RiskSense, a pioneering risk-based vulnerability management and prioritization, and a Platinum Award Winner in the 2018 ‘ASTORS’ Homeland Security Awards Program returning to compete in the 2019 ‘ASTORS’ Awards Program, has announced that senior security analysts and penetration testing experts Sean Dillon and Nate Caroe will present a deep dive session titled on new features added to the Koadic white hat hacking tool at Black Hat USA 2019 in Las Vegas.
(Its time for the Black Hat USA 2019 – August 2-8, 2019. Mandalay Bay, Las Vegas. Courtesy of Informa Tech and YouTube.)
Koadic: Two Years of Mischief
WHO:
-
Sean Dillon (aka @zerosum0x0), senior security analyst at RiskSense, has years of experience in penetration testing, exploit reverse engineering and malware research especially around the Microsoft Windows kernel.
-
Sean is a co-author of the ETERNALBLUE and other MS17-010 Metasploit exploit modules. He was the first to publish a reverse engineering analysis of the DOUBLEPULSAR SMB backdoor.
-
Sean has taught workshops on Windows internals at DEF CON and to government agencies.
-
Nate Caroe (@The_Naterz) is a Senior Security Analyst at RiskSense.
-
He is one of the initial contributors and lead maintainer of Koadic.
-
He has performed extensive exploration into exploitation and tool automation.
WHAT:
-
Koadic, a post-exploitation toolkit that leverages the Windows Script Host to provide all the features of a remote access trojan (RAT), was first released by Sean at DEF CON in 2017, and has since seen two years of development.
-
Koadic is robust enough to have been chosen in nation-state cyberespionage campaigns by APT favorites such as Fancy Bear, Stone Panda, and MuddyWater.
-
It has been the tool of choice on the road to domain admin for many pentests, especially in environments where PowerShell and filesystems are heavily audited by antivirus.
-
In this Black Hat USA presentation, Sean and Nate will reveal new capabilities added to Koadic since its introduction two years ago, including the ability to extract information and intelligence about a targeted Windows environment, scrape user credentials more efficiently, and better navigate a network.
-
New payloads have been added since release, such as Squiblytwo WMIC.exe XSL files (discovered by SubTee and Mattifestation) and Bitsadmin.exe transfer jobs.
-
-
-
Existing payloads have been upgraded to include obfuscation and antivirus evasion.
-
Several new implants have been added, including UAC bypasses via slui, fodhelper, compmgmtlauncher, and compdefaults.
-
A loot finder module automates the process of finding files which may contain sensitive data.
-
Persistence is now available via registry autoruns, WMI, and scheduled tasks.
-
“One shot” stagers now allow an implant to be run immediately on a zombies first call home.
-
A new credential storage feature has been added, transforming Mimikatz outputs acquired into a readily searchable format.
-
A full fledged API is also available, allowing all available functionality of the toolkit to be automated through HTTP interactions.
-
There are innumerable bug fixes, improvements to reliability, and additional stealth since the initial release, with new features being added regularly.
-
-
Sean and Nate will also discuss best practices on how to use the tool for discovering and remediating security vulnerabilities in Windows systems to protect them from future attacks.
Next week at #BHUSA19 visit us at booth #2315. We’d love to meet you!#security https://t.co/aoNWkI82Zo
Also, be sure to catch our @zerosum0x0, creator of #Koadic, for his #BHUSA session “Koadic: 2 Years of Mischief” on Thu, Aug. 8; 1:00pm-2:20pm at Business Hall, Arsenal 10. pic.twitter.com/Pvn3tgOx6K— RiskSense (@RiskSense) August 1, 2019
WHEN:
-
Thursday, August 8
-
1:00pm-2:20pm
-
Track: Malware Offense
-
Session Type: Arsenal
WHERE:
-
Black Hat USA 2019
-
Business Hall (Oceanside), Arsenal Station 10
-
Mandalay Bay | Las Vegas
C-Suite Leaders Share their Expertise with Pioneer in Risk-based Vulnerability Management and Prioritization
Additionally, five leading chief IT security executives recently joined RiskSense’s new Technology Advisory Board, to bring a unique perspective on security, privacy and risk management to the Board.
“Each of our advisory board members are highly respected practitioners, thought leaders and advocates that have made significant contributions to advance IT security over the course of their careers,” commented Dr. Srinivas Mukkamala, co-founder and CEO of RiskSense on the company’s new Technology Advisory Board.
