Join #TeamTrellix at Black Hat USA 2022
By Trellix · August 8, 2022
This year marks the 25th anniversary of Black Hat USA and we are thrilled to be attending this year! As a proud sponsor and leader of XDR, Trellix will be taking the desert by storm the first-time in company history, making this event one to never forget!
On behalf of the Trellix team, we invite you to the Trellix Networking Lounge, where our world-renowned experts will share their insight on our soulful work and how we are redefining the future of cybersecurity.
For the latest information and announcements surrounding Black Hat USA 2022, be sure to
follow @Trellix #TeamTrellix
and @BlackHatEvents #BHUSA
See you there!
Trellix Black Hat Speaking Sessions
Living Security Powered by Trellix XDR
Sean Morton, VP, Strategy
Wednesday, August 10 | 8 – 8:15AM:
On-demand: Get an exclusive peek at our Trellix XDR platform in action. Watch an executive-led demo of how Trellix XDR gives you the upper hand over threats by bringing detection, prevention, response, and remediation together in a living security ecosystem
Perimeter Breached! Hacking an Access Control System
Steve Povolny, Principal Engineer, & Sam Quinn, Senior Security Researcher
Thursday, August 11 | 10:20 – 11 a.m.: The first critical component to any attack is an entry point. As we lock down our firewalls and sophisticated routers, it can be easy to overlook the network-connected physical access control systems. Trellix uncovered 8 zero-day vulnerabilities leading to remote, unauthenticated code execution on the LNL-4420 access control panel. When combined, these findings lead to full system control including the ability for an attacker to remotely manipulate door locks. To emulate a true nation-state level threat, our team began our research without access to the system firmware. During this presentation, Steve & Sam will deep dive into our hardware hacking process including the challenges faced such as bypassing the bootloader, hardware-based watchdog timers, and authentication.
DotDumper: automatically unpacking DotNet based malware
Max Kersten, Malware Analyst
Thursday, August 11 | 1 – 2:30 p.m.: Analysts at corporations of any size face an ever-increasing amount of DotNet based malware. The malware comes in all shapes and forms, ranging from skiddish stealers all the way to nation state backed targeted malware. The underground market, along with public open-source tools, provide a plethora of ways to obfuscate and pack the malware. Unpacking malware is time consuming, difficult, and tedious, which poses a problem. To counter this, DotDumper automatically dumps interesting artifacts during the malware's execution, ranging from base64 decoded values to decrypted PE files. During this Arsenal session, Max will take attendees through the DotDumper tool and its use.
eBPF ELFs JMPing Through the Windows
Richard Johnson, Senior Principal Security Researcher
Thursday, August 11 | 1:30 – 2:10 p.m.: eBPF is an emerging technology used as a telemetry source across cloud based technologies. While it currently runs on the Linux kernel, last year, Microsoft released a completely new implementation of an eBPF tracing system for Windows which is destined to become a primary telemetry provider in the near future. eBPF for Windows has a complex architecture that leverages program analysis to verify unsigned user code via abstract interpretation before running it in a kernel context — integrity of the software is paramount. This research will be the first public work to analyze and discover security vulnerabilities in the new eBPF for Windows implementation. Our presentation will discuss the capabilities and security model of eBPF for Windows, followed by details of the design and attack surface.
After Black Hat, Trellix Threat Labs will also be at DEFCON speaking on access control systems and on M32C firmware reversing.
Mar 15, 2023
Trustwave and Trellix Announce Strategic Partnership to Deliver Best-in-Class Managed Detection and Response to Protect Global Organizations
Feb 22, 2023
Trellix Finds LockBit Ransomware Gang Most Apt to Leak Stolen Data
Feb 8, 2023
Trellix Launches Xtend Global Channel Partner Program
Feb 6, 2023
President Biden Names Bryan Palma to National Security Telecommunications Advisory Committee
Jan 17, 2023
Trellix Endpoint Scores 100% Detection with Zero False Positives in Latest SE Labs Endpoint Security Test
Our CEO On Living Security
By Bryan Palma · January 19, 2022
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
Time to Drive Change by Challenging the Challengers
By Michelle Salvado · January 19, 2022
Dynamic threats call for dynamic security – the path to resiliency lies in XDR.
2022 Threat Predictions
By Trellix · January 19, 2022
What cyber security threats should enterprises look out for in 2022?
Get the latest
We’re no strangers to cybersecurity. But we are a new company.
Stay up to date as we evolve.
Zero spam. Unsubscribe at any time.