In this principal research, we investigate the possibilities blockchain technologies pose as an infrastructure for malicious operations. We will demonstrate a POC of a fully functional C&C infrastructure on top of the Ethereum network – the second largest public blockchain which also acts as a distributed computing platform featuring a smart contract functionality. As Blockchain technologies gain more traction in recent […]
Memory-based, fileless, or living-off-the-land attacks were one of the most prevalent types of attacks in 2017 and are only growing. But how do they happen and why are they on the rise? The short answer is that they work because they are less detectable by traditional and many next gen antivirus solutions. For example, Word […]
During this presentation I will demonstrate how convolutional neural network (CNN) models used for image recognition can also be used to classify malicious websites. I will go over how a CNN trained on images of botnet C2 panels and phishing websites can accurately predict and label, if a given image of a malicious website is […]
A lot is expected of software developers these days; they are expected to be experts in everything despite very little training. Throw in the IT security team (often with little-to-no knowledge of how to build software) telling developers what to do and how to do it, and the situation becomes strained. This silo-filled, tension-laced situation, coupled with short deadlines and […]
Identity innovations like zero-trust networks, zero login, and one identity initiatives are transforming today’s most successful organizations from within. Trust boundaries are changing. Find out the technical details behind these innovations and take home a game plan to start transforming your organization today, this week, and in the long run.
Hardware wallets, as well as other kinds of secure devices, must be designed to stay secure even when they are running in a hostile environment, including when they are in full control of an attacker. In order to ensure they stay secure in such conditions, physical attack resistant hardware is required but not sufficient for […]
Taking advantage of user provided intelligence improves your organization’s ability to recognize, report and respond to active phishing threats and keeps you ‘Left of Breach’ on the cyber kill chain. Through development of anti-phishing program best practices, the use of active threat intelligence and trend analysis, this presentation will show you how to improve your […]
Malware is everywhere. Every organization has been infected by malware to some extent. Yet, most don’t have the expertise on staff to know if they are being targeted or if they are hit with mass-spreading malware. Knowing the difference is vital for a proper response plan. This is where Malboxes comes in. It is a […]
Elytron is a set of Java APIs and SPIs for application server security. Although it was developed to unify security across the WildFly application server, Elytron is an open-source, standalone library that can theoretically be used in other Java server environments. Within WildFly, Elytron has replaced the combination of PicketBox and the Java Authentication and […]
In recent years, we have delivered many talks detailing threat actors, their operations, and their tools. How did we conduct such research and gather such intel? In this talk, we share 25 techniques for gathering threat intel and tracking actors (for example: crimeware (undisclosed) vulnerabilities, C&C misconfig, and underground marketplaces). We explain our use of […]
We see “threat feeds” discussed online quite often, but what are these really and how do we employ them? When these “threat feeds” are lists of IP addresses, domains, and file hashes, how do we then make use of these within our own infrastructure or organization? It turns out that if you’re a security analyst as […]
Cloud is a new frontier that requires new architectures, higher velocity processes and crisper business-level metrics—none which are really strengths of security programs and practitioners. Given that everything cloud is automated and API-enabled, security teams now have a big opportunity to build and embed security into the cloud technology stack. From continuous guardrails to automated workflows and […]
The aggregation, normalization, enrichment, and contextualization of threat data and intelligence en masse necessitates a robust mix of innovation, automation, and flexibility. The Threat Analyst Workbench should provide mechanisms for extracting data from internal and external sources and building catalogues of intelligence. It should facilitate the analyst to characterize threats, identify outcomes, develop courses of […]
AI and machine learning are increasingly popular buzzwords cybersecurity, but not all AI techniques deliver the same value for every use case. Security professionals need to understand the different applications of AI and machine learning and how they can best be applied to address an organization’s specific needs. The potential of data science, artificial intelligence […]
Cyber attacks continue to increase in severity and sophistication. A new era of attacks have become more ubiquitous and dangerous in nature. Malware has become much better at hiding its presence on the host machine. However, one place it cannot hide for long is in the volatile memory of the computer system. The purpose of this […]
A security researcher for over a decade, Omer is currently exploring the opportunities emerging technologies such as blockchain and AI might create for the bad guys to improve their infrastructure and how to mitigate them. Omer has been conducting multidisciplinary research on malware behavior and detection methods, including on his last position as Head of Research for "TopSpin Security", where he investigated malware C&C infrastructure and protocols to create a behavior based detection engine that correlates over a time series network and reputation data along with a deception overlay. He authored 'Deceive and [...]
