Where did the summer go? This year the BlueHat Security Conference moved forward in the schedule to late September. Next year it will settle into a steady orbit of early October moving forward. With that change in schedule, it is hard to believe that it is time to reveal the schedule for BlueHat v18. We had nearly one hundred fifty submissions spanning the gamut of security topics and presenters. That made for some tough choices for the content advisory board and a schedule that will leave wishing you could be in multiple talks at the same time. On behalf of the content advisory board, I want to thank everyone who submitted a paper for consideration. There were a lot of great ideas, but we could not put all of them on stage for this instance of BlueHat. We look forward to continuing the security conversation with you in the future.
Microsoft is proud to announce the schedule for the BlueHat v18 Security Conference.
| Wednesday, September 26, 2018 | General Audience | ||||
| TRACK | Time | Speaker | Company | Talk Subject |
| KEYNOTE | 9:00 – 9:50 AM | Chris Deibler | Twitch | Surviving Cynicism and Building Happy Security Teams |
| Track 1 – On the Frontier | 10:00 – 10:50 AM | Tim MalcomVetter | Walmart | “If we win, we lose” |
| 11:00 – 11:50 AM | Karen Easterbrook
Brian LaMacchia |
Microsoft | Record Now, Decrypt Later: Future Quantum Computers Are A Present Threat | |
| Track 1 – Mitigating Attack Classes | 1:00 – 1:50 PM | Arshan Dabirsiaghi
Matt Austin |
Contrast Security | DEP for the Application Layer – Time for AppSec to Grow Up |
| 2:00 – 2:50 PM | Mingbo Zhang
Saman Zonouz |
Rutgers University | A mitigation for kernel TOCTOU vulnerabilities | |
| 3:30 – 4:00 PM | Yunhai Zhang | NSFOCUS | Mitigation Bypass: The Past, Present, and Future | |
| 4:10 – 5:00 PM | Jordan Rabet | Microsoft | Hardening Hyper-V Through Offensive Security Research | |
| Track 2 – It is all about the Data | 10:00 – 10:50 AM | Matti Neustadt Storie
Alex Harmon Chris Mills |
Microsoft | The Law of Unintended Consequences: GDPR Impact on Cybersecurity Readiness and Response |
| 11:00 – 11:50 AM | Gabriel Kirkpatrick | Microsoft | Securely Handling Data in Marginalized Communities | |
| Track 2 – Observations in the Wild | 1:00 – 1:50 PM | Fabio Assolini | Kaspersky Lab | Shoot first, ask later: strategies to defend the most phished country in the world |
| 2:00 – 2:50 PM | Luke Jennings | Countercept | Memory Resident Implants – Code Injection is Alive and Well | |
| 3:30 – 4:00 PM | Elia Florio | Microsoft | Software Supply Chain attacks in 2018: predictions vs reality | |
| 4:10 – 5:00 PM | Dana Baril
Alan Chan |
Microsoft | May I see your credentials, please? | |
| Track 3 – Secure Development | 10:00 – 10:50 AM | Everett Maus | Microsoft | Go Build A Tool: Best Practices for Building a Robust & Effective Developer Security Tooling |
| 11:00 – 11:50 AM | David Hurley
Bryan Jeffrey Naveed Ahmad |
Microsoft | Improving Security Posture through Increased Agility with Measurable Effectiveness at Scale | |
| Track 3 – Towards a Better Ecosystem | 1:00 – 1:50 PM | Mechele Gruhn | Microsoft | MSRC Listens |
| 2:00 – 2:50 PM | Bobby O’Brien
Jan Neutze Ginny Badanes |
Microsoft | Cybersecurity for the Defense of Democracy | |
| 3:30 – 4:00 PM | Emily Schecter | Evolving Chrome’s Security Indicators | ||
| 4:10 – 5:00 PM | Brian Gorenc | Trend Micro | Modern Day Entomology – Examining the Inner Workings of the Bug Bazaar | |
| Thursday, September 27, 2018 | General Audience | ||||
| TRACK | Time | Speaker | Company | Talk Subject |
| Track 1 – The Battle on the Box | 9:00 – 9:50 AM | Anthony LAOU HINE TSUEI
Peter Hlavaty |
Tencent | WSL reloaded: let’s try to do better fuzzing |
| 10:00 – 10:50 AM | Zhuo Ma | Tencent | Massive Scale USB Device Driver Fuzz WITHOUT device | |
| 11:00 – 11:50 AM | Matt Oh | Microsoft | Return of the kernel rootkit malware (on Windows 10) | |
| Track 1 – Machine Learning & AI In Practice | 1:00 – 1:50 PM | Geoff McDonald
