Eclypsium® Events


Eclypsium actively shares our firmware threat research and security expertise with the broader security community at conferences and events around the world

Webinars and Upcoming Events

WEBINAR: BMC&C Vulnerability Factory

ON DEMAND

Online Event

BMCs (Baseboard Management Controllers) represent a class of devices that typically come pre-installed on servers. They operate independently of the hardware and other software on the system in an effort to provide administrators with remote access (including power off/on, remote KVM, remote media mount and firmware update capabilities). An attacker who gains control over BMCs gains an unprecedented amount of privilege on the system and can bypass security controls provided by other components (such as the operating system.)

Join cyber security experts Paul Asadoorian, Nate Warfield and Scott Scheferman as they walk through this hidden attack surface.

Watch Now >

WEBINAR: First Financial Credit Union: Trojans, Back Doors and Supply Chains

ON DEMAND

Online Event

Join cyber security experts from First Financial as they walk through what it takes to manage and secure the device supply chain and stay compliant with FFIEC regulations.

Key Learnings:

• What tough new questions are asked by FFIEC Inspectors (and how to answer them!)

• How to find “below the OS” vulnerabilities

• How to secure the nearly invisible parts in the device supply chain

Watch Now >

WEBINAR: How Flaws in UEFI Secure Boot Allow Remote Attackers to Run Malware

ON DEMAND

Online Event

Every security technology has it’s flaws and UEFI is no exception. This session will introduce you to UEFI Secure Boot and its components and then we will identify several “features” of Secure Boot that bad guys are using in attacks

Watch Now >

WEBINAR: Evaluating the Risk in Your Device Supply Chain

ON DEMAND

Online Event

Is Your Device Supply Chain at Risk?
Several new regulations and guidelines specifically point out firmware, and the firmware supply chain, as being within scope.  Supply chains involving hardware, firmware, and software can be incredibly complex and difficult to navigate.

So, how can I evaluate the risk?
Come join SVP of Strategy, John Loucaides and Security Evangelist, Paul Asadoorian as they discuss:

• how to deal with tampering, backdoors and vulnerabilities related to an all-encompassing supply chain

• how NIST is identifying firmware as critical software, CISA KEVs and more

• what to do when an attacker has gained access to your devices and changed something – how do you know and how do you respond

Watch Now >

WEBINAR: One Bootloader to Load Them All

ON DEMAND

Online Event

Introduced in 2012, Secure Boot has become a foundational rock in modern computing and is used by millions of UEFI-enabled computers worldwide due to its integration in their BIOS.

In this presentation, we will discuss:

• past and current flaws in valid bootloaders, including some that misuse built-in features to bypass Secure Boot inadvertently

• how malicious executables can hide from TPM measurements used by BitLocker and remote attestation mechanisms.

• how these new exploits work and discuss ways to remediate these vulnerabilities and preserve the integrity of the Secure Boot process.

Watch Now >

WEBINAR: Firmware Enumeration with Open Source Tools

ON DEMAND

Online Event

Have you looked below the operating system layer on your devices? If you haven’t, you may be shocked to learn the vulnerabilities that lie at the firmware level.

Join Paul Asadoorian, Firmware Security Evangelist at Eclypsium, on techniques you can use to evaluate the state of security on the firmware-based devices that live inside your laptops, desktops, and servers.

• Using Linux/open-source utilities to explore device firmware
• Enabling Secure Boot and its components
• Enumerating and updating firmware within your system using LVFS
• Discovering Intel ME and associated vulnerabilities
• Checking your system for the Boothole vulnerability

Watch Now >

WEBINAR: Firmware Turns Out to Be Soft and Squishy

ON DEMAND

Online Event

5 Reasons Why Firmware Attacks are the New Front in the Cyber War

The reason you are hearing so much about firmware attacks is because it really is a thing. There are a lot of dynamics at work here including:

• Firmware attacks are hard to detect
Linux is the new firmware.
Firmware is hard to patch.
Attacking firmware is a great way to bring down critical infrastructure

Listen to this on-demand webinar as we discuss firmware attack scenarios such as:

• The F5 vulnerability that came out in May
• Attackers’ use of IP cameras as C2 servers (you read that right)
• The Conti ransomware group’s targeting of Intel Management Engine (ME) firmware

Watch Now >

WEBINAR: Finserv, Firestorms, and Firmware

ON DEMAND

Online Event

Financial services organizations are always on guard against cyber attacks from persistent adversaries, but some seasons are simply more dangerous than others. This year’s North American fire season is off to a fast start and provides a useful analogy for what’s happening in cyber defenses: un-hardened, vulnerable, and out-of-date firmware is acting as bone-dry tinder, and motivated adversaries are the lightning that sets the blaze. Join experts from Eclypsium to discuss:

• How adversaries are capitalizing on firmware blind spots in our defenses

• How FFIEC regulations now urge audit teams to assess their firmware protections

• How Finserv organizations can detect nearly invisible firmware spot fires and keep them from becoming major blazes (or breaches)

Watch Now >

WEBINAR: When Trends Collide: Hunting Firmware-based IOCs

ON DEMAND

Online Event

The catchphrase “continuous monitoring” has had a long and checkered life in cybersecurity – loved by some, hated by others, misunderstood by most. NIST defines continuous monitoring as “the ability to maintain ongoing awareness of information security, vulnerabilities, and threats to facilitate risk-based decision making.”

