Events

BSides NYC, a volunteer organized event put on by and for the community

Another edition of BSides NYC has passed, and as first time attendee and presenter, I was genuinely impressed with the impeccable organization, the content shared, and the interesting conversations that took place among enthusiasts and professionals from all over the world. I’ve been a long time follower and supporter of BSides events in Latin America, mainly due to the fact that they offer a relaxed venue for sharing and learning about the newest topics in information security, all while bringing together people from different backgrounds in a community-driven event.

This year’s edition of BSides NYC took place at the John Jay College of Criminal Justice, with faculty member and the deputy CISO of the City of New York opening the event along some additional memorable keynotes given by Runa Sandvik from the New York Times, and Amber Baldet from JP Morgan. Once the initial kick-off was done, each attendee was able to choose from two technical tracks, an entrepreneur track, or any of the available villages and workshops. It was certainly tough for everyone how to decide where to spend their time, taking a coffee break here and there to meet and greet colleagues, friends, and keep enjoying all the activities happening around.

After lunch, I began my presentation on “Threat hunting .NET malware with YARA“, giving some examples of how to use YARA and the newly added .NET module, particularly useful for tracking the growing number of malware relying on Microsoft’s flagship framework. For learning purposes I chose a very popular malware targeting Latin American ATMs named Ploutus, which has landed in US territory just recently. It was quite an experience to fit an entire day of YARA content in less than an hour, but fortunately everyone at the presentation was extremely supportive, whether they have been using the tool since the beginning or never heard about it before.

From https://twitter.com/mathmare_/status/954786901621387264

Then it was the turn for Dmitry Bestuzhev, Director of Kaspersky Lab’s Global Research and Analysis Team in Latin America, who gave an astonishing presentation titled “Moving like a Spook through Walls Or how to be only a shadow for APT detectors”. It’s always interesting to observe how the community sees the Latin American threat landscape, which sometimes would seem as it’s not getting the attention it deserves. There wasn’t enough room in the auditorium to fit all the people interested in the talk, however since coffee and pastries were waiting for us after the presentation, the conversation could be continued with all of those that were eager to keep the debate open.

From https://twitter.com/pentest_it/status/954789778528096256

The biggest surprise for me was the addition of an entrepreneur track, something that undoubtedly every attendee was thankful for. Sometimes we are guilty of getting lost in the technical side of things, forgetting about the business and how to actually make our idea reach the audience we want it to. There were presentations from different startups, and remarkable information on how to grow your business, monetize it, and ultimately how not to lose sight of your original concept or idea even when dealing with venture capitals and external pressures.

It’s one of those events that you can’t miss, whether it’s playing the custom capture the flag game with your team, building weird antennas in the hacking village, or participating in any of the tracks, you’ll find something in BSides NYC for you. Oh, and don’t forget, there’s always conference swag!

BSides NYC, a volunteer organized event put on by and for the community

Your email address will not be published. Required fields are marked *

 

Reports

Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Lazarus covets COVID-19-related intelligence

As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that the Lazarus group is going after intelligence that could help these efforts by attacking entities related to COVID-19 research.

Sunburst: connecting the dots in the DNS requests

We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs.

Subscribe to our weekly e-mails

The hottest research right in your inbox