Malware that is capable of monitoring hardware devices poses a significant threat to the privacy and security of users and organizations. Common capabilities of such malware include keystroke logging, clipboard monitoring, sampling of microphone audio, and recording of web camera footage. All modern operating systems implement APIs that provide hardware access to processes and all […]
Read moreIn 2022, most of us have bought goods and services online or using mobile apps, for convenience, for safety (e.g., pandemic) or as a matter of personal preference. As mobile payments and integrations with third-party payment processors become more and more prevalent, common AppSec mistakes from the past reappear under new forms. Merchants who overlook […]
Read moreCompliance with industry standards as well as various government regulations also requires a robust servicing and patching strategy. Beyond compliance, you must understand the risk to your resources from poor servicing. To help with this effort, standards exist to help assess risk. However, vendors can manipulate these standards, which can lead to errors when enterprises […]
Read moreVulnerability and Risk management has been a thorn in the side of many organizations and has been exacerbated in recent years. Patch management, vulnerability management technologies, and risk management strategies have all left many organizations confused and worse exposed. The problem with vulnerability management today, stems from a number of recent trends in the evolution […]
Read moreWhen we talk about “abuse”, we use the term as shorthand for the much more encompassing “Abuse, Misuse, Malice and Crime” (with credit to Trey Ford). Within this definition we find that there are three subcategories of activities; Monetisation, Weaponization, and Misinformation campaigns. And although not perfect, it certainly starts to feel like we have […]
Read moreAmazon Web Services (AWS) is a complex ecosystem with hundreds of different services. In the case of a security breach or compromised credentials, attackers look for ways to abuse the customer’s configuration of services with their compromised credentials, as the credentials are often granted more IAM permissions than is usually needed. Most research to date […]
Read moreMore organizations are applying a DevOps methodology to optimize software development. One of the main tools used in this process is a continuous integration (CI) tool that automates code changes from multiple developers working on the same project. In 2019, GitHub released its own CI tool called GitHub Actions. According to GitHub, GitHub Actions help […]
Read moreSecurity researchers love talking about critical infrastructure. Power grids and pipelines! Transportation systems and communication networks! IoT and ICS! Medical devices and smart cities! Why aren’t people talking about food production? You all like to eat, right? Agriculture 4.0 is a few years old at this point. Smart farms and precision agriculture are becoming much […]
Read morePersistence is one of the main aspects that hackers pay special attention to during the malware development and during the attack phase. The goal is very simple: to be as stealth as possible. Usually, attackers aim to maintain the presence in the target’s network by installing malware on various workstations and servers. However, the main […]
Read moreBrand impersonation is a key attack strategy in which a malicious user crafts content to look like a known brand to deceive a user into entering sensitive information, such as account passwords or credit card details. To address this issue, we developed and trained a Siamese Neural Network on labeled images to detect brand impersonation. […]
Read moreState, local, and federal government agencies have been dealing with benefit program fraud for as long as the programs have existed. But as these programs have moved online, fraudsters have increasingly become more sophisticated cybercriminals and employed cyber threat tactics to commit their crimes…but they have also begun leaving digital fingerprints. Join this session to […]
Read moreDigital business transformation and the shift to a distributed workforce are driving networking and security to the cloud. The Secure Access Service Edge (SASE) model consolidates networking and security functions – traditionally delivered in siloed point solutions – into a single integrated cloud-delivered service. Join this session to hear pitfalls to avoid when starting the […]
Read moreBiohackers exist and walk among us. Most security professionals would not allow users into their environment with offensive security tools. How do you address individuals who have surgically implanted such devices into their bodies? I have multiple sub-dermal implants that range from NFC, HID/Prox and RFiD devices. This allows me to become the attack vector. […]
Read moreAutomated manufacturing systems (particularly within the paradigm of so-called Industry 4.0) are complex and critical cyber-physical systems. They use robots (highly sophisticated systems themselves, with multiple complex embedded controllers), several types of industrial controllers, and are often interconnected with other computers in the factory network, safety systems, and to the Internet for remote monitoring and […]
Read moreThis talk highlights the security challenges of securing the clinical and IT infrastructure of healthcare delivery organizations. We’ll dive into two examples of FDA approved devices that connect to clinical equipment common in hospitals today and walk the audience through the development of full device compromise and the discovery of multiple CVEs.
Read moreCybercrime is a very lucrative business not just because of the potential financial return, but because it is quite easy to get away with it. Sometimes hackers get caught, but most of the time they still run free. When it comes to the operating system and after-attack traces, it is not that bad as all […]
Read moreLessons learned over the course of a protracted global emergency that has fundamentally altered society and how we do business are not being well learned and are not yet reflected in how we manage and assess our work. Time to talk through the 9th round of fails with our panel of distinguished guest speakers!
