BH2020
SubscribeBH2020 #4
Full episode and show notesSegments
Security Trends In Modern Application Development – Chris Wysopal – BH20 #4
DevSecOps has moved security front and center in modern development. Yet security and development teams are driven by different metrics, making it challenging to align on objectives. The move to microservices-driven architecture and the use of containers and serverless has shifted the dynamics of ho...
Hiding Process Memory Via Anti-Forensic Techniques – Frank Block – BH20 #4
Malware authors constantly search for new ways of hiding their activity/content from the eyes of the analysts. In order to help the malware authors in their constant struggle ;-), we introduce three novel methods that prevent malicious user space memory from appearing in analysis tools and additiona...
How We Can Effectively Solve For Human Risk In Our Organizations – Masha Sedova – BH20 #4
What is Human risk? With WFH being present, has human risk increased? Can you solve human risk with technology? As part of your Blackhat talk, what trends have you unconvered that could help CISO's identify areas of greatest human risk?
See how Elevate Security can solve for human risk in your or...
deepwatch Lens Score – Corey Bodzin – BH20 #4
deepwatch Lens Score - The first SecOps maturity benchmarking and planning app. Answers CISO Questions: How mature is my Security Program? How do I compare to my peers? What one thing should I do next?
This segment is sponsored by deepwatch.
Visit https://www.deepwatch.com/lens-score/ to tr...
Cyber Threat Intelligence – Brian Kime – BH20 #4
Cyber threat intelligence has had trouble demonstrating relevance and ROI for most organizations. Brian Kime from Forrester discusses his research on current cyber threat intelligence trends and helps us understand what to expect, from both services and tools, over the next two years.
Threat Hunting Incident Response w/ Google Cloud & Tanium – Anton Chuvakin, Matt Hastings – BH20 #4
Matt and Anton will discuss the new integration between Tanium and Chronicle, designed for distributed IT in a remote-work world. The two will explore some of the unique challenges that security teams are facing in light of this change. They will also provide details on the new integrations, which c...
Summarizing the BlackHat Threat Intelligence Report – Matthew Gardiner – BH20 #4
Matthew Gardiner, Principal Security Strategist, from Mimecast will provide and overview of Mimecast and the results of their Threat Intelligence Report, BlackHat USA Edition, August 2020.
This segment is sponsored by Mimecast.
Visit https://securityweekly.com/mimecastbh to learn more about ...
Challenges Configuring Your Home Network for Remote Workers – BH20 #4
Paul Asadoorian and Matt Alderman discuss the challenges of remote work and how to setup your home network. This discussion will lead to a number of technical segments on future shows to help individuals setup a more secure network at home.
JavaScript Security – Taemin Park – BH20 #4
Security holes and attack vectors in JavaScript. Defense mechanisms against JavaScript exploitations.
BH2020 #3
Full episode and show notesSegments
A Decade After Stuxnet’s Printer Vulnerability – Peleg Hadar, Tomer Bar – BH20 #3
We will describe the Print Spooler vulnerabilities that are found in Windows OS, and will explain how it’s related to Stuxnet. We will also release several tools. The name of Peleg and Tomer's talk is entitled "A Decade After Stuxnet's Printer Vuln: Printing is Still the Stairway to Heaven", and is ...
Planning Security Strategy Without The Black Hat Expo? – Ian McShane – BH20 #3
This year we’ve seen organizations accelerate their so-called digital transformation almost overnight. Now we’re getting to the point where security leaders and business owners need to stop and take stock of what happened, what’s a temporary band aid, and figure out how to build their strategy witho...
Defining the Dynamic Application Security Testing Market – Ferruh Mavituna – BH20 #3
Dynamic application security testing (DAST) for web applications has come a long way, establishing a niche market with a variety of offerings. In this segment Ferruh will discuss the big differences in DAST solutions available and help you understand which one is a pure DAST that you could rely on t...
Effectively Protecting Your Users Against Ransomware & Zero-Day Exploits – Danny Jenkins – BH20 #3
ThreatLocker CEO, Danny Jenkins explains why his new approach of blocking everything that is not trusted and only allowing those applications that are approved, is a cleaner and more comprehensive approach to ensuring malware does not end up on your networks.
During this segment, Danny explains ...
What’s Next In Work From Home Security? – Stephen Boyer – BH20 #3
Security professionals need to be thinking of the next evolution of the approach from working from home, specifically focusing on the security of the home network for both employees and third party contractors. Stephen Boyer discusses how to rate the risk of these new attack vectors using data BitS...
The Paramedic’s Guide to Surviving Cybersecurity – Rich Mogull – BH20 #3
The security world is fraught with cases of mental health issues, burnout, substance abuse, and even suicide. We live in a world of threats and responses that trigger the deepest parts of our psyche; with the barriers between "online" and the physical world constantly crumbling. While some deal in t...
Developer Security Champions – Sandy Carielli – BH20 #3
Firms that want to secure applications are challenged by understaffed security teams and lack of security awareness on the part of developers. Developer security champions are developers who act as a security point of contact in their team, but programs to create and support them require investment ...
Third-Party Risk Management (TPRM) – Alla Valente – BH20 #3
A firm’s network of third-party relationships can be a source of strength and an Achille’s heel, depending on the maturity of their risk management process. Companies have limited or no control over how third-parties secure their technology infrastructure, their applications, and their data, yet the...
