Presented at
Black Hat Europe 2021,
Nov. 11, 2021, 4:20 p.m.
(40 minutes).
Join Black Hat Europe Review Board members for an insightful conversation on the most pressing issues facing the InfoSec community. This Locknote will feature a candid discussion on the key takeaways coming out of the conference and how these trends will impact future InfoSec strategies.
Presenters:
-
James Kettle / albinowax
- Director of Research, PortSwigger
as James Kettle
James 'albinowax' Kettle is the Director of Research at PortSwigger - his latest work includes HTTP desync attacks, web cache poisoning, and automating hunting unknown vulnerability classes. James has extensive experience cultivating novel attack techniques, including server-side RCE via Template Injection, client-side RCE via malicious formulas in CSV exports, and abusing the HTTP Host header to poison password reset emails and server-side caches. He has spoken at numerous prestigious venues including both Black Hat USA and EU, OWASP AppSec USA and EU, and DEFCON.
-
Marina Krotofil
- Security Researcher,
Marina Krotofil is a cyber security professional with over a decade of hands-on experiences in securing Industrial Control Systems (ICS) who held leading engineering roles with the industry. Throughout her career she discovered numerous novel attack vectors with associated exploitation techniques as well as designed novel defence methods for critical infrastructures. Marina is an experienced threat analyst, incident responder and forensic investigator of ICS attacks. She frequently collaborates with international organizations on the topics of critical infrastructure security and is a regular speaker at the leading conference stages worldwide.
-
Meadow Ellis
- Lead Hardware Security Engineer,
<p>Meadow Ellis conducts hardware security research and engineering in the fintech world, she also specialises in out-of-bounds data exfiltration, physical security and surveillance technologies encompassing mechanical, electrical and software design. She has extensive experience in cooperating with law enforcement agencies, most recently with regards to financial crime. She lives and breathes in the blueteam camp. Recently she could have been seen with DEF CON 29, BSides Leeds, BSides Wales and BSides London where she also leads the Workshops team.</p>
<p><span style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, 'Open Sans', 'Helvetica Neue', sans-serif;">Meadow strives to approach information security from the people side trying to understand the reasons behind the failures, the human element that caused it and the changes needed to avoid it in the future - changes that need to start with us.</span></p>
-
Thomas Brandstetter
- Co-Founder & General Manager, Limes Security
<p>Thomas Brandstetter is a widely recognized OT cybersecurity expert, with more than 20 years of diverse experience in multiple technical and management roles. He is known for being an enthusiastic and forward-looking character, trying to do the right thing and building things that last.</p>
<p>Thomas currently has multiple active roles: He is co-founder and managing director of Limes Security, a major European OT cyber security company, he also is Professor for IT Security at University of Applied Sciences, St. Poelten and Honorary Professor for Cyber Security at DeMontfort University. On top of that, he is instructor for the SANS institute, teaching their control system security classes. His past noteworthy achievements include having been incident handler for the Stuxnet malware at Siemens, as well as the founder of the Siemens ProductCERT.</p>
-
Daniel Cuthbert
- Global Head of Security Research, Banco Santander
Daniel Cuthbert is the Global Head of Security Research for Banco Santander. With a career spanning over 20 years on both the offensive and defensive side, he's seen the evolution of hacking from a small groups of curious minds to organized criminal networks and nation state we see today. He is the original co-author of the OWASP Testing Guide, released in 2003 and now the co-author of the OWASP Application Security Verification Standard (ASVS).
Links:
Similar Presentations: