1. Black Box to Glass Box Verdicts – Mario Vuksan – BH20 #2
Modern digital objects, made up of layers of structured code and data, are central to the exchange or storage of information and are becoming increasingly complex.
Moreover, because signature, AI and machine learning-based threat classifications from “black box” detection engines come with little to no context, security analysts are left in the dark as to why a verdict was determined, negatively impacting their ability to verify threats, take informed action and extend critical job skills.
They need an approach that leverages threat data from both internal and external sources to systematically analyze each layer of these complex objects, generating transparent “glass box” actionable intelligence and human interpretable data to detect, classify and respond to malware threats.
This segment is sponsored by Reversing Labs.
Visit https://www.reversinglabs.com/ to learn more about them!
Join ReversingLabs at this year's Black Hat 2020 Virtual Business Hall to learn how explainable threat intelligence drives SOCs and Threat Hunters to take action faster and reduce their time to remediate. https://register.reversinglabs.com/black-hat-2020
Mario founded ReversingLabs in 2009 and currently serves as CEO. In this role he drives all aspects of the company’s strategy, operations and implementation. Prior to ReversingLabs Mario has held senior technical positions at Bit9 (now Carbon-Black), Microsoft, Groove Networks, and PictureTel (now Polycom). He is the author of numerous research studies, speaking regularly at FS-ISAC, RSA, Black Hat and other leading security conferences.
2. Navigating a Post-Compromise Reality – Michael Sanders – BH20 #2
Every organization gets compromised - it’s how you fast you detect and respond that counts. Trends like the overnight move to remote work and the subsequent increase in phishing attacks, the acceleration of cloud adoption, and proliferation of enterprise IoT have expanded the attack surface and complicated the job of security professionals. We’ll explore those trends and the opportunity that lay ahead for security teams post-compromise to prevent an event that results in an outage or incident from becoming a full-scale data breach.
This segment is sponsored by ExtraHop Networks.
Visit https://securityweekly.com/extrahop to learn more about them!
For a free trial of Reveal(x)360 visit: www.extrahop.com/swbh
Michael is responsible for architecting security implementations across hyper-converged networks and is part of ExtraHop’s team of cloud security engineers who work directly with customers and prospects. A passionate technologist and evangelist, he brings fresh thinking to security threat detection. Prior to ExtraHop, Michael was a consultant working with multiple technologies across the security landscape. He holds a Masters Degree from the University of Arizona and a BBA from the University of Georgia. Michael speaks at industry events, supports security research organizations, and has been quoted in industry coverage.
3. “Demystifying Modern Windows Rootkits” – Bill Demirkapi – BH20 #2
This talk will demystify the process of writing a rootkit, moving past theory and instead walking the audience through the process of going from a driver that says "Hello World" to a driver that abuses never-before-seen hooking methods to control the user-mode network stack. Analysis includes common patterns seen in malware and the drawbacks that come with malware in kernel-mode rather than user-mode. We'll walk through writing a rootkit from scratch, discussing how to load a rootkit, how to communicate with a rootkit, and how to hide a rootkit. With every method, we'll look into the drawbacks ranging from usability to detection vectors. The best part? We'll do this all under the radar, evading PatchGuard and anti-virus.
Bill Demirkapi is a student at the Rochester Institute of Technology with an intense passion for Windows Internals. Bill’s interests include game hacking, reverse engineering malware, and exploit development. In his pursuit to make the world a better place, Bill constantly looks for the next big vulnerability following the motto “break anything and everything.”
4. Threat Hunting Platforms vs. SIEM, What’s the Difference? – Corey Thuen – BH20 #2
What use cases are addressed by Threat Hunting Platforms and SIEMs? Where is the overlap and where are the differences? This talk covers the high level and low-level tech that drives these differences.
This segment is sponsored by Gravwell.
Visit https://securityweekly.com/gravwell to learn more about them!