Josh Fu is a Minneapolis-based Principal Security Engineer at Cylance, an artificial intelligence company focused on cybersecurity. He has experience in cloud infrastructure and in cybersecurity. Josh founded the west coast chapter of the International Consortium of Cybersecurity Professionals while he was living in San Francisco. He has presented in front of industry audiences across the country and for groups such as ISACA, ISC2, MGTA, SANS, and RSA. Josh is also a published author in Information Security magazine. You can connect with him on Twitter @jfusecurity.
Akbar Qureshi has over 15 years of information security experience with a background in ICS/SCADA security, Threat Intelligence, Cyber Network Defense and Exploit Research. He has turned in security flaws to various bug bounty programs as well to private organizations. His current research focuses on innovative ways of using artificial intelligence and data mining technologies to proactively hunt down cyber threats. He also has extensive experience in cyber offense and defense attack vectors.
Tanya Janca is a senior cloud advocate for Microsoft, specializing in application security; evangelizing software security and advocating for developers through public speaking, her open source project OWASP DevSlop, and various forms of teaching via workshops, blogs and community events. As an ethical hacker, OWASP Project and Chapter Leader, software developer, effective altruist and professional computer geek of 20+ years, she is a person who is truly fascinated by the ‘science’ of computer science.
Sarah Squire is a Senior Technical Architect at Ping Identity. She is a co-author of NIST Special Publication 800-63C Digital Identity Guidelines, which outlines federated authentication standards for all US federal agencies. She co-founded and serves as Vice President of IDPro - a nonprofit professional organization for identity practitioners. She serves on the Board of Directors for the OpenID Foundation. She has been named one of the top 100 influencers in identity. Sarah holds a Bachelor of Science in Physics and a Master of Science in Information Management from the [...]
Sergei Volokitin is a Security Analyst at Riscure in the Netherlands. His work is mostly focused on security evaluation of embedded systems and security testing of smart card platforms and TEE based solutions. He has several publications on Java Card platform attacks and conference presentations on hardware security.
John “Lex” Robinson has over 25 years’ experience in information technology with a strong focus on strategic planning and program delivery. In addition, he has consulted and managed product and service delivery teams for both small businesses and global Fortune 20 organizations in fields ranging from Security Awareness and Risk Management (Disaster and Business Continuity) to Infrastructure Development and Service Delivery Process Improvements. At Cofense, Lex interfaces with multiple Cofense teams, as well as Clients and is responsible for creating and implementing a cohesive strategy and tactics for successful implementation [...]
Cybersecurity Research, GoSecure
Olivier Bilodeau currently leads the Cybersecurity Research team at GoSecure. With more than 10 years of infosec experience, Olivier has managed large networks and server farms, wrote open source network access control software and recently worked as a Malware Researcher. A passionate communicator, he has spoken at several conferences such as Defcon, Botconf, SecTor, and Derbycon. Invested in his community, Olivier co-organizes MontréHack—a monthly workshop focused on applied information security through capture-the-flag challenges. He is also in charge of NorthSec’s training sessions and is hosting NorthSec’s Hacker Jeopardy. His primary research interests include reverse-engineering tools, [...]
Farah Juma is a Senior Software Engineer at Red Hat working on the WildFly project. She has been focusing on application server security for the past few years.
