Locknote: Conclusions and Key Takeaways from Day 2

Presented at Black Hat Europe 2020 Virtual, Dec. 10, 2020, 3:20 p.m. (40 minutes)

<span style="font-size: 10pt;" data-mce-style="font-size: 10pt;">Join members of the Black Hat Review Board for an insightful conversation on the most pressing issues facing the InfoSec community. This Locknote will feature a candid discussion on the key takeaways from day one and how these trends will impact future InfoSec strategies.</span>

Presenters:

• Daniel Cuthbert - Global Head of Security Research, Banco Santander
  Daniel Cuthbert is the Global Head of Security Research for Banco Santander. With a career spanning over 20 years on both the offensive and defensive side, he's seen the evolution of hacking from a small groups of curious minds to organized criminal networks and nation state we see today. He is the original co-author of the OWASP Testing Guide, released in 2003 and now the co-author of the OWASP Application Security Verification Standard (ASVS).
• Marina Krotofil - Security Researcher,
  Marina Krotofil is a security researcher with a decade of experiences in advanced methods for securing Industrial Control Systems (ICS). She specializes in the discovery of new attack vectors and exploitation techniques, incident response, forensic investigations, ICS malware analysis and design of novel defense methods. Previously, Marina worked as a Senior Security Engineer at BASF (Germany), Principal Analyst and Subject Matter Expert (SME) in the Cyber-Physical Security Group at FireEye (USA), Lead Cyber Security Researcher at Honeywell (USA) and a Senior Security Consultant at the European Network for Cyber Security (Netherlands). She authored more than 25 academic articles and book chapters on ICS Security and is a regular speaker at the leading conference stages worldwide. Marina holds MBA in Technology Management, MSc in Telecommunications and MSc in Information and Communication Systems.
• James Kettle / albinowax - Head of Research, PortSwigger Web Security   as James Kettle
  James Kettle is Head of Research at PortSwigger Web Security, where he designs and refines vulnerability detection techniques for Burp Suite's scanner. Recent work has focused on using web cache poisoning to turn caches into exploit delivery systems. James has extensive experience cultivating novel attack techniques, including server-side RCE via Template Injection, client-side RCE via malicious formulas in CSV exports, and abusing the HTTP Host header to poison password reset emails and server-side caches. He has spoken at numerous prestigious venues including both Black Hat USA and EU, and OWASP AppSec USA and EU.
• Leigh-Anne Galloway - Security Researcher,
  Leigh-Anne Galloway is a Security Researcher who specializes in application security and payment security. Leigh-Anne started her career in incident response, leading investigations into payment card data breaches. Which is where she discovered her passion for payment technology. She has presented and authored research on ATM security, mPOS vulnerabilities, NFC payments and application security. She has previously spoken at DevSecCon, BSides, Hacktivity, 8dot8, OWASP, Ekoparty, Troopers, DEF CON and Black Hat USA.

Links:

• https://www.blackhat.com/eu-20/briefings/schedule/#locknote-conclusions-and-key-takeaways-from-day-2-21730

Similar Presentations:

• Black Hat Asia 2020 Virtual / Locknote: Conclusions and Key Takeaways from Day 2
• Black Hat Asia 2020 Virtual / Locknote: Conclusions and Key Takeaways from Day 1
• Black Hat Europe 2020 Virtual / Locknote: Conclusions and Key Takeaways from Day 1