It’s that time of year and BlueHat v14 is almost upon us. As always, BlueHat is an opportunity for us to bring the brightest minds in security together, both internal and external, to discuss and tackle some of the hardest problems facing the industry today. Through this conference, our engineering teams get deep technical information and education on the latest threats from proven industry experts.
BlueHat kicks off on October 9th where we will spend the day focusing on researcher methodologies such as fuzzing, red team assessments, malware analysis and BIOS attacks. On the second day, we will have three tracks starting with Security & Identity, followed by State of the Hack (focusing on next generation of advanced persistent threats and web exploit detection) and then finally, we will end with Security in Deployed Environments.
We are very excited about interaction between Microsoft engineers and other top security experts who are coming to speak at the event. Here is a list of their talks:
*Please note that this schedule is subject to change.
October 9th, 2014
| START | END | SPEAKER | TALK TITLE |
|---|---|---|---|
| 9:00 AM | 9:40 AM | Chris Betz | Keynote |
| 9:40 AM | 10:20 AM | Stefano Zanero | Botintime - Phoenix: DGA-based Botnet Tracking and Intelligence Its common knowledge that a malicious domain automatically generated will not become popular and also an attacker will register a domain with a Top Level Domain that does not require clearance. Hence, we use phoenix which filters out domains likely to be generated by humans. The core of Phoenix is its ability to separate DGA from non-DGA domains, using linguistic features. |
| 10:20 AM | 10:35 AM | Break | |
| 10:35 AM | 11:15 AM | Scott Longheyer | Government Snooping Potentially Now Constitutes an Advance Persistent Threat Security is the application of Privacy’s intentions, so open the pocketbook and check your ciphers. Gain a deeper understanding of Microsoft’s position on privacy and how online services intend to protect customer data. |
| 11:15 AM | 11:55 AM | Stefano Zanero | Jackdaw talk - Automatic Malware Behavior Extraction and Tagging This talk will focus on our approach for extracting (interesting) behavior specifications in an automatic way from a large collection of (untagged) malware. If you wonder why? It’s because we believe in giving support to the analyst by providing a list of important behaviors, with a rough explanation, to prioritize the analysis. |
| 11:55 AM | 12:55 PM | Lunch | |
| 12:55 PM | 1:15 PM | Xeno Kovah | UEFI - What would it take to enable global firmware vulnerability & integrity checking? This talk will describe what actions are being taken to improve security for PC firmware, and what different groups in Microsoft can do to help. |
| 1:15 PM | 1:35 PM | Yuriy Bulygin | UEFI - Summary of Attacks against BIOS and Secure Boot A variety of attacks targeting platform firmware have been discussed publicly, drawing attention to the pre-boot and firmware components of the platform such as BIOS and SMM, UEFI secure boot and Full Disk Encryption solutions. This talk will detail and organize some of the attacks and how they work. We will cover attacks against BIOS write protection, attacks leveraging hardware configuration against SMM memory protections, attacks using vulnerabilities in SMI handlers, attacks against BIOS update implementations, attacks bypassing secure boot, and various other issues. We will describe underlying vulnerabilities and how to assess systems for these issues. After watching, you should understand how these attacks work, how they are mitigated, and how to verify if your system has any of these problems. |
| 1:35 PM | 2:15 PM | Josh Thomas | Behind the NDA: How to attack a product under deadline This talk will focus on a brief security assessment of the Windows Phone / Nokia Lumia platforms with the intent of exploring attack methodologies. This talk will focus on how we as consultants approach a new problem / technology and how we can quickly become productive on new and previously unknown / unexplored hardware and software components. |
| 2:15 PM | 2:35 PM | Sergey Bratus, Julian Bangert | Defining and Enforcing Intent Semantics at ABI level Dominant OS security policy designs treat a process as an opaque entity that has a “bag” of permissions to access some OS resources at any time, in any order. Now that the sensitive data that we most want to protect may never touch the filesystem or even cross a process boundary, these designs fail at their purpose. We introduce a design that has a much higher granularity of protection, yet is compatible with existing ABI, standard build chains, and binary utilities. |