Read moreMany studies have discussed the implications of using a training process to develop artificial intelligence: the significant computing capabilities required, the energy wasted, the high cost, the time required for training, the size of the dataset needed. However, the fact that automated driving is considered safer than manual driving proves that the training process is […]
Read moreIn an “open skies” era in which drones fly among us, a new question arises: how can we tell whether a passing drone is being used by its operator for a legitimate purpose (e.g., delivering pizza) or an illegitimate purpose (e.g., peeking at a person showering in his/her own house)? In this talk, I present […]
Read moreThe PowerShell bubble has burst. With offensive use going down and detections and defences rising, the need for an alternative means to operate offensively against Windows environments is well underway and a big part of that is due to C# and .NET. In this presentation, Lee will take the audience through the rise of weaponized […]
Read moreThe Zero Trust security model assumes a hostile network with relentless external and internal threats. Authenticating and authorizing every device, user and network flow requires real-time algorithmic processing of telemetry from as many sources of data as possible. Applying mature machine learning data science to the Zero Trust problem provides a wholistic solution to multiple […]
Read moreIn order to save the security industry, someone had to quit or be fired. Is this the ultimate fail or the only way to beat Thanos? This year’s panel includes all the best viewpoints: a vendor, an academic, a startup, and a quitter. Half the panel does more operations work than security work and has […]
Read moreWhen performing Incident Response in a platform where infrastructure and data is just as quickly destroyed as it is created, speed and efficacy are paramount. While AWS provides a wide gamut of tools and capabilities to effectively harness the cloud, it’s often a daunting task to understand which tools to use for what, when, and […]
Read moreIn 2013, a public report revealed a group of actors conducted targeted attacks leveraging a malware dubbed ICEFOG against mainly government organizations and the defense industry of South Korea and Japan. Little has been published about the activities of ICEFOG malware since the report was released more than six years ago. However, despite a pause […]
Read moreIt is no surprise that many organizations are undergoing a digital transformation in response to a rapidly evolving security landscape. The migration to cloud, the rise in a mobile workforce, rapid proliferation of data and increasing need to collaborate across cloud applications present an added layer of complexity for organizations building out a security strategy. […]
Read moreHave you ever wondered how security is different ‘in the cloud’? What does “Cloud Native” even mean? What is “Zero Trust”? Serverless? Just in Time (access management)? And how do we secure these things? This talk is a whirlwind intro to securing cloud computing with audience participation (open discussion) and demonstrations of various new cloud […]
Read moreFuzzing is an automated testing technique to find vulnerabilities that can be abused in cyber-attacks in software and/or hardware. In this talk we will delve into how fuzzing is used in both offensive and defensive operations. We will demonstrate how the best security researchers in the world use fuzzing to find 0-days (previously unknown vulnerabilities), […]
Read moreThis talk will show the results of an internet-scale analysis of the security of AWS Cognito configurations. During this research it was possible to identify 2500 identity pools, which were used to gain access to more than 13000 S3 buckets (which are not publicly exposed), 1200 DynamoDB tables and 1500 Lambda functions. The talk starts […]
Read moreThis quick-moving talk will cover techniques for reducing the range of combinations or keys you need to attack to successfully open a lock. There will be some math…but I’m not particularly good at math so it definitely won’t get complicated. We will cover a number of fun topics like decoding combination locks, figuring out how […]
Read moreWe are seeing a new approach to security that is rippling across network defenders, products, and attackers alike. The approach is based on the idea that you can improve security on data by harnessing data to improve security. This requires transitioning from appliances that shrink data volumes to cloud approaches that capture more data than […]
Read moreAutomated Twitter accounts have been making headlines for their ability to spread spam and malware as well as significantly influence online discussion and sentiment. In this talk, we explore the economy around Twitter bots, as well as demonstrate how attendees can track down bots through a three-step methodology: building a dataset, identifying common attributes of […]
Read moreThe International Federation of Robotics estimate that 2.6 million industrial robots will be installed in factories worldwide by 2019. Robots are not only in industrial environments, they also exist in homes and around us as toys, companions, assistants and serve various roles in our daily lives. In this session we will talk about our journey […]
Read moreSmart things are a big trend nowadays. In more than 47 million households, Alexa is always listening and sometimes recording. What exactly does Alexa know about its master? What information does it collect, where is it stored, and what Amazon does to all that data aside of the “learning and quality assurance” routine? In this […]
Read moreAs we’ve talked with more and more of our clients about their digital transformations, it has become clear that security is a key facilitator for successful transformation. For example, if an organization churns out a series of new cloud-hosted mobile applications that permit users to more effectively interact with the company, the initiative can backfire […]