But what do we do when tectonic shifts in technology completely rearrange the landscape we’re trying to monitor? 

Join experts from Eclypsium at 1:30 eastern on June 29, when they share how continuous monitoring efforts in firmware differ from those used in “above the OS” solutions.

Watch Now >

WEBINAR: Repairing Links: Firmware Security and Technology Supply Chains

ON DEMAND

Online Event

In this webinar, firmware experts from Eclypsium will discuss:

• The role firmware plays in every technology supply chain

• Why firmware security has been overlooked by traditional tools and methods

• How new technologies can merge with federal and commercial initiatives to fill gaps

• How to prepare for a firmware-centric attack on critical supply chains 

We’ll also point viewers to new resources and tools that can simplify and streamline firmware security for even the most complex federal and commercial supply chains.  

Watch Now >

WEBINAR: Firmware Security for Besieged Networks

ON DEMAND

Online Event

During this webinar, the Eclypsium team will share insights on the most recent firmware-focused attacks and demonstrate the new Eclypsium for Network Devices offering.

Watch Now >

Webinar: The Future State of Ransomware is Closer Than We Think

On Demand

Online Event

Digital extortionists have learned how to continue to up the stakes by multiplying their leverage and reducing the time window of negotiation. Join Rick McElroy, Principal Cyber Security Strategist at VMware Carbon Black, and Scott Scheferman, Office of the CTO at Eclypsium as we explore where they are headed, and ask the hard questions about what it will take to get ahead of them.

Watch Now >

Webinar: The Mark of Zero: The Role of Firmware in Zero Trust Strategies

On Demand

Online Event

A few years ago, a casual Google search on the term “zero trust” would have returned hundreds of thousands of hits. Search for the same term today, and you’ll get about 4 billion hits — that’s “billion” with a “B.” It’s possible that no other cybersecurity approach has matured so fast and received such widespread adoption in such a short time. But can a Zero Trust security strategy be effective without accounting for the needs of firmware security?

Watch Now >

Webinar: Firmware Fiascos and the Supply Chain’s Weakest Link

On Demand

Online Event

The technology supply chain supports virtually every aspect of modern-day organizations: from software and services to servers, switches, laptops, and virtual machines. As a result, any compromise or vulnerability in the supply chain is amplified by hundreds of downstream users and dozens of downstream use cases. Worse, this can bring invisible and potent risks into an organization under the guise of a trusted asset.

Watch Now >

Webinar: Modern Threat Developments Affecting Patient Safety & What To Do About Them

On Demand

Online Event

We’ll take a close look at how some of the most active, widespread, and notorious cybercriminal gangs, as well as their nation-state affiliate counterparts, continue to join forces to attack hospitals. We’ll expose newer highly destructive, automated, worming threats that have already evolved from where they left off in 2020’s pandemonium. More importantly, we’ll cover things hospitals of various sizes can actually do to get ahead of these threats by leveraging groundwork already laid, and by asking the harder questions that need to be answered anew in 2021.

Watch Now >

Webinar: The Cybersecurity EO, Firmware, and Kicking the Can

On Demand

Online Event

The president’s recently released “Executive Order on Improving the Nation’s Cybersecurity” presents new perspectives and directions on preventing increasingly destructive ransomware and cyber attacks. While all ten sections in the executive order provide instructions for federal agencies and CISOs in the commercial sector, two particular sections notably break away from traditional best practices and call for new approaches.

Watch Now >

Webinar: BIOS Disconnect -New Research from Eclypsium

On Demand

Online Event

In this webinar, Eclypsium will share information on multiple new vulnerabilities that our research team has identified in enterprise devices. We will discuss the significant risks this poses to the integrity of these devices, and what steps can be taken to mitigate this threat. Details of the research are presently embargoed and will not be made public until shortly before this webinar.

Watch Now >

Staying Alert: What Gets You Up in the Morning? Coffee, Duh!

June 29, 2021

Online Event

During this exclusive round table discussion with your peers, we’ll talk through cybersecurity pain points that keep you up at night, while we all participate in the coffee brewing experience. Coffee expert Patrick O’Malley will guide you through the brewing process. With over 30 years of experience working in the coffee industry around the world, Patrick will share a coffee tasting menu that will make you feel like a roast master! You will walk away with a truly special coffee experience, eye-opening while engaging with like-minded people. 

