The Current State and Future Path of Endpoint Security
Nov
30
10:00 AM10:00

The Current State and Future Path of Endpoint Security

We're helping Tactical Edge promote their annual conference in Bogota, Columbia by participating in a series of webinars they're putting on to market the conference and raise awareness for Latin America-based events (which are not nearly as prolific as US/english-speaking ones).

You can register for the Webcast here, and read about some of what Adrian will cover while on his Endpoint Security soapbox!

View Event →
Sep
25
3:45 PM15:45

TALK - Kyle speaking at the 63rd annual ASIS conference

ISSA: Open Source Defense: Building a Security Program with Zero Budget #4316

Even though large breaches have hit the headlines in recent years, some companies are still on the fence about investing in cybersecurity. How can a security practitioner be expected to cover corporate assets with zero budget? Learn how open-source tools can allow that security manager to secure the organization by tracking network assets, performing vulnerability assessments, and preventing attacks by deploying intrusion detection systems. Explore how to find sensitive data and personally identifiable information in a company’s network and learn how to implement incident response tools and automation while drastically improving the security posture of the network with little or no budget.

View Event →
Aug
16
6:00 PM18:00

OWASP Brooklyn: Preparing for the Ransomware Reality

https://www.meetup.com/OWASP-Brooklyn/events/242443663/

How Ransomware Works – Adrian Sanabria

Current techniques for detecting or preventing malware focus on either what malware is or what it looks like. These approaches don't work with ransomware. It takes many forms and can conceptionally be used in nearly any scenario where software or data is involved. This makes it difficult, but not impossible to stop.

 One of the best defenses against ransomware, as with most threats, is understanding how it works. The good news is that ransomware, by nature, has a specific goal. It must achieve this goal in order to ransom the victim. This goal-based nature is something we can take advantage of to both detect and defeat ransomware, regardless of the form it might take.

 This talk will break down ransomware into the components and techniques used by malware authors to make it successful.

View Event →
Jun
24
10:00 AM10:00

TALK - Kyle speaking at BSides Cleveland 2017

Blue-Teamin' on a Budget [of Zero]

Even though large breaches have hit headline news in years past, some companies are still on the fence about investing in cybersecurity. As a security practitioner (or jack of all trades) how can you be expected to cover your assets with zero budget? Thankfully, there are plenty of open-source tools out there that will allow you to secure your organization. Come join me as I discuss how you can track your network assets, perform vulnerability assessments, prevent attacks with intrusion prevention systems, and even deploy HIDS. We will also jump into finding sensitive data and PII in your network, as well as incident response tools and automation. All it costs is your time (and maybe a VM or two). You really can drastically improve the security posture of your network with little to no budget, and you’ll have fun doing it! OK, maybe it won’t be fun, but at least you’ll learn something, right?

Video Here

Slides Here

View Event →
Jun
12
4:00 PM16:00

TALK - 29th annual FIRST Conference in San Juan, Puerto Rico

WATCHEVALUATEENRICHPUNCH (WEEP): A POOR MAN’S SELF-DEFENCE HOST MONITOR

Konrads Smelkovs is a senior manager in KPMG UK and specialises in technical end of cyber-security - attack and defence.

Adrian Sanabria is a Director of Research at Savage Security.

What is it? WatchEvaluateEnrichPunch is a program which monitors a stream of data such as OSQuery’s event stream, does matching and then responds to those alerts by either enriching the data further using other events, commands, Internet for some decision making such as alerting, degrading or destroying of the offensive process.

In spirit it is similar to Snort or any other major IDS for network or OSSEC, fail2ban for hosts. The difference is the ability to enrich and re-inject the data back into event stream as well as the desire for simplicity.

Why have it? Well, at network level, security people have firewalls and IDSes that can be configured with custom IOCs, but at host level there are few tools that allow deployment of simple behavioural rules that address a local problem. For example, you can fight ransomware string with WEEP by detecting a process that has renamed more than 5 docx files to a different extension within 5 minutes Each hitherto unseen process can be perhaps checked through a series of Yara signatures or it’s md5 ran through virustotal.

Of course a sophisticated attacker will evade all of these simple checks, but meanwhile a sysadmin has a tool to fight back.

View Event →
May
17
11:00 AM11:00

Kyle speaking at B-Sides Knoxville

Open Source Defense: Building a security Program with Zero Budget

Even though large breaches have hit headline news in years past, some companies are still on the fence about investing in cybersecurity. As a security practitioner (or jack of all trades) how can you be expected to cover your assets with zero budget? Thankfully, there are plenty of open-source tools out there that will allow you to secure your organization. Come join me as I discuss how you can track your network assets, perform vulnerability assessments, prevent attacks with intrusion prevention systems, and even deploy HIDS. We will also jump into finding sensitive data and PII in your network, as well as incident response tools and automation. All it costs is your time (and maybe a VM or two). You really can drastically improve the security posture of your network with little to no budget, and you’ll have fun doing it! OK, maybe it won’t be fun, but at least you’ll learn something, right?

View Event →