Disinformation as a Cybersecurity Problem

Presenter:  Renee DiResta A major advancement in the practice of defensive information security over the last decade has been the adoption of intelligence driven defense, where defensive teams base their plans and priorities on models of attacker capabilities and techniques that are built on observational evidence of real campaigns. A core

Read more

Adversary-Based Threat Modeling and Risk Analysis

Presenter: Julian Cohen The security industry has been talking about powerful concepts like adversary intelligence and attacker cost for a long time now, but most organizations are not using these concepts in their security programs, causing teams to make poor defensive decisions and waste resources on efforts that do not stop real

Read more

Shifting Sands – Shoring up Cyber-defense in a Rapidly Changing Threat Landscape: Insights from the Microsoft Security Intelligence Report Volume 24

Diana Kelly The security threat landscape is constantly evolving, and Microsoft has deep data insights from the 6.5 trillion security signals that we analyze every day to over a decade tracking and analyzing software vulnerabilities, exploits, malware, unwanted software, and attacker group methods and tactics via the Security Intelligence

Read more

Terminal Vertex – Attacking Network Monitoring

Eldar Marcussen While auditing a system administration tool, I spotted what appeared to be a clear vulnerability when skimming some code. What I believed was a command injection flaw failed to execute when tested against a lab system, but it did exhibit behaviour that was somewhat consistent with injection flaws. This talk describes the

Read more