January 3, 2014 | post a comment | Mark Russinovich
I’m excited to announce that for the third year I’ll be presenting at RSA Conference US, the largest cybersecurity in the world. Like the previous two conferences, I’m delivering a talk in the Industry Experts track, this time on cloud security. I’m also delivering a technical session on the Pass-the-Hash (PTH) threat and how corporations can defend themselves against it, including by leveraging new PTH mitigations available in Windows 8.1 and Windows Server 2012 R2. I’ll of course also be doing a book signing for my novels Trojan Horse and Zero Day. Rogue Code, the third book in the Jeff Aiken series, won’t be out until May.
Here are the session abstracts and times and below them a link to the conference’s full session list.
HTA-W03 Pass-the-Hash: How Attackers Spread and How to Stop Them
Wednesday, February 26, 2014 | 10:40am – 11:40am
Pass-the-hash transforms the breach of one machine into a total compromise of infrastructure. The publication of attacks and lack of tools to respond have forced enterprises to rely on onerous and ineffective techniques. In this talk, we will decompose the PtH threat, show how the attack is performed and how it can be addressed using new platform technologies in Windows 8.1. – See more at: http://www.rsaconference.com/events/us14/agenda/sessions/1061/pass-the-hash-how-attackers-spread-and-how-to-stop#sthash.THva3Ejr.dpuf
EXP-R01 Public Cloud Security: Surviving in a Hostile Multitenant Environment
Thursday, February 27, 2014 | 8:00am – 9:00am
The rise of public cloud computing has brought with it a new set of security and data privacy considerations that are not widely understood. This session will describe public cloud hoster and customer threat models and explain the role in those models of encryption-at-rest, encryption-in-flight and other security best practices.