BH2020 Episode #4 – August 06, 2020
Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe
1. Security Trends In Modern Application Development – 11:00 AM-11:15 AM
Sponsored By
Visit https://www.veracode.com/ for more information! Description
Visit https://www.veracode.com/ for more information!
Description
DevSecOps has moved security front and center in modern development. Yet security and development teams are driven by different metrics, making it challenging to align on objectives. The move to microservices-driven architecture and the use of containers and serverless has shifted the dynamics of how developers build, test, and deploy code.
This segment is sponsored by Veracode.
Visit https://www.veracode.com/ to learn more about them!
To view the full report by Veracode and Enterprise Strategy Group publishing on August 11, go to www.veracode.com and follow Veracode on Twitter at @Veracode.
Guest(s)
Hosts
2. Hiding Process Memory Via Anti-Forensic Techniques – 11:45 AM-12:00 PM
Description
Malware authors constantly search for new ways of hiding their activity/content from the eyes of the analysts. In order to help the malware authors in their constant struggle ;-), we introduce three novel methods that prevent malicious user space memory from appearing in analysis tools and additionally making the memory inaccessible from a security analysts perspective on both, Windows and Linux. We are, however, also covering different approaches for detecting the hidden memory and releasing various Volatility 3 and Rekall plugins. The last piece of our release are PoC implementations for all subversion techniques for Windows and Linux, and an upgraded version for one of the subversion techniques, which is controllable with a C&C server.
Segment Resources: https://www.blackhat.com/us-20/briefings/schedule/index.html#hiding-process-memory-via-anti-forensic-techniques-20661 https://github.com/f-block/BlackHat-USA-2020 https://github.com/DFRWS-memory-subversion/
Guest(s)
Hosts
3. How We Can Effectively Solve For Human Risk In Our Organizations – 12:30 PM-12:45 PM
Description
What is Human risk? With WFH being present, has human risk increased? Can you solve human risk with technology? As part of your Blackhat talk, what trends have you unconvered that could help CISO’s identify areas of greatest human risk?
See how Elevate Security can solve for human risk in your organization and if you missed it, you’ll find our Blackhat presentation available for download. https://www.elevatesecurity.com/
Guest(s)
Hosts
4. deepwatch Lens Score – 01:15 PM-01:30 PM
Sponsored By
Visit https://www.deepwatch.com/lens-score/ for more information! Description
Visit https://www.deepwatch.com/lens-score/ for more information!
Description
deepwatch Lens Score – The first SecOps maturity benchmarking and planning app. Answers CISO Questions: How mature is my Security Program? How do I compare to my peers? What one thing should I do next?
This segment is sponsored by deepwatch.
Visit https://www.deepwatch.com/lens-score/ to try deepwatch Lens Score for free!
Guest(s)
Hosts
5. Cyber Threat Intelligence – 02:00 PM-02:15 PM
Description
Cyber threat intelligence has had trouble demonstrating relevance and ROI for most organizations. Brian Kime from Forrester discusses his research on current cyber threat intelligence trends and helps us understand what to expect, from both services and tools, over the next two years.
To read some of Brian Kime’s research, visit: https://go.forrester.com/blogs/author/brian_kime/
Segment resources: https://go.forrester.com/blogs/category/security-risk/
Forrester research for Security & Risk Professionals: https://www.forrester.com/security-&-risk
Guest(s)
Hosts
6. Threat Hunting Incident Response w/ Google Cloud & Tanium – 02:45 PM-03:00 PM
Sponsored By
Visit https://securityweekly.com/tanium for more information! Description
Visit https://securityweekly.com/tanium for more information!
Description
Matt and Anton will discuss the new integration between Tanium and Chronicle, designed for distributed IT in a remote-work world. The two will explore some of the unique challenges that security teams are facing in light of this change. They will also provide details on the new integrations, which combines comprehensive endpoint telemetry from Tanium with Chronicle’s cloud-scale analytics to inform threat hunting and investigations with one year of recorded endpoint activity.
This is just the beginning of the partnership between Google Cloud and Tanium. Check out the blog post on Tanium’s website to learn more about the future of the partnership and what it means for security.
This segment is sponsored by Tanium.
Visit https://securityweekly.com/tanium to learn more about them!
Guest(s)
Hosts
7. Summarizing the BlackHat Threat Intelligence Report – 03:30 PM-03:45 PM
Sponsored By
Visit https://securityweekly.com/mimecast for more information! Description
Visit https://securityweekly.com/mimecast for more information!
Description
Matthew Gardiner, Principal Security Strategist, from Mimecast will provide and overview of Mimecast and the results of their Threat Intelligence Report, BlackHat USA Edition, August 2020.
This segment is sponsored by Mimecast.
Visit https://securityweekly.com/mimecastbh to learn more about them!
To download the latest Threat Intelligence Report, please visit https://securityweekly.com/mimecastbh.
Guest(s)
Hosts
8. Challenges Configuring Your Home Network for Remote Workers – 04:15 PM-04:30 PM
Description
Paul Asadoorian and Matt Alderman discuss the challenges of remote work and how to setup your home network. This discussion will lead to a number of technical segments on future shows to help individuals setup a more secure network at home.
Hosts
9. JavaScript Security – 05:00 PM-05:15 PM
Description
Security holes and attack vectors in JavaScript. Defense mechanisms against JavaScript exploitations.