On this page

Sponsored Workshops

A Deep Dive into Zero-Day Security Intelligence and Collaboration

Despite the success of independent and vendor bug bounty programs, more software vulnerability information is going for sale to the highest bidder on the black market. What does this mean to you? If you’re a security vendor, you miss the opportunity to understand the anatomy of zero-day vulnerabilities and identify new evasion techniques not seen previously to protect your customers. If you’re the affected software vendor, you’re stuck with your pants down not knowing what to fix until it’s too late. If you’re the customer, you’ve probably been the victim of a breach, but you don’t even know it. So what can you do to be prepared for a zero-day attack?

Join experts from HP TippingPoint to gain a deep understanding of how to prepare to defend against a zero-day attack. The workshop facilitators will provide an insider view into the creation and deployment of zero-day vulnerability filters. In addition, attendees will also learn how strategic threat intelligence feeds share threat data and analysis to help security researchers and organizations gain real-time intelligence on adversaries, attack vectors, methods and motivations behind current threats.

Sponsored By


Attribution: What It Means For Enterprise Security

For years, enterprises have been spending millions to identify malware and new online exploits. Yet, until recently, enterprises spent very little to learn about their attackers themselves – who they are, their methods of research and attack, and what their motivations might be. Today, there is a growing category of technologies and services – sometimes called attribution services -- that can be used to track back on the attacker to discover something about who they are and how they operate. But do enterprises really need to know who their attackers are? What can they realistically learn about their adversaries, and how accurate is the attribution? And, from a practical perspective, how useful is that knowledge – how can enterprises use it to improve their cyber defenses? In this provocative session, an expert panel will discuss these questions and more.

Sponsored By


Beating Cybercriminals: Preventing Compromise in the Face of Advanced Attacks

Cybercriminals combine social engineering techniques with ongoing application vulnerabilities to install advanced malware on both customer devices to compromise financial accounts and employee devices to compromise corporate networks. Advanced malware effectively bypasses authentication technologies and readily evades anti-virus applications. New endpoint solutions have emerged that have some merit, typically with a narrow focus on a single threat vector, but none have proven effective at stopping dynamic threats, and most of these approaches come with a very high operational cost. A new approach to cybercrime protection and preventing compromise is desperately needed.

This workshop will provide an overview of:

  • The methods cybercriminals use to successfully install advanced malware on endpoint devices
  • The most recent fraud cybercrime developments and compromise techniques uncovered by Trusteer research
  • New approaches available to mitigate the increased risk from endpoint devices
  • Case studies of actual cybercrime prevention results
  • Demonstration of preventing different advanced attack scenarios

Sponsored By

Presented by

Andy Land & Christopher Beier & Dana Tamir

Combatting the Inevitable Attack: Intelligence and Integration are Critical

These days, the simple truth is that IT security breaches are inevitable. There are far too many system vulnerabilities for attackers to exploit, and multi-faceted, persistent threats continue to increase and evolve. At the same time, internal/external users, especially privileged users, can be a security risk, either intentionally or if their credentials are exploited.

These vulnerabilities create a critical need for a multi-dimensional security strategy that addresses all layers of your IT infrastructure. To successfully defend your IT assets, a security system must be able to detect, block and identify attackers, and to identify stealthy attacks in progress or other malicious activities.

In this workshop IBM Security will discuss and demonstrate new strategies for combatting the evolving and complex advanced attack landscape. We’ll discuss how to thwart insider threats, including managing privileged users, and how quickly conduct forensics investigations using both freely available packet capture technologies and the new, integrated QRadar Incident Forensics solution. Armed with recent trends and advanced threats data from the latest IBM X-Force security research, presenters will discuss techniques you can use to break the advanced threat lifecycle both within and external to your organization.

Workshop attendees will learn how to:

  • Leverage prioritized security intelligence data before, during and after an attack
  • Spot anomalistic user and application behaviors using baseline activity comparisons
  • Determine the actions to take once a security incident has been identified
  • Implement audit controls and automated password management to block misuse of privileged identities
  • Meet compliance challenges with user monitoring and reporting tools

Sponsored By

Presented by

David Druker & Sterling Jones

Defending the New Perimeter: Wireless Attack Landscape and Defense

As enterprise wireless networks have evolved, effective threat prevention and detection is becoming increasingly critical. Due to its inherent nature, wireless propagation introduces new vulnerabilities and gives the hacker a relatively large target. The hacker can now be in the parking lot or a few miles away. Wireless hacking in recent years has become a common attack vector for many reasons. Hardware Wi-Fi hacking tools are becoming cheaper and accessibility to and usability of open source tools is easier than ever. Fortunately, most of the risks can be mitigated by following best practices and taking preventative, proactive and reactive steps.

