Palo AlTo Networks Session

Keynote - Agentic AI is Here. What CISOs Must Prioritize Now

Martedi 21 ottobre | mattina, orario TBC

Sessione Plenaria

Despite $30-40B in GenAI investment, 95% of organizations get zero ROI and only 5% of custom AI tools reach production. Today, AI Agents evolve from chat to action; reading, writing and calling tools across your estate while creating new attack surfaces. This session explores the risks, steps, and priorities CISOs must take in order to secure every stage of AI deployment.

Palo AlTo Networks Session

SHELLSILO

Thursday, August 7 | 10:00 AM – 10:55 AM PT

Business Hall, Arsenal Station 7

 While Windows System Calls have become a popular method for evading antivirus detection, they present considerable challenges beyond simple shellcode encryption/decryption. Unlike Linux, executing Windows System Calls often necessitates extensive setup, due to the need for specific C structures, which makes the code more complex and prone to errors compared to typical API calls. As a result, many developers turn to high-level languages like C to avoid the complexities of Assembly, particularly in malware development.

SHELLSILO addresses these challenges by offering an innovative solution for System Call shellcode generation.

Palo AlTo Networks Session

Cloud Offensive Breach and Risk Assessment (COBRA)

Thursday, August 7 | 12:00 PM – 12:55 PM PT

Business Hall, Arsenal Station 8

Cloud Offensive Breach and Risk Assessment (COBRA) is an open-source tool designed to empower users to simulate attacks within multi-cloud environments, offering a comprehensive evaluation of security controls. By automating the testing of various threat vectors including external and insider threats, lateral movement, and data exfiltration, COBRA enables organizations to gain insights into their security posture vulnerabilities. COBRA is designed to conduct simulated attacks to assess an organization's ability to detect and respond to security threats effectively.

Palo AlTo Networks Session

GDIOCSpider - Extracting and Identifying IOCs from the GDriveverse

Thursday, August 7 | 1:00 PM – 1:55 PM PT

Business Hall, Arsenal Station 2

Google Drive in recent years has become one of the most abused platforms for threat actors to conduct illegal and malicious activity. Threat actors use Google accounts to launch, store, and log malware, effectively turning Drive into a command and control center. On the side of legal and ethical activity, Google Drive remains a popular platform for security researchers to store these artifacts in summarized write-ups and spreadsheets of malicious and illegal activity observed. Much like an archaeologist looks for artifacts providing clues of the history of civilization, security researchers look for Indicators of Compromise (IOCs), which are clues to what a threat actor has done. Security engineers have worked across decades to build out tooling to analyze hard drives and network resources; however, similar advances to analyze Google Drive resources have remained underdeveloped. Along the same line, tools that aggregate and summarize collections of records on IOCs stored in Google Drive by researchers are also lacking.

The GDIOCSpider (Google Drive IOC Spider) provides a tool for both of these use cases. 

Palo AlTo Networks Session

NOC Briefing Schedule

Palo AlTo Networks Session

SHELLSILO

Thursday, August 7 | 10:00 AM – 10:55 AM PT

Business Hall, Arsenal Station 7

 While Windows System Calls have become a popular method for evading antivirus detection, they present considerable challenges beyond simple shellcode encryption/decryption. Unlike Linux, executing Windows System Calls often necessitates extensive setup, due to the need for specific C structures, which makes the code more complex and prone to errors compared to typical API calls. As a result, many developers turn to high-level languages like C to avoid the complexities of Assembly, particularly in malware development.

SHELLSILO addresses these challenges by offering an innovative solution for System Call shellcode generation.

Palo AlTo Networks Session

Cloud Offensive Breach and Risk Assessment (COBRA)

Thursday, August 7 | 12:00 PM – 12:55 PM PT

Business Hall, Arsenal Station 8

Cloud Offensive Breach and Risk Assessment (COBRA) is an open-source tool designed to empower users to simulate attacks within multi-cloud environments, offering a comprehensive evaluation of security controls. By automating the testing of various threat vectors including external and insider threats, lateral movement, and data exfiltration, COBRA enables organizations to gain insights into their security posture vulnerabilities. COBRA is designed to conduct simulated attacks to assess an organization's ability to detect and respond to security threats effectively.

