Name: Flying Under the EDR Radar - Original Research by the Pcysys Cyber Research Tea
Start: 2020-07-27T15:15:00Z
End: 2020-07-27T15:15:50.000Z
Location: BrightTALK
Rating: 0

Pentera is the category leader for Automated Security Validation, allowing every organization to test with ease the integrity of all cybersecurity layers, unfolding true, current security exposures at any moment, at any scale. Thousands of security professionals and service providers around the world use Pentera to guide remediation and close security gaps before they are exploited. For more info visit: pentera.io.

LOLBAS leverage legitimate binaries and scripts for malicious purposes making them hard to catch. They also happen to be one of the growing trends in cybersecurity attacks and are found in most cyber attack campaigns. Armed with this knowledge, Pentera Labs set out to find new official LOLBAS, increasing the number of known LOLBAS downloaders by 30%.

Follow Pentera researcher Nir Chako’s journey as he traces the path to identifying new LOLBAS executables and functions manually, and then as he writes the automation to find more at scale. 

This session will help Red Teamers uncover their own LOLBAS gems, while Blue Teamers can learn how to proactively protect against these new threats.

The LOLBAS Odyssey: Tracing the Path of Finding Hidden Gems in Executables

Dealing with outdated systems and tech debt can obstruct your business's growth. In this webinar, Lee Bailey, a seasoned CISO, unveils his 3-rule approach to managing legacy infrastructure. Discover how to effectively communicate business risks associated with old technology to tackle tech debt, and maintain security when technology upgrades are not possible.

What's in it for you?

Get practical, proven strategies from an industry expert. Use real case studies to gain actionable insights.

Key Takeaways

- Understand the business impact of tech risks and effectively communicate them to your leadership.
- Uncover and address layered tech debt hindering your business operations.
- Learn how to drive the conversation around tech upgrades in a new direction.
- Strategies for securing environments even when upgrades can't be implemented.
- Real-life case studies on successfully managing legacy infrastructure.

Tackling Tech Debt–A CISO’s Practical Approach to Managing Legacy Infrastructure

Faced with the challenges of expanding attack surfaces and increasingly complex IT infrastructures, security leaders are realizing the need to rethink how they identify exploitable vulnerabilities and prioritize remediation actions.

In this webinar, Pentera security expert, Nelson Santos, and guest speaker, Forrester senior analyst, Erik Nost, will discuss the benefits of understanding the attacker’s point of view to effectively assess and improve risk exposure. We describe new technologies that augment existing vulnerability management practices by:

- Mapping individual security gaps to complete exploitable attack paths
- Validating the effectiveness of security controls in averting attempted attacks
- Prioritizing fixes based on business and risk impact

Vulnerability and Exposure Management: At a Turning Point

Windows Defender has undergone significant improvements that have made it increasingly challenging for hackers to execute malicious tools like Mimikatz. At Pentera Labs we’ve successfully overcome these obstacles and wanted to share with you valuable insights on how to effectively monitor and mitigate these evasive tactics to safeguard your systems.

Pentera Labs - Evading Detection by Windows Defender

Leaked credentials are one of the most common entry points for an adversary into an organization. Time and time again, we see some of the best laid plans and strongest security stacks falling victim to simple credential theft, which nearly lays out a red carpet for the adversary. Threat intelligence provides insight into potential organizational risks and the growing threat landscape, but we are still lacking the business impact that your credentials would have in the hands of an attacker.

The good news is that there are ways to identify and stop your leaked credentials from being used against you. Join this session to learn how to manage your security exposure in the evolving threat landscape of 2023.

XPOSURE 2023 - Adversary Abuse of Leaked Credentials

In spite of organizations’ continuous investment in strengthening their security defenses, security teams struggle with answering a simple question: Will my defenses stand up to an attack?

Pentera CPO, Ran Tamir, will discuss security validation as a method for identifying an organization’s exploitable security gaps across an ever-growing attack surface. Through pragmatic tips and examples, we will show how security validation can provide an accurate real-time read of an organization’s security posture, and optimize remediation efforts based on actual security exposures in the live IT environment.

XPOSURE 2023 - Security Validation Fundamentals for Executives

Attackers are increasingly leveraging security control misconfigurations to breach networks, and DNS attacks, in particular, are a popular way to do so. In fact, in 2022, 88% of organizations reported facing at least one type of this attack. This session will explore how attackers can leverage domain generation algorithms to advance C2 over DNS in a misconfigured network and two possible ways to monitor against this threat.

