The Official Talos Guide to Security Summer Camp 2018

2018-08-06T06:39:00
ID TALOSBLOG:060B13CD3708D431FAD71DB78A96EA66
Type talosblog
Reporter noreply@blogger.com (Mitch Neff)
Modified 2018-08-06T15:09:41

Description

It is once again time for the week in the summer when many of us descend on Las Vegas for Black Hat, DEF CON, and B-Sides LasVegas. This is your official guide to what the Cisco Talos Threat Intelligence team is doing at these shows and what some of our colleagues around Cisco Security are doing, as well.

Whether you are looking to catch some great talks, hunting down the best parties, or just trying to avoid LineCon in all it's forms, here is a quick run-down of where and how you can catch Talos speakers, Cisco events, and other fun stuff you don't want to miss. Read on for the full details of what Cisco has in store for this year.

Black Hat Events At a Glance:

Event microsite:

www.cisco.com/go/blackhat

Chat with us:

@TalosSecurity, @CiscoSecurity, @OpenDNS, @CiscoDevNet, @Snort, and @PortcullisLabs

Beers with Talos Live Podcast:

Wed. Aug. 8, 12 - 2 p.m. -SOLD OUT-

Cisco Party Black Hat party:

We're headed to Topgolf Las Vegas! Get on the list now.

Booth:

Stop by booth #504 for Snort pigs, Talos socks, and amazing booth talks by the Talos crew and other Cisco Security team members.

  • Theater sessions will take place every 20 minutes.
  • Play the DevNet Black Hat challenge on Thursday. Participants will receive a limited availability hoodie.
  • The booth will also feature demos, Snort squishy pigs, awesome socks, and party check-in.

Career Zone booth CZ212:

Security recruiters and researchers from Talos, Cisco Security, and Umbrella will be talking to recruits about all open positions. If you are looking for a new role or thinking it is time for a change, stop by the Career Zone booth. Resumes aren't required, but we will take it if you have it. Check out open positions across Cisco Security (including Talos!) here: cs.co/SecJobs.

Wednesday, Aug. 8

Talos *Black Hat *Flash Talks:
10 a.m. - 7 p.m., Cisco Booth #504 - Full schedule below

*Cisco Security/Talos Recruiting:*
10 a.m. - 7 p.m., Black Hat Career Zone, Booth CZ212

Cisco Security *Black Hat *Session:
Cryptocurrency: More Than Just a Ransomware Payment Method

11:30 a.m. - 12:20 p.m., Oceanside F (Giving away "Game of Threats" T-shirts)
Artsiom Holub and Austin McBride

Beers with Talos Live at Black Hat:

12 - 2 p.m., Rí Rá Irish Pub, Mandalay Bay -SOLD OUT-

Talos *Black Hat *Session:
Surprise Supplies!
Paul Rascagneres and Warren Mercer

3 - 3:50 p.m., Business Hall Theater B (Giving away Talos socks)

Cisco Black Hat Party:
8 - 11 p.m., Topgolf Las Vegas, MGM

Thursday, Aug. 9

Talos *Black Hat *Flash Talks:
10 a.m. - 7 p.m., Cisco Booth #504 - Full schedule below

Cisco Security/Talos Recruiting: 10 a.m. - 7 p.m., Black Hat Career Zone, Booth CZ212

Cisco Security *Black Hat *Workshop:
Tracking Down the Cyber Criminals: Revealing Malicious Infrastructures with Umbrella
Chris Riviere
11 - 11:50 a.m., Session 1, Mandalay Bay Ballroom B (Giving away "Game of Threats" T-shirts)
12:10 - 1 p.m., Session 2, Mandalay Bay Ballroom B (Giving away "Game of Threats" T-shirts)

Cisco Security (PortcullisLabs) Black Hat Session:
Playback: A TLS 1.3 Story
Alejo Murillo Moya and Alfonso Garcia Alguacil
12:10 - 1 p.m., Jasmine Ballroom