“Their hands-on experience, expertise, and insights will be invaluable in helping RiskSense continue to push the boundaries of product innovation for security vulnerability risk management, while ensuring we are addressing the top priorities of Chief Information Security Officers.”
RiskSense Technology Advisory Board Members
Macy Dennis, Chief Security Officer (CSO) for EVOTEK,
-
Dennis is also founder and Chairman of the Board of the San Diego CISO Round Table, an ecosystem for CISOs.
-
He serves on the California Governor’s Cyber Taskforce, Cyber Center of Excellence and Security Advisory Alliance, and was nominated for the National Counterintelligence Award. Previously, he was an Executive Director in the Office of the CISO at Optiv, CISO at Kratos Defense and CISO at Amylin Pharmaceuticals.
-
He has also held security leadership roles at American Express, Trimble Navigation, Echostar, and Winstar Wireless.
Joel Fulton, Ph.D., Chief Information Security Officer (CISO) for Splunk
-
Fulton is responsible for developing, implementing and overseeing Splunk’s enterprise security and risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by Splunk products.
-
Prior to Splunk, Joel held security leadership positions at Google, Symantec, Starbucks, and Boeing.
-
He is a recognized expert and frequent keynote speaker on insider threats, AI/machine learning and cybersecurity, pragmatic risk management, and global security management.
Shaun Khalfan, Vice President, Information Security at Federal Home Loan Mortgage Corporation (Freddie Mac)
-
Khalfan heads the information security program and strategy, including security architecture, operations, and engineering to manage information security risk across the company.
-
Previously, Shaun served as CISO for U.S. Customs and Border Protection, and was Director of Cybersecurity for the Department of the Navy Chief Information Officer.
-
He has held cybersecurity leadership roles at the U.S. Department of Defense, the U.S Navy, and the U.S. Army.
-
Shaun is a fellow with the American Council for Technology and an adjunct professor at Carnegie Mellon University.
Jason Lish, Chief Security, Privacy and Data Officer for Advisor Group,
-
Advisor Group is one of the largest networks of independent wealth management firms in the United States.
-
Jason has over 20 years of experience managing global IT departments for Fortune 100 and 500 companies including Charles Schwab, where he was Senior Vice President, Security Technology & Operations, and Honeywell International where he led global cyber security strategy and operations.
-
He also served as Executive Vice President, CSO and CIO for Alight Solutions, a provider of health, wealth and HR solutions.
Andrew Stone, Chief Technology Officer (CTO) Americas for Pure Storage (PSTG: NYSE),
-
Andrew supports the development of next generation data storage and protection technologies.
-
Previously he served as U.S. and Global CTO and Chief Security Technology Officer for PricewaterhouseCoopers (PwC), Global Head of Innovation, Technology & Security Architecture and Chief Security Technology Officer for Zurich Insurance Company, and CISO for Farmers Insurance Group.
RiskSense Competes in 2019 ‘ASTORS’ Homeland Security Awards Program
RiskSense
-
Best Best Cyber Risk Management
-
RiskSense Platform
As a 2019 ‘ASTORS’ Homeland Security Awards Program Competitor, RiskSense will be competing against the industry’s leading providers of Vulnerability Management Solutions.
The 2019 ‘ASTORS’ Homeland Security Awards Program is Proudly Sponsored by ATI Systems, Attivo Networks, Automatic Systems, and Desktop Alert.
The Annual ‘ASTORS’ Awards Program is specifically designed to honor distinguished government and vendor solutions that deliver enhanced value, benefit and intelligence to end users in a variety of government, homeland security and public safety vertical markets.
The 2018 ‘ASTORS’ Awards Program drew an overwhelming response from industry leaders with a record high number of corporate and government nominations received, as well as record breaking ‘ASTORS’ Presentation Luncheon Attendees, with top firms trying to register for the exclusive high – end luncheon and networking opportunity – right up to the event kickoff on Wednesday afternoon, at the ISC East registration!
Over 130 distinguished guests representing National, State and Local Governments, and Industry Leading Corporate Firms, gathered from across North America, Europe and the Middle East to be honored among their peers in their respective fields which included:
- The Department of Homeland Security
- The Federal Protective Service (FPS)
- Argonne National Laboratory
- The Department of Homeland Security
- The Department of Justice
- The Security Exchange Commission Office of Personnel Management
- U.S. Customs and Border Protection
- Viasat, Hanwha Techwin, Lenel, Konica Minolta Business Solutions, Verint, Canon U.S.A., BriefCam, Pivot3, Milestone Systems, Allied Universal, Ameristar Perimeter Security and More!
