The Official Talos Guide to Security Summer Camp 2018

It is once again time for the week in the summer when many of us descend on Las Vegas for Black Hat, DEF CON, and B-Sides LasVegas. This is your official guide to what the Cisco Talos Threat Intelligence team is doing at these shows and what some of our colleagues around Cisco Security are doing, as well.

Whether you are looking to catch some great talks, hunting down the best parties, or just trying to avoid LineCon in all it's forms, here is a quick run-down of where and how you can catch Talos speakers, Cisco events, and other fun stuff you don't want to miss. Read on for the full details of what Cisco has in store for this year.

Black Hat Events At a Glance:

Event microsite:

www.cisco.com/go/blackhat

Chat with us:

@TalosSecurity, @CiscoSecurity, @OpenDNS, @CiscoDevNet, @Snort, and @PortcullisLabs

Beers with Talos Live Podcast:

Wed. Aug. 8, 12 - 2 p.m. -SOLD OUT-

Cisco Party Black Hat party:

We're headed to Topgolf Las Vegas! Get on the list now.

Booth:

Stop by booth #504 for Snort pigs, Talos socks, and amazing booth talks by the Talos crew and other Cisco Security team members.

Theater sessions will take place every 20 minutes.
Play the DevNet Black Hat challenge on Thursday. Participants will receive a limited availability hoodie.
The booth will also feature demos, Snort squishy pigs, awesome socks, and party check-in.

Career Zone booth CZ212:

Security recruiters and researchers from Talos, Cisco Security, and Umbrella will be talking to recruits about all open positions. If you are looking for a new role or thinking it is time for a change, stop by the Career Zone booth. Resumes aren't required, but we will take it if you have it. Check out open positions across Cisco Security (including Talos!) here: cs.co/SecJobs.

Wednesday, Aug. 8

Talos Black Hat Flash Talks:
10 a.m. - 7 p.m., Cisco Booth #504 - Full schedule below

Cisco Security/Talos Recruiting:
10 a.m. - 7 p.m., Black Hat Career Zone, Booth CZ212

Cisco Security Black Hat Session:
Cryptocurrency: More Than Just a Ransomware Payment Method
11:30 a.m. - 12:20 p.m., Oceanside F (Giving away "Game of Threats" T-shirts)
Artsiom Holub and Austin McBride

Beers with Talos Live at Black Hat:

12 - 2 p.m., Rí Rá Irish Pub, Mandalay Bay -SOLD OUT-

Talos Black Hat Session:
Surprise Supplies!
Paul Rascagneres and Warren Mercer

3 - 3:50 p.m., Business Hall Theater B (Giving away Talos socks)

Cisco Black Hat Party:
8 - 11 p.m., Topgolf Las Vegas, MGM

Thursday, Aug. 9

Talos Black Hat Flash Talks:
10 a.m. - 7 p.m., Cisco Booth #504 - Full schedule below

Cisco Security/Talos Recruiting: 10 a.m. - 7 p.m., Black Hat Career Zone, Booth CZ212

Cisco Security Black Hat Workshop:
Tracking Down the Cyber Criminals: Revealing Malicious Infrastructures with Umbrella
Chris Riviere
11 - 11:50 a.m., Session 1, Mandalay Bay Ballroom B (Giving away "Game of Threats" T-shirts)
12:10 - 1 p.m., Session 2, Mandalay Bay Ballroom B (Giving away "Game of Threats" T-shirts)

Cisco Security (PortcullisLabs) Black Hat Session:
Playback: A TLS 1.3 Story
Alejo Murillo Moya and Alfonso Garcia Alguacil
12:10 - 1 p.m., Jasmine Ballroom

Cisco Security Black Hat Session:
A Cloud Security RESTful Hunt
Andrew Maxey
1:20 - 2:10 p.m., Business Hall Theater B (Giving away "Game of Threats" T-shirts)

Cisco Security Black Hat Session:
IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies
Jonas Zaddach
3:50 - 4:40 p.m., South Pacific F

Friday, Aug. 10

Cisco Security (PortcullisLabs) DEF CON Session:
Playback: A TLS 1.3 Story
Alejo Murillo Moya and Alfonso Garcia Alguacil
3 - 4 p.m., DEF CON Track 2 - Caesar’s Palace

Saturday, Aug. 11

Talos DEF CON Session:
Analyzing VPN Filter’s Modbus Module

Patrick DeSantis & Carlos Pacho
10:40 - 11:30 a.m., DEF CON ICS Village

Cisco Booth Lightning Talk Schedule:

Wed. Aug 8, 10 a.m. - 7 p.m.
Thurs. Aug 9, 10 a.m. - 5 p.m.
Cisco Booth #504

On the full schedule, we have 18 new talks from Talos, and many other talks from Umbrella, and Cisco’s Web Security and Services teams. You won’t want to miss these sessions. Have a seat and enjoy a 20-minute presentation in Cisco booth #504. Grab some great swag, check in for the Cisco Party, or play the Black Hat challenge game while you are there.