Cisco Security *Black Hat *Session:
A Cloud Security RESTful Hunt
Andrew Maxey
1:20 - 2:10 p.m., Business Hall Theater B (Giving away "Game of Threats" T-shirts)

Cisco Security *Black Hat *Session:
IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies
Jonas Zaddach
3:50 - 4:40 p.m., South Pacific F

Friday, Aug. 10

Cisco Security (PortcullisLabs) DEF CON Session:
Playback: A TLS 1.3 Story
Alejo Murillo Moya and Alfonso Garcia Alguacil
3 - 4 p.m., DEF CON Track 2 - Caesar’s Palace

Saturday, Aug. 11

Talos DEF CON Session:
Analyzing VPN Filter’s Modbus Module

Patrick DeSantis & Carlos Pacho
10:40 - 11:30 a.m., DEF CON ICS Village

Cisco Booth Lightning Talk Schedule:

Wed. Aug 8, 10 a.m. - 7 p.m.
Thurs. Aug 9, 10 a.m. - 5 p.m.
Cisco Booth #504

On the full schedule, we have 18 new talks from Talos, and many other talks from Umbrella, and Cisco’s Web Security and Services teams. You won’t want to miss these sessions. Have a seat and enjoy a 20-minute presentation in Cisco booth #504. Grab some great swag, check in for the Cisco Party, or play the Black Hat challenge game while you are there.

Here is the full schedule of booth talks at the Cisco/Talos booth area (h__ighlights indicate talks from Cisco Talos team members):

Wed. Aug. 8| Speaker| Title
---|---|---
10:40 - 11 a.m.| George Tarnovsky| Reverse Engineering using X-Ray
11 - 11:20 a.m.| Alec Gleason| Secure AI Architecture
11:20 - 11:40 a.m.| Samuel Dytrych| In Libc We Trust?
11:40 - Noon| Paul Singleton| The Secure Internet Gateway: Security Reimagined in the Cloud
Noon - 12:20 p.m.| Jordan Gackowski| Stepping into the cloud with confidence
12:20 - 12:40 p.m.| Chris Riverie| Office 365: Enhanced Security to Protect Your Email, Users, Data and Apps
12:40 - 1 p.m.| Chris Parker James| Anatomy of an Attack
1 - 1:20 p.m.| Justice Cassel| Bug Bounties and the OWASP Top 10: Messy Vulns and Real Lessons
1:20 - 1:40 p.m.| Sam Rastogi| Redefine Data Center Security in a Multicloud World
1:40 - 2 p.m.| Ben Greenbaum| Investigations at the Speed of Cisco Visibility
2 - 2:20 p.m.| Nick Biasini| Malicious Crypto Mining
2:20 - 2:40 p.m.| Jaime Filson| A Romp Down FTP Lane
2:40 - 3 p.m.| Adam Flatley| Managing Response to Large Scale, Critical Cyber Events
3 - 3:20 p.m.| David van Schravendijk| Cisco's Cloud Managed Meraki MX. Past, Present, & Future.
3:20 - 3:40 p.m.| Salina Wuttke| IBM: Accelerate Detection of Advanced Threats with Cisco & IBM Security
3:40 - 4 p.m.| George Tarnovsky| Reverse Engineering using X-Ray
4 - 4:20 p.m.| Vitor Ventura| Telegrab
4:20 - 4:40 p.m.| Yves Younan| The Past Year In Vulnerability Discovery at Cisco Talos
4:40 - 5 p.m.| Cory Duplantis| Pattern Matching Vulnerabilities
5 - 5:20 p.m.| Andrew Blunck| How Talos Writes Coverage & Why it Works
5:20 - 5:40 p.m.| Caitlyn Hammond| A day in the life of an analyst
5:40 - 6 p.m.| Adam Katz| Email Sender Analysis: SPF, DKIM, and DMARC
6 - 6:20 p.m.| Sam Rastogi| Redefine Data Center Security in a Multicloud World
6:20 - 6:40 p.m.| |
6:40 - 7 p.m.| Raffle Drawing|