During this session, we will discuss typical wireless attacks, how they affect the wireless infrastructure and demonstrate some common attacks. It is important to deploy layered and flexible defenses to stay a step ahead. There is no single silver bullet but the clever use of a Wireless Intrusion Prevention and Detection System in conjunction with a few other tools can defend your wireless LAN. We will also share the best practices to set up and tune your WIPS/WIDS for higher efficiency.

Sponsored By

Presented by

Greg Rayburn

Don’t be a Target: Everything You Know about Vulnerability Prioritization is Wrong

Heartbleed. Target. Adobe … businesses are under siege by cybercriminals looking for financial gain and political actors looking for trade secrets. It’s a wildly uneven match where a motivated attacker can find exploitable attack vectors in minutes and maintain unabated access for months, while the security team continues to rely on time-honored methodology to fix vulnerabilities in order of severity.

But severity-based vulnerability management misses the mark completely, as it overlooks the fact that risk exposure is the real concern. This workshop will focus on identifying critical vulnerabilities so they can be fixed as quickly as possible to ensure a reduction in risk and the shrinking the attack surface over time.

In this deep dive session on vulnerability analysis and prioritization, we’ll cover:

  • Calculating risk exposure: Risk = Impact * Likelihood * Time
  • The data you need to be collecting about assets and vulnerabilities
  • Prioritizing vulnerabilities using simple 2 factor relationships
  • Asset-to-vulnerability correlation to augment the accuracy and freshness of active scan data
  • Techniques to drive down the risk exposure time

Sponsored By

Presented by

Sean Keef

Every Second Matters: The Importance of Putting IOCs to work

You need instant visibility and accurate, instant information about the state of your computing assets to take action against threats -- in seconds, not hours or days. Have you invested in threat intelligence feeds and detection tools with IOCs that have a manual workflow to remediation?

Join Tanium CTO, Orion Hindawi, for this compelling workshop in a live production environment. Find out how Tanium is being used to provide unprecedented leverage to existing tools. Tanium enables effective and instant response from IOC’s across the largest, most complex enterprises. We will showcase the innovative technology and reveal exclusive best practices that have enabled Fortune 50 customers to not only address threats, but mount counter-offensives, streamline operational workflows, improve compliance, and consolidate infrastructure.

During this session, we’ll demonstrate the following advances made possible by Tanium’s unique communication platform and out-of-the-box functionality:

  • Incident Response: Traditional IR process vs Hunting
  • Indicators of Compromise: Manual IOC handling vs Automated IOC Funnel to test thousands of samples per day
  • Data Leakage: Disclosure event vs proactive data protection
  • License Management: Best-guess compliance vs verifiable real-time license inventory
  • Emergency Patch Management: Protracted cycles vs instantaneous action

Take action!

Sponsored By


The Future of Responsible Disclosure

In the past, security researchers have followed an unwritten code that governs the ethical release of newly-discovered IT security vulnerabilities. In recent years, however, a new range of “bug bounties,” vulnerability marketplaces, and even government acquisition of critical flaws has created a broader and more lucrative set of opportunities for researchers to consider. In a world where a new vulnerability can mean big opportunities – and big bucks – for security researchers, what’s the “right” way to disclose new vulnerabilities? What are the best and most appropriate venues for disclosure? What’s the right length of time to wait for a vulnerability to be “fixed” before disclosing it in one of these venues? And should researchers seek disclosure venues and practices that are the most likely to keep users safe – or should they simply sell their discoveries to the highest bidder? In this panel session, top experts on vulnerability research and disclosure will offer a variety of views on how best to disclose a newly-discovered security flaw.

Sponsored By


Intro to the world of SaaS-based attacks

This workshop will focus on attacks against enterprise Software-as-a-Service applications in order to explore the nooks and crannies of the shared responsibility model. The ubiquitous accessibility and extensibility of SaaS applications has unveiled many new attack vectors. We will explore and contrast “SaaS attacks” vs traditional attacks, and cover various attack vectors, from application exploits, to protocol vulnerabilities, and, of course, end user attacks.

This is a hands-on advanced workshop, offered by Adallom Labs engineers, formerly of 8200, for seasoned security professionals who want to extend their tool set from classic web attacks to cloud based attacks. We will perform a hacking training session in which the students will actively reverse engineer and research a specially-crafted SaaS platform and use different exploitation methods to hack the platform.

Topics include:

  • Hands-on SaaS application hacking
  • OAuth authentication flow in-depth
  • How to exploit an Oauth-related SaaS Provider vulnerability
  • Advanced phishing attacks

Who should take this course:

Pen testers, security professionals and researchers who are interested in understanding SaaS attacks in-depth.

Student requirements

  • Strong knowledge of classic web exploitation methods
  • Intermediate web development and scripting skills
  • Basic understanding of cryptographic primitives
  • Basic experience with SaaS applications like Google Apps, Salesforce, Box, or Office 365

What students should bring

Students must bring their own laptops with a web server environment of choice installed. If required, we can provide a Linux VM with Nginx pre-configured, in that case the laptop should have VMware Workstation, Server or Fusion installed (VMware Player is acceptable, but not recommended).