Here is the full schedule of booth talks at the Cisco/Talos booth area (highlights indicate talks from Cisco Talos team members):

Wed. Aug. 8	Speaker	Title
10:40 - 11 a.m.	George Tarnovsky	Reverse Engineering using X-Ray
11 - 11:20 a.m.	Alec Gleason	Secure AI Architecture
11:20 - 11:40 a.m.	Samuel Dytrych	In Libc We Trust?
11:40 - Noon	Paul Singleton	The Secure Internet Gateway: Security Reimagined in the Cloud
Noon - 12:20 p.m.	Jordan Gackowski	Stepping into the cloud with confidence
12:20 - 12:40 p.m.	Chris Riverie	Office 365: Enhanced Security to Protect Your Email, Users, Data and Apps
12:40 - 1 p.m.	Chris Parker James	Anatomy of an Attack
1 - 1:20 p.m.	Justice Cassel	Bug Bounties and the OWASP Top 10: Messy Vulns and Real Lessons
1:20 - 1:40 p.m.	Sam Rastogi	Redefine Data Center Security in a Multicloud World
1:40 - 2 p.m.	Ben Greenbaum	Investigations at the Speed of Cisco Visibility
2 - 2:20 p.m.	Nick Biasini	Malicious Crypto Mining
2:20 - 2:40 p.m.	Jaime Filson	A Romp Down FTP Lane
2:40 - 3 p.m.	Adam Flatley	Managing Response to Large Scale, Critical Cyber Events
3 - 3:20 p.m.	David van Schravendijk	Cisco's Cloud Managed Meraki MX. Past, Present, & Future.
3:20 - 3:40 p.m.	Salina Wuttke	IBM: Accelerate Detection of Advanced Threats with Cisco & IBM Security
3:40 - 4 p.m.	George Tarnovsky	Reverse Engineering using X-Ray
4 - 4:20 p.m.	Vitor Ventura	Telegrab
4:20 - 4:40 p.m.	Yves Younan	The Past Year In Vulnerability Discovery at Cisco Talos
4:40 - 5 p.m.	Cory Duplantis	Pattern Matching Vulnerabilities
5 - 5:20 p.m.	Andrew Blunck	How Talos Writes Coverage & Why it Works
5:20 - 5:40 p.m.	Caitlyn Hammond	A day in the life of an analyst
5:40 - 6 p.m.	Adam Katz	Email Sender Analysis: SPF, DKIM, and DMARC
6 - 6:20 p.m.	Sam Rastogi	Redefine Data Center Security in a Multicloud World
6:20 - 6:40 p.m.
6:40 - 7 p.m.	Raffle Drawing

Thur. Aug. 9	Speaker	Title
10 - 10:20 a.m.	David Schwartzberg	Anatomy of an Attack
10:20 - 10:40 a.m.	Edmund Brumaghin	Thanatos Ransomware
10:40 - 11 a.m.	David Maynor	Hunting beyond packets
11 - 11:20 a.m.	Danny Adamitis	When and why APT actors use open-source frameworks
11:20 - 11:40 a.m.	Regina Wilson	Vulnerability Reporting and Disclosure
11:40 - Noon	Carlos Pacho	Finding Vulns in Embedded Systems
Noon - 12:20 p.m.	David van Schravendijk	Cisco's Cloud Managed Meraki MX. Past, Present, & Future.
12:20 - 12:40 p.m.	Alec Gleason	Secure AI Architecture
12:40 - 1 p.m.	Salina Wuttke	IBM: Accelerate Detection of Advanced Threats with Cisco & IBM Security
1 - 1:20 p.m.	Jordan Gackowski	Stepping into the cloud with confidence
1:20 - 1:40 p.m.	Justice Cassel	Bug Bounties and the OWASP Top 10: Messy Vulns and Real Lessons
1:40 - 2 p.m.	Ben Greenbaum	Investigations at the Speed of Cisco Visibility
2 - 2:20 p.m.	Ryan Pentney	Chinese cryptomining actor trends with honeypots observations
2:20 - 2:40 p.m.	Brandon Stultz	Protecting Networks with Snort 3
2:40 - 3 p.m.	Benny Ketelslegers	CCleaner
3 - 3:20 p.m.	Claudio Bozzato	Trap IoT Devices And Get Free Bugs
3:20 - 3:40 p.m.	Samuel Dytrych	In Libc We Trust?
3:40 - 4 p.m.	David Schwartzberg	Anatomy of an Attack
4 - 4:20 p.m.	Paul Singleton	The Secure Internet Gateway: Security Reimagined in the Cloud
4:20 - 4:40 p.m.	Andrew Maxey	Office 365: Enhanced Security to Protect Your Email, Users, Data and Apps
4:40 - 5 p.m.	Raffle Drawing

Coming early for BSides or staying for DEFCON?

We have a few things going on there, too.

Make sure to stop by Hire Ground at BSides for resume review and tips with Cisco/Talos technical recruiter Merilyn Tinana.
There are two DEF CON sessions that are not to be missed as well: Playback: A TLS 1.3 Story with Alejo Murillo Moya and Alfonso Garcia Alguacil at DEF CON Track 2 and Analyzing VPN Filter’s Modbus Module Talos researchers Patrick DeSantis & Carlos Pacho in the DEF CON ICS Village (see schedule above).

Friendly Reminders:

There are a lot of things you should know before heading to Black Hat, DEF CON, and/or BSides LV. Here’s a quick list of things to absolutely remember:

Business cards
Spare battery/juice pack — nothing drains devices like a conference, although turning off Bluetooth and Wi-Fi radios helps and may not be a terrible idea (especially at these conferences in particular). If you aren’t charging, you are probably going to have a dead phone by the time the parties start in the evening.
Comfortable walking shoes — yes, many venues are connected, but they are connected via long walks. Many attendees rack up more than 10 miles per day on their pedometers.
Space in your suitcase — all that sweet, sweet conference swag isn't shipping itself home.
Water — because it's the desert. Pro-tip: arrange a delivery from Prime Now, Instacart, etc. on your arrival day to make sure you always have a full bottle of water.

We are looking forward to meeting and seeing everyone at Black Hat and DEF CON. Be sure to come by booth #504 and say hello …and, of course, pick up a new, limited edition Snorty pig for your collection.