Presenter: Renee DiResta A major advancement in the practice of defensive information security over the last decade has been the adoption of intelligence driven defense, where defensive teams base their plans and priorities on models of attacker capabilities and techniques that are built on observational evidence of real campaigns. A core
Presenter: Julian Cohen The security industry has been talking about powerful concepts like adversary intelligence and attacker cost for a long time now, but most organizations are not using these concepts in their security programs, causing teams to make poor defensive decisions and waste resources on efforts that do not stop real
Presenter: Roger Ofarril In this presentation we discuss why security operations need to move from a reactive to a proactive mindset. Detection can only take you so far. As attackers get more sophisticated defenders need to up their game and proactively look for those targeting them. But how do we get there? We present an
Read more
Read more
Diana Kelly The security threat landscape is constantly evolving, and Microsoft has deep data insights from the 6.5 trillion security signals that we analyze every day to over a decade tracking and analyzing software vulnerabilities, exploits, malware, unwanted software, and attacker group methods and tactics via the Security Intelligence
Eldar Marcussen While auditing a system administration tool, I spotted what appeared to be a clear vulnerability when skimming some code. What I believed was a command injection flaw failed to execute when tested against a lab system, but it did exhibit behaviour that was somewhat consistent with injection flaws. This talk describes the
Perri Adams & Sophia D'Antoine
Digital markets have quickly grown to international proportions, complexities in materials, development, and distribution have developed accordingly, resulting in market efficiency.
Digital markets have quickly grown to international proportions, complexities in materials, development, and distribution have developed accordingly, resulting in market efficiency.
Sophia D'Antoine
Last year, Bloomberg's Big Hack article gave everyone a much needed scare which forced companies to evaluate their exposure to supply chain intervention attacks. But a wider acknowledgment of the problem doesn't make it go away.
Last year, Bloomberg's Big Hack article gave everyone a much needed scare which forced companies to evaluate their exposure to supply chain intervention attacks. But a wider acknowledgment of the problem doesn't make it go away.
Jeremy Blackthorne
Ghidra is the recently published NSA tool for software reverse-engineering. Development for Ghidra began approximately 20 years ago but remained classified within the NSA.
Ghidra is the recently published NSA tool for software reverse-engineering. Development for Ghidra began approximately 20 years ago but remained classified within the NSA.
Numaan Huq
The Energy & Water (E&W) sectors are critical to the economy of every nation and need to be secured. During our investigations we found a certain amount of exposed and unprotected E&W systems online, bringing with them a danger to these Critical Infrastructure (CI).
The Energy & Water (E&W) sectors are critical to the economy of every nation and need to be secured. During our investigations we found a certain amount of exposed and unprotected E&W systems online, bringing with them a danger to these Critical Infrastructure (CI).
Costin G. Raiu & Vitaly Kamluk
Supply chain attacks are becoming some of the least-expected and hard to discover threats in the modern world. Often employing valid digital signatures and capitalizing on the reputation of established
Supply chain attacks are becoming some of the least-expected and hard to discover threats in the modern world. Often employing valid digital signatures and capitalizing on the reputation of established