Students who cannot meet the laptop requirements may contact Adallom at education@adallom.com to see if a laptop can be provided for you.

Sponsored By

Presented by

Ami Luttwak

“Kaizen 2.0” another CTF

Booz Allen Hamilton is excited to once again provide their offering of “Kaizen”, a Capture the Flag event at Black Hat USA 2014. This interactive event is designed to build the skills of information security professionals through hands-on challenges in forensics, web exploitation, scripting, and binary reverse engineering. Whether you are a seasoned professional or new to infosec and want a healthy environment to try your first CTF, come check out Kaizen!

Kaizen is split into separate levels with a variety of challenges, with all equipment is provided. Top scores will receive 1st, 2nd, and 3rd place prizes as well as challenge and achievement based prizes for the truly advanced! Additionally, they will receive an invitation to our exclusive sponsored networking event held on Thursday evening.

  • Realistic - Participants are faced with real world challenges, doing Internet research, crafting new solutions and pure development/scripting on-the-fly.
  • Hands On - Truly 100% hands on, independent learning; no lecturing. Mentors available and provide one-on-one help when needed, but participants are encouraged to succeed through independent learning.
  • Accommodates all experience levels
    • Experienced/senior technical participants are motivated to compete, test their skills, and gain points on the leader board.
    • Junior participants can trade points for hints, work with mentors, research and learn how to solve problems in a safe but competition space.
  • Environment - A key element that makes this successful is the relaxed and fun environment. Stop on by, say hello, and network with individuals like you!

Sponsored By


SHUT THEM ALL DOWN! This Deal Keeps Getting Worse

Today’s incident response team can’t just rely on having a whole weekend to remediate. You’ve also got to be able to start frustrating the attacker earlier and earlier in the response. Suppose an advanced attacker had figured out how to reliably evade your FireEye boxes, your Bit9 endpoint software, your Symantec DLP. And he’s using *your* credentials against you. Could you find and frustrate him? Or would you pour a steaming cup of fail in your own lap?

In this course, you’ll learn a few ways that CrowdStrike’s hunters lock down authentication credentials during a hot incident, when we’re engaging in a running firefight with the adversary on your own network.

We’ll show you the tactics and when to apply them. And, we’ll help you understand what future capabilities you might want to prepare, so you can figure out what the fox says when he’s in your network.

And yeah, we’ll use tactics from current incidents we responded to.

Students will learn how to:

  • Conduct adversary-based hunting operations using existing technology
  • Improve authentication credential protection during live IR
  • Prepare for adversary evolution

Sponsored By

Presented by

Wendi Rafferty & Chris Scott & Andy Schworer

Spot the Hacker Workshop

Using data from real log files attendees will be asked to analyze log data to identify potential security risks and see if they can SPOT THE HACKER!!! We will discuss the approach and reasoning the attendees used to search the logs along with comparing those techniques with advances in security visualization.

Since this will be a working session with real data attendees should bring a laptop and their favorite analysis tools. The session will include a short preface on the log data and its sources with time given to analyze the log files. Teamwork is encouraged as the goal of the session is information sharing and learning. Finally we will conduct a lively discussion on visual analytic techniques and tools used where attendees will see what everyone found in the log files.

Sponsored By


Web App Pentesting For Mere Mortals

Join SecureNinja’s Chief Technology Officer Joe McCray in Web App Pentesting for Mere Mortals. This is a hands-on hacking course that will give you a practical process for performing penetration tests on web applications – in plain and simple English from a guy who won’t put you to sleep. Rather than overloading students with geekenese, or even worse, death by PowerPoint, this workshop will teach you how to perform web app penetration testing using nothing but Firefox. You’ll be attacking several web applications designed to emulate vulnerabilities that Joe McCray has found on several real web application penetration tests – especially the tricky vulnerabilities that security scanners typically miss.

We will focus on manual web application testing techniques such as identifying and exploiting SQL Injection, Cross-Site Scripting, Remote and Local File Includes and much more. You’ll be attacking both ASP.NET/MSSQL Web apps and PHP/MySQL Web apps as well. You’ll also learn how to bypass intrusion detection systems and Web Application Firewalls (WAF). Joe will show you common misconfigurations of both network and application security products that allow attackers to exploit hardened applications in some of the most secure environments in the world like financial institutions and government entities.

This workshop is designed for systems administrators, network administrators, and information security professionals who do NOT have a strong application security background. However, even the seasoned application security professional will pick up a thing or two. You may walk into SecureNinja’s workshop a mere mortal, but you will definitely walk out a NINJA.

Sponsored By

Presented by

Joe McCray