September is here! The dash from the close of the call for papers to now has been amazing. We had nearly two hundred submissions spanning the gamut of security topics and presenters. The result is a solid schedule that will challenge and educate all attendees. On behalf of the content advisory board, I want to thank everyone who submitted a paper for consideration. There were a lot of great ideas, but we could not put all of them on stage for this instance of BlueHat. We look forward to continuing the security conversation with you in the future.
Microsoft is proud to announce the schedule for the BlueHat v17 Security Conference.
|
Wednesday, November 8th, 2017 | General Audience |
||||
|---|---|---|---|---|
| TRACK | Time | Speaker | Company | Talk Subject |
| KEYNOTE | 9:00 – 9:50 AM | Merike Kaeo | Farsight Security | Keynote |
| Track 1 -Encrypt all the things | 10:00 – 10:50 AM | Alban Diquet Thomas Sileo |
Data Theorem | Where, how, and why is SSL traffic on mobile getting intercepted? A look at three million real-world SSL incidents |
| 11:00 – 11:50 AM | Joseph Salowey | Tableau Software | TLS 1.3 – Full speed ahead… mind the warnings – the great, the good and the bad | |
| Track 1 – Battles in Silicon | 1:00 – 1:50 PM | Alex Matrosov | Cylance | Betraying the BIOS: Where the Guardians of the BIOS are Failing |
| 2:00 – 2:50 PM | Niek Timmers Cristofaro Mune |
Riscure B.V. &
Independent Embedded Security Consultant |
KERNELFAULT: R00ting the Unexploitable using Hardware Fault Injection | |
| 3:00 – 3:50 PM | Rob Turner | Qualcomm Technologies | Raising the Bar: New Hardware Primitives for Exploit Mitigations | |
| 4:00 – 4:50 PM | Gunter Ollmann | Microsoft | Extracting Secrets from Silicon – A New Generation of Bug Hunting | |
| Track 2 – Hey Microsoft, you got it wrong! | 10:00 – 10:50 AM | Casey Smith | Red Canary | You Are Making Application Whitelisting Difficult |
| 11:00 – 11:50 AM | Yong Chuan Koh | MWR Infosecurity | Corrupting Memory in Microsoft Office Protected-View Sandbox | |
| Track 2 – Advancing products meet the new threats | 1:00 – 1:50 PM | Saruhan Karademir
David Weston |
Microsoft | Securing Windows Defender Application Guard |
| 2:00 – 2:50 PM | Mark Wodrich
Jasika Bawa |
Microsoft | Mitigations for the Masses: From EMET to Windows Defender Exploit Guard | |
| 3:00 – 3:25 PM | Dean Wells | Microsoft | Don’t let your virtualization fabric become the attack vector | |
| 3:30 – 3:55 PM | Jonathan Birch | Microsoft | Dangerous Contents – Securing .Net Deserialization | |
| 4:00 – 4:50 PM |
Filippo Seracini Lee Holmes |
Microsoft | Born secure. How to design a brand new cloud platform with a strong security posture | |
|
Thursday, November 9th, 2017 | General Audience |
||||
| TRACK | Time | Speaker | Company | Talk Subject |
| Track 1 – I swear it wasn’t me! | 9:00 – 9:50 AM | Kymberlee Price Sam Vaughan |
Microsoft | Down the Open Source Software Rabbit Hole |
| 10:00 – 10:50 AM | Sean Metcalf | Trimarc | Active Directory Security: The Journey | |
| 11:00 – 11:50 AM | Alex Ionescu | Crowdstrike | Baby’s First Bounty: Lessons from bypassing Arbitrary Code Guard | |
| Track 1 – Cloud Chasing | 1:00 – 1:50 PM | Nate Warfield Ben Ridgway |
Microsoft | All your cloud are belong to us; hunting compromise in Azure |
| 2:00 – 2:25 PM | Oran Brill Tomer Teller |
Microsoft | Go Hunt: An automated approach for security alert validation | |
| 2:30 – 2:55 PM | Matt Swann | Microsoft | Scaling Incident Response – 5 keys to successful defense at scale | |
| 3:00 – 3:50 PM | Greg Foss | LogRhythm | PIE – An Active Defense PowerShell Framework for Office365 | |
| 4:00 – 4:50 PM | Mathias Scherman Daniel Edwards Tomer Koren |
Microsoft | Leveraging Honeypots to Train a Supervised Model for Brute-Force Detection | |
| Track 2 – Phishing for Trust | 9:00 – 9:50 AM | Billy Leonard | 10 Years of Targeted Credential Phishing | |
| 10:00 – 10:50 AM | Alex Weinert Dana Kaufman |
Microsoft | Account Compromise 2017: in the Trenches with the Microsoft Identity Security and Protection Team | |
| 11:00 – 11:50 AM | Yacin Nadji | Georgia Institute of Technology | 28 Registrations Later: Measuring the Exploitation of Residual Trust in Domains | |
| Track 2 – Attacking Products | 1:00 – 1:50 PM | Lei Shi Mei Wang |
Qihoo 360 | Out of The Truman Show: VM escape in VMware gracefully |
| 2:00 – 2:50 PM | Matt Nelson | SpecterOps | “_____ Is Not a Security Boundary.” Things I Have Learned and Things That Have Gotten Better from Researching Microsoft Software | |
| 3:00 – 3:50 PM | Alexander Chistyakov | Kaspersky Lab | Detection is not a classification: reviewing machine learning techniques for cybersecurity specifics | |
| 4:00 – 4:50 PM | Andrea Lelli | Microsoft | WannaCrypt + SMBv1.0 vulnerability = One of the most damaging ransomware attacks in history | |
| Track 3 -Threat Intelligence | 9:00 – 9:50 AM | Nick Anderson | Detecting compromise on Windows endpoints with osquery | |
| 10:00 – 10:50 AM | Brian Hooper Jagadeesh Parameswaran |
Microsoft | Tales from the SOC: Real-world Attacks Seen Through Defender ATP | |
| 11:00 – 11:50 AM | Mark Parsons | Microsoft | Using TLS Certificates to Track Activity Groups | |
| 1:00 – 1:50 PM | Chaz Lever | Georgia Institute of Technology | A Lustrum of Malware Network Communication: Evolution and Insights | |
| 2:00 – 2:50 PM | Andrew Brandt | Symantec | Dyre to Trickbot: An inside look at TLS-encrypted command-and-control traffic | |
| 3:00 – 3:25 PM | Alexis Dorais-Joncas Thomas Dupuy |
ESET | Sednit Reloaded: The Bears’ Operations From Christmas to Halloween | |
| 3:30 – 4:50 PM | Chuck McAuley | Ixia Communications | Disrupting the Mirai Botnet | |
View full Conference Agenda and Talk Abstracts
Planning for the conference is well underway. This year we have secured the entire conference center so that we can accommodate even more participants. For external community members this is an invite-only conference. The initial round of external invites will go out later today with details on how to register and the timeframe for response. The registration site is live for external participants. Keep watching here for more updates as we get closer to the event.
About BlueHat
BlueHat v17 is a two-day security conference for general audiences. It will be held November 8-9, 2017 at the Microsoft Conference Center here in Redmond. This year will see a larger event, over one thousand people expected in person, as BlueHat welcomes partners from the Microsoft Security Response Alliance Summit. The conference is open to invited external guests and Microsoft employees and contingent staff. More details on logistics and about the conference will be posted throughout the summer and fall here on the BlueHat blog. Check back to get the latest here. We look forward to hearing from you and meeting you again in November.
Phillip Misner,
Principal Security Group Manager, MSRC