Hi [[ session.user.profile.firstName ]]

Detecting & Defeating Persistent Attacks

System firmware and dozens of other components that contain millions of lines of firmware are vulnerable to attacks that have capabilities which persist and survive operating system reinstalls and even hard drive replacements. These attacks can go unnoticed by traditional security and can provide access to high-value targets allowing the highest of privilege. Moreover, cleaning a system’s firmware means re-flashing it, an operation not quickly done nor guaranteed. In this webinar, Eclypsium's VP of Product, Ron Talwalkar and Principal Researcher, Jesse Michael, will discuss persistent attacks, what are the vulnerabilities and techniques that lead to these attacks and how the Eclypsium solution can help defend against these types of threats.
Recorded Apr 16 2020 65 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Ron Talwalkar, Vice President Product and Jesse Michael, Principal Researcher
Presentation preview: Detecting & Defeating Persistent Attacks

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • What's Under The Hood In Your Devices Oct 28 2020 5:00 pm UTC 75 mins
    Maggie Jauregi, Intel, Jesse Michael & Scott Scheferman, Eclypsium
    How well do you know what's inside your computer? Today's laptops and servers are powered by dozens of components with their own complex programming that runs independently of the operating system. Attackers increasingly target vulnerabilities in firmware and hardware, and most organizations lack visibility into this attack surface. In this webinar we'll explore what manufacturers are doing to improve platform security, what kinds of vulnerabilities attackers are targeting, and what IT and security professionals need to do to protect their devices.
  • Managing the Hole in Secure Boot - Security Briefing Oct 27 2020 5:00 pm UTC 75 mins
    Yuriy Bulygin, CEO Eclypsium and John Loucaides, VP R&D Eclypsium
    Eclypsium researchers have discovered an arbitrary code execution vulnerability - dubbed BootHole - in the GRUB2 bootloader that can bypass UEFI and OS Secure Boot, impacting other OS defenses. The vulnerability has been rated as High Severity (CVSS 8.2) and is being tracked as CVE-2020-10713. Attackers exploiting this vulnerability can install persistent and stealthy bootkits or malicious bootloaders that could give them near-total control over the victim device. The majority of laptops, desktops, servers and workstations are affected, as well as network appliances and other special purpose equipment used in industrial, healthcare, financial and other industries.


    In this webinar Yuriy Bulygin, CEO and John Loucaides, VP of Research and Development at Eclypsium, will provide a briefing on the key issues enterprise IT and security leaders need to know in order to effectively mitigate this issue.
  • Protecting Your Organization From MosaicRegressor and Other UEFI Implants Oct 23 2020 8:15 pm UTC 45 mins
    Yuriy Bulygin, CEO of Eclypsium & Scott Scheferman Principal Cyber Strategist
    The recent discovery of MosaicRegressor spyware is the latest in an ongoing trend of UEFI implants observed in the wild. These threats are particularly powerful because their malicious code runs before and supersedes the operating system, while also allowing the threat to persist within firmware even after a system is reimaged. The implant code itself is universal and easy to build and the UEFI file system format is largely unmodified by individual OEMs. This creates a relatively low barrier to entry for attackers making it likely we will see this type of capability show up in other campaigns.


    In this webinar, you’ll learn:
    - How MosaicRegressor and other UEFI attacks work
    - Why these attacks are so dangerous and difficult to detect
    - Why this discovery is significant, and what it portends for future threats
    - How Eclypsium is able to detect these threats even before they are public
    - What strategies you can use to protect and defend your devices from UEFI attacks.
  • Down the Rabbit Hole - Attackers Moving Down As We Move Up Recorded: Oct 20 2020 47 mins
    Scott Scheferman - Principal Cyber Strategist, Eclyspium
    Cyber adversaries are not “sophisticated”, rather they are pragmatic. The endpoint, still the nexus of the cyber problem, is challenging lately for adversaries to evade detection and persist at the operating system level due to advances in AI/ML, EDR, and threat intelligence. The endpoint battlefield is defined by a "time advantage” that either side has over the other. Both APTs and criminal ransomware actors have adapted by going “further down the stack”, and they have arrived at firmware, hardware, and driver level TTPs (Tactics, Techniques, Procedures). There is a dire lack of visibility here, and attackers are enjoying the omnipotence and indefinite persistence that sub-operating system tactics provide.