Pentera Senior Security Researcher, Uriel Gabay, will lead this session.

XPOSURE 2023 - DNS: The Favority Adversary C2 Channel

Interested in benchmarking yourself about 2023 plans against 300 of your peers? 
This is the right session for you. 

Recent world economic trends are shaping 2023 and effecting IT security trends, budgets and priorities. While each company is treating the situation differently there are clear trends in Europe and the USA that provide an outlook. In this session we will review the fresh findings of a global CISO poll conducted by Pentera in the domains of Penetration Testing and Security Validation.

XPOSURE 2023 - What 300 CISOs Say About 2023? - Poll Results Unveiled

The rapid pace of technological advancement means that security frameworks like MITRE ATT&CK or NIST may not always have the most up-to-date information. This, in turn, can create blind spots for CISOs and their teams. This is the case regarding IPv6, the newest Internet Protocol, which was released in 2011. Despite its prevalence, known examples of attacks exploiting the protocol are not listed in MITRE. This lack of awareness means defenders may be less aware of the need to secure it.

In this session, Pentera Security Researcher, Yotam Mazurik, will cover an example of how attackers can exploit IPv6 for traffic bending and how to mitigate.

XPOSURE 2023 - IPv6: Security Teams’ Blind Spot

When threats become increasingly complex and resources are limited, transforming how we operate is the only way to beat them. In this session, Mr. Eric Vautier, CISO of Groupe ADP, will delve into the critical issue of the ever-expanding attack surface and the need for organizations to devise new strategies for maintaining their cyber resilience. 

Mr. Vautier will explore how to preempt Cloud and supply chain attacks by adopting a different mode of operation. He will share his expert views on key steps organizations can take: selection, contracting, standard enforcement, and validation to better control their attack surface and manage exposure.

XPOSURE 2023 - Coping with the Continuous Expansion of the Attack Surface

In today's fast-paced digital landscape, security operations must adapt to meet the ever-evolving threat landscape. Detection-as-Code is a new approach that automates the creation, testing, and deployment of security detections, providing a more reliable and efficient method for security teams to stay ahead of cyber threats. This talk will provide an overview of the benefits and best practices of detection-as-code and how incorporating automated security validation as part of the detection process can efficiently reduce threat exposure.

XPOSURE 2023 - Detection-as-Code: Test Driven Detection Development

It’s one thing to hold the organization to the highest standard of security protocols and policies, but have you ever asked a real-life attacker how they would approach your attack surface when considering an attack? 

Join ex-Anonymous/LulzSec black hat hacker Hector Monsegur (aka Sabu) as he discusses how an adversary would approach compromising your organization and how you should be proactive in managing threat exposure. Hector will go one step further to discuss how automation is an invaluable tool in securing your attack surface from all directions.

XPOSURE 2023 - How Hackers View Your Attack Surface

It's time to break away from traditional IT risk management techniques and embrace a fresh, practical approach: Exposure Management. With the increasing volume of discovered vulnerabilities and evergrowing attack surface, the Exposure Management approach enables you to manage risk by prioritizing the most critical threats based on their business impact. You will also have the answers to critical questions like "Is our security system really working as it should?" and "Are we ready to face the latest threats?".

In this session, Amitai Ratzon, Pentera CEO, will introduce the Exposure Management approach, putting the spotlight on Validation as a key factor in taking action. Join us to learn how this strategy enables you to be proactive and consistently mitigate risk.

XPOSURE 2023 - Think Graphs Not Lists: Making Exposure Management Pragmatic

Our data and infrastructure were shifted to the cloud, and we are more and more relying on our DevOps engineering and Cloud Providers to keep us safe and secured. Join us virtually for our upcoming "The Hacking Games - Cloud Vulnerabilities" Meetup to learn how hackers can compromise cloud infrastructure, advanced data protection methods and how to survive a Ransomware on the cloud.

