bh204

BH2020 Episode #4 – August 06, 2020

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Security Trends In Modern Application Development – 11:00 AM-11:15 AM

Sponsored By

sponsor
Visit https://www.veracode.com/ for more information!

Description

DevSecOps has moved security front and center in modern development. Yet security and development teams are driven by different metrics, making it challenging to align on objectives. The move to microservices-driven architecture and the use of containers and serverless has shifted the dynamics of how developers build, test, and deploy code.

This segment is sponsored by Veracode.

Visit https://www.veracode.com/ to learn more about them!

To view the full report by Veracode and Enterprise Strategy Group publishing on August 11, go to www.veracode.com and follow Veracode on Twitter at @Veracode.

Guest(s)

Chris Wysopal
Chris Wysopal – Co-Founder, CTO & CISO

Hosts

MattAlderman
MattAlderman – CEO

2. Hiding Process Memory Via Anti-Forensic Techniques – 11:45 AM-12:00 PM

Description

Malware authors constantly search for new ways of hiding their activity/content from the eyes of the analysts. In order to help the malware authors in their constant struggle ;-), we introduce three novel methods that prevent malicious user space memory from appearing in analysis tools and additionally making the memory inaccessible from a security analysts perspective on both, Windows and Linux. We are, however, also covering different approaches for detecting the hidden memory and releasing various Volatility 3 and Rekall plugins. The last piece of our release are PoC implementations for all subversion techniques for Windows and Linux, and an upgraded version for one of the subversion techniques, which is controllable with a C&C server.

Segment Resources: https://www.blackhat.com/us-20/briefings/schedule/index.html#hiding-process-memory-via-anti-forensic-techniques-20661 https://github.com/f-block/BlackHat-USA-2020 https://github.com/DFRWS-memory-subversion/

Guest(s)

Frank Block
Frank Block – Security Researcher

Hosts

PaulAsadoorian
PaulAsadoorian – Founder & CTO

3. How We Can Effectively Solve For Human Risk In Our Organizations – 12:30 PM-12:45 PM

Description

What is Human risk? With WFH being present, has human risk increased? Can you solve human risk with technology? As part of your Blackhat talk, what trends have you unconvered that could help CISO’s identify areas of greatest human risk?

See how Elevate Security can solve for human risk in your organization and if you missed it, you’ll find our Blackhat presentation available for download. https://www.elevatesecurity.com/

Guest(s)

Masha Sedova
Masha Sedova – Co-founder

Hosts

PaulAsadoorian
PaulAsadoorian – Founder & CTO

4. deepwatch Lens Score – 01:15 PM-01:30 PM

Sponsored By

sponsor
Visit https://www.deepwatch.com/lens-score/ for more information!

Description

deepwatch Lens Score – The first SecOps maturity benchmarking and planning app. Answers CISO Questions: How mature is my Security Program? How do I compare to my peers? What one thing should I do next?

This segment is sponsored by deepwatch.

Visit https://www.deepwatch.com/lens-score/ to try deepwatch Lens Score for free!

Guest(s)

Corey Bodzin
Corey Bodzin – CTO

Hosts

MattAlderman
MattAlderman – CEO

5. Cyber Threat Intelligence – 02:00 PM-02:15 PM

Description

Cyber threat intelligence has had trouble demonstrating relevance and ROI for most organizations. Brian Kime from Forrester discusses his research on current cyber threat intelligence trends and helps us understand what to expect, from both services and tools, over the next two years.

To read some of Brian Kime’s research, visit: https://go.forrester.com/blogs/author/brian_kime/

Segment resources: https://go.forrester.com/blogs/category/security-risk/

Forrester research for Security & Risk Professionals: https://www.forrester.com/security-&-risk

Guest(s)

Brian Kime
Brian Kime – Senior Analyst

Hosts

MattAlderman
MattAlderman – CEO

6. Threat Hunting Incident Response w/ Google Cloud & Tanium – 02:45 PM-03:00 PM

Sponsored By

sponsor
Visit https://securityweekly.com/tanium for more information!

Description

Matt and Anton will discuss the new integration between Tanium and Chronicle, designed for distributed IT in a remote-work world. The two will explore some of the unique challenges that security teams are facing in light of this change. They will also provide details on the new integrations, which combines comprehensive endpoint telemetry from Tanium with Chronicle’s cloud-scale analytics to inform threat hunting and investigations with one year of recorded endpoint activity.

This is just the beginning of the partnership between Google Cloud and Tanium. Check out the blog post on Tanium’s website to learn more about the future of the partnership and what it means for security.

This segment is sponsored by Tanium.

Visit https://securityweekly.com/tanium to learn more about them!

Guest(s)

Anton Chuvakin
Anton Chuvakin – Head of Solutions Strategy
Matt Hastings
Matt Hastings – Senior Director, Product Management

Hosts

PaulAsadoorian
PaulAsadoorian – Founder & CTO

7. Summarizing the BlackHat Threat Intelligence Report – 03:30 PM-03:45 PM

Sponsored By

sponsor
Visit https://securityweekly.com/mimecast for more information!

Description

Matthew Gardiner, Principal Security Strategist, from Mimecast will provide and overview of Mimecast and the results of their Threat Intelligence Report, BlackHat USA Edition, August 2020.

This segment is sponsored by Mimecast.

Visit https://securityweekly.com/mimecastbh to learn more about them!

To download the latest Threat Intelligence Report, please visit https://securityweekly.com/mimecastbh.

Guest(s)

Matthew Gardiner
Matthew Gardiner – Principal Security Strategist

Hosts

MattAlderman
MattAlderman – CEO

8. Challenges Configuring Your Home Network for Remote Workers – 04:15 PM-04:30 PM

Description

Paul Asadoorian and Matt Alderman discuss the challenges of remote work and how to setup your home network. This discussion will lead to a number of technical segments on future shows to help individuals setup a more secure network at home.

Hosts

MattAlderman
MattAlderman – CEO
PaulAsadoorian
PaulAsadoorian – Founder & CTO

9. JavaScript Security – 05:00 PM-05:15 PM

Description

Security holes and attack vectors in JavaScript. Defense mechanisms against JavaScript exploitations.

Guest(s)

Taemin Park
Taemin Park – Ph. D. Student

Hosts

PaulAsadoorian
PaulAsadoorian – Founder & CTO