Read moreMemory-based, fileless, or living-off-the-land attacks were one of the most prevalent types of attacks in 2017 and are only growing. But how do they happen and why are they on the rise? The short answer is that they work because they are less detectable by traditional and many next gen antivirus solutions. For example, Word […]
Read moreWe see “threat feeds” discussed online quite often, but what are these really and how do we employ them? When these “threat feeds” are lists of IP addresses, domains, and file hashes, how do we then make use of these within our own infrastructure or organization? It turns out that if you’re a security analyst as […]
Read moreCyber attacks continue to increase in severity and sophistication. A new era of attacks have become more ubiquitous and dangerous in nature. Malware has become much better at hiding its presence on the host machine. However, one place it cannot hide for long is in the volatile memory of the computer system. The purpose of this […]
Read moreCalled “Bluetooth’s Stagefright moment,” the Blueborne attack vector identified in September exposed 5B+ devices to hacking. It impacted major mobile, desktop, and IoT operating systems, including Android, Windows, Linux, and iOS. Blueborne attacks devices via Bluetooth in a manner never seen before, and spreads through the air (airborne). Users do not need to be on […]
Read moreIndustrial robots are complex cyber-physical systems used for manufacturing, and are a critical component of any modern factory. These robots aren’t just electromechanical devices but include complex embedded controllers, which are often interconnected with other computers in the factory network, safety systems, and to the Internet for remote monitoring and maintenance. In this scenario, industrial […]
Read moreQuantum computers will break currently deployed public-key cryptography (RSA, ECC, Diffie-Hellman, etc.) which is one of the pillars of modern-day cybersecurity. Thus, we need to migrate our systems and practices to ones that cannot be broken by quantum computers before large-scale quantum computers are built. Impressive progress in developing the building blocks of a fault-tolerant […]
Read moreThreat actors need to constantly evolve their techniques to remain undetectable or their campaigns, once exposed, will cease operation. This briefing will take an in-depth, entertaining look at the ever evolving campaign that was thought to have been nearly eradicated. This campaign and the actors behind it have not only continued to operate behind the […]
Read moreBeing one of the most isolated and secretive nations on the earth, from the Sony Picture breach to the WannaCry attack, cyber-attacks from the Democratic People’s Republic of Korea (DPRK) seem to be more and more aggressive than before. Based on our observations, the North Korea cyber army has expanded their campaign to target not […]
Read moreIt’s a universal truth acknowledged that IT and security teams have too much to do, and never enough resources to do it. Traditionally, there are tactical tasks that security organizations own, but invest far too many resources in: alert triage, managing vulnerabilities, and more. These tasks lead to alert fatigue, but worse, they suck up […]
Read moreUnderstanding the mechanics of malware attacks is critical for remediation and for preventing similar attempts in the future. Malware analysis can provide valuable insights into the adversaries goals, especially when they are targeted. While cloud based malware analysis tools exist, they are largely inflexible. An in-house lab environment can offer more customization, automation and enhanced […]
Read moreModern software-as-a-service (SaaS) companies have a large footprint and a lot of automation which enables them to build their service quickly. Since several devops and cloud tools and processes are new, many companies don’t understand the risks and don’t plan with security in mind. Even some practiced network pentesters don’t always know the best way to find vulnerabilities […]
Read moreMoving from on-premises deployments to the cloud can offer incredible benefits to many organizations, including a plethora of capabilities to build, scale, modify, monitor, and tear down infrastructure with never before seen speed and agility. But, how do you monitor for, and respond to, attackers that leverage those same capabilities against you? In this session, […]
Read moreThis talk will take an in-depth look at the certificate authorities (CAs) found on mobile devices today. The CAs included in our mobile devices make up the roots of trust that our secure network transactions rely on to validate that the servers we are talking to are who they say they are. Focusing specifically on […]
Read moreThe solution workflow of today’s Security Operations Center (SOC) can be described as a “Security Frankenstein”—where each “limb” is a disparate solution that has been cobbled together in hopes of “orchestrating” the steps in the security kill chain. The result is an ineffective, costly, and cumbersome approach to the security workflow that increases risk and […]
Read moreProtecting yourself from a cyberattack is no longer about technology. While technology is inherently important to any cybersecurity solution, it’s only one piece of the puzzle. And more often than not, the other two pieces are overlooked: people and process. Before adopting the next security technology trend, it’s important to understand what you’re trying to […]
Read morePermeating the entire spectrum of computing devices, malware can be found anywhere code is executed. Embedded devices, of which many are a part of the Internet of Things (IoT), are no exception. With their proliferation, a new strain of malware and tactics have emerged. This presentation will discuss our lessons learned from reverse-engineering and hunting […]
Read more