BH2020 #2

Focus on subject of IoT security and hacking, IoT testing and Testing methods and related research topics.

This segment is sponsored by Rapid7.

Visit https://securityweekly.com/rapid7 to learn more about them!

Segment Resources: https://www.rapid7.com/research/%0D%0Ahttps://blog.rapid7.com/author/deral-heiland/

To gain access to our latest research (i.e. 2020 Q1 Threat Report, NICER and Under the Hoodie 2020 visit: https://www.rapid7.com/research/

To register for our upcoming webcast with Rapid7 "The Internet Exposed: Findings from the National Internet Cloud Exposure Report", visit: https://register.gotowebinar.com/register/2929993287629586702?source=SW

Modern digital objects, made up of layers of structured code and data, are central to the exchange or storage of information and are becoming increasingly complex.

Moreover, because signature, AI and machine learning-based threat classifications from “black box” detection engines come with little to no context, security analysts are left in the dark as to why a verdict was determined, negatively impacting their ability to verify threats, take informed action and extend critical job skills.

They need an approach that leverages threat data from both internal and external sources to systematically analyze each layer of these complex objects, generating transparent “glass box” actionable intelligence and human interpretable data to detect, classify and respond to malware threats.

This segment is sponsored by Reversing Labs.

Visit https://www.reversinglabs.com/ to learn more about them!

Join ReversingLabs at this year's Black Hat 2020 Virtual Business Hall to learn how explainable threat intelligence drives SOCs and Threat Hunters to take action faster and reduce their time to remediate. https://register.reversinglabs.com/black-hat-2020

Every organization gets compromised - it’s how you fast you detect and respond that counts. Trends like the overnight move to remote work and the subsequent increase in phishing attacks, the acceleration of cloud adoption, and proliferation of enterprise IoT have expanded the attack surface and complicated the job of security professionals. We’ll explore those trends and the opportunity that lay ahead for security teams post-compromise to prevent an event that results in an outage or incident from becoming a full-scale data breach.

This segment is sponsored by ExtraHop Networks.

Visit https://securityweekly.com/extrahop to learn more about them!

For a free trial of Reveal(x)360 visit: www.extrahop.com/swbh

This talk will demystify the process of writing a rootkit, moving past theory and instead walking the audience through the process of going from a driver that says "Hello World" to a driver that abuses never-before-seen hooking methods to control the user-mode network stack. Analysis includes common patterns seen in malware and the drawbacks that come with malware in kernel-mode rather than user-mode. We'll walk through writing a rootkit from scratch, discussing how to load a rootkit, how to communicate with a rootkit, and how to hide a rootkit. With every method, we'll look into the drawbacks ranging from usability to detection vectors. The best part? We'll do this all under the radar, evading PatchGuard and anti-virus.

What use cases are addressed by Threat Hunting Platforms and SIEMs? Where is the overlap and where are the differences? This talk covers the high level and low-level tech that drives these differences.

This segment is sponsored by Gravwell.

Visit https://securityweekly.com/gravwell to learn more about them!

Gravwell is a threat hunting platform built for ingest and search of logs and binary data sources at scale. To learn more, visit: https://www.gravwell.io/summercamp2020

Stiennon presents the results of his research to quantify the entire industry. He observes there is no consolidation. Also, that growth rates far exceed what the big firms predict every year.

To see more of Richard's industry insights, visit: https://it-harvest.com/shop/

Burdensome technologies that generate bloat within any organization, high licensing costs along with the long deployment times. All of these affect the ROI on organizational resources Time, Money, and People.

This segment is sponsored by CYRISMA.

Visit https://securityweekly.com/cyrisma to learn more about them!

Get 10% off your monthly bill when you sign up! Visit: https://www.cyrisma.com

Most analysts will tell you that they balance between being thorough and getting the job done quickly. I asked the security community to weigh in on this debate. I’ll share what they thought and explain why it’s no longer necessary to choose between the two.

This segment is sponsored by Polarity.

Visit https://www.polarity.io/sw to learn more about them!

Take the Polarity Challenge! Get your free community edition by visiting: www.polarity.io/sw

Risk remains the top concern for organizations adopting software-as-a-service (SaaS) models and this is an issue that is only getting worse. What is needed today is the ability to remove the dependency on human behavior and human error, bringing control back to the security team.

Risk in a SaaS environment is largely an identity problem. Specifically, it is a misuse of identity and the privilege access granted to that identity. Before implementing any SaaS platform, you must consider how much access is really being granted in the cloud. More importantly, how is that privilege access being used?

This segment is sponsored by Vectra.

Visit https://www.vectra.ai/o365 to learn more about them!

To see how Vectra can detect attacks in SaaS like Office 365, please visit: https://www.vectra.ai/o365