Breakfast and Registration
Threat Detection Series Live!
San Francisco
Join the authors of Red Canary’s Threat Detection Report and other experts for a day of learning and discussion at Bespoke. You’ll get exclusive insights into threats such as Qbot, Gootloader, and ransomware precursors, along with detection opportunities, mitigation advice, and custom atomic tests.
Meet with our experts in person and get:
- An overview of the 2023 Threat Detection Report, but notably what’s not in the report, including insights into what has already changed in the first quarter of 2023, brought to you by security experts
- A look at the cloud threat landscape, including where we expect adversaries to operate and innovate in the months to come
- Our first ever Atomic Happy Hour, where we’ll share new, powerful open source tools that make adversary emulation with Atomic Red Team easier than ever
AGENDA for San Francisco | May 11, 2023 | Bespoke
9:00am - 10:00am
10:00am – 11:00am
Keynote: Grand Theft Creds: Info-stealing malware edition | Tony Lambert
We’re officially a quarter into 2023! Learn about what changed and what stayed the same as the year started, with a special focus on stealer malware. We’ll discuss the capabilities of common stealers, how to detect the malware, and how to respond.
11:00am – 11:15am
15-minute break
11:15am – 12:15pm
Breakouts
#1: Exploring the Dark Arts on macOS | Brandon Dalton
EDR-level visibility into macOS has traditionally been out of reach for many. You’d either need to combine many very specialized tools or have access to an EDR sensor yourself. At Red Canary we’ve developed a research test-bed to monitor and analyze system events from macOS locally in an EDR-like manner. Over the course of this talk you’ll be introduced to macOS adversary behaviors as we see them, our advanced tooling for deep visibility, and how to implement the currently feasible analytics in your environment.
EDR-level visibility into macOS has traditionally been out of reach for many. You’d either need to combine many very specialized tools or have access to an EDR sensor yourself. At Red Canary we’ve developed a research test-bed to monitor and analyze system events from macOS locally in an EDR-like manner. Over the course of this talk you’ll be introduced to macOS adversary behaviors as we see them, our advanced tooling for deep visibility, and how to implement the currently feasible analytics in your environment.
#2: An introduction to Red Canary | Alex Spiliotes
Do you want to learn more about Red Canary and how we can help your organization? This is the session for you. We will explain how Red Canary eliminates alert fatigue, expands your coverage, and solves your talent and experience shortage challenge. You will hear real examples from customers who have protected more and worked smarter by working with Red Canary. Existing Red Canary customers will also benefit as you will hear about additional capabilities and features that your team may not be aware of.
Do you want to learn more about Red Canary and how we can help your organization? This is the session for you. We will explain how Red Canary eliminates alert fatigue, expands your coverage, and solves your talent and experience shortage challenge. You will hear real examples from customers who have protected more and worked smarter by working with Red Canary. Existing Red Canary customers will also benefit as you will hear about additional capabilities and features that your team may not be aware of.
12:15pm – 1:15pm
Lunch
1:00pm – 2:00pm
Breakouts
#1: Get in loser, we’re detecting threats | Mak Foss, Rachel Schwalk
Learn about some of the top threats highlighted in the 2023 Threat Detection Report. We are going to discuss initial access, execution, and persistence techniques of QBot, GootLoader, SocGholish, and more. We will then equip attendees with effective detection opportunities for each threat discussed.
Learn about some of the top threats highlighted in the 2023 Threat Detection Report. We are going to discuss initial access, execution, and persistence techniques of QBot, GootLoader, SocGholish, and more. We will then equip attendees with effective detection opportunities for each threat discussed.
#2: Taking control of your attack surface: MDR for SaaS, identity, and cloud | Kevin Gee
Explore how Managed Detection and Response (MDR) can help you detect and thwart threats across your enterprise. This session will help you understand the threats beyond the endpoint that face your organization. You will learn how to adopt a proactive approach to securing your organization's most important digital assets and operations. Shore up your SaaS apps, identity services, cloud environments, and more all while reducing costs, eliminating alert fatigue, and increasing your team’s productivity.
Explore how Managed Detection and Response (MDR) can help you detect and thwart threats across your enterprise. This session will help you understand the threats beyond the endpoint that face your organization. You will learn how to adopt a proactive approach to securing your organization's most important digital assets and operations. Shore up your SaaS apps, identity services, cloud environments, and more all while reducing costs, eliminating alert fatigue, and increasing your team’s productivity.
1:00pm – 4:00pm
Networking and Meet the Experts
2:00pm – 4:00pm
Partner happy hour
3:00pm – 4:00pm
Validation station: Using Atomic Red Team to test your defenses
Learn how to use Atomic Red Team to test security products, providers, and exercise your incident response program. We’ll share use cases and test plans based on the most commonly encountered threats and adversary techniques, and discuss how to perform high quality tests in a short amount of time, but also how to operationalize testing at scale using tools that integrate and enhance Atomic Red Team.