Our editorial team has handpicked the best of the best talks at RSA Conference - one of the largest IT Security Conference in the world. Following is the list of top talks on Hacking & Attack Technique at RSA Conference 2016.
RSA Conference held its 25th annual event at the Moscone Center in San Francisco and brought together a record number of more than 40,000 attendees. Attendees experienced keynotes, peer-to-peer sessions, top notch track sessions, tutorials and seminars along with networking and social activities including the RSAC Codebreakers bash at AT&T Park featuring Sheryl Crow, Walk off the Earth and Tony Hawk. Keynotes, sessions and debates focused on the Internet of Things, industrial control systems, encryption, artificial intelligence and machine learning, crowdsourcing, healthcare, automotive, and more, with many reflecting current industry news. (Source: RSA Conference USA 2016)
image courtesy: https://en.wikipedia.org/wiki/Yo-Mobile
1) Braking the Connected Car: The Future of Vehicle Vulnerabilities
Speaker: Akshay Anand ( @iamakshayanand ), Karl Brauer ( @karlbrauer )
In this presentation, analysts from Kelley Blue Book’s Automotive Industry Insights will illustrate how the connected car is quickly becoming an unrestricted playground for cyberthreats and how the next generation of in-car technology will intensify already-present vehicle vulnerabilities.
image courtesy: https://www.flickr.com/photos/132889348@N07/20445410340
2) Bruh! Do you even diff?—Diffing Microsoft Patches to Find Vulnerabilities
Speaker: Stephen Sims ( @steph3nsims )
Ever wondered how to find bug fixes residing in Microsoft patches? In this presentation we will take a look at the tools and techniques used to reverse engineer Microsoft security patches. Many organizations take weeks to push out patches to their domains. If an attacker can locate the fix and get a working exploit going, they can use it to compromise your organization.
image courtesy: https://de.wikipedia.org/wiki/Hacker
3) Autonomous Hacking: The New Frontiers of Attack and Defense
Speaker: Giovanni Vigna ( @lastlinelabs )
Vulnerability analysis has largely been a process that requires substantial human expertise. However, very recently there has been a push for completely autonomous hacking systems, which can find flaws, exploit them and even provide patches, all without any human intervention. This talk presents recent advances in autonomous hacking and provides lessons learned from participating in the DARPA CGC.
4) Hacking a Professional Drone
Speaker: Nils Rodday
Professional drones are now actively used across various industries to perform daily critical operations. In this awareness session, Nils Rodday will perform a live hack which exploits vulnerabilities of the professional drone and effectively compromises the security of the system to take over control. His session will also discuss practical fixes and approaches for remediating these issues.
5) Linguistic Passphrase Cracking
Speaker: Mikael Simovits ( @mikaelsimovits ), Peder Sparell
With the constant increase of availability of processing power comes the need for longer passwords and hence the need for usage of passphrases in order to remember them. But are passphrases really safe? This session will explain how to crack passphrases up to 20 characters long, where normal password attacks most often fail, in a reasonable timespan using a normal gaming PC and a Markov process.
image courtesy: https://en.wikipedia.org/wiki/Harlequin_cabbage_bug
6) …But Now I See—A Vulnerability Disclosure Maturity Model
Speaker: Katie Moussouris ( @k8em0 )
Someone politely knocks on your door and reports that there’s a hole in your wall big enough for a person to climb through. You immediately threaten legal action. Crazy? In the world of vuln research, this happens. This session will review a Vuln Disclosure Maturity Model created describe best-in-class practices. For any company wanting to get better bug reports faster—this session is a must.
image courtesy: https://www.flickr.com/photos/rueful/8538388071
7) Breaking Closed Systems with Code-Signing and Mitigation Techniques
Speaker: Gavin Hill
Code signing is abundant in the enterprises and consumer space. This session will review the current landscape showing attacks against several open (Windows, Android, Mac) and closed (IOS, automotive operating) systems and show anomalies found by Venafi Labs focused on the theft and misuse of code signing certificates to breach organizations and propose a solution on how to address the issues.
image courtesy: http://www.geograph.org.uk/photo/2358069
8) Cybersecurity for Oil and Gas Industries: How Hackers Can Steal Oil
Speaker: Alexander Polyakov ( @sh2kerr )
One of the industries most plagued by cyberattacks is the oil and gas industry. Several attacks against such companies as Aramco have been executed. SAP and Oracle systems are widely used there and are responsible for business critical processes such as Digital Oilfield Operations, Hydrocarbon Supply Chain and others. How you can prevent those attacks? The presenters will give answers.
