It is once again time for the week in the summer when many of us descend on Las Vegas for Black Hat, DEF CON, and B-Sides LasVegas. This is your official guide to what the Cisco Talos Threat Intelligence team is doing at these shows and what some of our colleagues around Cisco Security are doing, as well.
Whether you are looking to catch some great talks, hunting down the best parties, or just trying to avoid LineCon in all it's forms, here is a quick run-down of where and how you can catch Talos speakers, Cisco events, and other fun stuff you don't want to miss. Read on for the full details of what Cisco has in store for this year.
Black Hat Events At a Glance:
Event microsite:
www.cisco.com/go/blackhat
Chat with us: @TalosSecurity, @CiscoSecurity, @OpenDNS, @CiscoDevNet, @Snort, and @PortcullisLabs
Beers with Talos Live Podcast:
Wed. Aug. 8, 12 - 2 p.m. -SOLD OUT-
Cisco Party Black Hat party: We're headed to Topgolf Las Vegas! Get on the list now.
Booth: Stop by booth #504 for Snort pigs, Talos socks, and amazing booth talks by the Talos crew and other Cisco Security team members.
- Theater sessions will take place every 20 minutes.
- Play the DevNet Black Hat challenge on Thursday. Participants will receive a limited availability hoodie.
- The booth will also feature demos, Snort squishy pigs, awesome socks, and party check-in.
Career Zone booth CZ212: Security recruiters and researchers from Talos, Cisco Security, and Umbrella will be talking to recruits about all open positions. If you are looking for a new role or thinking it is time for a change, stop by the Career Zone booth. Resumes aren't required, but we will take it if you have it. Check out open positions across Cisco Security (including Talos!) here: cs.co/SecJobs.
Wednesday, Aug. 8 Talos Black Hat Flash Talks:
10 a.m. - 7 p.m., Cisco Booth #504 - Full schedule below
Cisco Security/Talos Recruiting:
10 a.m. - 7 p.m., Black Hat Career Zone, Booth CZ212
Cisco Security Black Hat Session:
Cryptocurrency: More Than Just a Ransomware Payment Method
11:30 a.m. - 12:20 p.m., Oceanside F (Giving away "Game of Threats" T-shirts)
Artsiom Holub and Austin McBride
Beers with Talos Live at Black Hat:
12 - 2 p.m., Rí Rá Irish Pub, Mandalay Bay -SOLD OUT-
Talos Black Hat Session:
Surprise Supplies!
Paul Rascagneres and Warren Mercer
3 - 3:50 p.m., Business Hall Theater B (Giving away Talos socks)
Cisco Black Hat Party:
8 - 11 p.m., Topgolf Las Vegas, MGM
Thursday, Aug. 9 Talos Black Hat Flash Talks:
10 a.m. - 7 p.m., Cisco Booth #504 - Full schedule below
Cisco Security/Talos Recruiting: 10 a.m. - 7 p.m., Black Hat Career Zone, Booth CZ212
Cisco Security Black Hat Workshop:
Tracking Down the Cyber Criminals: Revealing Malicious Infrastructures with Umbrella
Chris Riviere
11 - 11:50 a.m., Session 1, Mandalay Bay Ballroom B (Giving away "Game of Threats" T-shirts)
12:10 - 1 p.m., Session 2, Mandalay Bay Ballroom B (Giving away "Game of Threats" T-shirts)
Cisco Security (PortcullisLabs) Black Hat Session:
Playback: A TLS 1.3 Story
Alejo Murillo Moya and Alfonso Garcia Alguacil
12:10 - 1 p.m., Jasmine Ballroom
Cisco Security Black Hat Session:
A Cloud Security RESTful Hunt
Andrew Maxey
1:20 - 2:10 p.m., Business Hall Theater B (Giving away "Game of Threats" T-shirts)
Cisco Security Black Hat Session:
IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies
Jonas Zaddach
3:50 - 4:40 p.m., South Pacific F
Friday, Aug. 10
Cisco Security (PortcullisLabs) DEF CON Session:
Playback: A TLS 1.3 Story
Alejo Murillo Moya and Alfonso Garcia Alguacil
3 - 4 p.m., DEF CON Track 2 - Caesar’s Palace
Saturday, Aug. 11 Talos DEF CON Session:
Analyzing VPN Filter’s Modbus Module
Patrick DeSantis & Carlos Pacho
10:40 - 11:30 a.m., DEF CON ICS Village
Cisco Booth Lightning Talk Schedule: Wed. Aug 8, 10 a.m. - 7 p.m.
