As vehicles around the world become more and more automated, ongoing security threats become an even greater risk. But for the automotive industry, addressing end-to-end security poses significant challenges. Building a car isn’t done in isolation – components, manufacturers and global supply chains must be synchronistic to make the connected vehicle completely secure. In this […]
Read moreDeception techniques for cybersecurity are not new – honeypots have been used for many years. However, new types of deception techniques are being developed to supplement the classic honeypot approach. Deception can be used in several ways and for various end results. In this presentation, we will cover two main areas related to deception-based cybersecurity. […]
Read moreThe Fails just keep on failing. We’re back for the 6th examination of the wide range of failures that our industry is not simply capable of but also EXCELS at. All the blinkie lights and all the shiny things that directly provide for day-to-day Fail. We know that this is sounding repetitive, but that’s kind […]
Read moreThe MITRE ATT&CK framework has emerged as the most complete and detailed body of knowledge of adversary techniques and tools ever compiled. As such, anyone in threat detection and response should be studying it. In this talk we will provide a brief overview of MITRE ATT&CK and how it can be used to help organize and focus […]
Read moreCrusade into the wild world of malicious browser extensions. You will learn how to do keylogging, cookie stealing, credential harvesting and building a C&C server allowing you to execute arbitrary JavaScript remotely of your choosing. We will also be talking about CORS (Cross-Site Resource Sharing) and some interesting quirks with the browser extension environment. If […]
Read moreWith Lambda by Amazon, Cloud function by Google, and Azure functions by Microsoft, we will definitely be seeing more and more organizations leveraging the advantages introduced by serverless computing. But what does serverless computing entail when it comes to security? With no dedicated server, is the risk higher or lower? Maybe it’s just different. Can […]
Read moreFor a long time now, it has been widely known that a proactive cybersecurity plan is not good enough, you must have a reactive plan as well. It is not good enough to simply mitigate a cyber breach, you need to be ready to react to one as well. However, in the very near future […]
Read moreHow can a good offense be a great defense? The concept of Hack-Back is extremely controversial and at first glance seems unsuited to the corporate world. However, in this session we will look at strategies and technologies you can use to actively defend your organization. Learn how create an active defense by using the attacker’s […]
Read moreHardware wallets, as well as other kinds of secure devices, must be designed to stay secure even when they are running in a hostile environment, including when they are in full control of an attacker. In order to ensure they stay secure in such conditions, physical attack resistant hardware is required but not sufficient for […]
Read moreHow would you hack a bank? In this talk, we discuss how to improve the protection our nation’s critical private-sector cyber infrastructure, using financial services institutions as a case study, and highlight potential exploit chains and vulnerabilities in people, process, and technology. We begin with a thought experiment: if cyberwar were to break out tomorrow, […]
Read moreThe endpoint protection space is a hot market right now. With statistics showing malware creation ranging from 300,000 to 1 million pieces a day, traditional signatures just can’t keep up. Ask any vendor about their solution and you get inundated with the marketing hype, machine learning, artificial intelligence, math models, and lions, tigers and bears! […]
Read moreMost forms of WPA2-EAP have been broken for nearly a decade. EAP-TTLS and EAP-PEAP have long been susceptible to evil twin attacks, yet most enterprise organizations still rely on these technologies to secure their wireless infrastructure. The reason for this is that the secure alternative, EAP-TLS, is notoriously arduous to implement. To compensate for the […]
Read moreDefending an ICS (Industrial Control System) requires additional considerations beyond the approach of traditional IT Security. For example, ICS incident responders are tasked with extracting forensic data for threat analysis and implementing indicators of compromise for threat mitigation as quickly as possible. All of this is expected while continuing to maintain the physical safety and […]
Read moreThe Mirai botnet has brought public awareness to the danger of poorly secured embedded devices. Its ability to propagate is fast and reliable. Its impact can be devastating and variants of it will be around for a long time. You need to identify it, stop it, and prevent its spread. I had the opportunity to […]
Read moreYour company has been hit by ransomware. What do you do? Well, if you are a regular security system administrator, your next steps are restoring from backups (you have backups, right?), deploying behavior-based IDS/IPS or updated antivirus, and waiting for the next attack. But you’re not a regular security admin, are you? You’re a security […]
Read moreWhile IT departments constantly battle against a tsunami of ever-increasing volumes of annual vulnerability disclosures, lack of visibility into the attacker’s perspective means that they retain an advantage, and still continue to breach organizations, causing massive damages to business. In this presentation, we will discuss a year-long study of vulnerability attributes, exploits and attack trends […]
Read moreDespite all of the advances in technology, we still aren’t doing a good enough job in basic house-keeping, The result is avoidable breaches and network compromises, we read about them daily. Leveraging best practices but not actually implementing formal processes and solutions isn’t cutting it any longer, as more and more companies who think they […]
Read moreEverybody knows about Apple iCloud backups: how to disable this feature, or (if you are on the other side) how to download the data. However, iCloud is not just about backups. There is quite a lot of data that is also being *synced* across all the devices, and as such stored in the iCloud. This […]
Read moreIt seems that every day another company is breached, and a new standard or framework is proposed to help us handle this cybersecurity crisis. What most companies realize, although the regulators don’t seem to, is that we’re already overwhelmed performing our day-to-day tasks; adding these additional compliance activities onto our workload simply doesn’t work, at least […]
Read moreOne of the most challenging threats to mitigate is the “trusted employee”. They have a position on the inside of your network, they have ownership of a trusted computer and they have basic knowledge of the information assets available. This presentation uses data from our penetration testing team to describe the specific techniques any employee […]
Read morePowerMemory is a PowerShell post-exploitation tool. It uses Microsoft binaries and as such is able to execute on a machine, even after the Device Guard Policies have been set. In the same way, it will bypass antivirus detection. PowerMemory can retrieve credentials information and manipulate memory. It can execute shellcode and modify process in memory (in userland […]
Read moreThe landscape of open source malware analysis tools improves everyday. A malware analysis lab can be thought of as a set of entry points into a tool chain. The main entry points are a file, a URL, a network traffic capture, and a memory image. This talk is an examination of the major open source […]
Read morePurple Teaming is conducting focused Red Teams with clear training objectives for the Blue Team for the ultimate goal of improving the organization’s overall security posture. The popular opinion is that Purple Teaming requires a big undertaking. This is not true and we will show practical exercises for Purple Teaming for varying levels of organizational […]
Read moreModern threats necessitate active hunting for malware and attackers throughout an organization’s environment. Unfortunately, traditional approaches to detection of this malicious activity are now inadequate as advanced malware and skilled attackers easily mislead them. During this presentation attendees will learn how malware and attackers evade these traditional methods as well as how memory and network […]
Read moreMachine learning is the latest trend in malware classification. It’s easy enough that everyone can now spin up a malware crawler, extract some features from the files, build some machine learning models, and publish their research in a reputable journal. However, many of these models have issues with overfitting – they have significant accuracy reductions […]
Read moreStatic code analysis tools that attempt determine what code does without actually running the code provide an excellent opportunity to perform lightweight security checks as part of the software development lifecycle. Unfortunately, building generic static analysis tools, especially for security, is a costly, time-consuming effort. As a result, very few tools exist and commercial tools […]
Read moreWith the astonishing rate of new and modified malware samples being released daily, automation of analysis is needed to classify and cluster together similar samples, exclude basic and uninteresting variations, and focus costly manual analysis work on novel and interesting features (e.g., added or remove pieces of code with a given semantic). We will discuss […]
Read more