The Intersection of Security & Privacy Operations – Gabe Gumbs – BH20 #3
Are security operations teams prepared to respond to privacy threats? Although you can achieve security without privacy, namely keeping information safeguarded from those that should not have access, you can not keep data private without security. How can we address this challenge?
This segment i...
BH2020 #2
Full episode and show notesSegments
Black Box to Glass Box Verdicts – Mario Vuksan – BH20 #2
Modern digital objects, made up of layers of structured code and data, are central to the exchange or storage of information and are becoming increasingly complex.
Moreover, because signature, AI and machine learning-based threat classifications from “black box” detection engines come with littl...
Navigating a Post-Compromise Reality – Michael Sanders – BH20 #2
Every organization gets compromised - it’s how you fast you detect and respond that counts. Trends like the overnight move to remote work and the subsequent increase in phishing attacks, the acceleration of cloud adoption, and proliferation of enterprise IoT have expanded the attack surface and comp...
“Demystifying Modern Windows Rootkits” – Bill Demirkapi – BH20 #2
This talk will demystify the process of writing a rootkit, moving past theory and instead walking the audience through the process of going from a driver that says "Hello World" to a driver that abuses never-before-seen hooking methods to control the user-mode network stack. Analysis includes common...
Threat Hunting Platforms vs. SIEM, What’s the Difference? – Corey Thuen – BH20 #2
What use cases are addressed by Threat Hunting Platforms and SIEMs? Where is the overlap and where are the differences? This talk covers the high level and low-level tech that drives these differences.
This segment is sponsored by Gravwell.
Visit https://securityweekly.com/gravwell to learn ...
The Entire IT Security Industry – Richard Stiennon – BH20 #2
Stiennon presents the results of his research to quantify the entire industry. He observes there is no consolidation. Also, that growth rates far exceed what the big firms predict every year.
To see more of Richard's industry insights, visit: https://it-harvest.com/shop/
Simplifying The Process Of Identifying, Assessing & Mitigating Risks – Liam Downward – BH20 #2
Burdensome technologies that generate bloat within any organization, high licensing costs along with the long deployment times. All of these affect the ROI on organizational resources Time, Money, and People.
This segment is sponsored by CYRISMA.
Visit https://securityweekly.com/cyrisma to le...
Being Thorough or Working Fast: Which Matters Most in Security? – Paul Battista – BH20 #2
Most analysts will tell you that they balance between being thorough and getting the job done quickly. I asked the security community to weigh in on this debate. I’ll share what they thought and explain why it’s no longer necessary to choose between the two.
This segment is sponsored by Polarity....
Observing Privilege To Reduce Risk In Software As A Service – Chris Morales – BH20 #2
Risk remains the top concern for organizations adopting software-as-a-service (SaaS) models and this is an issue that is only getting worse. What is needed today is the ability to remove the dependency on human behavior and human error, bringing control back to the security team.
Risk in a SaaS ...
BH2020 #1
Full episode and show notesSegments
Pentesting Results Paint A Biased Picture – Roi Cohen – BH20 #1
Pentesting is littered with politics, bias reporting, and human error. So how do you clean up the trash? A former IDF engineer shares how his stint as a pentester changed the way he thinks about it - and ultimately led to the development of a new technology.
This segment is sponsored by Vicarius...
Why Secure Remote Access Is Like The Emperors New Clothes – Charl van der Walt, Wicus Ross – BH20 #1
Our research for Black Hat demonstrates that the Secure Remote Access or so-called 'VPN' technologies typically used by enterprises to facilitate access to their networks for remote employees are poorly understood, improperly configured and don't provide the full level of protection typically expect...
Purple Teaming With PlexTrac – Dan DeCloss – BH20 #1
The concept of purple teaming needs to be expanded to incorporate a culture of collaboration across all proactive and reactive activities within enterprise cybersecurity programs.
Learn how PlexTrac can aid in all thing purple teaming and drive to the security posture forward for all.
Key qu...
Protecting Data That Egresses From Cloud Services & SaaS Applications – Jeff Capone – BH20 #1
For a true Zero-Trust environment, it isn’t enough to think about data in cloud services and SaaS applications, we also must protect, control and audit data that egresses form these services onto endpoints.
- How do you protect data that egresses from your cloud services (i.e., Github, Workday, ...
Are You Effectively Addressing API Security? – Michael Borohovski – BH20 #1
All applications use APIs—they’re nothing new to the development world. But are organizations factoring API security into their broader security strategy effectively?
We’ve seen high-profile breaches at well-known companies stemming from their exposure or use of insecure API endpoints. This rais...
Protecting Ethical Hackers – Gary De Mercurio, Justin Wynn – BH20 #1
Arrests in Iowa and a Good Samaritan law for Cyber security. The mistake Iowa has made allowing politicians to pass sweeping reforms on a subject they knew nothing about based on politics and who owned what, versus what was best for the citizens of Iowa.
Satellite Broadband Security – James Pavur – BH20 #1
In my upcoming Blackhat and DEFCON briefings, I will be presenting the result of several experiments looking at real-world security and privacy in satellite broadband communications. We find that it is possible for attackers using cheap home-television equipment to eavesdrop on the internet traffic ...
What’s Going On With TikTok? – BH20 #1
What's the latest with TikTok? Will the application be banned? Can you actually ban it? Doug White and Matt Alderman discuss the latest news on TikTok.
How Did The Twitter Hackers Get Caught? – BH20 #1
The FBI tracked down the Twitter hackers, but how? What mistake did they make? Doug White and Matt Alderman discuss the latest news on the Twitter hack.