Director of Research, Lacework Labs
The first half of the year was a busy one for Lacework Labs. We had the pleasure of speaking at a number of amazing conferences and meetups to include ACoD, BSidesSF, RSA, and more. If you didn’t get the chance to see us speak on various cloud security topics, here are a couple of upcoming events. If you are attending, be sure to come by and say hi!
DerbyCon 9.0 – Finish Line
The final DerbyCon will be held this year in September. It goes without saying that this is an amazing conference and we are excited to participate. We will be giving a presentation, expanding on previous Kubernetes research, where we unveil some research into cryptojacking campaigns targeting misconfigured Kubernetes clusters. If you have been following our Kubernetes research be sure to check this one out!
This year’s BSidesDen will have a new format along with a new crew of organizers. Keeping in theme with this we will be leading a discussion on cryptojacking wars in the cloud. We will describe various methods we have seen actors use to boot other actors for control of resources. Then discuss how effective these methods are and what could be done to improve them, hypothetically of course 🙂
Colorado CSA Fall Summit
In November we will be at the Colorado CSA Fall Summit. Similar to BSidesDen we will be presenting on various cryptojacking campaigns we have observed where different entities battle for control of the servers they compromise. We will discuss the common applications we see exploited and the TTPs used by the actors. It’s always interesting to see bad guys battling other bad guys. We hope you can make one of our events. If you can’t, don’t worry we will post slides and links to videos where available. Additionally, there are a few pending events. Stay posted for those details!