Senior Threat Researcher, Proofpoint
Sun Huang is a Senior Threat Researcher at Proofpoint. He has more than nine years of experience in information security. Sun has discovered many Web application 0days, including those of CMS and C2 Panel. Sun has participated in many security contests and was one of the top 10 researchers in Paypal's 2013 Bug Bounty Wall of Fame. He placed third at the AT&T bug reporter in 2013. Sun currently holds CCNA, ECSS, CEH, and PMP certifications. Sun has presented at RSA '15 '16, SteelCon '16, Troopers '16, AusCERT '16, Black [...]
VP Engineering, Proofpoint
Wayne Huang was Founder and CEO of Armorize Technologies and is now VP Engineering at Proofpoint. Huang is a frequent speaker at security conferences, including Black Hat '17 '10, DEF CON '10, RSA '07 '10 '15 '16, SteelCon '16, Troopers '16, AusCERT '16, SyScan '08, '09, OWASP '08, '09, Hacks in Taiwan '06 '07, WWW '03 '04, PHP '07 and DSN '04. Interested in security since 7th grade, he has led teams to develop security products ranging from source code analysis, web application firewall, vulnerability assessment, exploit & malware detection, [...]
Chris Brewer has more than 16 years’ professional IT experience, including five years dedicated to information security. He has investigated many data breaches involving state-sponsored attacks and zero-day exploits. Chris has also worked as a systems administrator for Linux, Unix, and Windows systems, and as a security analyst.
Harlan Carvey has over 2 decades of cyber security experience, with a focus on digital forensic analysis, incident response, and targeted threat hunting and response. Harlan is an accomplished public speaker, has written several open source tools, and is a prolific published author.
Bruce Potter is Expel’s (expel.io) chief information security officer (CISO). He’s responsible for cyber risk management and ensuring the secure operations of Expel’s services. He also remains perpetually frustrated that employees pronounce CISO not-the-way-he-wants. Previously, Bruce co-founded Ponte Technologies, a cybersecurity research and engineering company that worked with organizations ranging from hedge funds to intelligence agencies. Bruce sold Ponte Technologies to the KeyW Corporation where he served as CTO for two years. In another life, Bruce founded the Shmoo Group and helps run the yearly hacker conference, ShmooCon (shmoocon.org), in [...]
Mike Rothman is a 25-year security veteran. He specializes in the sexy aspects of security, like protecting networks and endpoints, security management, compliance, and helping clients navigate a secure evolution to the cloud. He’s a busy guy, serving both as President of DisruptOPS, as well as Analyst & President of Securosis. This is a good thing since Mike gets into trouble when he’s not busy enough.
Sean Tierney is the Director of Cyber Intelligence for Infoblox. In his role, Sean leads the efforts to develop and refine threat data; delivered to customers as machine readable, actionable intelligence. Before joining Infoblox, Sean served as the VP of Threat Intelligence at IID (acquired by Infoblox in 2016), was the Global Head of Computer Emergency Response at Morgan Stanley and served as the Director of Cyber Intelligence for UBS and JPMorgan Chase.
Stephan Jou is the chief technology officer at Interset, an In-Q-Tel-backed security analytics company. He leads the development of advanced analytics and mathematical modeling for unsupervised machine learning to detect how corporate intellectual property is being attacked, moved, shared, and utilized. Prior to Interset, Jou served as a technical architect at IBM’s Business Analytics Office of the CTO—a role in which he architected the development of more than ten Cognos and IBM products in the areas of cloud-computing, mobile, visualization, semantic search, data-mining, and neural networks. Stephan has also published [...]
Asst. Prof. of Computer Science, USAF Academy
Solomon Sonya (@Carpenter1010) is an Assistant Professor of Computer Science at the United States Air Force Academy. He has a background in software development, malware analysis, covert channels, steganography, distributed computing, computer hacking, information protection paradigms, and cyber warfare. He received his Undergraduate Degree in Computer Science and has Master’s degrees in Computer Science and Information System Engineering. Solomon’s current research includes computer system exploitation, cyber threat intelligence, digital forensics, and data protection. Previous conferences Solomon has spoken at include: SecTor Canada, Hack in Paris, France, HackCon Norway, BlackHat USA, [...]