The Annual ‘ASTORS’ Awards is the preeminent U.S. Homeland Security Awards Program highlighting the most cutting-edge and forward-thinking security solutions coming onto the market today, to ensure our readers have the information they need to stay ahead of the competition, and keep our Nation safe – one facility, street, and city at a time.
Time is Running Out to Enter the 2019 ‘ASTORS’ Homeland SecurityAwards and Receive thee Recognition Your Organization Deserves!
https://americansecuritytoday.com/ast-awards/
Comprehensive List of Categories Include:
| Access Control/ Identification | Personal/Protective Equipment | Law Enforcement Counter Terrorism |
| Perimeter Barrier/ Deterrent System | Interagency Interdiction Operation | Cloud Computing/Storage Solution |
| Facial/IRIS Recognition | Body Worn Video Product | Cyber Security |
| Video Surveillance/VMS | Mobile Technology | Anti-Malware |
| Audio Analytics | Disaster Preparedness | ID Management |
| Thermal/Infrared Camera | Mass Notification System | Fire & Safety |
| Metal/Weapon Detection | Rescue Operations | Critical Infrastructure |
| License Plate Recognition | Detection Products | And Many Others! |
Don’t see a Direct Hit for your Product, Agency or Organization?
Submit your category recommendation for consideration to Michael Madsen, AST Publisher at: mmadsen@americansecuritytoday.com.
2018 Champions Edition
See the 2018 ‘ASTORS’ Champions Edition – ‘Best Products of 2018 ‘ Year in Review’ for in-depth coverage of the outstanding products and services of firms receiving American Security Today’s 2018‘ASTORS’ Homeland Security Awards.’
Nominations for the AST 2019 ‘ASTORS’ Homeland Security Awards Program will officially open as of January 1st, 2019 at americansecuritytoday.com.
Enter Early to Maximize Media Coverage of your Products and Services at Kickoff, and Get the Recognition Your Organization Deserves!
And be sure to Register Early for the 2019 ‘ASTORS’ Awards Presentation Luncheon at ISC East 2019 to ensure your place at this limited- space event!
Why the 2018 ‘ASTORS’ Homeland Security Awards Program?
American Security Today’s comprehensive Annual Homeland Security Awards Program is organized to recognize the most distinguished vendors of physical, IT, port security, law enforcement, and first responders, in acknowledgment of their outstanding efforts to ‘Keep our Nation Secure, One City at a Time.’
Why American Security Today?
American Security Today is uniquely focused on the broader Homeland Security & Public Safety marketplace with over 70,000 readers at the Federal, State and local levels of government as well as firms allied to government.
The old traditional security marketplace has been covered by a host of security publications that have changed little over many years.
American Security Today brings forward a fresh compelling look and read with our customized digital publications that provides our readers with solutions to their challenges.
Our Editorial staff provides a full plate of topics for our AST monthly digital editions, AST Website and AST Daily News Alerts.
The editorial calendar and AST’s high drawing website features 23 different Technology and Marketing Sectors such as Access Control, Perimeter Protection, Video Surveillance/Analytics, Airport Security, Border Security, CBRNE Detection, Border Security, Ports, Cybersecurity, Networking Security, Encryption, Law Enforcement, First Responders, Campus Security, Security Services, Corporate Facilities and Emergency Response among others.
These sectors are part of the new integration, where these major applications communicate with one another in a variety of solutions to protect our cities and critical infrastructure.
AST has Expanded readership into vital Critical Infrastructure audiences such as Protection of Nuclear Facilities, Water Plants & Dams, Bridges & Tunnels, and other Potential targets of terrorism.
Other areas of concern include Transportation Hubs, Public Assemblies, Government Facilities, Sporting & Concert Stadiums, our Nation’s Schools & Universities, and Commercial Business Destinations – enticing targets for extremist or lone wolf attacks due to the large number of persons and resources clustered together.
RiskSense provides vulnerability management and prioritization to measure and control cybersecurity risk.
The cloud-based RiskSense platform uses a foundation of risk-based scoring, analytics, and technology-accelerated pen testing to identify critical security weaknesses with corresponding remediation action plans, dramatically improving security and IT team efficiency and effectiveness.
Learn More…
RiskSense Platform Now Addresses Security & IT Operations Gaps (Video)