Gravwell is a threat hunting platform built for ingest and search of logs and binary data sources at scale. To learn more, visit: https://www.gravwell.io/summercamp2020
Corey Thuen is a founder of Gravwell and has spent over a decade doing cybersecurity at places like Department of Energy national labs, Digital Bond, and IOActive. That experience is now driving development of a full-stack analytics platform built to alleviate pain points he personally experienced from inflexible tools.
5. The Entire IT Security Industry – Richard Stiennon – BH20 #2
Stiennon presents the results of his research to quantify the entire industry. He observes there is no consolidation. Also, that growth rates far exceed what the big firms predict every year.
To see more of Richard's industry insights, visit: https://it-harvest.com/shop/
Richard Stiennon is Chief Research Analyst for IT-Harvest, the firm he founded in 2005 to cover the 2,337 vendors that make up the IT security industry. He has presented on the topic of cybersecurity in 31 countries on six continents. He was a lecturer at Charles Sturt University in Australia. He is the author of Surviving Cyberwar (Government Institutes, 2010) and Washington Post Best Seller, There Will Be Cyberwar. He writes for Forbes and The Analyst Syndicate. He is a member of the advisory board at the Information Governance Initiative. Stiennon was Chief Strategy Officer for Blancco Technology Group, the Chief Marketing Officer for Fortinet, Inc. and VP Threat Research at Webroot Software. Prior to that he was VP Research at Gartner, Inc. He has a BS in Aerospace Engineering and his MA in War in the Modern World from King’s College, London. His latest book, Security Yearbook 2020, is available on Amazon.
6. Simplifying The Process Of Identifying, Assessing & Mitigating Risks – Liam Downward – BH20 #2
Burdensome technologies that generate bloat within any organization, high licensing costs along with the long deployment times. All of these affect the ROI on organizational resources Time, Money, and People.
This segment is sponsored by CYRISMA.
Visit https://securityweekly.com/cyrisma to learn more about them!
Get 10% off your monthly bill when you sign up! Visit: https://www.cyrisma.com
Liam started his career in 1998 in Dublin, Ireland and each year brought new challenges and with this where my passion of Information Security grew. In 2018, he saw that Cyber Security was becoming more complex and organizations would rather ignore risks as their budgets could not afford solutions to protect their data and CYRISMA was born.
7. Being Thorough or Working Fast: Which Matters Most in Security? – Paul Battista – BH20 #2
Most analysts will tell you that they balance between being thorough and getting the job done quickly. I asked the security community to weigh in on this debate. I’ll share what they thought and explain why it’s no longer necessary to choose between the two.
This segment is sponsored by Polarity.
Visit https://www.polarity.io/sw to learn more about them!
Take the Polarity Challenge! Get your free community edition by visiting: www.polarity.io/sw
Paul Battista is CEO and Co-Founder of Polarity.io. Prior to Polarity, Paul was an intelligence officer for the United States Government and participated in all elements of the intelligence cycle from planning operations through dissemination to senior policy makers in the White House. Before his government service, Paul was a senior engineer for Aetna Inc., a penetration tester, and incident responder for multiple fortune 100 customers.
8. Observing Privilege To Reduce Risk In Software As A Service – Chris Morales – BH20 #2
Risk remains the top concern for organizations adopting software-as-a-service (SaaS) models and this is an issue that is only getting worse. What is needed today is the ability to remove the dependency on human behavior and human error, bringing control back to the security team.
Risk in a SaaS environment is largely an identity problem. Specifically, it is a misuse of identity and the privilege access granted to that identity. Before implementing any SaaS platform, you must consider how much access is really being granted in the cloud. More importantly, how is that privilege access being used?
This segment is sponsored by Vectra.
Visit https://www.vectra.ai/o365 to learn more about them!
To see how Vectra can detect attacks in SaaS like Office 365, please visit: https://www.vectra.ai/o365
Chris Morales is Principal Security Advisor at Vectra AI, where he advises and designs incident response and threat management programs for Fortune 500 enterprise clients. He has two decades of information security experience in an array of cybersecurity consulting, sales, and research roles. Christopher is a widely respected expert on cybersecurity issues and technologies and has researched, written and presented numerous information security architecture programs and processes.