Webinars and Online Events
Webinar: Attackers Are Targeting Firmware
January 21, 2021
The infamous TrickBot malware has a new module that is targeting firmware. In this webinar, hosted by Carahsoft, learn why firmware threats are so dangerous, what systems are affected by TrickBoot, what it takes to recover, how to tell if your firmware has been compromised and how to protect your organization from a variety of firmware threats.
FCW Workshop – Managing Supply Chain Security
January 19, 2021
The global information technology supply chain has been hit with a growing and unprecedented number of attacks as adversaries attempt to compromise systems with various forms of malware in an attempt to steal or compromise or hold for ransom sensitive information. Join us at this virtual workshop on supply chain security hosted by FCW, featuring speakers from NIST and CISA. John Loucaides, VP of Research and Development at Eclypsium, will give a talk on Assuring Device Integrity in the Supply Chain and Beyond, at 10:40 AM ET.
Webinar: Top 5 Threats to Firmware Security
January 12, 2021
As firmware-level threats continue to gain popularity in the wild, security teams need to understand how these threats work and the real-world risks they pose to an organization’s security. In this live briefing, Eclypsium will update you on the latest threats to firmware and hardware that need to be on your radar for 2021.
Webinar: What’s Under The Hood In Your Devices
How well do you know what’s inside your computer? Today’s laptops and servers are powered by dozens of components with their own complex programming that runs independently of the operating system. Attackers increasingly target vulnerabilities in firmware and hardware, and most organizations lack visibility into this attack surface. In this webinar we’ll explore what manufacturers are doing to improve platform security, what kinds of vulnerabilities attackers are targeting, and what IT and security professionals need to do to protect their devices.
Security Weekly Unlocked
December 10, 2020
Online Event >
Security Weekly’s Paul Asadoorian interviews Eclypsium’s John Loucaides about TrickBoot, a newly discovered TrickBot malware module that is targeting UEFI firmware. Learn why this threat is so dangerous, what systems are affected, and how you can protect your enterprise in this video, recorded at Security Weekly Unlocked in December.
Webinar: Trickbot’s New Trickboot Module Targets Your Firmware
TrickBot malware now has functionality designed to inspect and potentially target the UEFI/BIOS firmware of targeted systems. TrickBoot makes use of open-source tools to check devices for a vulnerability that can allow Trickbot operators to read, write, or erase the UEFI/BIOS firmware of a device. This new capability targets all Intel-based systems produced in recent years and is one line of code away from bricking any device it finds to be vulnerable. In this webinar, Vitali Kremez, Scott Scheferman, and Jesse Michael provide key insights, implications, and mitigations for one of the biggest discoveries of 2020: Trickboot.
Webinar – What’s Really Down Under
Lying below the traditional operating system (Windows, Linux, Mac) is an entire “world down under” ripe for attacking. The firmware and hardware attack surface is diverse and wrought with vulnerabilities that are increasingly being exploited to great effect. Attackers have learned to fly under the radar, dip down underneath the traditional security stack, and persist indefinitely, all while enjoying the omnipotence and flexibility that firmware-level attacks provide. In this webinar, Scott Scheferman, Principal Cyber Strategist at Eclypsium, will share insights from recent attacks that challenge how we think about device security.
Webinar: Protecting Your Organization From MosaicRegressor and Other UEFI Implants
The recent discovery of MosaicRegressor spyware is the latest in an ongoing trend of UEFI implants observed in the wild. These threats are particularly powerful because their malicious code runs before and supersedes the operating system, while also allowing the threat to persist within firmware even after a system is re-imaged. The implant code itself is universal and easy to build and the UEFI file system format is largely unmodified by individual OEMs. This creates a relatively low barrier to entry for attackers making it likely we will see this type of capability show up in other campaigns. Learn more in this webinar.
FS-ISAC Fall Summit
October 14-15, 2020
Current risk frameworks may not be built to support the radical changes financial institutions are confronting. Members will meet at the FS-ISAC virtual summit this fall to understand the technology trends and emerging paradigms that are shaping information security at financial firms. Eclypsium will present an on-demand session entitled “Put Zero Trust in Your Devices.”
NLIT Summit 2020
October 13-16, 2020
The NLIT Summit facilitates the exchange of best practices and ideas between IT professionals and providers within the DOE complex to strengthen IT infrastructure and reduce costs within the DOE laboratory system. Eclypsium is a sponsor of this event, and welcomes the opportunity to engage with the DOE labs to protect IT infrastructure down to the firmware and hardware level.
Join us >
SANS Cyber Solutions Fest
October 8-9, 2020
This action packed 2-day virtual event brings together an ensemble of security professionals, solution providers, gurus and experts ready to share the latest developments and innovative technologies in the cybersecurity industry. Eclypsium’s John Loucaides will lead a Tech Talk exploring how you can get visibility into – and protect – the firmware and hardware that attackers are targeting in 2020.
