Shane “K2” Macaulay last DEF CON presentation was an offensive tool ADMmutate during DEF CON 9 but has more recently been focused on defensive techniques and helped develop an APT detection service (http://blockwatch.ioactive.com) used to protect Microsoft OS platforms. Shane has spent time finding ways to fully understand the state of system code to understand “What is actually running on your computer?” to aid in forensic analysis, incident response and enterprise protection capacities. Shane is currently employed by IOActive as Directory of Cloud Security and has presented at many previous security conferences/venues.