    This talk will expose the reasons why attackers are going further down the rabbit hole in order to gain footholds and persist below the surface of the rest of the entire security stack. Recent examples of incidents involving such tactics will be shared and the challenges of addressing this trending attack vector will be explored.
  • Improve Device Security Using The CMMC Framework Recorded: Oct 15 2020 54 mins
    John Loucaides, VP R&D, Eclypsium
    Build device security into your overall cybersecurity plan with simple steps that help you progress from basic cyber hygiene to preventing advanced persistent threats using the Cybersecurity Maturity Model Certification (CMMC) framework as a guideline. John Loucaides, VP of R&D at Eclypsium, will share insights on how attackers compromise device integrity and how you can defeat them by designing device security into your cybersecurity practices. Whether you are part of the defense industry, the broader federal government or a commercial entity, you’ll benefit from this approach to securing critical devices.

    This webinar will cover:

    - Real-World Attacks Against Device Integrity
    - How Attackers Compromise Device Integrity
    - Designing Device Security Into Your Security Practices
    - NIST, FISMA & CMMC Cybersecurity Requirements for Device Security
    - Device Security and the Cybersecurity Maturity Model Certification (CMMC)
  • Enterprise Best Practices for Firmware Updates Recorded: Sep 17 2020 62 mins
    John Loucaides, VP of Research and Development and Steve Mancini, CISO, Eclypsium
    Enterprises typically spend significant resources managing, patching and updating their software. The same processes and thoroughness are often not in place for the firmware that underpins the fundamental behavior of system hardware. Many times the device firmware is never updated or only updated in light of a threat. While most CISOs and security teams would like to improve their firmware security hygiene, there are a variety of real-world challenges to keeping firmware updated. In this webinar, Eclypsium experts John Loucaides, VP of Research and Development, and Steve Mancini, CISO, discuss the findings of a new report on Enterprise Best Practices for Firmware Updates.


    This Q&A style webinar explores the following topics:

    - The current state of firmware and firmware updates.
    - How the industry is evolving to meet the need for consistent firmware
    update management.
    - The barriers to establishing firmware update management.
    - Recommended steps that security leaders can use to begin building a
    safe and reliable process for managing firmware updates.
  • Exploring the BootHole Vulnerability Recorded: Sep 1 2020 61 mins
    Jesse Michael and Mickey Shaktov, Principal Researchers, Eclypsium
    The BootHole vulnerability, disclosed by Eclypsium researchers Mickey Shkatov and Jesse Michael in July, exposes billions of devices to attack. The vulnerability they discovered in the GRUB bootloader can be used to gain arbitrary code execution during the boot process even when Secure Boot is enabled. This can allow attackers to install persistent and stealthy bootkits, rootkits, or malicious bootloaders that would provide full control over the victim device.

    In this webinar you’ll learn:
    - How researchers found this vulnerability
    - Why threats to the boot process are so dangerous
    - Exactly how the BootHole vulnerability works
    - How the industry came together to address this vulnerability
    - Why the mitigation process is so complicated
    - The steps you can take to protect your devices

    Note: If you’re primarily looking for advice on mitigation - please see our webinar “Managing the Hole in Secure Boot”
  • Improve Device Security Using The CMMC Framework Recorded: Aug 25 2020 54 mins
    John Loucaides, VP R&D, Eclypsium
    Build device security into your overall cybersecurity plan with simple steps that help you progress from basic cyber hygiene to preventing advanced persistent threats using the Cybersecurity Maturity Model Certification (CMMC) framework as a guideline. John Loucaides, VP of R&D at Eclypsium, will share insights on how attackers compromise device integrity and how you can defeat them by designing device security into your cybersecurity practices. Whether you are part of the defense industry, the broader federal government or a commercial entity, you’ll benefit from this approach to securing critical devices.