Thur. Aug. 9| Speaker| Title
---|---|---
10 - 10:20 a.m.| David Schwartzberg| Anatomy of an Attack
10:20 - 10:40 a.m.| Edmund Brumaghin| Thanatos Ransomware
10:40 - 11 a.m.| David Maynor| Hunting beyond packets
11 - 11:20 a.m.| Danny Adamitis| When and why APT actors use open-source frameworks
11:20 - 11:40 a.m.| Regina Wilson| Vulnerability Reporting and Disclosure
11:40 - Noon| Carlos Pacho| Finding Vulns in Embedded Systems
Noon - 12:20 p.m.| David van Schravendijk| Cisco's Cloud Managed Meraki MX. Past, Present, & Future.
12:20 - 12:40 p.m.| Alec Gleason| Secure AI Architecture
12:40 - 1 p.m.| Salina Wuttke| IBM: Accelerate Detection of Advanced Threats with Cisco & IBM Security
1 - 1:20 p.m.| Jordan Gackowski| Stepping into the cloud with confidence
1:20 - 1:40 p.m.| Justice Cassel| Bug Bounties and the OWASP Top 10: Messy Vulns and Real Lessons
1:40 - 2 p.m.| Ben Greenbaum| Investigations at the Speed of Cisco Visibility
2 - 2:20 p.m.| Ryan Pentney| Chinese cryptomining actor trends with honeypots observations
2:20 - 2:40 p.m.| Brandon Stultz| Protecting Networks with Snort 3
2:40 - 3 p.m.| Benny Ketelslegers| CCleaner
3 - 3:20 p.m.| Claudio Bozzato| Trap IoT Devices And Get Free Bugs
3:20 - 3:40 p.m.| Samuel Dytrych| In Libc We Trust?
3:40 - 4 p.m.| David Schwartzberg| Anatomy of an Attack
4 - 4:20 p.m.| Paul Singleton| The Secure Internet Gateway: Security Reimagined in the Cloud
4:20 - 4:40 p.m.| Andrew Maxey| Office 365: Enhanced Security to Protect Your Email, Users, Data and Apps
4:40 - 5 p.m.| Raffle Drawing|

Coming early for BSides or staying for DEFCON?

We have a few things going on there, too.

  • Make sure to stop by Hire Ground at BSides for resume review and tips with Cisco/Talos technical recruiter Merilyn Tinana.
  • There are two DEF CON sessions that are not to be missed as well: _Playback: A TLS 1.3 Story with _Alejo Murillo Moya and Alfonso Garcia Alguacil at DEF CON Track 2 and Analyzing VPN Filter’s Modbus Module Talos researchers Patrick DeSantis & Carlos Pacho in the DEF CON ICS Village (see schedule above).

Friendly Reminders:

There are a lot of things you should know before heading to Black Hat, DEF CON, and/or BSides LV. Here’s a quick list of things to absolutely remember:

  • Business cards
  • Spare battery/juice pack — nothing drains devices like a conference, although turning off Bluetooth and Wi-Fi radios helps and may not be a terrible idea (especially at these conferences in particular). If you aren’t charging, you are probably going to have a dead phone by the time the parties start in the evening.
  • Comfortable walking shoes — yes, many venues are connected, but they are connected via long walks. Many attendees rack up more than 10 miles per day on their pedometers.
  • Space in your suitcase — all that sweet, sweet conference swag isn't shipping itself home.
  • Water — because it's the desert. Pro-tip: arrange a delivery from Prime Now, Instacart, etc. on your arrival day to make sure you always have a full bottle of water. We are looking forward to meeting and seeing everyone at Black Hat and DEF CON. Be sure to come by booth #504 and say hello …and, of course, pick up a new, limited edition Snorty pig for your collection.