Join us >
Webinar: Down the Rabbit Hole – Attackers Moving Down As We Move Up
Cyber adversaries are not “sophisticated”, rather they are pragmatic. The endpoint, still the nexus of the cyber problem, is challenging lately for adversaries to evade detection and persist at the operating system level due to advances in AI/ML, EDR, and threat intelligence. This talk exposes the reasons why attackers are going further down the rabbit hole in order to gain footholds and persist below the surface of the rest of the entire security stack.
September 23-24, 2020
SecurityWeek’s prestigious CISO Forum focuses on information security leadership and strategy. This year’s event take place online and is sponsored by Eclypsium. Reserve your spot now to hear Eclypsium Principal Cyber Strategist Scott Scheferman’s talk on “The New Endpoint Challenge – Cracks in the Foundation” and stop by our online booth to chat with our technical team.
Virtual Air Space Cyber Conference
September 14-16, 2020
The Air Force Association’s virtual Air, Space & Cyber Conference (vASC) is the premier event for defense and aerospace professionals. Eclypsium is a sponsor of this conference which provides Airmen, Space Professionals, and industry leaders direct insights into the plans, policies and vision of Air Force and Space Force leadership, and emerging trends and developments in aerospace and cyber technology. Request a meeting to see Eclypsium’s comprehensive device security platform designed for tough DoD environments.
Webinar: Exploring the BootHole Vulnerability
The BootHole vulnerability, disclosed by Eclypsium researchers Mickey Shkatov and Jesse Michael in July, exposes billions of devices to attack. The vulnerability they discovered in the GRUB bootloader can be used to gain arbitrary code execution during the boot process even when Secure Boot is enabled. This can allow attackers to install persistent and stealthy bootkits, rootkits, or malicious bootloaders that would provide full control over the victim device.
How Much Trust Can You Put In Your Devices? A Conversation For The Financial Industry
August 13, 2020
Join T.E.N. and Eclypsium on August 13th at 5:30 pm ET for this exclusive virtual ISE® Cocktails & Conversations where we will discuss “How Much Trust Can You Put in Your Devices? A Conversation for the Financial Industry.”
To attend, please email email@example.com
DEF CON 28 SAFE MODE
August 6-9, 2020
Eclypsium Principal Researchers Mickey Shkatov and Jesse Michael will present “Bytes in Disguise” at DEF CON 28 SAFE MODE.
Non-Volatile Memory. EVERY computer has it, from the chip that stores your BIOS to the controller that runs your laptop trackpad and even your new USB-C monitor. These small nooks of storage can be (ab)used by anyone to store data or code without causing any side effects and none would be the wiser. Mickey and Jesse will show you more than one example of how this is possible, walk through how to do it, and what can be done to detect and lock down systems.
Their presentation will be available on Sunday, August 9th, and you can join them for a live Q&A online at 10:30 AM. Details here >
ESW Interviews John Loucaides on #BootHoleVulnerability
August 5, 2020
Paul Asadoorian and the crew of Enterprise Security Weekly dive deep into the #BootHoleVulnerability with Eclypsium’s John Loucaides in this special “Hacker Summer Camp” edition of the ESW podcast.
Webinar: Managing the Hole in Secure Boot
Eclypsium researchers have discovered an arbitrary code execution vulnerability – dubbed BootHole – in the GRUB2 bootloader that can bypass UEFI and OS Secure Boot, impacting other OS defenses. Attackers exploiting this vulnerability can install persistent and stealthy bootkits or malicious bootloaders that could give them near-total control over the victim device. The majority of laptops, desktops, servers and workstations are affected, as well as network appliances and other special purpose equipment used in industrial, healthcare, financial and other industries.
In this webinar Yuriy Bulygin, CEO and John Loucaides, VP of Research and Development at Eclypsium, will provide a briefing on the key issues enterprise IT and security leaders need to know in order to effectively mitigate this issue.
Watch now >
Webinar: Put Zero Trust in Your Devices
July 28, 2020
In today’s remote work environment, where users are no longer protected by the many layers of security found on-premise in the corporate network, organizations must consider how to adapt core security concepts like Zero Trust to cover corporate laptops, BYOD devices and home networking gear. Yet for many organizations, device integrity remains a blindspot where Zero Trust principles are not yet applied, and as a result, security is assumed instead of verified.
In this webinar we discuss how much trust you can put in your devices and what organizations can do to assess and verify device integrity down to the firmware and hardware level.
