nice and all, but how do I (we) get started?”, “How can I (we) detect those TTP?”, “Why use the ATT&CK Framework?”, etc. The ATT&CK Framework from Mitre is the new honest in the InfoSec world. […]
Read moreAlgorithms are being used to choose who lives and who dies. Computers are being programmed to make ethical decisions that impact every facet of our lives. Based on the ethics of cyber-criminals, Check Point has made another gigantic leap forward by teaching our gateways to use algorithms to detect the DNA of Malware in an […]
Read moreThis talk is the ‘grand finale’ of a four-year long investigation that started with analyzing an IoT botnet, to discovering the structured industry that exists behind social media manipulation (SMM). SMM is the deliberate act of paying for popularity with followers or activity on social media. Adopting a bottom-up approach, the thorough methodology undertaken to […]
Read moreDo you have a cellphone? Do you run apps on it? Your personal information is most probably traversing over TOR without your knowledge or consent. As part of our research, we identified a surprising amount of unencrypted, sensitive and confidential user data originating from mobile devices traversing the TOR network, which included: GPS coordinates, WiFi […]
Read moreHardware Security Modules (HSMs) come in a variety of shapes, forms and sizes, and are used for different purposes. They are also deployed in a myriad of ways based on your needs. If you are thinking about using HSMs, just curious about what is out there, or using them today and not sure if you […]
Read moreA light-hearted trip through security failures both physical and electronic that have enabled me over the years to circumvent security of most of the world’s largest banks. Through the use of tales from the front line and useful illustrative slides, I will attempt to take you through the lessons to be learned from an ethical […]
Read moreThe next evolution of the global mobile communications network is on the horizon and the technology standards are being developed to support it…but how secure will it be? This talk will present an overview of the 5G security evolution and current status at the half-way point before official 5G release. The new network will not […]
Read moreSmart contract security is a brave, new, and sometimes terrible field. This presentation will take you through a storytelling history of some of the most famous vulnerabilities of these first few years (from the Dao hack, to the Parity wallet vulnerabilities and including less-well-known but very interesting events like the DDOS attacks from late 2016). […]
Read moreThe concept of the Internet of Things (IoT) truly represents a radical shift in how companies will operate, governments will govern, and individuals will live their lives. Microcomputetechnologies and autonomous systems will permeate our day-to-day activities. They will introduce opportunities for simplification, optimization and accuracy, and they will threaten to distribute cyber threats into the deepest […]
Read moreEnterprises today face pressure to improve security posture while also satisfying growing compliance requirements. These organizations are looking for ways to both unify their controls to measure and achieve multiple compliance requirements, and ways to assess them on a continuous basis for effective reporting and risk-based decisions. Mark will offer insights on how companies can focus their efforts, […]
Read moreIn this principal research, we investigate the possibilities blockchain technologies pose as an infrastructure for malicious operations. We will demonstrate a POC of a fully functional C&C infrastructure on top of the Ethereum network – the second largest public blockchain which also acts as a distributed computing platform featuring a smart contract functionality. As Blockchain technologies gain more traction in recent […]
Read moreI will go over how transfer learning can be used to retrain a convolutional neural network (CNN) to accurately predict and label images of botnet C2 web panels and phishing websites. Image recognition to classify malicious websites can benefit in optimizing incident analysis as well as enhancing threat label data.