Moustafa Saleh |
Microsoft | Badly behaving scripts: Meet AMSI script behavior instrumentation and machine learning |
| 2:00 – 2:50 PM | Jugal Parikh
Holly Stewart |
Microsoft | Protecting the Protector, Hardening machine learning defenses against adversarial attacks | |
| 3:30 – 4:00 PM | Naveed Azeemi Ahmad
Samuel Crisanto |
Microsoft | Crafting synthetic attack examples from past cyber-attacks for applying Supervised Machine Learning in Cyber Defense. | |
| 4:10 – 5:00 PM | Abhishek Singh
Aditya Joshi |
Microsoft | Linear Time Shellcode Detection Using State Machines and Operand Analysis on the Runtime | |
| Track 2 – Exploiting Hardware Safeguards | 9:00 – 9:50 AM | Andrea Allievi | Microsoft | Retpoline – the Anti-spectre type 2 Mitigation in Windows |
| 10:00 – 10:50 AM | Jean-Ian Boutin
Frédéric Vachon |
ESET Corporation | First STRONTIUM UEFI Rootkit Unveiled | |
| 11:00 – 11:50 AM | Olle Segerdahl
Pasi Saarinen |
F-Secure | An ice-cold Boot to break BitLocker | |
| Track 2 – Cloud | 1:00 – 1:50 PM | Zisis Sialveras | Census Labs | Straight Outta VMware: Modern exploitation of the SVGA device for guest-to-host escapes |
| 2:00 – 2:50 PM | Ross Bevington | Microsoft | The Matrix has you – protecting Linux using deception | |
| 3:30 – 4:00 PM | Mathias Scherman | Microsoft | Malicious User Profiling Using a Deep Neural Net | |
| 4:10 – 5:00 PM | Jiangping Xu | Microsoft | Scaling Security Scanning | |
| Track 3 – Behind the Attacks | 9:00 – 9:50 AM | Christiaan Beek
Jay Rosenberg |
McAfee & Intezer Labs | The Hitchhiker’s Guide to North Korea’s Malware Galaxy |
| 10:00 – 10:50 AM | Matthieu Faou | ESET Corporation | A Turla Gift: Popping calc.exe by sending an email | |
| 11:00 – 11:50 AM | Francisco Donoso | Randori | Killsuit: The Equation Group’s Swiss Army Knife for Persistence, Evasion, and Data Exfil | |
| Track 3 – Front Line with Threat Intelligence | 1:00 – 1:50 PM | Kyle Wilhoit | Palo Alto Networks | False Flag Foibles: Imitating Nation State Actors and Criminals to Befuddle Media and Researchers |
| 2:00 – 2:50 PM | Jagadeesh Parameswaran
Rahul Sachan |
Microsoft | Tales from the SOC: Real-world Attacks Seen Through Azure ATP and Windows Defender ATP | |
| 3:30 – 4:00 PM | Adam Weidemann
Ben Koehl |
Microsoft | MSTIC Threat Intelligence Year In Review | |
| 4:10 – 5:00 PM | Dave Hartley
William Knowles |
MWR InfoSecurity | Overt Command & Control: The Art of Blending In | |
Planning for the conference is well underway. The addition of a workshop day gives participants a chance to mingle and learn together. We are excited to offer a Blackhoodie Reverse Engineering Workshop as part of that day (more here: https://www.blackhoodie.re/Blackhoodie-Bluehat/). Other workshops include threat intelligence workshop and capture the flag competition.
We continue of theme journey through the looking glass as we debut the King of Hearts (sneak a peek here: https://twitter.com/phillip_misner/status/1011410310677200896). For external community members this is an invite-only conference. The initial round of external invites will go out later today with details on how to register and the timeframe for response. The registration site is live for external participants.
Keep watching here for more updates as we get closer to the event.
About BlueHat
BlueHat v18 is a three-day security conference for general audiences. This year that will include two days of conference talks across three tracks and a workshop day. It will be held September 25-27, 2018 at the Microsoft Conference Center here in Redmond. This year will expect over one thousand people in person. The conference is open to invited external guests and Microsoft employees and contingent staff. More details on logistics and about the conference will be posted throughout the summer and fall here on the BlueHat blog. Check back to get the latest here. We look forward to hearing from you and meeting you again in September.
Phillip Misner,
Principal Security Group Manager, MSRC