9) Hacking Critical Infrastructure Like You’re Not a N00b
Speaker: Jason Larsen
This presentation is targeted towards an audience that already understands how to compromise the embedded systems that run a process and now is looking at manipulating the physics of the process itself. In as much as time allows, it will cover all the things necessary to accomplish more than exercising the automatic shutdown logic of a process.
10) The Seven Most Dangerous New Attack Techniques, and What's Coming Next
Speaker: Alan Paller, Ed Skoudis ( @edskoudis ), Johannes Ullrich ( @johullrich ), Mike Assante ( @assante_michael )
Which are the most dangerous new attack techniques for 2016/2017? How do they work? How can you stop them? What's coming next and how can you prepare? This fast-paced session provides answers from the three people best positioned know: the head of the Internet Storm Center, the top hacker exploits expert/teacher in the U.S., and the top expert on cyberattacks on industrial control systems.
image courtesy: https://www.flickr.com/photos/jakerust/16649925388
Speaker : Jonathan Trull ( @jonathantrull )
In today’s threat landscape, the attacker is an insider. Whether a state-sponsored actor or cybercriminal, attackers typically first compromise the endpoint with a client-side exploit and then pivot. In this session, we take a deep dive into how attackers pivot through organizations, identify the telltale signs of a pivot, and most importantly, identify steps for defending against it.
12) Sophisticated Attacks vs. Advanced Persistent Security
Speaker: Araceli Gomes ( @sleepdeficit_ ), Ira Winkler ( @irawinkler )
It appears that any successful attack these days is labeled, Sophisticated. The implication is that the attacks were unpreventable. The reality is very different. We dissect recent attacks, and then go through how they could have been prevented. Advanced Persistent Security principles are applied to demonstrate how even successful breaches can be contained to significantly reduce loss.
image courtesy: https://de.wikipedia.org/wiki/Hacker
13) Hacking Exposed LIVE: Attacking in the Shadows
Speaker: Stuart McClure ( @stuartmcclure )
Attackers have found compromise trivial for decades. But as additional security layers get deployed and next generation solutions come to market, attackers are turning to old and new techniques for bypassing security controls to launch their attacks and stay hidden. This session will explore the latest techniques and how simple defense techniques can foil even the most sophisticated attacks.
14) Hacking Exposed: The Mac Attack
Speaker: Dmitri Alperovitch ( @DAlperovitch ), George Kurtz ( @George_Kurtz )
Windows attacks receive all the attention. However, Mac and Linux have gained in popularity with the adversary. This session will focus on common Mac attack vectors and other cross-platform hacks that are typically seen in enterprise intrusions. We will also cover practical counter measures to make these alternate platforms more resilient.
15) What IT Professionals Need to Know about Sniffing Wireless Traffic in 2016
Speaker: Avril Salter ( @avrilsalterUSA )
Next generation wireless standards define MU-MIMO, which promises 4x capacity gains. This session compares different multi-antenna technologies (SM, STBC, BF, MU-MIMO). It describes the subtle mistakes wireless security experts make sniffing wireless traffic. It explains how MU-MIMO introduces new challenges in capturing wireless traffic, which could make wireless sniffing near impossible.
Your Complete Guide To Top Talks @RSA Conference 2016 (USA)
Get your FREE Guide on Top Talks @ RSA Conference 2016 (USA) . Our editorial team has gone through all the talks and handpicked the best of the best talks at RSA Conference into a single guide. Get your Free copy today.
Comments