Thurs. Aug 9, 10 a.m. - 5 p.m.
Cisco Booth #504
On the full schedule, we have 18 new talks from Talos, and many other talks from Umbrella, and Cisco’s Web Security and Services teams. You won’t want to miss these sessions. Have a seat and enjoy a 20-minute presentation in Cisco booth #504. Grab some great swag, check in for the Cisco Party, or play the Black Hat challenge game while you are there.
Here is the full schedule of booth talks at the Cisco/Talos booth area (highlights indicate talks from Cisco Talos team members):
| Wed. Aug. 8 | Speaker | Title |
| 10:40 - 11 a.m. | George Tarnovsky | Reverse Engineering using X-Ray |
| 11 - 11:20 a.m. | Alec Gleason | Secure AI Architecture |
| 11:20 - 11:40 a.m. | Samuel Dytrych | In Libc We Trust? |
| 11:40 - Noon | Paul Singleton | The Secure Internet Gateway: Security Reimagined in the Cloud |
| Noon - 12:20 p.m. | Jordan Gackowski | Stepping into the cloud with confidence |
| 12:20 - 12:40 p.m. | Chris Riverie | Office 365: Enhanced Security to Protect Your Email, Users, Data and Apps |
| 12:40 - 1 p.m. | Chris Parker James | Anatomy of an Attack |
| 1 - 1:20 p.m. | Justice Cassel | Bug Bounties and the OWASP Top 10: Messy Vulns and Real Lessons |
| 1:20 - 1:40 p.m. | Sam Rastogi | Redefine Data Center Security in a Multicloud World |
| 1:40 - 2 p.m. | Ben Greenbaum | Investigations at the Speed of Cisco Visibility |
| 2 - 2:20 p.m. | Nick Biasini | Malicious Crypto Mining |
| 2:20 - 2:40 p.m. | Jaime Filson | A Romp Down FTP Lane |
| 2:40 - 3 p.m. | Adam Flatley | Managing Response to Large Scale, Critical Cyber Events |
| 3 - 3:20 p.m. | David van Schravendijk | Cisco's Cloud Managed Meraki MX. Past, Present, & Future. |
| 3:20 - 3:40 p.m. | Salina Wuttke | IBM: Accelerate Detection of Advanced Threats with Cisco & IBM Security |
| 3:40 - 4 p.m. | George Tarnovsky | Reverse Engineering using X-Ray |
| 4 - 4:20 p.m. | Vitor Ventura | Telegrab |
| 4:20 - 4:40 p.m. | Yves Younan | The Past Year In Vulnerability Discovery at Cisco Talos |
| 4:40 - 5 p.m. | Cory Duplantis | Pattern Matching Vulnerabilities |
| 5 - 5:20 p.m. | Andrew Blunck | How Talos Writes Coverage & Why it Works |
| 5:20 - 5:40 p.m. | Caitlyn Hammond | A day in the life of an analyst |
| 5:40 - 6 p.m. | Adam Katz | Email Sender Analysis: SPF, DKIM, and DMARC |
| 6 - 6:20 p.m. | Sam Rastogi | Redefine Data Center Security in a Multicloud World |
| 6:20 - 6:40 p.m. | ||
| 6:40 - 7 p.m. | Raffle Drawing |
| Thur. Aug. 9 | Speaker | Title |
| 10 - 10:20 a.m. | David Schwartzberg | Anatomy of an Attack |
| 10:20 - 10:40 a.m. | Edmund Brumaghin | Thanatos Ransomware |
| 10:40 - 11 a.m. | David Maynor | Hunting beyond packets |
| 11 - 11:20 a.m. | Danny Adamitis | When and why APT actors use open-source frameworks |
| 11:20 - 11:40 a.m. | Regina Wilson | Vulnerability Reporting and Disclosure |
| 11:40 - Noon | Carlos Pacho | Finding Vulns in Embedded Systems |