Webinar: Improve Device Security Using the CMMC Framework
Build device security into your overall cybersecurity plan with simple steps that help you progress from basic cyber hygiene to preventing advanced persistent threats using the Cybersecurity Maturity Model Certification (CMMC) framework as a guideline. John Loucaides, VP of R&D at Eclypsium, will share insights on how attackers compromise device integrity and how you can defeat them by designing device security into your cybersecurity practices.
Virtual Event: FS-ISAC Spring Summit
The financial services industry is evolving its business models to serve its customers and employees in a world where digitization is no longer an option. In this new era, where not only customers but also employees must adjust to operating virtually nearly overnight, cyber criminals are seeing endless opportunity. Eclypsium CEO, Yuriy Bulygin, spoke live at this FS-ISAC event, on “The Anatomy of a Firmware Attack”.
Webinar: Protecting Device Integrity in the Supply Chain
How is your organization addressing risks to device integrity in the technology supply chain? In this panel discussion, experts from TAG Cyber, Johns Hopkins, NIST and Eclypsium explore how to improve visibility into your device supply chain and protect your organization from cybersecurity threats targeting vulnerabilities and weak points.
Webinar: Mitigating Device Security Risks in Data Centers, Remote Use and Supply Chains
Join this ISE® Fireside Webinar featuring Eclypsium CEO, Yuriy Bulygin, and a CISO panel for a discussion of best practices for CISOs and their security teams to mitigate security risks targeting the device integrity of data center environments, remote users and supply chains.
Webinar: Detecting & Defeating Persistent Attacks
Is your organization equipped to detect and defeat firmware attacks? Eclypsium’s Ron Talwalkar and Jesse Michael describe how such attacks can persist undetected by traditional security solutions, surviving operating system reinstalls and even hard drive replacement. Learn about vulnerabilities that can leave you open to attack, and see how Eclypsium can help you detect and defend against them.
Webinar: Best Practices for Firmware Updates
A disciplined process of firmware updates is an essential element of good cybersecurity hygiene but can be challenging for many enterprises. Eclypsium’s John Loucaides and Steve Mancini provide IT and security leaders with insights into firmware update management and guidance on best practices.
Webinar: Anatomy of a Firmware Attack
Explore the techniques of successful firmware attacks as they apply to stages of a kill chain in this Eclypsium webinar designed to help you assess and defend enterprise devices from firmware and hardware threats.
Webinar: Perilous Peripherals
Eclypsium researchers Jesse Michael and Rick Altherr will describe new research showing how unsigned firmware in WiFi adapters, USB hubs, trackpads, laptop cameras and network interface cards provides pathways for malicious attackers to compromise laptops and servers.
Webinar: How Direct Memory Access Attacks Bypass Hardware Protections
New research from Eclypsium shows that high-speed DMA attacks can bypass built-in hardware protections on enterprise devices. Jesse Michael and Mickey Shkatov describe their research, and discuss the ramifications for enterprise security.
Webinar: Screwed Drivers
A common design flaw uncovered in drivers from 20 vendors allows widespread Windows compromise. In this webinar, Eclypsium researchers Jesse Michael and Mickey Shaktov take you behind the scenes to show how and why this happened, and disclose the latest updates to their research.
InfoSec World Digital
June 22 – 24, 2020
For over 25 years InfoSec World has been the “business of security” conference. To manage today’s threats, security practitioners must have the skills to be both a business partner and enabler, and have the technical expertise to prevent, detect and respond to security challenges. At this year’s InfoSec World Digital, Eclypsium’s John Loucaides presented “Hacking Firmware: The Unprotected Attack Surface of the Enterprise.” Meet John, and the rest of the Eclypsium team at our online booth.
Contact us to schedule a meeting >
i-4 Forum 99
March 9-11, 2020
Alex Bazhaniuk, CTO & Co-Founder of Eclypsium, will join Sergej Epp, Chief Security Officer, Palo Alto Networks, for a discussion on Incident Response and Red Teaming at the International Information Integrity Institute forum on Monday, March 9.
Contact us to schedule a meeting >
February 24-28, 2020
San Francisco, CA
Join top cybersecurity leaders and a dedicated community of peers at RSA 2020 as we exchange the biggest, boldest ideas that will help propel the industry forward. Firmware security will be a hot topic. To learn more, visit Eclypsium at booth 29 in the Early Stage Expo at Moscone South, Tuesday evening and all day Wednesday and Thursday.
SANS Cyber Defense Initiative
December 10-17, 2019
Sharpen your defenses with this week of cyber security training put on by SANS. Then on Friday, December 13th, join Eclypsium at the vendor solutions exposition to see to a demonstration on how to defend the unprotected firmware and hardware layer of the enterprise – including laptops, servers, and networking infrastructure.