Read moreAI and machine learning are increasingly popular buzzwords cybersecurity, but not all AI techniques deliver the same value for every use case. Security professionals need to understand the different applications of AI and machine learning and how they can best be applied to address an organization’s specific needs. The potential of data science, artificial intelligence […]
Read moreIn 2012, we talked about the APT. In 2013, we talked about BYOD and Consumerized IT. In 2014, it was #failAMA. In 2015, Ben Sapiro FAILED to submit an abstract. In 2016, James was VOLUNTOLD to do the thing. It’s 2017, and the voluntoldee said yes again. This is the time when we talk about […]
Read moreShopify has leveraged Kubernetes through Google Container Engine (GKE) to build its new cloud platform. This PaaS is currently serving the majority of the company’s internal tools as well as business-critical production workloads. Moving to Kubernetes and a public cloud is no easy task, especially for a security team. Unfortunately for us, a hosted solution […]
Read moreIn this talk, we discuss a possible new technique where hackers could abuse smart contracts that are deployed on the blockchain as means of command and control (C2) for botnets. We call this novel technique ‘botract’; derived by merging two words: ‘bot’ and ‘contract’. In this talk, we describe how hackers can exploit smart contracts […]
Read moreAutomotive diagnostics provide access for manufacturing, service, and forensics of automotive systems, and are present in nearly every vehicle on the road today. These systems provide a large attack surface, and often contain undocumented features. Unfortunately, information about these systems is proprietary, and tools for interacting with them are expensive. In this talk, we’ll introduce […]
Read moreTrust is an implicit requirement of doing business. At some point, we must trust employees, peers, and technology to a degree. The lack of proper management or understanding of these various trust relationships is a leading cause of security exposure. This talk will cover the analysis and exploitation of the trust relationships between code, platforms, […]
Read morePeople are not computers. This seems like an obvious statement, but many of our security controls treat people as though they are neat streams of code. This can cause problems when it comes to insider threat programs. If we approach insider threat analysis as a black and white then we risk more than wasted time […]
Read moreYou walk into a meeting and the person you are about to talk to informs you that they will be video and audio recording everything. Would that change what you might say or do? What if we told you that your mobile device could be doing that, or worse, to you already? Visit this session […]
Read moreWindows Defender Advanced Threat Protection will soon be available for all Blue Teams to utilize within Windows 10 Enterprise, which includes detection of post breach tools, tactics and techniques commonly used by Red Teams, as well as behavior analytics. Combined with Microsoft Advanced Threat Analytics for user behavior analytics across the Domain, red teamers will […]
Read moreThis is an informative and action-packed session revealing the scary secrets of the current state of IoT device security. It focuses on the various techniques which Gupta and his team used to break into several smart homes (and enterprises) taking advantage of the insecurity in smart devices. Some of the devices he will cover during the talk […]
Read moreControl systems are all around us, working in the background of our lives providing us light, water, heat, transportation, and many good things. These systems are becoming more digital and more connected than ever before, so we must consider control system security just like we do with IT systems. We certainly have seen a jump […]
Read moreIt’s challenging to build out your Incident Detection & Response program when you’re wading in alerts and expected to cover cloud services, contractors, and remote workers, as well as your core infrastructure. In this session, Eric Sun will cover best practices from Rapid7’s Incident Response and Penetration Testing teams, and share the top gaps in […]
Read moreToday, businesses and data security leaders are looking for ways to better anticipate and even predict threats before they happen. Companies have a huge amount of data to process and very little time to do it, and new forms of targeted attacks have evolved. These new threats require new thinking, and that’s where the latest […]
Read moreOn the second Tuesday of every month, Windows administrators stand ready to deploy the swarm of patches issues by Microsoft addressing new vulnerabilities found on mission-critical systems. Although this patch management routing may have system admins feeling overwhelmed, Patch Tuesdays are expected, allowing them to plan accordingly for the maintenance windows. But IT organizations are […]
Read moreCar hacking really came to light in 2015. We saw Jeeps getting attacked over the air, BMWs being remotely unlocked, and attacks on Tesla’s Model S. Yes, today’s cars are computers, and they going to have vulnerabilities. While cars have had in-vehicle networking for the last 25 years, only recently have we seen public attacks […]
Read moreCryptography and social networks are some of the online tools used today to protect the communications of terrorists and to affirm their membership in terrorist organisations. The Internet has become the method of choice for communication. The number of sites calling for a jihad rose from 28 in 1997 to over 5,000 in 2005. The […]
Read moreThe insecure state of SCADA devices is well known and concerning. These connected devices are largely Internet connected. While this is not a new phenomenon, connected devices have continually garnered attention- from attackers and researchers alike. In this talk, Kyle Wilhoit presents the state of SCADA on the Internet, answering the who, what, when, where, […]
Read more
May 2, 2016
There are thousands of possible Windows event IDs, split into 9 categories and 50+ subcategories. The Windows Event Logs provide a historical record of a wide range of actions such as login/logoff, process creation, files/keys modifications, and packet filtering. These logs provide investigators with a wealth of information that can be analyzed in many different […]
Read moreIf you knew how many ways you could obfuscate and deliver payloads with RTF documents, you would have thought it was a file format Microsoft secretively purchased from Adobe. Kidding aside, 2016 has peeked my interest in the RTF specification and you should learn why. This talk walks through research experiences and examples that take […]
Read more