Join #TeamTrellix at 2023 Black Hat USA and DEF CON

By Trellix · July 24, 2023

We can’t wait to join our customers, partners, and peers in Las Vegas for Black Hat USA, August 9 – 10, and DEF CON, August 10 - 12.

Stop by Trellix Booth 1932 at Black Hat USA to meet face-to-face with Trellix experts, watch interactive demonstrations, catch an in-booth theatre session, and experience first-hand how to reduce time to detect and respond to threats. Our experts will share how you can add the missing page in your ransomware playbook with the most comprehensive, integrated, and open platform, best-of-breed security controls, and XDR capabilities.

Interactive demonstrations will cover:

• Trellix Endpoint Security: Keep organizations safe and resilient with comprehensive visibility and control to secure endpoints before, during, and after attacks.
• Trellix XDR: Quickly reveal the alerts and events that matter, cross correlating across vectors to easily determine the critical steps to stop the attack.
• Trellix Data Security: Discover, classify, and protect data at rest, in use, and in motion across the organization, helping SOC analysts quickly identify high-priority threats to the organization.
• Trellix Collaboration Security: Ensure external partners, suppliers, vendors, contractors, and customers can work together securely across the extended enterprise.

Cyber threats are gaining technical sophistication and economic and geopolitical impact. Trellix protects our 40,000 global customers and arms them with the tools and skills to defuse threats. Trellix’s Advanced Research Center is at the forefront of threat hunting and intelligence. Our 250+ threat researchers analyze the latest attack vectors and telemetry from hundreds of millions of sensors to provide emerging threat responses and ensure product efficacy.

This year, at Black Hat USA and DEF CON, Trellix Advanced Research Center will showcase its efforts to lead the industry with research and insights into emerging threats, vulnerabilities, and technologies.

Sessions at Black Hat USA

Speaking Session: SHAREM: Advanced Windows Shellcode Analysis Framework with Ghidra Plugin

• Max Kersten, Malware Analyst, Trellix, and Co-Presenters Dr. Bramwell Brizendine and Jake Hince
• Discover the power of SHAREM, an advanced Windows shellcode analysis framework integrated with the Ghidra plugin. Our experts will showcase how this tool enhances your ability to analyze and combat sophisticated Windows-based attacks.
• Wednesday, August 9 | 4:00-5:30pm
  Business Hall, Arsenal Station 3

Speaking Session: Unveiling the Shadows: Understanding Information Stealers and the Genesis Market Takedown for Enhanced Cyber Defenses

• Taylor Mullins, Consulting Solutions Engineer, Trellix
• In this session, we delve into the world of information stealers, examining their methods, motivations, and the impact of their activities on victims. We explore the Genesis market takedown as a case study, shedding light on the inner workings of a major underground cybercrime marketplace that facilitated the sale of stolen credentials. By the end of this session, participants will gain a comprehensive understanding of information stealers, the Genesis market takedown, and practical steps to enhance their organization's defenses against these sophisticated attack vectors.
• Wednesday, August 9 | 12:40-1:30pm
  Business Hall, Theater B

Sessions at DEF CON

Workshop: DotNet Malware Analysis Masterclass workshop

• Max Kersten, Malware Analyst, Trellix
• DotNet based malware originally started out as a novelty, but has shown it is here to stay. With DotNet malware being used by APT actors and script kiddies, and anything in-between, it is safe to say that one will encounter it sooner rather than later. This four-hour workshop primarily focuses on the analyst mindset and fundamental knowledge, including topics such as loaders, unpacking, obfuscation, DotNet internals, and (un)managed hooks.
• Thursday, August 10 | 2:00-6:00pm

Speaking Session: Game-Changing Advances in Windows Shellcode Analysis

• Max Kersten, Malware Analyst, Trellix, and Co-Presenters Dr. Bramwell Brizendine and Jake Hince
• Shellcode is omnipresent, seen or unseen. Yet tooling to analyze shellcode is lacking. We present the cutting-edge SHAREM framework to analyze enigmatic shellcode.vSHAREM can emulate shellcode, identifying 20,000 WinAPI functions and 99% of Windows syscalls. In some shellcode, some APIs may never be reached, due to the wrong environment, but SHAREM has a new solution: Complete code coverage preserves the CPU register context and memory at each change in control flow. Once the shellcode ends, it restarts, restoring memory and context, ensuring all functionality is reached and identifying all APIs.
• Friday, August 11 | 3:30-4:15pm
  Track 4

Speaking Session: Power Corrupts: Corrupt It Back! Hacking Power Management in Data Centers

• Sam Quinn, Senior Security Researcher, Trellix, and Jesse Chick, Security Researcher, Trellix
• Our current administration lists "Defend Critical Infrastructure" as the DEF CON Forums item in the 2023 National Cybersecurity Strategy. At the intersection of governmental and corporate concerns is data center security, a trend that is bound to continue as more and more operations move to the cloud. This talk details our findings in the domain of power management, the first category in a broader effort to investigate the security of critical data center components.
• Saturday, August 12 | 2:00-2:45pm
  Track 4

For the latest information and announcements surrounding both events, follow #BHUSA and check out the Trellix event site.

See you in Las Vegas!