Conquering Complexity: Addressing Security Challenges of the Connected Vehicle

As vehicles around the world become more and more automated, ongoing security threats become an even greater risk. But for the automotive industry, addressing end-to-end security poses significant challenges. Building a car isn’t done in isolation – components, manufacturers and global supply chains must be synchronistic to make the connected vehicle completely secure. In this […]

Read more

Twisted Haystack: Protecting Industrial Systems with Dynamic Deception

Deception techniques for cybersecurity are not new – honeypots have been used for many years. However, new types of deception techniques are being developed to supplement the classic honeypot approach. Deception can be used in several ways and for various end results. In this presentation, we will cover two main areas related to deception-based cybersecurity. […]

Read more

Fail Panel: Revenge of the Sixth

The Fails just keep on failing. We’re back for the 6th examination of the wide range of failures that our industry is not simply capable of but also EXCELS at. All the blinkie lights and all the shiny things that directly provide for day-to-day Fail. We know that this is sounding repetitive, but that’s kind […]

Read more

ATT&CKing the Command Line and Hunting for More

The MITRE ATT&CK framework has emerged as the most complete and detailed body of knowledge of adversary techniques and tools ever compiled. As such, anyone in threat detection and response should be studying it. In this talk we will provide a brief overview of MITRE ATT&CK and how it can be used to help organize and focus […]

Read more

The Chrome Crusader

Crusade into the wild world of malicious browser extensions. You will learn how to do keylogging, cookie stealing, credential harvesting and building a C&C server allowing you to execute arbitrary JavaScript remotely of your choosing. We will also be talking about CORS (Cross-Site Resource Sharing) and some interesting quirks with the browser extension environment. If […]

Read more

Serverless Infections – Malware Just Found a New Home

With Lambda by Amazon, Cloud function by Google, and Azure functions by Microsoft, we will definitely be seeing more and more organizations leveraging the advantages introduced by serverless computing. But what does serverless computing entail when it comes to security? With no dedicated server, is the risk higher or lower? Maybe it’s just different. Can […]

Read more

Breach Readiness, Mandatory Reporting and You!

For a long time now, it has been widely known that a proactive cybersecurity plan is not good enough, you must have a reactive plan as well. It is not good enough to simply mitigate a cyber breach, you need to be ready to react to one as well. However, in the very near future […]

Read more

Everything or Nothing: Active Defense in the Corporate World?

How can a good offense be a great defense? The concept of Hack-Back is extremely controversial and at first glance seems unsuited to the corporate world. However, in this session we will look at strategies and technologies you can use to actively defend your organization. Learn how create an active defense by using the attacker’s […]

Read more

Exploiting Hardware Wallet’s Secure Element

Hardware wallets, as well as other kinds of secure devices, must be designed to stay secure even when they are running in a hostile environment, including when they are in full control of an attacker. In order to ensure they stay secure in such conditions, physical attack resistant hardware is required but not sufficient for […]

Read more

The Cyberwar Playbook: Financial Services as Critical Infrastructure

How would you hack a bank? In this talk, we discuss how to improve the protection our nation’s critical private-sector cyber infrastructure, using financial services institutions as a case study, and highlight potential exploit chains and vulnerabilities in people, process, and technology. We begin with a thought experiment: if cyberwar were to break out tomorrow, […]

Read more

Lies and Damn Lies: Getting Past the Hype Of Endpoint Security Solutions

The endpoint protection space is a hot market right now. With statistics showing malware creation ranging from 300,000 to 1 million pieces a day, traditional signatures just can’t keep up. Ask any vendor about their solution and you get inundated with the marketing hype, machine learning, artificial intelligence, math models, and lions, tigers and bears! […]

Read more

The Black Art of Wireless Post-Exploitation

Most forms of WPA2-EAP have been broken for nearly a decade. EAP-TTLS and EAP-PEAP have long been susceptible to evil twin attacks, yet most enterprise organizations still rely on these technologies to secure their wireless infrastructure. The reason for this is that the secure alternative, EAP-TLS, is notoriously arduous to implement. To compensate for the […]

Read more

Improving Incident Response for ICS

Defending an ICS (Industrial Control System) requires additional considerations beyond the approach of traditional IT Security. For example, ICS incident responders are tasked with extracting forensic data for threat analysis and implementing indicators of compromise for threat mitigation as quickly as possible. All of this is expected while continuing to maintain the physical safety and […]

Read more

Disrupting the Mirai Botnet

The Mirai botnet has brought public awareness to the danger of poorly secured embedded devices. Its ability to propagate is fast and reliable. Its impact can be devastating and variants of it will be around for a long time. You need to identify it, stop it, and prevent its spread. I had the opportunity to […]

