1. A Decade After Stuxnet’s Printer Vulnerability – Peleg Hadar, Tomer Bar – BH20 #3
We will describe the Print Spooler vulnerabilities that are found in Windows OS, and will explain how it’s related to Stuxnet. We will also release several tools. The name of Peleg and Tomer's talk is entitled "A Decade After Stuxnet's Printer Vuln: Printing is Still the Stairway to Heaven", and is scheduled for August 6th at 11am PT during Black Hat 2020!
Peleg Hadaris a Security Researcher, in the InfoSec field for more than 7 years, interested in Vulnerability Research.
15+ years in Cyber Security Research Team Lead @ SafeBreach Labs Main focus in APT and vulnerability research Past publications: Prince of Persia – Terminating 10 Years Campaign For Fun And Profit Infy Malware Active In Decade Of Targeted Attacks KasperAgent and Micropsia – Targeted Attacks In The Middle East Ride The Lightning With Foudre Double Edge Sword Attack – Exploiting Quasar Rat Command and Control BadPatch (APT-C-23)
2. Planning Security Strategy Without The Black Hat Expo? – Ian McShane – BH20 #3
This year we’ve seen organizations accelerate their so-called digital transformation almost overnight. Now we’re getting to the point where security leaders and business owners need to stop and take stock of what happened, what’s a temporary band aid, and figure out how to build their strategy without the luxury of getting yelled at by vendor booths in Mandalay Bay.
This segment is sponsored by CrowdStrike. Visit https://securityweekly.com/crowdstrike for a totally free trial!
CrowdStrike at Black Hat USA 2020 https://www.crowdstrike.blog/join-crowdstrike-at-black-hat-2020/
With almost twenty years in information security including practitioner, product manager, and a shift as the lead Gartner analyst for endpoint security and EDR, CrowdStrike’s VP of Product Marketing Ian McShane has seen a lot of crazy things in his time.
3. Defining the Dynamic Application Security Testing Market – Ferruh Mavituna – BH20 #3
Dynamic application security testing (DAST) for web applications has come a long way, establishing a niche market with a variety of offerings. In this segment Ferruh will discuss the big differences in DAST solutions available and help you understand which one is a pure DAST that you could rely on the most in this day and age.
This segment is sponsored by Netsparker.
Visit https://securityweekly.com/netsparker to get a trial of the best dynamic application scanning solution on the market!
Ferruh Mavituna is the founder and strategic advisor of Invicti Security, a world leader in web application security solutions. His professional obsessions lie in web application security research, automated vulnerability detection, and exploitation features. He has authored several web security research papers and tools, and delivers animated appearances at cybersecurity conferences and on podcasts. Exuberant at the possibilities open to organizations by the deployment of automation, Ferruh is keen to demonstrate what can be achieved in combination with Invicti’s award-winning products, Invicti and Acunetix.
4. Effectively Protecting Your Users Against Ransomware & Zero-Day Exploits – Danny Jenkins – BH20 #3
ThreatLocker CEO, Danny Jenkins explains why his new approach of blocking everything that is not trusted and only allowing those applications that are approved, is a cleaner and more comprehensive approach to ensuring malware does not end up on your networks.
During this segment, Danny explains how he’s changing the entire approach and paradigm to cybersecurity.
This segment is sponsored by ThreatLocker.
To effectively protect your users from ransomware and zero-day exploits, visit https://www.securityweekly.com/threatlocker
Danny is a technical guru with a deep understanding of corporate IT and cybersecurity. He has an entrepreneurial background and two decades of experience building and securing corporate networks. Before taking the reins at ThreatLocker, Danny held CEO and CTO positions at multiple IT companies and founded a few cybersecurity businesses of his own.
5. What’s Next In Work From Home Security? – Stephen Boyer – BH20 #3
Security professionals need to be thinking of the next evolution of the approach from working from home, specifically focusing on the security of the home network for both employees and third party contractors. Stephen Boyer discusses how to rate the risk of these new attack vectors using data BitSight already has...
To request a security snapshot report, visit: https://securityweekly.com/bitsight
Stephen co-founded BitSight in 2011 and serves as the Chief Technology Officer. Prior to founding BitSight, Stephen was President and Co-Founder of Saperix, a company that was acquired by FireMon in 2011. While at the MIT Lincoln Laboratory, Stephen was a member of the Cyber Systems and Technology Group where he led R&D programs solving large-scale national cybersecurity problems. Before MIT, he worked at Caldera Systems, an early Linux startup. Stephen holds a Bachelor degree in Computer Science from Brigham Young University and Master of Science in Engineering and Management from the Massachusetts Institute of Technology.
6. The Paramedic’s Guide to Surviving Cybersecurity – Rich Mogull – BH20 #3
The security world is fraught with cases of mental health issues, burnout, substance abuse, and even suicide. We live in a world of threats and responses that trigger the deepest parts of our psyche; with the barriers between "online" and the physical world constantly crumbling. While some deal in theory, many of us deal with real incidents, challenges, and dangers every day and are constantly looking for techniques to respond better while staying saner.
Rich will share the lessons he learned in decades of emergency response and show how to apply them to your security career and daily practice to improve your effectiveness and mental resiliency.
With twenty years of experience in information security, physical security, and risk management, Rich is one of the foremost experts on cloud security, having driven development of the Cloud Security Alliance’s V4 Guidance and the associated CCSK training curriculum.
7. Developer Security Champions – Sandy Carielli – BH20 #3
Firms that want to secure applications are challenged by understaffed security teams and lack of security awareness on the part of developers. Developer security champions are developers who act as a security point of contact in their team, but programs to create and support them require investment and planning.
Sandy is a principal analyst at Forrester advising security and risk professionals on application security, with a particular emphasis on the collaboration among security and risk, application development, operations, and business teams. Her research covers topics such as proactive security design, security testing in the software delivery lifecycle, protection of applications in production environments, and remediation of hardware and software flaws.
8. Third-Party Risk Management (TPRM) – Alla Valente – BH20 #3
A firm’s network of third-party relationships can be a source of strength and an Achille’s heel, depending on the maturity of their risk management process. Companies have limited or no control over how third-parties secure their technology infrastructure, their applications, and their data, yet they're on the hook for breaches, cybersecurity incidents, and regulatory fines incurred.
Alla is a senior analyst at Forrester serving security and risk professionals. She covers governance, risk, and compliance (GRC), third-party risk management (TPRM), contract lifecycle management (CLM), and supply chain risk with a special focus on risk management frameworks. In this role, Alla helps Forrester clients establish strategy, adopt best practices, define a governance framework, and select technology to manage risk, improve business resilience, and strategic value-add. Her research also includes ethics and trust in digital transformation, enterprise risk management (ERM), and protecting the organization’s brand.
9. The Intersection of Security & Privacy Operations – Gabe Gumbs – BH20 #3
Are security operations teams prepared to respond to privacy threats? Although you can achieve security without privacy, namely keeping information safeguarded from those that should not have access, you can not keep data private without security. How can we address this challenge?
This segment is sponsored by Spirion.
Visit https://securityweekly.com/spirionbh to learn more about them!
As Spirion’s Chief Innovation Officer, Gabriel imagines and create technology that pushes data security technology forward in an increasingly complex digital world. Responsible for seeing where data security is going next and ensuring that organizations of all sizes are able to get there. With a 18+ year tenure in CyberSecurity, he has spent most of that time as a security practitioner, aligning security innovations with business objectives for Fortune 100 organizations, today Gabe is responsible for spearheading innovation across the organization through thought and product leadership.