Without a doubt, Black Hat is one of the marquee events that gathers together the entire security industry. Looking at this year’s agenda, the conference won’t disappoint. CrowdStrike, again, will be at Black Hat in full force. Among exciting announcements of new features, offerings and expanded capabilities of our endpoint protection platform, we will also be discussing eCrime trends, releasing new actor profiles, and more.
If you are looking to catch-up with our team and see the power of the CrowdStrike Falcon platform in action, stop by our booth 507. We’ll have live demos and briefings, showcasing real-word detection and prevention scenarios of malware and malware-free attacks, as well as fun activities like adversary T-shirt printing.
A rundown of activities includes:
Black Hat Training:
Join Andy Schworer, William Tan, and Ashley Nuckol for a training on the techniques you need to hunt advanced adversaries in network traffic. Topics include methods of hunting for adversary activity in Bro IDS logs, identifying indicators of compromise, and how to get started writing Bro scripts and ChopShop modules.
You can register for the session here: Adversary Hunting and Incident Response: Network Edition
Black Hat Briefings:
Detect Threats – and Impacts – More Quickly: The Current Threat Landscape, presented by Dmitri Alperovitch at the Black Hat CISO Summit on August 2nd at 1:15 pm PT.
The session will feature an expert’s view of the current threat landscape and a synopsis of some of the latest, emerging cybersecurity challenges. Dmitri Alperovitch will explain how information sharing is critical to keeping ahead of new threats and how data analysis is helping CISOs become better at detecting the threats and their impact on enterprise data.
The Linux Kernal HiddenInside Windows 10, presented by Alex Ionescu on August 3rd at 10:10 am PT
Initially known as “Project Astoria” and delivered in beta builds of Windows 10 Threshold 2 for Mobile, Microsoft implemented a full blown Linux 3.4 kernel in the core of the Windows operating system, including full support for VFS, BSD Sockets, ptrace, and a bonafide ELF loader. After a short cancellation, it’s back and improved in Windows 10 Anniversary Update (“Redstone”), under the guise of Bash Shell interoperability. This new kernel and related components can run 100% native, unmodified Linux binaries, meaning that NT can now execute Linux system calls, schedule thread groups, fork processes, and access the VDSO! As it’s implemented using a full-blown, built-in, loaded-by-default, Ring 0 driver with kernel privileges, this not a mere wrapper library or user-mode system call converter like the POSIX subsystem of yore. The very thought of an alternate virtual file system layer, networking stack, memory and process management logic, and complicated ELF parser and loader in the kernel should tantalize exploit writers – why choose from the attack surface of a single kernel, when there’s now two? Alex will take a look at the internals of this entirely new paradigm shift in the Windows OS, and touch the boundaries of the undocumented and unsupported to discover interesting design flaws and abusable assumptions, which lead to a wealth of new security challenges on Windows 10 Anniversary Update (“Redstone”) machines.
Hacking Exposed! The Latest “Living Off the Land” Techniques, presented by Elia Zaitsev
With adversaries increasingly “living off the land” to bypass traditional security controls and move beyond malware to compromise organizations, learn about new attack techniques that CrowdStrike observes regularly across eCrime, nation state and hacktivist adversaries. This session will discuss the latest in adversary tradecraft and how you can stop them dead in their tracks.
Follow us on Twitter (@CrowdStrike) to keep up with CrowdStrike’s Black Hat happenings during the event and check our blogs for additional information on our exciting new releases. We look forward to seeing you in Las Vegas!