Palo AlTo Networks Session

GDIOCSpider - Extracting and Identifying IOCs from the GDriveverse

Thursday, August 7 | 1:00 PM – 1:55 PM PT

Business Hall, Arsenal Station 2

Google Drive in recent years has become one of the most abused platforms for threat actors to conduct illegal and malicious activity. Threat actors use Google accounts to launch, store, and log malware, effectively turning Drive into a command and control center. On the side of legal and ethical activity, Google Drive remains a popular platform for security researchers to store these artifacts in summarized write-ups and spreadsheets of malicious and illegal activity observed. Much like an archaeologist looks for artifacts providing clues of the history of civilization, security researchers look for Indicators of Compromise (IOCs), which are clues to what a threat actor has done. Security engineers have worked across decades to build out tooling to analyze hard drives and network resources; however, similar advances to analyze Google Drive resources have remained underdeveloped. Along the same line, tools that aggregate and summarize collections of records on IOCs stored in Google Drive by researchers are also lacking.

The GDIOCSpider (Google Drive IOC Spider) provides a tool for both of these use cases. 

Palo AlTo Networks Session

NOC Briefing Schedule

Palo AlTo Networks Session

Haider Pasha

Chief Security Officer (CSO) EMEA & LATAM, Palo Alto Networks

Despite $30-40B in GenAI investment, 95% of organizations get zero ROI and only 5% of custom AI tools reach production. Today, AI Agents evolve from chat to action; reading, writing and calling tools across your estate while creating new attack surfaces. This session explores the risks, steps, and priorities CISOs must take in order to secure every stage of AI deployment.

Palo AlTo Networks Session

SHELLSILO

Thursday, August 7 | 10:00 AM – 10:55 AM PT

Business Hall, Arsenal Station 7

 While Windows System Calls have become a popular method for evading antivirus detection, they present considerable challenges beyond simple shellcode encryption/decryption. Unlike Linux, executing Windows System Calls often necessitates extensive setup, due to the need for specific C structures, which makes the code more complex and prone to errors compared to typical API calls. As a result, many developers turn to high-level languages like C to avoid the complexities of Assembly, particularly in malware development.

SHELLSILO addresses these challenges by offering an innovative solution for System Call shellcode generation.

Palo AlTo Networks Session

Cloud Offensive Breach and Risk Assessment (COBRA)

Thursday, August 7 | 12:00 PM – 12:55 PM PT

Business Hall, Arsenal Station 8

Cloud Offensive Breach and Risk Assessment (COBRA) is an open-source tool designed to empower users to simulate attacks within multi-cloud environments, offering a comprehensive evaluation of security controls. By automating the testing of various threat vectors including external and insider threats, lateral movement, and data exfiltration, COBRA enables organizations to gain insights into their security posture vulnerabilities. COBRA is designed to conduct simulated attacks to assess an organization's ability to detect and respond to security threats effectively.

Palo AlTo Networks Session

GDIOCSpider - Extracting and Identifying IOCs from the GDriveverse

Thursday, August 7 | 1:00 PM – 1:55 PM PT

Business Hall, Arsenal Station 2

Google Drive in recent years has become one of the most abused platforms for threat actors to conduct illegal and malicious activity. Threat actors use Google accounts to launch, store, and log malware, effectively turning Drive into a command and control center. On the side of legal and ethical activity, Google Drive remains a popular platform for security researchers to store these artifacts in summarized write-ups and spreadsheets of malicious and illegal activity observed. Much like an archaeologist looks for artifacts providing clues of the history of civilization, security researchers look for Indicators of Compromise (IOCs), which are clues to what a threat actor has done. Security engineers have worked across decades to build out tooling to analyze hard drives and network resources; however, similar advances to analyze Google Drive resources have remained underdeveloped. Along the same line, tools that aggregate and summarize collections of records on IOCs stored in Google Drive by researchers are also lacking.

The GDIOCSpider (Google Drive IOC Spider) provides a tool for both of these use cases. 

Palo AlTo Networks Session

NOC Briefing Schedule