As mentioned in our January chapter membership meeting, we are announcing a malware contest! And there has been a lot of excitement from membership as well as vendors.
February’s chapter membership meeting will give vendors a chance to focus on advanced endpoint protection and reviewing different methods for defending against malware attacks.
March’s chapter membership meeting will focus on implementing what we have learned! This is when we will have the BYO Malware contest. More detals and guidelines are below (down a bit).
Please register for the next (ISC)² Kansas City Chapter Meeting and plan to attend the first Wednesday of the month-February 3rd! Registering will help us plan accordingly for meeting space, chairs and refreshments.
Register Now at Eventbrite:
Chapter Meeting Details:
- When: Wednesday, February 3rd, 2016 (The first Wednesday of every month)
- Time: 6:30 PM to 8:30 PM
- Where: THE CAVES! Cavern Technologies Phase 4
- Address: 17501 W 98th St #856, Lenexa, Kansas 66219
- Format: Round table, interactive discussion with security professionals from many different industries, tech companies and organizations, from upper management to operators who have many diverse experiences. We invite knowledgeable and expert members and guests to facilitate and keep the discussion moving along and on-task.
- Topic: Advanced Endpoint Protection – Reviewing different methods for defending against attacks
- Heuristic based (HIPS) – RSA ECAT
- Application Control (Whitelist / Blacklist) – Bit9
- Dynamic Analysis (sandbox, isolation) – Cisco AMP
- Anti-Exploit – Palo Alto Traps
The table below outlines multiple defense types. The table was created by Walt Powell from Optiv (Thanks Walt!).
Heuristic based (HIPS)
Solutions that utilize behavioral base lining and learn suspicious file characteristics. common heuristic/behavioral scanning techniques include: File Emulation, File Analysis, Genetic detection, Fingerprinting
Application Control (Whitelist / Blacklist)
Solutions that use whitelisting and blacklisting approaches to restrict application execution. Whitelists use a default-deny, if an application is not explicitly approved it will not run. Blacklists are the opposite, known bad executables are restricted.
Dynamic Analysis (sandbox, isolation)
Solutions that separate one or more environments or executing processes such that exploitation of a process will not affect the system as a whole. Designed to isolate entire systems, web browsers, the MS Office Suite and document readers.
Solutions that increase the difficulty of obtaining programmatic control of a system. Anti-exploitation solutions prevent malware from acting on vulnerabilities in software.
Come prepared with your experiences, questions, and your security concerns that you wish to bring before a host of like-minded security professionals.
Bring Your Own Malware Contest & Guidelines (March Chapter Meeting)
We are inviting several endpoint protection vendors to come prepared with their systems to protect their endpoints from your malware.
Here are the rules (so far, we reserve the right to tweak them if need be):
-Vendors will arrive early to set up their Windows 7 Enterprise machines.
-Each participant will be given a few minutes per machine to:
—Plug in a USB drive
—Navigate Windows Explorer with the sole purpose to
—Execute their malware .exe file.
—Let the malware program run.
—Unplug their USB drive
—There will be no Internet access
The Windows 7 Enterprise image will include:
We do want your input! First we would like to know if you plan to participate, please email me (email@example.com) if you plan to bring a USB drive with your malware. We are hoping a good number of you will participate! And we would also like to know what, if any, other programs you would like included in the Windows 7 image.