The threat landscape is expanding, even though the cybersecurity community enhances the efforts to address cyberattacks. The majority of cyberattacks begin with a spear-phishing email, which is commonly used to infect organizations with ransomware. The importance of establishing a cybersecurity ecosystem has been acknowledged by all sectors. Currently, the Covid-19 pandemic has demonstrated the different […]
Read moreRansomware attacks have been proliferating over the past five years, becoming an easy source of revenue for cybercriminals, and putting businesses at risk. How did we get here? What can security teams do differently to detect and respond to attacks more effectively? In this session, Ordr Evangelist Jamison Utter shares research on why ransomware exists […]
Read moreThe SolarWinds SUNBURST attack was a rude awakening for many security teams, and it won’t be the last time Security leaders face tough questions about how an adversary evaded defenses and stayed hidden. With threats persisting inside the network for months, security teams need a new plan. In this session, CISO Jeff Costlow discusses strategies, […]
Read moreThe repetitive nature of response tasks is one of the biggest causes of fatigue and burnout among Incident Responders. Anyone who’s been on-call on a Security team can remember how many hours they’ve spent opening the same tabs, clicking the same buttons, copy+pasting the same indicator data, and performing other similar tasks repeatedly. Imagine if […]
Read moreThe use of JavaScript obfuscation techniques has become prevalent in today’s threats. From phishing pages to Magecart, supply chain injection to JavaScript malware droppers, they all use JavaScript obfuscation techniques on some level. The use of JavaScript obfuscation enables evasion from detection engines and poses a challenge to security professionals, as it hinders them from getting […]
Read moreNGINX is the web server powering one-third of all websites in the world. Detectify’s Security Research team analyzed almost 50,000 unique NGINX configuration files downloaded from GitHub with Google BigQuery and discovered common misconfigurations that, if left unchecked, leave your web site vulnerable to attack. This training will walk through the most common issues, including […]
Read moreIn this session, we present hAFL1 and provide the implementation bits required to write a Hyper-V fuzzer. We uncover a critical 0-day in Hyper-V vmswitch which was found using our fuzzer – an arbitrary read vulnerability. Finally, we show a live demo of exploiting this vulnerability, which until only a few weeks ago could take […]
Read moreHow do you create new efficient, accurate, and resilient detection rules? There are a lot of steps to follow. This talk will take you through what I call Full Circle Detection. I’ll start with where to get hunting ideas and then to giving a turnkey alert for your Security Analysts using a real-world step by […]
Read moreToday, the number of IoT devices in both the private and corporate sectors are steadily increasing. IoT devices like IP cameras, routers, printers, and IP phones have become ubiquitous in our modern homes and enterprises. To evaluate the security of these devices, a security analysis must be performed for every single device. Since manual analysis […]
Read moreThe IoT industry is often lambasted for lax security, however it does face unique challenges. This talk brings expertise from a veteran security engineer who has spent the last few months embedded (hah!) in an IoT manufacturer, working on security from the inside. We will explore some of the unique challenges in this space, and […]
Read moreAll smart devices, from cars to IoT, are based around processors. Often these processors are not considered as part of the threat model when designing a product. Instead, there is an implicit trust that they just work and that the security features in the datasheet do what they say. This is especially problematic when the […]
Read moreThreat hunting in the cloud is something that is not often talked about from a security strategy perspective. This talk will specifically cover techniques that can be used to support hunting within cloud environments. Recently, we have seen both Amazon and Microsoft release traffic mirroring capabilities within cloud environments which has allowed traditional network security solutions […]
Read moreThe evolution to a mobile and cloud-first approach to IT has made the old perimeter-centric view of security obsolete. We are opening our systems, information, and businesses to access from anywhere at any time. In this new reality we need to securely enable, manage, and govern access for all users, from employees to partners, customers, […]
