At Palo Alto Networks, innovation is behind everything we do. We’re committed to pushing boundaries to relentlessly deliver what’s next in cybersecurity, especially when it comes to AI. And there's no better place than Black Hat to unveil our latest AI-powered advancements and industry-leading solutions.
Get your pass and connect with us.
Adversarial AI has super-charged cybercrime, letting even low-skill actors craft convincing deepfakes and run end-to-end campaigns at machine speed—often 10× faster than traditional methods. Drawing on insights from hundreds of Unit 42 incident-response engagements, our experts will unpack the latest AI-driven tactics across the attack chain and deliver field-tested defenses you can deploy now to stay ahead of accelerated threats.
 While Windows System Calls have become a popular method for evading antivirus detection, they present considerable challenges beyond simple shellcode encryption/decryption. Unlike Linux, executing Windows System Calls often necessitates extensive setup, due to the need for specific C structures, which makes the code more complex and prone to errors compared to typical API calls. As a result, many developers turn to high-level languages like C to avoid the complexities of Assembly, particularly in malware development.
Â
SHELLSILO addresses these challenges by offering an innovative solution for System Call shellcode generation.
Cloud Offensive Breach and Risk Assessment (COBRA) is an open-source tool designed to empower users to simulate attacks within multi-cloud environments, offering a comprehensive evaluation of security controls. By automating the testing of various threat vectors including external and insider threats, lateral movement, and data exfiltration, COBRA enables organizations to gain insights into their security posture vulnerabilities. COBRA is designed to conduct simulated attacks to assess an organization's ability to detect and respond to security threats effectively.
Google Drive in recent years has become one of the most abused platforms for threat actors to conduct illegal and malicious activity. Threat actors use Google accounts to launch, store, and log malware, effectively turning Drive into a command and control center. On the side of legal and ethical activity, Google Drive remains a popular platform for security researchers to store these artifacts in summarized write-ups and spreadsheets of malicious and illegal activity observed. Much like an archaeologist looks for artifacts providing clues of the history of civilization, security researchers look for Indicators of Compromise (IOCs), which are clues to what a threat actor has done. Security engineers have worked across decades to build out tooling to analyze hard drives and network resources; however, similar advances to analyze Google Drive resources have remained underdeveloped. Along the same line, tools that aggregate and summarize collections of records on IOCs stored in Google Drive by researchers are also lacking.
The GDIOCSpider (Google Drive IOC Spider) provides a tool for both of these use cases.Â
