The Official Talos Guide to BlackHat 2017
The Official Talos Guide to BlackHat 2017
It is once again time for Security Summer Camp – the week in July that many of us descend upon LasVegas for Black Hat and DEFCON. This is your official guide to what Cisco’s Talos Threat Intelligence team is doing at Black Hat 2017.
Whether you are looking to catch some great talks, hunting down the best parties, or just trying to avoid LineCon in all it’s forms, here is a quick run-down of where and how you can catch Talos speakers, Cisco events, and some fun stuff from other teams within Cisco as well. Read on for the full details of what Cisco has in store for this year!
Event At-A-Glance:
Event micosite: http://ift.tt/2uvjBzj
Black Hat USA website: blackhat.com/us-17
Chat with us: @CiscoSecurity and @TalosSecurity
Booth: #700 – Snorty pigs, t-shirts, and amazing booth talks by the Talos crew and Cisco Security
Also visit: Cisco Cloud Security @ booth #240
Cisco Party / Talos VIP party: Private event at Heart of Omnia – Register early!
Wed. July
Talos Flash Talks: 10:00am- 7:00pm, Cisco Booth #700 – Full schedule below
Career Zone: 10:00am- 7:00pm, Black Hat Business Hall, Booth CZ2
Talos Session – The Evolution of Threat Propagation Techniques: , Craig Williams 3:00-3:50 p.m. Business Hall Theater B (on show floor)
Cisco Black Hat Party: 8:00pm, Heart of Omnia, Caesar’s Palace – Register early!
(Bonus: Get your Beers with Talos Podcast swag, available exclusively at the party!)
Wed. July 26
Talos Flash Talks: 10:00am- 5:00pm, Cisco Booth #700 – Full schedule below
Career Zone: 10:00am- 5:00pm, Black Hat Business Hall, Booth CZ2
The Details:
Cisco Party:
Wed. July 26, 8:00pm Heart of Omnia, Caesar’s Palace
Omnia Terrace
Join Cisco and the Talos team at the Heart of Omnia at Caesar’s Palace.
You will enjoy music, open bar, great food, and entertainment. Black Hat badge required for general admission entry. Unwind, have fun with your peers and the Talos team! We will be giving out and exclusive Beers with Talos podcast t-shirt as well. Talos VIP attendees will be treated to some additional perks once inside, this party WILL be full, so register early!
The Evolution of Threat Propagation Techniques:
Wed. July 26, 3:00 – 3:50 p.m. Business Hall Theater B (on show floor)
Craig Williams, Talos Outreach
Join Talos Outreach Senior Manager Craig Williams on a journey through the evolution of todays threat landscape. He will be covering specific insights on the latest techniques used by threats we have seen in recent weeks like Nyetya/NotPetya, WannaCry, and more.
The challenge with malware isn’t writing the malware itself but the ability to get the malicious software onto end systems. Every attacker struggles with this problem – “how to I get this malware on more end hosts?”. Newer payloads like ransomware ensure attackers are making more money than ever before. As long as businesses continue to pay, this threat will increase, that’s basic economics.
This increase in cash flow drives the evolution of threats and propagation techniques like never before. In this talk we will discuss the evolution of these techniques and how to defend against them.