Read moreThis presentation focuses on the malicious actors’ efforts to introduce and spread malicious apps through the Google Play app store, and how various players (consumers, internet providers, security firms, etc.) can help to thwart these efforts. One of the most common ways of conducting cyber security attacks (beside phishing) is through trojenized applications that end […]
Read moreThe goal of the talk is to answer a few questions we often see or hear : “ATT&CK is nice and all, but how do I (we) get started?”, “How can I (we) detect those TTP?”, “Why use the ATT&CK Framework?”, etc. The ATT&CK Framework from Mitre is the new honest in the InfoSec world. […]
Read moreAlgorithms are being used to choose who lives and who dies. Computers are being programmed to make ethical decisions that impact every facet of our lives. Based on the ethics of cyber-criminals, Check Point has made another gigantic leap forward by teaching our gateways to use algorithms to detect the DNA of Malware in an […]
Read moreThis talk is the ‘grand finale’ of a four-year long investigation that started with analyzing an IoT botnet, to discovering the structured industry that exists behind social media manipulation (SMM). SMM is the deliberate act of paying for popularity with followers or activity on social media. Adopting a bottom-up approach, the thorough methodology undertaken to […]
Read moreDo you have a cellphone? Do you run apps on it? Your personal information is most probably traversing over TOR without your knowledge or consent. As part of our research, we identified a surprising amount of unencrypted, sensitive and confidential user data originating from mobile devices traversing the TOR network, which included: GPS coordinates, WiFi […]
Read moreHardware Security Modules (HSMs) come in a variety of shapes, forms and sizes, and are used for different purposes. They are also deployed in a myriad of ways based on your needs. If you are thinking about using HSMs, just curious about what is out there, or using them today and not sure if you […]
Read moreA light-hearted trip through security failures both physical and electronic that have enabled me over the years to circumvent security of most of the world’s largest banks. Through the use of tales from the front line and useful illustrative slides, I will attempt to take you through the lessons to be learned from an ethical […]
Read moreThe next evolution of the global mobile communications network is on the horizon and the technology standards are being developed to support it…but how secure will it be? This talk will present an overview of the 5G security evolution and current status at the half-way point before official 5G release. The new network will not […]
Read moreSmart contract security is a brave, new, and sometimes terrible field. This presentation will take you through a storytelling history of some of the most famous vulnerabilities of these first few years (from the Dao hack, to the Parity wallet vulnerabilities and including less-well-known but very interesting events like the DDOS attacks from late 2016). […]
Read moreThe concept of the Internet of Things (IoT) truly represents a radical shift in how companies will operate, governments will govern, and individuals will live their lives. Microcomputetechnologies and autonomous systems will permeate our day-to-day activities. They will introduce opportunities for simplification, optimization and accuracy, and they will threaten to distribute cyber threats into the deepest […]
Read moreEnterprises today face pressure to improve security posture while also satisfying growing compliance requirements. These organizations are looking for ways to both unify their controls to measure and achieve multiple compliance requirements, and ways to assess them on a continuous basis for effective reporting and risk-based decisions. Mark will offer insights on how companies can focus their efforts, […]
Read moreIn this principal research, we investigate the possibilities blockchain technologies pose as an infrastructure for malicious operations. We will demonstrate a POC of a fully functional C&C infrastructure on top of the Ethereum network – the second largest public blockchain which also acts as a distributed computing platform featuring a smart contract functionality. As Blockchain technologies gain more traction in recent […]
Read moreI will go over how transfer learning can be used to retrain a convolutional neural network (CNN) to accurately predict and label images of botnet C2 web panels and phishing websites. Image recognition to classify malicious websites can benefit in optimizing incident analysis as well as enhancing threat label data.