Read more

Rootkits vs Ransomware 2.0. Using evil to fight for good

Your company has been hit by ransomware. What do you do? Well, if you are a regular security system administrator, your next steps are restoring from backups (you have backups, right?), deploying behavior-based IDS/IPS or updated antivirus, and waiting for the next attack. But you’re not a regular security admin, are you? You’re a security […]

Read more

Prioritizing Vulnerability Remediation From an Attacker’s Perspective

While IT departments constantly battle against a tsunami of ever-increasing volumes of annual vulnerability disclosures, lack of visibility into the attacker’s perspective means that they retain an advantage, and still continue to breach organizations, causing massive damages to business. In this presentation, we will discuss a year-long study of vulnerability attributes, exploits and attack trends […]

Read more

Take Best Practices to the Next Level

Despite all of the advances in technology, we still aren’t doing a good enough job in basic house-keeping, The result is avoidable breaches and network compromises, we read about them daily. Leveraging best practices but not actually implementing formal processes and solutions isn’t cutting it any longer, as more and more companies who think they […]

Read more

When Two-Factor Authentication is a Foe: Breaking the iCloud Keychain

Everybody knows about Apple iCloud backups: how to disable this feature, or (if you are on the other side) how to download the data. However, iCloud is not just about backups. There is quite a lot of data that is also being *synced* across all the devices, and as such stored in the iCloud. This […]

Read more

An Effective Approach to Automating Compliance Activities

It seems that every day another company is breached, and a new standard or framework is proposed to help us handle this cybersecurity crisis. What most companies realize, although the regulators don’t seem to, is that we’re already overwhelmed performing our day-to-day tasks; adding these additional compliance activities onto our workload simply doesn’t work, at least […]

Read more

Stopping the Attacker You Know

One of the most challenging threats to mitigate is the “trusted employee”.   They have a position on the inside of your network, they have ownership of a trusted computer and they have basic knowledge of the information assets available. This presentation uses data from our penetration testing team to describe the specific techniques any employee […]

Read more

Hack Microsoft by using Microsoft signed binaries

PowerMemory is a PowerShell post-exploitation tool. It uses Microsoft binaries and as such is able to execute on a machine, even after the Device Guard Policies have been set. In the same way, it will bypass antivirus detection. PowerMemory can retrieve credentials information and manipulate memory. It can execute shellcode and modify process in memory (in userland […]

Read more

Open Source Malware Lab

The landscape of open source malware analysis tools improves everyday. A malware analysis lab can be thought of as a set of entry points into a tool chain. The main entry points are a file, a URL, a network traffic capture, and a memory image. This talk is an examination of the major open source […]

Read more

Purple Teaming the Cyber Kill Chain: Practical Exercises for Management

Purple Teaming is conducting focused Red Teams with clear training objectives for the Blue Team for the ultimate goal of improving the organization’s overall security posture. The popular opinion is that Purple Teaming requires a big undertaking. This is not true and we will show practical exercises for Purple Teaming for varying levels of organizational […]

Read more

Utilizing Memory and Network Forensics for Scalable Threat Detection and Response

Modern threats necessitate active hunting for malware and attackers throughout an organization’s environment.  Unfortunately, traditional approaches to detection of this malicious activity are now inadequate as advanced malware and skilled attackers easily mislead them.  During this presentation attendees will learn how malware and attackers evade these traditional methods as well as how memory and network […]

Read more

How to build a malware classifier [that doesn’t suck on real-world data]

Machine learning is the latest trend in malware classification. It’s easy enough that everyone can now spin up a malware crawler, extract some features from the files, build some machine learning models, and publish their research in a reputable journal. However, many of these models have issues with overfitting – they have significant accuracy reductions […]

Read more

Practical Static Analysis for Continuous Application Security

Static code analysis tools that attempt determine what code does without actually running the code provide an excellent opportunity to perform lightweight security checks as part of the software development lifecycle. Unfortunately, building generic static analysis tools, especially for security, is a costly, time-consuming effort. As a result, very few tools exist and commercial tools […]

Read more

Making sense of a million samples per day: Behavior-based Methods for Automated, Scalable Malware Analysis

With the astonishing rate of new and modified malware samples being released daily, automation of analysis is needed to classify and cluster together similar samples, exclude basic and uninteresting variations, and focus costly manual analysis work on novel and interesting features (e.g., added or remove pieces of code with a given semantic). We will discuss […]

Read more
Subscribe to the Sector Blog
Enter your contact information below to have future blog posts delivered directly to your inbox!
Fields marked with an * are required