    This webinar will cover:

    - Real-World Attacks Against Device Integrity
    - How Attackers Compromise Device Integrity
    - Designing Device Security Into Your Security Practices
    - NIST, FISMA & CMMC Cybersecurity Requirements for Device Security
    - Device Security and the Cybersecurity Maturity Model Certification (CMMC)
  • Managing the Hole in Secure Boot - Security Briefing Recorded: Aug 5 2020 76 mins
    Yuriy Bulygin, CEO Eclypsium and John Loucaides, VP R&D Eclypsium
    Eclypsium researchers have discovered an arbitrary code execution vulnerability - dubbed BootHole - in the GRUB2 bootloader that can bypass UEFI and OS Secure Boot, impacting other OS defenses. The vulnerability has been rated as High Severity (CVSS 8.2) and is being tracked as CVE-2020-10713. Attackers exploiting this vulnerability can install persistent and stealthy bootkits or malicious bootloaders that could give them near-total control over the victim device. The majority of laptops, desktops, servers and workstations are affected, as well as network appliances and other special purpose equipment used in industrial, healthcare, financial and other industries.


    In this webinar Yuriy Bulygin, CEO and John Loucaides, VP of Research and Development at Eclypsium, will provide a briefing on the key issues enterprise IT and security leaders need to know in order to effectively mitigate this issue.
  • Put Zero Trust in Your Devices Recorded: Jul 28 2020 62 mins
    Steve Mancini, CISO and Ryan Clarke, Principal Security Scientist, Eclypsium
    The recent shift to a remote work environment has created new challenges for many businesses and government institutions with profound impacts on organizational security models. Suddenly, many users are no longer protected by the many layers of security found on-premise in the corporate network. Instead, security policies must evolve to support a new reality where users are remote by default and massive amounts of untrusted, inbound connections are the norm. Incorporating security concepts like Zero Trust can be a critical part of securing these remote work environments, which often include a mix of corporate laptops, BYOD devices, and home networking gear. If the integrity of these devices isn’t assured, then it is impossible to assure the safety of the operating systems and other software running on them. Yet for many organizations, device integrity remains a blindspot where Zero Trust principles are not yet applied, and as a result, security is assumed instead of verified.

    In this webinar, Steve Mancini, CISO of Eclypsium, and Ryan Clarke, Principal Security Scientist at Eclypsium will discuss:

    Device Integrity and Zero Trust
    Identifying Device Level Vulnerabilities
    Looking for Signs of Compromise
    Secure Access for Remote Workers
    Device Best Practices for Zero Trust
  • Protecting Device Integrity in the Supply Chain Recorded: Jul 7 2020 60 mins
    Dr. Ed Amoroso - TAG Cyber, Dickie George - Johns Hopkins, Andrew Regenscheid - NIST, Yuriy Bulygin - Eclypsium
    While vulnerabilities in software often steal headlines, hardware vulnerabilities pose a major cyber security risk. Hardware is comprised of numerous components, which are often sourced globally, and are difficult to track along the supply chain. A single vulnerability in any of the components could cause the device to be compromised by cyber criminals.

    Protecting the integrity of devices and ensuring firmware is hardened to attack can be challenging when using traditional security controls and processes. Join our panel of experts on May 13, 2020 at 1 pm ET to learn:

    - How to improve visibility into your device supply chain
    - Why firmware vulnerabilities need to be prioritized
    - Common weak spots for the introduction of tampering and modifications

    Our panelists will be:

    Dr. Edward Amoroso - CEO of research and advisory firm TAG Cyber and former CISO for AT&T

    Richard M. (Dickie) George - Senior Advisor for Cyber Security at the Johns Hopkins University Applied Physics Lab, with a focus on cyber strategy for protection of critical national systems.

