What a fantastic few months it's been. After the excitement of BHUSA died down, I put my head down and started looking at ways of improving my EPP research. I received some "interesting" feedback from my BH talk, mostly positive, but like with all things, some not so great. With over 800+ people in the audience, it's understandable that not everyone is going to love my work, especially on such a controversial subject. So I used the feedback as an opportunity to improve my research and reach a wider-audience. These past few months I have been working on expanding my work and making it stronger, better and more useful for my audience.
In October I was invited to speak with John Strand and his team at Black Hills Information Security. I felt so honoured and privileged to speak about Endpoint. This time wanted to focus more on the POC part of the testing and non-functional gotchas that many of us don't think about. Everyone is so concerned with the malware part of the testing, the commodity malware, the unseen state sponsored actor but nobody ever thinks about the organisational fit. Any outsourced services your organisation may use that will charge you extra for integration of logs, available API and scripts your company might use which will clash with the EPP behavioural rules. The list goes on. Thankyou again BHIS. Just thrilled to be invited to speak with the great John Strand. You can find the webcast here and the slides in the publications tab.
In Mid-November I flew to Toronto Canada for SecTor where the weather was a chilly 5C. OMGosh I haven't felt such a shift in cold weather since I was living in Melbourne. Super super cold. Landing on Monday night, I head straight to the conference on Tuesday morning. Enjoyed a few talks in the morning, followed by my Lies and Damn Lies talk in the afternoon. I wanted to ensure my talk was simply not a copy and paste from BHUSA and my audience had something fresh and new to refer to. Feedback was good and I really enjoyed the audience participation. Thankyou everyone who came.
Also a HUGE thankyou to Brian and Jackie for making me feel so welcome and the amazing people I meet at SecTor, in particular, Nick, Lee, Fernando, Cheryl, Joe and many others. Make sure you visit Toronto, it really is a beautiful city.
More exciting things coming in the next few months. I will be playing with some more Endpoint products and discussing my findings. Finishing the EPP DIY workshop. Hopefully getting a few more products on board to test.