| 2:35 PM | 2:50 PM | Break | |
| 2:50 PM | 3:30 PM | Andrew Ruef | Build It Break It Competition We created a competition where students design and implement secure programs, and identify bugs in each other’s programs. We’ll talk about the design of the competition, the data we’ve gathered from executing the competition, our plans for future competitions, and what the data is telling us about software security, programming languages, education, and software development. |
| 3:30 PM | 4:10 PM | Ram Shankar Siva Kumar, John Walton | Subverting machine learning detections for fun and profit If you are using Machine learning in your feature, it can be attacked! This talk is a primer on Adversarial Machine learning wherein we show how attackers can manipulate machine learning systems to get the result they want you to see. You will learn how to protect yourself and detect such attacks. You don’t need to know about Machine learning to attend this talk – we’ve got you covered. |
| 4:10 PM | 4:40 PM | Lightning Talks |
October 10th, 2014
| 9:00 AM | 10:00 AM | Lightning Talks & Breakfast | |
|---|---|---|---|
| 10:00 AM | 10:40 AM | Benjamin Delpy, Chris Campbell, Skip Duckwall | The Attacker’s View of Windows Authentication and Post Exploitation part 1 This talk will focus on the how Windows authentication works in the real world and what are the popular attacks against it. You will learn the thought process of attackers in the real world and how it differs from a defender’s perspective. We’ll also cover post-exploitation tools and techniques such as Mimikatz. Finally, we’ll discuss next steps – How do you design services that are breach-resistant and make authentication harder to crack. |
| 10:40 AM | 11:20 AM | Benjamin Delpy, Chris Campbell, Skip Duckwall | The Attacker’s View of Windows Authentication and Post Exploitation part 2 |
| 11:20 AM | 11:35 AM | Break | |
| 11:35 AM | 12:15 PM | Ho John Lee | Privacy and Security in a Personalized Services World An introduction and discussion of current policy issues around personalized mobile and cloud-based knowledge services. In this talk you will learn about some of the privacy and policy issues associated with large scale, cloud based personalization that are different from those in web search, email, or social networks. I will also present some concepts and patterns for building mobile and personalized services that honor individual user data obligations while also enabling offline data analysis and global, low latency serving infrastructure. |
| 12:15 PM | 12:55 PM | Bo Qu | The failure and success in IE fuzzing The road to success is often paved with failure. In this presentation we will discuss the mistakes and challenges we overcame while developing our fuzzer that has successfully discovered over 100 vulnerabilities in Internet Explorer. Welcome to the school of hard knocks! |
| 12:55 PM | 1:55 PM | Lunch | |
| 1:55 PM | 2:35 PM | John Walton | Next Generation Advanced Persistent Threat™ What will tomorrow’s threat landscape, look like? How can attacks become even more advanced than we are observing today? What will the adversary’s arsenal contain? The Next Generation Advanced Persistent Threat™ talk will peer into the future and these exact questions. Come discover how we will continue to be outmaneuvered during every phase of the cyber kill chain |
| 2:35 PM | 2:55 PM | David Finn | Fighting Cybercrime with Big Data The Microsoft Digital Crimes Unit (“DCU”) is a team of about 100 people, including former prosecutors, law enforcement officials, security analysts, investigators, attorneys, and intelligence analysts, dedicated to the fight against global cybercrime. In this presentation about DCU’s CSI-like blend of crime fighting and technology, find out how Big Data and analytics is revolutionizing everything DCU does – helping protect internet users, and disrupting and dismantling criminal organizations all over the world. |
| 2:55 PM | 3:10 PM | Break | |
| 3:10 PM | 3:30 PM | Alexandra Savelieva, Daniel Eshner, Nuwan Ginige, Mohammad Usman | Data Isolation In Multitenant Cloud Environment In our talk, you’ll learn about a new solution that we built to address the problem of managing access to data across various fabrics and processing environments to mitigate top security threats of a cloud-based distributed application platform shared by multiple partners, including isolation of mutually distrustful tenant applications running side-by-side on a commodity server. |
| 3:30 PM | 4:30 PM | Daniel Edwards | Engineer’s guide to DDOS Are you ready to discuss DDoS? Can your online service be weaponized to attack? It’s already happened to others. Is yours next? |