Read moreAI and machine learning are increasingly popular buzzwords cybersecurity, but not all AI techniques deliver the same value for every use case. Security professionals need to understand the different applications of AI and machine learning and how they can best be applied to address an organization’s specific needs. The potential of data science, artificial intelligence […]
Read moreIn 2012, we talked about the APT. In 2013, we talked about BYOD and Consumerized IT. In 2014, it was #failAMA. In 2015, Ben Sapiro FAILED to submit an abstract. In 2016, James was VOLUNTOLD to do the thing. It’s 2017, and the voluntoldee said yes again. This is the time when we talk about […]
Read moreShopify has leveraged Kubernetes through Google Container Engine (GKE) to build its new cloud platform. This PaaS is currently serving the majority of the company’s internal tools as well as business-critical production workloads. Moving to Kubernetes and a public cloud is no easy task, especially for a security team. Unfortunately for us, a hosted solution […]
Read moreIn this talk, we discuss a possible new technique where hackers could abuse smart contracts that are deployed on the blockchain as means of command and control (C2) for botnets. We call this novel technique ‘botract’; derived by merging two words: ‘bot’ and ‘contract’. In this talk, we describe how hackers can exploit smart contracts […]
Read moreAutomotive diagnostics provide access for manufacturing, service, and forensics of automotive systems, and are present in nearly every vehicle on the road today. These systems provide a large attack surface, and often contain undocumented features. Unfortunately, information about these systems is proprietary, and tools for interacting with them are expensive. In this talk, we’ll introduce […]
Read moreTrust is an implicit requirement of doing business. At some point, we must trust employees, peers, and technology to a degree. The lack of proper management or understanding of these various trust relationships is a leading cause of security exposure. This talk will cover the analysis and exploitation of the trust relationships between code, platforms, […]
Read morePeople are not computers. This seems like an obvious statement, but many of our security controls treat people as though they are neat streams of code. This can cause problems when it comes to insider threat programs. If we approach insider threat analysis as a black and white then we risk more than wasted time […]
Read moreYou walk into a meeting and the person you are about to talk to informs you that they will be video and audio recording everything. Would that change what you might say or do? What if we told you that your mobile device could be doing that, or worse, to you already? Visit this session […]
Read moreWindows Defender Advanced Threat Protection will soon be available for all Blue Teams to utilize within Windows 10 Enterprise, which includes detection of post breach tools, tactics and techniques commonly used by Red Teams, as well as behavior analytics. Combined with Microsoft Advanced Threat Analytics for user behavior analytics across the Domain, red teamers will […]
Read moreThis is an informative and action-packed session revealing the scary secrets of the current state of IoT device security. It focuses on the various techniques which Gupta and his team used to break into several smart homes (and enterprises) taking advantage of the insecurity in smart devices. Some of the devices he will cover during the talk […]
Read moreControl systems are all around us, working in the background of our lives providing us light, water, heat, transportation, and many good things. These systems are becoming more digital and more connected than ever before, so we must consider control system security just like we do with IT systems. We certainly have seen a jump […]
Read moreIt’s challenging to build out your Incident Detection & Response program when you’re wading in alerts and expected to cover cloud services, contractors, and remote workers, as well as your core infrastructure. In this session, Eric Sun will cover best practices from Rapid7’s Incident Response and Penetration Testing teams, and share the top gaps in […]
Read moreToday, businesses and data security leaders are looking for ways to better anticipate and even predict threats before they happen. Companies have a huge amount of data to process and very little time to do it, and new forms of targeted attacks have evolved. These new threats require new thinking, and that’s where the latest […]
Read moreOn the second Tuesday of every month, Windows administrators stand ready to deploy the swarm of patches issues by Microsoft addressing new vulnerabilities found on mission-critical systems. Although this patch management routing may have system admins feeling overwhelmed, Patch Tuesdays are expected, allowing them to plan accordingly for the maintenance windows. But IT organizations are […]
Read moreCar hacking really came to light in 2015. We saw Jeeps getting attacked over the air, BMWs being remotely unlocked, and attacks on Tesla’s Model S. Yes, today’s cars are computers, and they going to have vulnerabilities. While cars have had in-vehicle networking for the last 25 years, only recently have we seen public attacks […]
Read moreCryptography and social networks are some of the online tools used today to protect the communications of terrorists and to affirm their membership in terrorist organisations. The Internet has become the method of choice for communication. The number of sites calling for a jihad rose from 28 in 1997 to over 5,000 in 2005. The […]
Read moreThe insecure state of SCADA devices is well known and concerning. These connected devices are largely Internet connected. While this is not a new phenomenon, connected devices have continually garnered attention- from attackers and researchers alike. In this talk, Kyle Wilhoit presents the state of SCADA on the Internet, answering the who, what, when, where, […]
Read more
May 2, 2016
There are thousands of possible Windows event IDs, split into 9 categories and 50+ subcategories. The Windows Event Logs provide a historical record of a wide range of actions such as login/logoff, process creation, files/keys modifications, and packet filtering. These logs provide investigators with a wealth of information that can be analyzed in many different […]
Read moreIf you knew how many ways you could obfuscate and deliver payloads with RTF documents, you would have thought it was a file format Microsoft secretively purchased from Adobe. Kidding aside, 2016 has peeked my interest in the RTF specification and you should learn why. This talk walks through research experiences and examples that take […]
Read more