Presentation by Vanja Švajcer confirmed for DEEP: Friend or enemy? - hunting for dual usage tools

It's difficult to read any information security news lately without learning about large corporations being extorted by cyber criminals. In today's threat landscape, organisations increasingly rely on red teams to identify risks and mitigate vulnerabilities in their infrastructure, so much so that an entire industry exists around tools to help facilitate this effectively and efficiently as possible.

Dual-use tools are developed to assist administrators in managing their systems or assist during security testing or red-teaming activities. Unfortunately, many of these same tools are often co-opted by threat actors attempting to compromise systems, attack networks, or otherwise adversely affect companies. This talk discusses the topic of dual-use tools and how they have historically been used in various attacks. We dig deeper in dual-use tools detection to try to find out who could hide behind them - a friendly red team member or a real attacker?

Vanja Švajcer works as a Technical Leader for Cisco Talos. He is a security researcher with more than 20 years of experience in malware research and detection development. Prior to joining Talos, Vanja worked as a Principal researcher for SophosLabs and led a Security Research Team at Hewlett Packard Enterprise.

Vanja enjoys tinkering with automated analysis systems, reversing binaries and analysing mobile malware. He thinks time spent scraping telemetry data to find indicators of new attacks is well worth the effort. He presented his work at conferences such as Virus Bulletin, RSA, CARO, AVAR and many others.

You can find more details about all the presentations and workshops at our conference website