FS-ISAC Fall Summit
November 17-20, 2019
Information security leaders from the financial sector will come together for three days of thought-provoking and interactive sessions at this fall’s FS-ISAC Americas Summit. Eclypsium’s CEO, Yuriy Bulygin will give a talk on “Firmware: The Unprotected Attack Surface” on Tuesday Nov 19th, and we’re hosting a special reception that evening.
November 8-10, 2019
San Diego, CA
ToorCon is changing it up this year with a Red-Day, a Blue-Day and a Fun-Day. Eclypsium’s Alex Ivkin is a Blue-Day speaker. His talk, “Down the sinkhole with Kubernetes” will be at noon on November 8th. Don’t miss it!
November 6-7, 2019
SINET Showcase provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity. Don’t miss the panel discussion on “Trust but Verify Firmware in the Supply Chain”, featuring Gene Casady of Global Payments, Kevin Nally of the US Secret Service, Steve Orrin of Intel, Chad Sweet of The Chertoff Group and Eclypsium CEO Yuriy Bulygin.
November 6-7, 2019
To address the increasing importance of information security in Japan, the best known figures in the international security industry will get together with leading Japanese researchers to share best practices and technology at PacSec in Tokyo this November. Eclypsium researchers Jesse Michael and Mickey Shaktov will present “Get Off The Kernel If You Can’t Drive” – showing how common drivers can be used to compromise the security of the platform.
October 25-26, 2019
Eclypsium is sponsoring BSides PDX, a gathering of the most interesting infosec minds in Portland and the Pacific Northwest! Several of our Oregon team members will be in attendance – be sure to connect. And don’t miss our own Alex Ivkin’s talk, “Argghh, yer kubernetes be now a shark bait!” Saturday at 12:30 PM.
October 2-4, 2019
In its 29th year, the annual Virus Bulletin International Conference (VB2019) is one of the most international threat intelligence events of the year, focusing on the sharing of intelligence between researchers and analysts, product managers and CISOs from around the world. Together with Intel, Eclypsium will showcase advanced firmware attack detection technology.
Platform Security Summit
Oct 1-3, 2019
PSEC 2019 brings together security architects, researchers and developers from the ecosystems of hyperscalers, service operators, product vendors, academia and open-source. Eclypsium’s John Loucaides will speak on “The Tragedy of the Commons in Platform Security” – that a single vulnerability or failure at the platform level breaks years of investment and progress in security.
September 25-27, 2019
Buenos Aires, Argentina
This annual security conference brings together specialists in the field from around the world for training, talks, games, challenges and much more. Eclypsium’s Daniel Gutson and Mauricio Sanfilippo will lead a workshop on Reverse Mathematics showcasing a new technique for detecting vulnerabilities. Daniel, together with Erik Ccanto and Juan Melquiot are also leading a workshop on Frida LangGo, dynamically reversing and implementing applications made in Go to spy on sensitive information.
Learn more about Ekoparty >
September 24-26, 2019
Half Moon Bay, California
SecurityWeek’s invitation-only 2019 CISO Forum, presented by Intel, brings together security leaders to discuss, share and learn information security strategies. Eclypsium CEO, Yuriy Bulygin, will take part in a panel discussion on “Assessing Security in the Hardware Supply Chain.”
Open Source Firmware Conference
September 3-6, 2019
This year’s Open Source Firmware Conference will feature more than 40 presentations over four days, and include an entire track on firmware security as well as a hackathon. Eclypsium’s Rick Altherr will present a comprehensive threat model for BMCs along with methodologies, practices, and techniques that can be used to avoid these common security mistakes.
DEF CON 27
August 8-11, 2019
Las Vegas, NV
DEF CON is the largest sponsor free hacking conference. You have to earn your speaking spot by impressing the CFP review team – and we’re pleased to report that Eclypsium researchers Jesse Michael and Mickey Shaktov made the grade. They will present “Get off the Kernel if you can’t Drive” on Saturday, August 10 at 15:00. Don’t miss it!
August 7-8, 2019
Las Vegas, NV
Now in its 22nd year, Black Hat USA is the world’s leading information security event, providing attendees with the very latest in research, development and trends. See a demonstration of the Eclypsium firmware protection platform at booth #IC2109, or contact us to schedule a private meeting.
March 4-7, 2019
San Francisco, CA
The RSA Conference brings together top cybersecurity leaders and a dedicated community of peers to exchange the biggest, boldest ideas that will help propel the industry forward. Eclypsium is honored to have been named a Top 10 Finalist in the 2019 RSA Innovation Sandbox. Catch CEO Yuriy Bulygin’s presentation live on March 4th, or see a demonstration of our newly released firmware protection platform at our booth in the Early Stage Expo.