Cisco Booth Lightning Talks:
Wed. July 26, 10:00am–7:00pm
Thurs. July 27, 10:00am– 5:00pm
Cisco Booth #700
Here is the full schedule of booth talks at the Cisco/Talos booth area (Italics indicates a talk from the Talos team):
| Wed July 26 | Speaker | Title |
| 10:00 – 10:30AM | Paul Rascagneres | Player 3 Has Entered the Game: Say Hello to ‘WannaCry’ |
| 10:30 – 11:00AM | Jaeson Schultz | The Dark Side of the DNS |
| 11:00 – 11:30AM | Regina Wilson | Vulnerability Disclosure Policy |
| 11:30AM – 12:00 | Richard Harman | Internet Of Crap: Spelunking in Security Camera Firmware |
| 12:00 – 12:30PM | Earl Carter | The Rise in Email Attacks |
| 12:30 – 1:00PM | Scott Bower | Advanced Email Security – Combatting Today’s Blended Threats |
| 1:00 – 1:30PM | George Tarnovsky | X-Ray Reverse Engineering |
| 1:30 – 2:00PM | Ronnie Flathers | How I owned your Windows domain with “Informational Findings” and what you can do about it |
| 2:00 – 2:30PM | Sam Dytrych | Analysis of Video Game DRM Bypass |
| 2:30 – 3:00PM | Kevin Parra | Midyear Security Report |
| 3:00 – 3:30PM | Keti Kilcrease | Learn by Doing- Segment Your Network with Software Defined Segmentation |
| 3:30 – 4:00PM | Alec Gleason | Static Files in the Modern Web Age |
| 4:00 – 4:30PM | Nick Biasini | Exploit Kits Are Dead, Long Live Exploit Kits |
| 4:30 – 5:00PM | Jaime Filson | Images, not just for memes |
| 5:00 – 5:30PM | Brandon Stultz | Protecting Networks with FirePOWER |
| 5:30 – 6:00PM | Patrick Mullen | From Vaporware to Alpha – Snort 3.0! |
| 6:00 – 6:30PM | Vanja Svajcer | Modified Zyklon and plugins from India |
| 6:30 – 7:00PM | Brian Ford | Packet Capture for Incident Investigation and Response |
| Thurs July 27 | Speaker | Title |
| 10:00 – 10:30AM | Kevin Parra | Midyear Security Report |
| 10:30 – 11:00AM | Earl Carter | The Rise in Email Attacks |
| 11:00 – 11:30AM | Vanja Svajcer | Nyetya Attack: Latest Updates |
| 11:30AM – 12:00 | Patrick Martin | Talos Crete |
| 12:00 – 12:30PM | Nick Biasini | Exploit Kits Are Dead, Long Live Exploit Kits |
| 12:30 – 1:00PM | Jaeson Schultz | The Dark Side of the DNS |
| 1:00 – 1:30PM | Paul Rascagneres | Player 3 Has Entered the Game: Say Hello to ‘WannaCry’ |
| 1:30 – 2:00PM | Warren Mercer | Introducing ROKRAT |
| 2:00 – 2:30PM | David Maynor | Talos Interdiction: MeDoc and the Ukraine |
| 2:30 – 3:00PM | Atheana Altayyar | The Anatomy of an Attack |
| 3:00 – 3:30PM | Kristyanne Patullo | Preventing Tomorrow’s Attacks using Cisco Umbrella |
| 3:30 – 4:00PM | Brian Ford | Finding Malware in Encrypted Connections Using Encrypted Traffic Analytics |
| 4:00 – 4:30PM | Andrew Akers | Accelerated Response with Network Visibility and Enforcement |
| 4:30 – 5:00PM | Kevin Parra | Midyear Security Report |
Wed. July 26Career Zone:
Thurs. July 27
Black Hat Business Hall, Booth CZ2
Friendly Reminders:
There are lots of things you should know before heading to Black Hat and DEFCON. Here’s a quick list of things to absolutely remember:
- Business cards
- Spare juice packs – nothing drains devices like a conference, although turning off Bluetooth and wi-fi radios helps and may not be a terrible idea at any conference. If you aren’t charging, you are probably going to have a dead phone by the time the parties start in the evening.
- Comfortable walking shoes – yes, many venues are connected, but they are connected via LONG walks. Many attendees rack up more than 8-10 miles per day on their pedometers!
- Space in your suitcase – there is swag-a-plenty and you need to get it home!
- Water – because it’s the desert.
We are looking forward to meeting and seeing everyone at Black Hat and DEFCON. Be sure to come by booth #700 and say hello …and, of course, pick up a NEW limited edition Snorty pig for your collection!
Staying for DEFCON?
Talos is a proud sponsor of the Packet Hacking Village at DEFCON this year! Okay, now make sure your Bluetooth and Wi-Fi are off. You know what – just power down. Also, make sure to join Talos Senior Security Research Engineer Patrick DeSantis for his talk in the DEFCON 101 track:
From Box to Backdoor: Using Old School Tools and Techniques to Discover Backdoors in Modern Devices
Thursday at 11:00
DEFCON 101 track
Stringing together the exploitation of several seemingly uninteresting vulnerabilities can be a fun challenge for security researchers, penetration testers, and malicious attackers. This talk follows some of the paths and thought processes that one researcher followed while evaluating the security of several new “out of the box” Industrial Control System (ICS) and Internet of Things (IoT) devices, using a variety of well known exploitation and analysis techniques, and eventually finding undocumented, root-level, and sometimes un-removable, backdoor accounts.
from Cisco Blog » Security http://ift.tt/2tbnyW3