    Andrew Regenscheid - Project Lead for Applied Cryptography within the Computer Security Division at the National Institute of Standards and Technology (NIST).

    Dr. Yuriy Bulygin - CEO and founder of Eclypsium. Previously he led the Advanced Threat Research team at Intel, and created CHIPSEC, the open-source firmware security framework.
  • Improve Device Security Using The CMMC Framework Recorded: Jun 30 2020 55 mins
    John Loucaides, VP R&D, Eclypsium
    Build device security into your overall cybersecurity plan with simple steps that help you progress from basic cyber hygiene to preventing advanced persistent threats using the Cybersecurity Maturity Model Certification (CMMC) framework as a guideline. John Loucaides, VP of R&D at Eclypsium, will share insights on how attackers compromise device integrity and how you can defeat them by designing device security into your cybersecurity practices. Whether you are part of the defense industry, the broader federal government or a commercial entity, you’ll benefit from this approach to securing critical devices.

    This webinar will cover:

    - Real-World Attacks Against Device Integrity
    - How Attackers Compromise Device Integrity
    - Designing Device Security Into Your Security Practices
    - NIST, FISMA & CMMC Cybersecurity Requirements for Device Security
    - Device Security and the Cybersecurity Maturity Model Certification (CMMC)
  • Protecting Device Integrity in the Supply Chain Recorded: May 13 2020 61 mins
    Dr. Ed Amoroso - TAG Cyber, Dickie George - Johns Hopkins, Andrew Regenscheid - NIST, Yuriy Bulygin - Eclypsium
    While vulnerabilities in software often steal headlines, hardware vulnerabilities pose a major cyber security risk. Hardware is comprised of numerous components, which are often sourced globally, and are difficult to track along the supply chain. A single vulnerability in any of the components could cause the device to be compromised by cyber criminals.

    Protecting the integrity of devices and ensuring firmware is hardened to attack can be challenging when using traditional security controls and processes. Join our panel of experts on May 13, 2020 at 1 pm ET to learn:

    - How to improve visibility into your device supply chain
    - Why firmware vulnerabilities need to be prioritized
    - Common weak spots for the introduction of tampering and modifications

    Our panelists will be:

    Dr. Edward Amoroso - CEO of research and advisory firm TAG Cyber and former CISO for AT&T

    Richard M. (Dickie) George - Senior Advisor for Cyber Security at the Johns Hopkins University Applied Physics Lab, with a focus on cyber strategy for protection of critical national systems.

    Andrew Regenscheid - Project Lead for Applied Cryptography within the Computer Security Division at the National Institute of Standards and Technology (NIST).

    Dr. Yuriy Bulygin - CEO and founder of Eclypsium. Previously he led the Advanced Threat Research team at Intel, and created CHIPSEC, the open-source firmware security framework.
  • Detecting & Defeating Persistent Attacks Recorded: Apr 16 2020 65 mins
    Ron Talwalkar, Vice President Product and Jesse Michael, Principal Researcher
    System firmware and dozens of other components that contain millions of lines of firmware are vulnerable to attacks that have capabilities which persist and survive operating system reinstalls and even hard drive replacements. These attacks can go unnoticed by traditional security and can provide access to high-value targets allowing the highest of privilege. Moreover, cleaning a system’s firmware means re-flashing it, an operation not quickly done nor guaranteed. In this webinar, Eclypsium's VP of Product, Ron Talwalkar and Principal Researcher, Jesse Michael, will discuss persistent attacks, what are the vulnerabilities and techniques that lead to these attacks and how the Eclypsium solution can help defend against these types of threats.
  • Enterprise Best Practices for Firmware Updates Recorded: Apr 7 2020 63 mins
    John Loucaides, VP of Research and Development and Steve Mancini, CISO, Eclypsium
    Enterprises typically spend significant resources managing, patching and updating their software. The same processes and thoroughness are often not in place for the firmware that underpins the fundamental behavior of system hardware. Many times the device firmware is never updated or only updated in light of a threat. While most CISOs and security teams would like to improve their firmware security hygiene, there are a variety of real-world challenges to keeping firmware updated. In this webinar, Eclypsium experts John Loucaides, VP of Research and Development, and Steve Mancini, CISO, discuss the findings of a new report on Enterprise Best Practices for Firmware Updates.


