KRAKÓW—CONFIDENCE CON 2024—May 21, 2024 – SafeBreach, the pioneer in breach and attack simulation (BAS), today announced that it will present four pieces of original research from its SafeBreach Labs team at CONFidence Con 2024. This adds to the team’s impressive research tour over the last year that included three sessions at Black Hat Asia 2024, five combined sessions at Black Hat USA 2023 and DEFCON 2023, and appearances at SecTor and HackCon.
The sessions at CONFidence Con will showcase several significant discoveries from the SafeBreach Labs team. Details about the sessions, including dates and times, are included below:
- The Dark Side of EDR: Repurpose EDR as an Offensive Tool – May 27th 9:30 am – 10:15 am:
Security Researcher Shmuel Cohen will explore his discovery of a novel attack vector that allowed him to secretly take control of an EDR solution and bypass important security measures, like real-time prevention rules and machine learning detection modules. He will also explain how he was able to insert malicious code into the EDR itself, causing it to run very stealthy malware within the EDR process. - DoubleDrive: Double Agents Hide Behind The Clouds – May 27th 12:30 pm – 1:15 pm:
Security Research Team Lead Or Yair will present his discovery of a novel and fully undetectable cloud-based ransomware leveraging Google Drive and Microsoft OneDrive to encrypt local files on endpoints. It bypasses leading EDRs, CFA, decoy files and file extension detections, and OneDrive’s ransomware detection. It also disables OneDrive’s ransomware recovery features, runs without any privileges, and carries out encryption remotely. - The Pool Party You Will Never Forget: New Process Injection Techniques Using Windows Thread Pools – May 27th 2:15 pm – 3:00 pm:
Security Researcher Alon Leviev will present his discovery of a set of highly flexible process injection techniques that were able to completely bypass leading endpoint detection and response (EDR) solutions and trigger malicious execution as a result of a completely legitimate action. The techniques were capable of working across all processes without any limitations, making them more flexible than existing process injection techniques. And, more importantly, the techniques were proven to be fully undetectable when tested against five leading EDR solutions. - EDR Reloaded: Erase Data Remotely – May 28th 9:30 am – 10:15 am:
VP of Security Research Tomer Bar and Security Researcher Shmuel Cohen will provide an overview of their previous research originally published in August 2023, which identified a vulnerability in several EDR products that enabled remote deletion of critical files. They will highlight how they have been able to continue exploiting the vulnerability—and even achieve a generic Windows Defender bypass—despite the release of two patches.
“The SafeBreach Labs team is dedicated to conducting original research that uncovers unknown threats to better protect our customers and educate the larger cybersecurity community,” said Tomer Bar, VP of Security Resesarch, SafeBreach. “While we share this research at major conferences like Black Hat, DEFCON, and CONFidence Con, we also use it to create Original Attack content within the SafeBreach platform that our customers can use to understand their level of vulnerability to these novel attacks and take remedial action to reduce their overall business risk. This content provides immense value to our customers and isn’t available anywhere else.”
The SafeBreach BAS platform is utilized by some of the largest financial services, healthcare, manufacturing, and transportation organizations in the world to validate security control performance, identify gaps, and take remedial action to strengthen security posture and reduce overall business risk. SafeBreach is the only BAS vendor to maintain a 24-hour service-level agreement (SLA) to add new attacks to its Hacker’s Playbook based on critical US-CERT and FBI Flash alerts, so customers can immediately test against the latest threats. With the industry’s most advanced threat research team, SafeBreach is able to ensure its playbook boasts an unmatched collection of 30,000+ attacks. In February of this year, SafeBreach also celebrated its 10-year anniversary and some of its impressive milestones along the way, including 15 Black Hat appearances and the discovery of more than 40 common vulnerabilities and exposures (CVEs). SafeBreach has also been recognized on the Forbes list of America’s Best Startup Employers, selected as Frost & Sullivan Company of the Year in the BAS market, and named a Gartner Cool Vendor.
For more information about the sessions and to connect with SafeBreach at CONFidence Con 2024 on May 27 – 28, visit www.safebreach.com/events.