Smart Security on Demand
Mandalay Bay, Las Vegas, NV July 26 - 27, 2017
Join us in Vegas for Black Hat USA, the show sets the benchmark for all other security conferences. Black Hat brings together the brightest in the world for six days of learning, networking, and skill building. The environment is strictly vendor-neutral and focused on the sharing of practical insights and timely, actionable knowledge. Black Hat remains the best and biggest event of its kind, unique in its ability to define tomorrow's information security landscape.
Presenter: Will Harmon
A high-level review of the top threats and attack vectors from the 2017 Trustwave Global Security Report, followed by an informative dialog on the benefits of moving from annual or semi-annual penetration testing to continuous testing.
Trustwave Government Solutions, Practice Lead - SpiderLabs
Will is a military veteran and brings more than 14 years of experience in the cyber security space. He has extensive experience in both the public and private sector performing penetration tests, vulnerability management, intrusion detection, and digital
Presenter: Jeff Kitson
Tranewreck provides an overview of a popular consumer IoT thermostat and its potentially dangerous vulnerabilities. The vulnerabilities covered in this presentation won the 0-day Rabble Rouser contest for the IoT Village at Defcon 24.
Senior Security Researcher
Jeff Kitson is a Senior Security Researcher with Trustave SpiderLabs. His research focuses include IoT security and critical infrastructure.
10:00am - 7:00pm
10:00am - 12:00pm
Stop by booth #954 for a morning pick-me-up. Red Bull and Starbucks coffee coolers.
10:30am - 10:45am
PCI compliance is an ongoing effort. This talk will cover the state of network security in 2017 and highlight the most common threats as well as a few high profile threats detected by the Trustwave scanner in the past year.
Security Research Manager
As Manager of the Trustwave SpiderLabs Vulnerability Assessment security research team, Prutha is responsible for the vulnerability research effort behind Trustwave's PCI ASV certified network scanning services. With over 10 years in the security industry, she
has experience in software development, web application security, penetration testing and vulnerability research in addition to network protocol analysis, network scanner signature development, firewall reviews and security assessments of database systems.
12:30pm - 12:45pm
Anti-virus isn't dead but long live Endpoint Detection! This session will showcase an incident responders view of dealing with a hackers toolkit in real-time during a recent POS compromise investigation.
Senior Security Consultant
As a Senior Security Consultant with Trustwave's SpiderLabs group, Matt performs Incident Response and Digital Forensics Investigation for Trustwave clients.
2:00pm - 2:15pm
3:00pm - 6:00pm
Curb those afternoon munchies. Come grab an ice cream bar at booth #954.
4:00pm - 4:15pm
This session will feature a discussion about using dark web research tools to increase the effectiveness of threat intel applications and security operations.
Sr Manager, Cyber Threat Detection - Trustwave SpiderLabs
Dennis leads the Trustwave SpiderLabs Cyber Threat Detection team. He has 15 years of experience in cyber warfare and software engineering with the US Air Force and private sector managed security services. Leads global team of threat analysts and security engineers
in a 24/7 MSS operations.
5:15pm - 5:45pm
Jeff Kitson is a Senior Security Researcher with Trustwave SpiderLabs. His research focuses include IoT security and critical infrastructure.
10:00am - 5:00pm
Come get a breakfast burrito while its hot at booth #954!
Join this session to get an insider’s view on how Trustwave leverages both internally researched threat intelligence as well as 3rd party relationships to strengthen our vast portfolio of products and services/managed services.
Security Research Manager, Trustwave SpiderLabs Threat Intelligence
Karl is responsible for research and analysis of current vulnerabilities, malware and threat trends. In addition to maintaining the Threat Intelligence program, Karl and his team manage the IDS/IPS signature development, serve as liaison with Microsoft
MAPP program, and coordinate the Responsible Disclosures of discovered vulnerabilities.
1:00pm - 1:15pm
2:30pm - 2:45pm
Get a better understanding of how to protect your databases in this session, where you will hear a firsthand review of a couple of Trustwave AppDetectivePRO scans (MongoDB and one more), learn how it works (and what our experts look for) and how to interpret
Senior Security Researcher
Vladimir Zakharevich is a Senior Security Researcher at Trustwave SpiderLabs where he works on vulnerability research and product development. His main focus is security of databases and IoT.
Martin Rakhmanov is a Security Research Manager at Trustwave SpiderLabs where his focus is database vulnerability research and product development.
3:30pm - 3:45pm
Staying on top of current, as well as emerging requirements for PCI DSS compliance can be a daunting task and ignorance can delay achieving compliance (or worse). Come learn some of the best practices for managing the PCI DSS compliance process year-round.
Senior Security Consultant
Kevin has over 30 years of experience in IT and programming on every platform from mainframes to embedded systems across multiple industries, with a focus in IT security for the last 15 years. After 10 years as a security manager for a level 1 PCI merchant,
he now performs PCI assessments and consults with clients seeking best practice and compliance.
4:15pm - 4:45pm
Attackers frequently use a variety of methods to obfuscate their data. Use your favorite method to crack the code and become the first forensic all-star to solve the challenge to win a fabulous prize and bragging rights. Couldn’t crack the code? Come to this session hear how to solve the challenge.
Incident Response Consultant
James Antonakos is an Incident Response Consultant for the SpiderLabs team at Trustwave, where his work involves computer forensics in PCI and malware investigations, malware and threat hunting research, security analysis and blogging, and conference presentations. James is passionate about all things Information Security, especially things related to PCI, IT security auditing, computer forensics, and malware analysis.
No need to carry all that great material around the show floor - simply pick the information that interests you, and we will send it directly to your inbox!
Attackers frequently use a variety of methods to obfuscate their data. Show off your skills and take part in the Trustwave SpiderLabs Forensic Challenge using your favorite method to crack the code. Become the first forensic all-star to solve the challenge to win a fabulous prize and ultimate bragging rights.
During incident response, a WAV file was found on a compromised computer. There is some suspicion that it may contain exfiltrated data based on comments from a forensic investigator who began decoding it before his laptop was stolen.
The WAV file was located in a folder named “Dreamworks2002” and is believed to contain three lists of IP addresses harvested via the compromised system. There may also be a secret message within the exfiltrated data.
We provide you a copy of the WAV file (imdb-tt026446.wav):
Based on this file, you will need to answer the following questions:
Once you solve the riddle, bring your answers to the Trustwave booth #954 to have them verified.
Stumped? Swing by our booth on Thursday, July 28 at 4:15 p.m. and we will walk you through how to solve the challenge.