Join #TeamTrellix at Black Hat USA 2022

By Trellix · August 8, 2022

This year marks the 25th anniversary of Black Hat USA and we are thrilled to be attending this year! As a proud sponsor and leader of XDR, Trellix will be taking the desert by storm the first-time in company history, making this event one to never forget!

On behalf of the Trellix team, we invite you to the Trellix Networking Lounge, where our world-renowned experts will share their insight on our soulful work and how we are redefining the future of cybersecurity.

For the latest information and announcements surrounding Black Hat USA 2022, be sure to
follow @Trellix #TeamTrellix
and @BlackHatEvents #BHUSA

See you there!

Trellix Black Hat Speaking Sessions

Living Security Powered by Trellix XDR
Sean Morton, VP, Strategy

Wednesday, August 10 | 8 – 8:15AM:
On-demand: Get an exclusive peek at our Trellix XDR platform in action. Watch an executive-led demo of how Trellix XDR gives you the upper hand over threats by bringing detection, prevention, response, and remediation together in a living security ecosystem

Perimeter Breached! Hacking an Access Control System
Steve Povolny, Principal Engineer, & Sam Quinn, Senior Security Researcher

Thursday, August 11 | 10:20 – 11 a.m.: The first critical component to any attack is an entry point. As we lock down our firewalls and sophisticated routers, it can be easy to overlook the network-connected physical access control systems. Trellix uncovered 8 zero-day vulnerabilities leading to remote, unauthenticated code execution on the LNL-4420 access control panel. When combined, these findings lead to full system control including the ability for an attacker to remotely manipulate door locks. To emulate a true nation-state level threat, our team began our research without access to the system firmware. During this presentation, Steve & Sam will deep dive into our hardware hacking process including the challenges faced such as bypassing the bootloader, hardware-based watchdog timers, and authentication.

DotDumper: automatically unpacking DotNet based malware
Max Kersten, Malware Analyst

Thursday, August 11 | 1 – 2:30 p.m.: Analysts at corporations of any size face an ever-increasing amount of DotNet based malware. The malware comes in all shapes and forms, ranging from skiddish stealers all the way to nation state backed targeted malware. The underground market, along with public open-source tools, provide a plethora of ways to obfuscate and pack the malware. Unpacking malware is time consuming, difficult, and tedious, which poses a problem. To counter this, DotDumper automatically dumps interesting artifacts during the malware's execution, ranging from base64 decoded values to decrypted PE files. During this Arsenal session, Max will take attendees through the DotDumper tool and its use.

eBPF ELFs JMPing Through the Windows
Richard Johnson, Senior Principal Security Researcher

Thursday, August 11 | 1:30 – 2:10 p.m.: eBPF is an emerging technology used as a telemetry source across cloud based technologies. While it currently runs on the Linux kernel, last year, Microsoft released a completely new implementation of an eBPF tracing system for Windows which is destined to become a primary telemetry provider in the near future. eBPF for Windows has a complex architecture that leverages program analysis to verify unsigned user code via abstract interpretation before running it in a kernel context — integrity of the software is paramount. This research will be the first public work to analyze and discover security vulnerabilities in the new eBPF for Windows implementation. Our presentation will discuss the capabilities and security model of eBPF for Windows, followed by details of the design and attack surface.

After Black Hat, Trellix Threat Labs will also be at DEFCON speaking on access control systems and on M32C firmware reversing.