    This Q&A style webinar explores the following topics:

    - The current state of firmware and firmware updates.
    - How the industry is evolving to meet the need for consistent firmware
    update management.
    - The barriers to establishing firmware update management.
    - Recommended steps that security leaders can use to begin building a
    safe and reliable process for managing firmware updates.
  • Anatomy of a Firmware Attack Recorded: Mar 3 2020 49 mins
    Ron Talwalkar and John Loucaides
    Explore the techniques of successful firmware attacks as they apply to stages of a kill chain in this Eclypsium webinar designed to help you assess and defend enterprise devices from firmware and hardware threats.
  • Perilous Peripherals - The Hidden Dangers Inside Windows and Linux Computers Recorded: Feb 21 2020 61 mins
    Jesse Michael, Principal Researcher, Eclypsium and Rick Altherr, Principal Engineer, Eclypsium
    Eclypsium researchers Jesse Michael and Rick Altherr will describe new research showing how unsigned firmware in WiFi adapters, USB hubs, trackpads, laptop cameras and network interface cards provides pathways for malicious attackers to compromise laptops and servers.
  • How Direct Memory Access Attacks Bypass Hardware Protections Recorded: Feb 5 2020 55 mins
    Jesse Michael and Mickey Shaktov, Principal Researchers, Eclypsium
    New research from Eclypsium shows that high-speed DMA attacks can bypass built-in hardware protections on enterprise devices. Jesse Michael and Mickey Shkatov recently demonstrated that, even in the presence of protections such as UEFI Secure Boot, Intel Boot Guard, HP Sure Start, and Microsoft Virtualization-Based Security, laptops from Dell & HP were susceptible to pre-boot DMA attacks. In this webinar, they describe their research, and discuss the ramifications for enterprise security.
  • Screwed Drivers - New Vulnerabilities Found in Windows Drivers Recorded: Nov 14 2019 60 mins
    Jesse Michael and Mickey Shaktov, Principal Researchers, Eclypsium
    Drivers that provide access to system BIOS or system components for the purposes of updating firmware, running diagnostics, or customizing options on the component can allow attackers to turn the very tools used to manage a system into powerful threats that can escalate privileges and persist invisibly on the host. There are multiple examples of attacks in the wild that take advantage of this class of vulnerable drivers, such as the Slingshot APT or LoJax malware campaigns.

    Research conducted by Eclypsium found that the problem of insecure drivers is widespread, affecting more than 40 drivers from at least 20 different vendors* – including every major BIOS vendor, as well as hardware vendors like ASUS, Toshiba, NVIDIA, and Huawei. However, the widespread nature of these vulnerabilities highlights a more fundamental issue – all the vulnerable drivers we discovered have been certified by Microsoft.

    In this webinar, Eclypsium researchers Jesse Michael and Mickey Shaktov will teach you how these drivers work, show you the unbelievable risk they pose, and discuss methods that security professionals can use to protect their organizations from device driver vulnerabilities.

    This webinar will reveal new information on additional drivers impacted by this design flaw, which were undisclosed when Eclypsium's earlier research into Screwed Drivers was presented at DEF CON.
Enterprise Firmware Security
Eclypsium is the industry’s leading enterprise firmware protection platform - providing a new layer of security to protect your IT infrastructure from firmware attacks. Eclypsium defends enterprises and government agencies from vulnerabilities and threats hidden within firmware that are invisible to most organizations today.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Detecting & Defeating Persistent Attacks
  • Live at: Apr 16 2020 5:00 pm
  • Presented by: Ron Talwalkar, Vice President Product and Jesse Michael, Principal Researcher
  • From:
Your email has been sent.
or close