| Noon - 12:20 p.m. | David van Schravendijk | Cisco's Cloud Managed Meraki MX. Past, Present, & Future. |
| 12:20 - 12:40 p.m. | Alec Gleason | Secure AI Architecture |
| 12:40 - 1 p.m. | Salina Wuttke | IBM: Accelerate Detection of Advanced Threats with Cisco & IBM Security |
| 1 - 1:20 p.m. | Jordan Gackowski | Stepping into the cloud with confidence |
| 1:20 - 1:40 p.m. | Justice Cassel | Bug Bounties and the OWASP Top 10: Messy Vulns and Real Lessons |
| 1:40 - 2 p.m. | Ben Greenbaum | Investigations at the Speed of Cisco Visibility |
| 2 - 2:20 p.m. | Ryan Pentney | Chinese cryptomining actor trends with honeypots observations |
| 2:20 - 2:40 p.m. | Brandon Stultz | Protecting Networks with Snort 3 |
| 2:40 - 3 p.m. | Benny Ketelslegers | CCleaner |
| 3 - 3:20 p.m. | Claudio Bozzato | Trap IoT Devices And Get Free Bugs |
| 3:20 - 3:40 p.m. | Samuel Dytrych | In Libc We Trust? |
| 3:40 - 4 p.m. | David Schwartzberg | Anatomy of an Attack |
| 4 - 4:20 p.m. | Paul Singleton | The Secure Internet Gateway: Security Reimagined in the Cloud |
| 4:20 - 4:40 p.m. | Andrew Maxey | Office 365: Enhanced Security to Protect Your Email, Users, Data and Apps |
| 4:40 - 5 p.m. | Raffle Drawing |
Coming early for BSides or staying for DEFCON? We have a few things going on there, too.
- Make sure to stop by Hire Ground at BSides for resume review and tips with Cisco/Talos technical recruiter Merilyn Tinana.
- There are two DEF CON sessions that are not to be missed as well: Playback: A TLS 1.3 Story with Alejo Murillo Moya and Alfonso Garcia Alguacil at DEF CON Track 2 and Analyzing VPN Filter’s Modbus Module Talos researchers Patrick DeSantis & Carlos Pacho in the DEF CON ICS Village (see schedule above).
Friendly Reminders: There are a lot of things you should know before heading to Black Hat, DEF CON, and/or BSides LV. Here’s a quick list of things to absolutely remember:
- Business cards
- Spare battery/juice pack — nothing drains devices like a conference, although turning off Bluetooth and Wi-Fi radios helps and may not be a terrible idea (especially at these conferences in particular). If you aren’t charging, you are probably going to have a dead phone by the time the parties start in the evening.
- Comfortable walking shoes — yes, many venues are connected, but they are connected via long walks. Many attendees rack up more than 10 miles per day on their pedometers.
- Space in your suitcase — all that sweet, sweet conference swag isn't shipping itself home.
- Water — because it's the desert. Pro-tip: arrange a delivery from Prime Now, Instacart, etc. on your arrival day to make sure you always have a full bottle of water. We are looking forward to meeting and seeing everyone at Black Hat and DEF CON. Be sure to come by booth #504 and say hello …and, of course, pick up a new, limited edition Snorty pig for your collection.