Agenda: 
17:00 - 17:10 - 'Opening words' - by Gidi Farkash (CISO at Pipl Security) 
17:10 - 17:40 - 'Data privacy, transition from on prem to cloud base security' - by Shlomi Ben Hur (Product Security & Privacy Architect at Opentext) 
17:40 - 18:10 - 'Who stole my cookies? XSS vulnerability in Microsoft Azure Functions' - by Uriel Gabay (Security Researcher at Pentera) 
18:10 - 18:40 - 'Surviving a Ransomware in the Cloud' - by Simon Bruno (Security Engineer at Deepblue)

Pentera Labs x AppSec Meetup: The Hacking games - Cloud Vulnerabilities

Many SIEM solutions now come with out-of-the-box rules and models to reduce some of the noise from unnecessary or irrelevant data and alerts. Yet organizations often lack the time, people, and skills needed to fine-tune these solutions for their most efficient use. The Pentera Platform enables you to emulate a real-world attacker’s perspective in your environment and provides insights so you can understand:
•     What patching to prioritize
•     What is an actual risk
•     Where to focus your resources for remediation and risk reduction

SIEM deployments today have to deal with more complexity than ever. With Pentera, we give your organization a safe way to continuously emulate an adversary in your environment so you can bolster your security where it matters most.

Join us in this webinar to learn about the Pentera approach so that you can gain true value from your SIEM solution.

Cure Your SIEM of Alert Fatigue

Our technology, work processes, and activities all are depend based on Operation Systems to be safe and secure. Join us virtually for  "The Hacking Games - Operation System Vulnerabilities" Meetup to learn how hacker can compromise Operation System, bypass Antivirus protection layer and exploiting Linux eBPF.

Agenda:
17:00 - 17:10 - 'Opening words' - by Gidi Farkash (Pipl)
17:10 - 17:40 - 'The Code OS; IDE Risks' - Omer Yaron (Enso Security)
17:40 - 18:10 - 'Malware Analysis, Red Team & AV bypass techniques' - by Uriel Kosayev (MalwareAnalysis.co)
18:10 - 18:40 - 'The Good, Bad and Compromisable Aspects of Linux eBPF' - by Matan Liber (Pentera)

The Hacking Games - Operation System Vulnerabilities Virtual Meetup

Automated Security Validation ensures you can proactively assess, manage, and report the risks posed by security weaknesses at the time it matters most – when exploiting that vulnerability can be damaging. Gone are the days of a risk being prioritised just based on a CVSS score.

Hear from senior security engineer, Shak Ahmed, as he showcases real-life technical use-cases that reduce the perpetual lag and backlog of manual security validation tasks, help to remove your teams' resource constraints, and are designed to improve the accuracy of testing, detection, and remediation.

Why Automate Security Validation? Technical Use Cases

Leaked and stolen credentials continue to pose a critical risk to organizations globally. Each year, over 80% of web application breaches involve compromised credentials that appear on the dark web, paste sites and in data dumps shared by cybercriminals. While threat intelligence tools show which  credentials have been leaked, security teams still lack visibility into the potential damage they can cause. 

Join our webinar to learn how Pentera’s newest module, Credential Exposure. By combining real-world leaked credential feeds with its autonomous validation engine, Pentera challenges both internal and external attack surfaces to reveal the most exploitable security gaps & suggest a risk-based remediation plan.

Five Steps to Mitigate the Risk of Credential Exposure

Orchestrated Windows System Call Invocation without Detection

The Endpoint Detection and Response (EDR) promise of complete network visibility along with the ability to monitor and correlate events on the Operating System in real-time, leads many security professionals to believe they will decrease the number of blind spots for malware authors and penetration testers. But do we even know how EDR tools really work? Is this trust justified?


In our session, Pcysys Cyber Researcher, Eliran Nissan and Head of Research, Alex Spivakovski, will answer the above questions by demonstrating - 

A new approach to autonomous SysCall invocations
A framework for invoking SysCalls to challenge your networks and products
Latest evasion techniques undetectable by many EDR/XDR products
on the market today

Flying Under the EDR Radar -  Original Research by the Pcysys Cyber Research Tea

Researcher

Endpoint Security

Cyber Security

Continuous Security Validation

Continuous Testing

Cyber Attacks

Hackers

Network Security

IT Security

Security Testing

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Get powerful insights to run your business. CEOs, CFOs, CMOs, COOs, CTOs and CIOs are among the leaders in this community who connect with peers and experts to grow their businesses.

CxO Strategy

In the business management community, commercial experts will be sharing webinars and videos on an array of subjects. From sales and marketing, to finance, productivity and growth, this content will help you stay up-to-date with the current economic environment and provide timely management insight to drive business growth.

Flying Under the EDR Radar - Original Research by the Pcysys Cyber Research Tea

Presented by

About this talk

More from this channel