I have had the privilege of sharing my knowledge and insights with diverse audiences at various cybersecurity conferences. Through these presentations, I aim to shed light on the intricate challenges we face in securing our digital landscape while offering practical solutions and strategies to stay one step ahead of cyber threats. Join me on this journey of exploration and empowerment as we navigate the intricate world of cybersecurity together.
Hide and Seek with EMET
This presentation will cover the defensive cyber security solutions and capabilities provided by Enhanced Mitigation Experience Toolkit 5.5 from Microsoft. This will be a defensive talk in nature and will cover the evolution of advanced memory protections and mitigations within Windows. Additionally, this discussion will provide possibilities for improving EMET for upcoming changes to the Windows environment. There will also be discussions on the limitations of EMET, from version 1.0 until the current 5.5, and common advanced bypass techniques used by attackers to defeat the countermeasures provided by the framework.
Collecting Threat Data using Distributed Deception
What happens when you deploy honeypots in different geographical locations and monitor, collect, and analyze the threat data for several years? The Fakelabs Project is a practitioner’s materialization of this idea. This talk will discuss the project’s architecture, observations, automation, derived products, and lessons learned. In addition, there will be demos and suggestions for how defenders can apply the information presented.
Detecting Ghouls & Ghosts in the Wires
The rise in ransomware attacks and third-party breach notifications has contributed to reducing the global mean time to detection (MTTD). So, adversary dwell time is likely much higher than perceived. We must also consider the “unknowns unknowns” that allow attackers to lurk casually on our networks like silent ghosts. In this talk, we will look at a blue team tactic for Microsoft Windows environments that will help reduce the dwell time of ghouls feeding on our sensitive data and the ghosts haunting our networks. A demo at the end will showcase one way to operationalize the information presented using a custom tool.