...calendar of events
Trainings
October 3rd (Monday) - 5th (Wednesday)
ℹ️ Note:
Trainings occur prior to the conference, and are separate from general conference attendance. Information on signing up (and paying) for trainings, can be found on the main training page.
Trainings occur prior to the conference, and are separate from general conference attendance. Information on signing up (and paying) for trainings, can be found on the main training page.
| Training: "Threat Hunting macOS" | |
|---|---|
|
Jaron Bradley |
|
Room: TBD |
|
October 4th (Tuesday) - 5th (Wednesday) |
|
10:00 am - 4:30 pm |
|
Whether you're new to threat hunting or an experienced threat hunter this two day course will bring an in-depth and hands on experience to those looking to deep dive into using macOS internals to their advantage for threat hunting. Learn how to use the less commonly used artifacts to hunt down malicious activity in your environment.
This course uses simulated attack data collected with the Apple Endpoint Security Framework and teaches attendees how to connect the dots to determine what took place on the system. For more information and/or to sign up, see: "macOS Threat Hunting" |
| Training: "The Art of Mac Malware: Detection & Analysis" | |
|---|---|
|
|
Patrick Wardle |
|
|
Room: TBD |
|
|
October 3rd (Monday) - 5th (Wednesday) |
|
|
10:00 am - 4:30 pm |
|
|
As macOS grows in popularity, so does the prevalence of malware targeting this platform.
In this content-packed three-day course, Mac security expert and author, Patrick Wardle will teach the tools & techniques to comprehensively detect and analyze threats targeting macOS.
For more information and/or to sign up, see: "The Art of Mac Malware: Detection & Analysis" |
| Training: "Arm Reverse Engineering & Exploitation" | |
|---|---|
|
|
Maria Markstedter |
|
|
Room: TBD |
|
|
October 3rd (Monday) - 5th (Wednesday) |
|
|
10:00 am - 4:30 pm |
|
|
Go from zero to shell, by learning Arm 32-bit & 64-bit assembly, reversing binaries, debugging real vulnerabilities, and writing exploits.
For more information and/or to sign up, see: "Arm Reverse Engineering & Exploitation". |
Talks
October 6th (Thursday) - 7th (Friday)
Thursday, Oct. 6th
.png)
Registration
|
|
|---|---|
|
|
09:00 am - 10:00 am |
|
|
Come pick up your badge ...and scoop up some conference swag! |
.png)
Welcome
|
|
|---|---|
|
|
10:00 am - 10:10 am |
.png)
"Bombastically Abominating Bomshellz" (Jaron Bradley & Ferdous Saljooki)
|
|
|---|---|
|
|
10:10 am - 10:35 am |
|
|
Full Abstract |
|
"Fugu15 - The journey to jailbreaking iOS 15.4.1" (Linus Henze)
|
|
|---|---|
|
|
10:40 am - 11:30 am |
|
|
Full Abstract |
|
"Tales from developing and deploying EndpointSecurity in osquery" (Sharvil Shah)
|
|
|---|---|
|
|
11:35 am - 12:00 pm |
|
|
Full Abstract |
|
"In Walled Gardens be Careful of Poisoned Apples" (Matthias Frielingsdorf)
|
|
|---|---|
|
|
12:05 pm - 12:30 pm |
|
|
Full Abstract |
.png)
Lunch
|
|
|---|---|
|
|
12:30 pm - 02:00 pm (1.5 hrs) |
|
"Pivoting into Mac Malware Analysis for the First Time" (Kristen Del Rosso)
|
|
|---|---|
|
|
02:00 pm - 02:25 pm |
|
|
Full Abstract |
|
"What happens on your Mac, stays on Apple's iCloud?!" (Wojciech Regula)
|
|
|---|---|
|
|
02:30 pm - 02:55 pm |
|
|
Full Abstract |
|
"Sandboxing with ESF Playground on macOS" (Matt Carman)
|
|
|---|---|
|
|
02:55 pm - 03:20 pm |
|
|
Full Abstract |
|
"Learning how to Machine Learn - Classifying MachO Malware" (Kimo Bumanglag)
|
|
|---|---|
|
|
03:25 pm - 03:50 pm |
|
|
Full Abstract |
.png)
Afternoon Break
|
|
|---|---|
|
|
03:50 pm - 04:05 pm (20 minutes) |
|
"Abusing iPhone Co-Processors for Privilege Escalation" (Ian Beer)
|
|
|---|---|
|
|
04:10 pm - 04:35 pm |
|
|
Full Abstract |
|
"In the Aftermath" (Stuart Ashenbrenner & Matt Benyo)
|
|
|---|---|
|
|
04:40 pm - 05:05 pm |
|
|
Full Abstract |
|
"ATT&CKing Pandas: Drawing out ATT&CK Techniques in the Wild" (Cat Self)
|
|
|---|---|
|
|
05:05 pm - 05:30 pm |
|
|
Full Abstract |
.png)
Reception/Party
|
|
|---|---|
|
|
7:00 pm - 9:00 pm |
|
|
Location TBD |
Friday, Oct. 7th
|
Welcome ...to day #2!
|
|
|---|---|
|
|
10:00 am - 10:10 am |
|
"Evolution of the Mac threat landscape" (Thomas Reed)
|
|
|---|---|
|
|
10:10 am - 10:35 am |
|
|
Full Abstract |
|
"Process injection: breaking all macOS security layers with a single vulnerability" (Daan Keuper & Thijs Alkemade)
|
|
|---|---|
|
|
10:40 am - 11:30 am |
|
|
Full Abstract |
|
|
11:35 am - 12:00 pm |
|
|
Full Abstract |
|
"The Achilles heel of EndpointSecurity" (Fitzl Csaba)
|
|
|---|---|
|
|
12:05 pm - 12:30 pm |
|
|
Full Abstract |
|
Lunch
|
|
|---|---|
|
|
12:30 pm - 02:00 pm (1.5 hrs) |
|
"Farming The Apple Orchards: Living off the Land Techniques" (Chris Ross & Cedric Owens)
|
|
|---|---|
|
|
02:00 pm - 02:25 pm |
|
|
Full Abstract |
|
"Improving macOS security by reducing authentication prompts" (Mark Morowczynski & Michael Epping)
|
|
|---|---|
|
|
02:30 pm - 03:20 pm |
|
|
Full Abstract |
|
"Handoff All Your Privacy (Again)" (Christine Fossaceca)
|
|
|---|---|
|
|
03:25 pm - 03:50 pm |
|
|
Full Abstract |
|
Afternoon Break
|
|
|---|---|
|
|
03:50 pm - 04:05 pm (20 minutes) |
|
"Lock Picking the macOS Keychain" (Cody Thomas)
|
|
|---|---|
|
|
04:10 pm - 04:35 pm |
|
|
Full Abstract |
|
"Making oRAT Go" (Patrick Wardle)
|
|
|---|---|
|
|
04:40 pm - 05:05 pm |
|
|
Full Abstract |
.png)
Finale (+ prizes!)
|
|
|---|---|
|
|
05:00 pm - 05:30 pm |
|
Drinks on the Beach
|
|
|---|---|
|
|
6:00 pm - |
|
|
Beach Bar (outside hotel) |