Below is the agenda with topic descriptions for some of the sessions you will hear by attending the Threat Intelligence Summit. Please note that these topics are subject to change, and additional topics will likely be added.
Monday, November 10 |
|||
Time |
Session |
Speaker |
Room |
1:00 p.m.-1:15 p.m. |
Welcome |
Barry Hensley |
Athens |
1:15 p.m. – 2:15 p.m. |
Adversary Reactions to Technical Events Four case studies will demonstrate how threat groups responded to stimulus introduced into the victim organization’s environment. See each threat group's reaction to a number of stimuli such as response to removing excel files, removing their malware, removing access points, response to eviction and more. |
Aaron Shelmire & Phil Burdette |
Athens |
2:15 p.m. -3:00 p.m. |
Anatomy of an APT By taking a deep dive into the various elements that make up an advanced threat, this session will expose the driving factors behind today's cybercrime and demonstrate exactly how such malware is infiltrating networks. This discussion will examine the characteristics of both commodity (SQLi, XSS, exploit kits, etc.) and the killchain of an advanced persistent threats. |
Dennis Dwyer |
Athens |
3:00 p.m. -3:15 p.m. |
BREAK |
|
|
3:15 p.m. - 4:00 p.m. |
Malware Targeting ATMs Recently, threat actors have been showing interest in developing and deploying logical attacks on Automated Teller Machines (ATMs). Logical or digital attacks are those carried out by criminals using malicious software designed to attack the ATM processing network or the software (operating system or application software) and firmware of the ATM Unit. This presentation will cover technical details of malware specifically designed to target ATMs along with the TTPs threat actors have used to deploy and execute such attacks. |
Eric Kumar |
Athens |
4:00 p.m. -5:00 p.m. |
Lateral Movement After credentials have been obtained and a foothold established, multiple methods exist for an attacker to expand control of the environment. This session will cover the TTP attackers use from command line or shell and present issues this creates in detection of the expanded control. Novel techniques from actual cases will be shown along with methods of defense. |
Harlan Carvey |
Athens |
6:00 p.m. - 10:00 p.m. |
Cocktails and Dinner Clyde’s of Gallery Place
|
Tuesday, November 11 |
|||
Time |
Session |
Speaker |
Room |
7:00 a.m. - 8:00 a.m.
|
BREAKFAST |
|
Paris |
8:00 a.m. – 9:00 a.m. |
Operation Tovar and Public/Private Partnership in Botnet Takedowns |
Tom Grasso, FBI Jeff Williams, Dell SecureWorks |
Athens
|
9:00 a.m. – 10:00 a.m. |
Who Watches the Watchers Memory capture and analysis during an IR engagement proves to be in invaluable data source that many organizations often overlook. CTU researchers will demonstrate its value and show how tools such as Volatility can be used to uncover threat actors' actions on objectives. This presentation is backed by a real world IR engagement where memory analysis was used to determine that threat actors were remotely accessing hosts using Altiris. |
Phil Burdette |
Athens |
10:00 a.m. – 10:15 a.m. |
BREAK |
|
|
10:15 a.m. – 11:15 a.m.
|
POS Malware Attacks During the past few years, the retail market has seen consistent ever-growing attacks from threat actors developing malware targeting Point-of-Sale (POS) systems in order to steal customer information and credit card data. This presentation will do a deep dive into the past and current POS malware attack trends and TTPs such as entry vector, lateral movement, host and network level evasion techniques, and data exfiltration. Recommended security controls to deploy and mitigation strategies will also be presented in order to minimize attack surface and thwart such attacks. |
Eric Kumar |
Athens |
11:15 a.m. -12:15 a.m.
|
TTPs of a CTU Malware Analyst This demo-rich presentation will cover the various tools and techniques used by CTU for the extraction of threat indicators used to create countermeasures to protect our clients. The content will include coverage of the collection of samples, their analysis, gathering indicators and assessment of threat intelligence as well as how we leverage this process to iterate and find additional threat detail. Coverage will include detection (YARA, Snort, AttackerDB), Static and Dynamic analysis with a variety of tools (OllyDbg, IDA-Pro, Cerebro, and others) as well as our Threat Intelligence Management System (TIMS). |
Param Singh |
Athens |
12:15 p.m. -1:30 p.m. |
LUNCH |
|
Paris |
1:30 p.m. - 3:30 p.m. |
Panel of CTU Researchers with Q&A |
TBD |
Athens |
3:30 p.m. – 3:45 p.m. |
Conclusion |
|
Athens |
© 2014 Dell, Inc. All rights reserved. |