BEGIN:VCALENDAR VERSION:2.0 PRODID:Data::ICal 0.24 BEGIN:VEVENT DESCRIPTION: 'Title: Bridging the Gap: Cloud Threat Intelligence for Dete ction and\n Offensive Security Practitioners\n When: Saturday\, Aug 12 \, 14:10 - 14:50 PDT\n Where: Flamingo - Mesquite - Cloud Village - [1]M ap\n\n SpeakerBio:Alex Delamotte\n Alex's passion for cybersecurity is humbly rooted in the early aughts\,\n when she declared a vendetta agai nst a computer worm. Over the past\n decade\, Alex has worked with blue\ , purple\, and red teams serving\n companies in the technology\, financi al\, pharmaceuticals\, and telecom\n sectors and she has shared research with several ISACs. Alex enjoys\n researching the intersection of cyber crime and state-sponsored\n activity. She relentlessly questions why act ors pivot to a new\n technique or attack surface. In her spare time\, sh e can be found DJing\n or servicing her music arcade games.\n Twitter: [2]@spiderspiders_\n\n Description:\n During my transition from a con ventional malware research position to\n a detection engineering role wi thin a technology company\, I\n encountered significant difficulties in acquiring actionable and\n timely intelligence regarding cloud-based thr eat actors. Subsequently\,\n when I assumed a new position on an offensi ve security team\, I faced\n similar challenges due to the scarcity of t hreat intelligence\n necessary for effective adversary emulation.\n\n Recently\, I had the opportunity to publish my research on [AlienFox]([3]h ttps://www.sentinelone.com/labs/dissecting-alienfox-the-cloud-spammers-swi ss-army-knife/)\,\n a communally-developed cloud spamming toolset. As a curator of cloud\n intelligence\, I am confronted with the arduous task of providing\n defenders with actionable threat intelligence in situatio ns where the\n tools employed by attackers remain confined within their own systems.\n In targeted service environments\, the utilization of pay loads is\n considerably reduced\, with the absence of prominent features such as\n Cobalt Strike beacons or Meterpreter. Additionally\, the intr icacies of\n DLL injection and registry modifications are rendered obsol ete.\n Instead\, cloud attackers harness robust and extensively document ed\n APIs developed by the respective service providers\, eliminating th e\n need for complex shellcode encoders.\n\n Given these limitations\, how can defenders effectively operate? These\n attacks invariably leave behind artifacts in the form of\n configurations\, such as the creation of new user profiles\, which can\n be traced through API logs. Ultimate ly\, if approached with an open\n mind and a willingness to adapt forens ic methodologies\, these\n techniques can be extrapolated from the realm of endpoint security.\n This talk will discuss how to approach detectio n of several familiar\n techniques--such as privilege escalation and per sistence--ported to\n the cloud realm.\n\n '\n\n 1. #FlamingoThirdFl oor\n 2. https://twitter.com/spiderspiders_\n 3. https://www.sentinelo ne.com/labs/dissecting-alienfox-the-cloud-spammers-swiss-army-knife/\n\n\n DTEND:20230812T215000Z DTSTART:20230812T211000Z LOCATION:CLV - Flamingo - Mesquite - Cloud Village SUMMARY:Bridging the Gap: Cloud Threat Intelligence for Detection and Offen sive Security Practitioners END:VEVENT END:VCALENDAR