SINGAPORE—BLACK HAT ASIA 2024—April 3, 2024 – SafeBreach, the pioneer in breach and attack simulation (BAS), today announced original research from its SafeBreach Labs team will be featured in three separate sessions at Black Hat Asia 2024. SafeBreach’s Vice President of Security Research Tomer Bar and fellow researchers Or Yair and Shmuel Cohen are set to release a series of high-profile research pieces following a successful year at Black Hat USA 2023 and DEFCON 2023, where the SafeBreach Labs team presented an unprecedented five sessions.
The sessions at Black Hat Asia will include several significant discoveries exploring how endpoint detection and response (EDR) solutions and unfixed, known software issues can be exploited to present a significant security risk to enterprises. Details about the sessions, including dates and times, are included below:
- MagicDot: A Hacker’s Magic Show of Disappearing Dots and Spaces – Thursday, April 18, 1:30 pm – 2:10 pm: Security Research Team Lead Or Yair will explore how he was able to exploit a seemingly harmless known issue associated with the DOS-to-NT path conversion process in Microsoft Windows to discover a set of vulnerabilities—including a remote code execution (RCE) vulnerability—and rootkit-like techniques accessible to unprivileged attackers.
- The Dark Side of EDR: Repurpose EDR as an Offensive Tool – Friday, April 19, 11:20 am – 12:00 pm: Security Researcher Shmuel Cohen will explore his discovery of a novel attack vector that allowed him to secretly take control of an EDR solution and bypass important security measures, like real-time prevention rules and machine learning detection modules. He will also explain how he was able to insert malicious code into the EDR itself, causing it to run very stealthy malware within the EDR process.
- EDR Reloaded: Erase Data Remotely – Friday, April 19, 1:30 pm – 2:10 pm: VP of Security Research Tomer Bar and Security Researcher Shmuel Cohen will provide an overview of their previous research originally published in August 2023, which identified a vulnerability in several EDR products that enabled remote deletion of critical files. They will highlight how they have been able to continue exploiting the vulnerability—and even achieve a generic Windows Defender bypass—despite the release of two patches.
“In addition to the capabilities of our BAS platform, a key part of the value we provide is the SafeBreach Labs team’s ability to try to predict the future by developing new threats that are unknown to the cybersecurity community,” said Itzik Kotler, CTO at SafeBreach. “Our continued participation at major conferences like Black Hat Asia, Black Hat USA, and DEFCON is a testament to our leadership in the area of original cybersecurity research, and I think our team has done an amazing job of incorporating this groundbreaking research back into our platform in the form of original attack content that our customers can then use to understand their vulnerability to these threats.”
This announcement comes on the heels of SafeBreach’s 10-year anniversary, which the company celebrated last month. Since founding the company in 2014, CEO Guy Bejerano and CTO Itzik Kotler have helped organizations take a more proactive approach to security by building a powerful BAS platform and a world-renowned team of security experts. Along the way, SafeBreach has experienced some significant achievements, including 15 Black Hat appearances and the discovery of more than 40 common vulnerabilities and exposures (CVEs). SafeBreach has also been recognized on the Forbes list of America’s Best Startup Employers, selected as Frost & Sullivan Company of the Year in the BAS market, and named a Gartner Cool Vendor.For more information about the sessions and to connect with SafeBreach at Black Hat Asia 2024 on April 16-19, visit www.safebreach.com/events.