Webinar: A New Approach to Protecting Network and Unmanaged Devices

On Demand

Online Event

Recent updates to NIST 800-53 and other compliance standards emphasize that cEnterprise IT and security teams today must navigate the risk of a constantly evolving landscape of networking equipment, connected devices, and personal-use employee devices in remote work environments. Many of these devices simply can’t be managed using traditional security tools, with recent studies estimating that up to 90% of enterprise devices can’t support a traditional security agent. What’s a security team to do? Maybe it’s time for a new approach to protecting network appliances and other ‘unmanaged” appliances. 

Watch Now>

Webinar: What Auditors Need to Know When Evaluating Firmware Compliance

On Demand

Online Event

Recent updates to NIST 800-53 and other compliance standards emphasize that controls must extend down to firmware and hardware. To keep pace with widespread attacks and new standards, organizations must incorporate firmware security into risk management and compliance processes and address blind spots that have given attackers a new foothold. But what does this mean, and what should you be looking for?

Watch Now>

Webinar: Cook Your Dinner, Don’t Cook Your Devices

May 19, 2021

Online Event

Modern organizations are in the midst of a transformation at the device level, and these changes are having profound impacts to security. No longer defined simply by corporate laptops and servers, enterprises must navigate the risk of a constantly evolving landscape targeting networking equipment, connected devices, personal-use employee devices, medical devices, as well as devices in remote work environments. Many of these devices simply can’t be managed using traditional security tools, with recent studies estimating that up to 90% of enterprise devices can’t support a traditional security agent.

Watch Now>

Webinar: New Developments in Device Security

On Demand

Online Event

A recent Microsoft study says 83% of all businesses have experienced a firmware attack in the past two years. The NIST National Vulnerability Database has shown more than a five-fold increase in firmware vulnerabilities in the last four years. How real is the threat in Q2? Are enterprises taking the right approaches to address it? In this quarterly firmware security threat briefing, Yuriy Bulygin, CEO of Eclypsium, and Scott Scheferman, Principal Cyber Strategist discuss the latest news in firmware and hardware security – from the Microsoft report to the most recent attacks in the wild – and what security leaders can do to defend their organizations.

Watch Now>

Webinar: What you can do to get ahead of the next round of attacks

On Demand

Online Event

According to a recent Microsoft report, 83% of all businesses have experienced a firmware attack in the past two years. Firmware and hardware issues have become one of the most active areas of enterprise security, as organizations struggle to cope with attacks such as the recent Accellion FTA device extortion campaign. Unfortunately, most organizations lack visibility into this critical attack surface. In fact, today the TrickBot malware group has more insight into which devices are vulnerable to UEFI attacks than most security teams.

Watch Now>

Webinar: Threats Below The Surface in High-Risk Devices

On Demand

Online Event

As cybersecurity improves, attackers are seeking new methods to subvert traditional security controls – going below the surface to penetrate vulnerable firmware and hardware components inside today’s servers, laptops and networking equipment. Most organizations lack visibility into this attack surface. In this webinar, you’ll learn what to do about blind spots that allow attackers to subvert traditional security controls and persist undetected, leaving organizations exposed to device tampering, ransomware, and data breaches.

Watch Now >

Webinar: Attackers are Targeting Endpoint Firmware. Are You Ready?

April 9, 2021

Online Event

As enterprise security improves, attackers are seeking new methods to subvert traditional security controls – going below the surface to penetrate vulnerable firmware and hardware components inside today’s servers, laptops and networking equipment. To keep pace, organizations and auditors must incorporate firmware security into risk management and compliance processes and address blind spots that have given attackers a new foothold. You’ll leave this presentation with a checklist for assessing firmware security risk mapped to NIST standards.

Watch Now >


Webinar: APT & Criminal Attackers Converge Below the Surface

March 30, 2021

Online Event

Two alarming trends are unfolding in the 2021 threat landscape. Nation-state and criminal actors are increasingly targeting firmware and new supply chain attacks are unfolding. In this fast-paced webinar, Scott Scheferman, Principal Cyber Strategist at Eclyspium shares the latest developments in the threat landscape from TrickBoot to SUNBURST and Accellion and discusses how attackers will adapt now that these TTPs have been burned. Find out what security teams need to anticipate and prepare for as criminal and Advanced Persistent Threat actors converge on firmware.

Watch Now >

Webinar: Improve Device Security Using The CMMC Framework

On Demand

Online Event

As cybersecurity improves, attackers are seeking new methods to subvert traditional security controls – going below the surface to penetrate vulnerable firmware and hardware components inside today’s servers, laptops and networking equipment. Most organizations lack visibility into this attack surface. They can’t easily see which hardware and firmware components are in their fleet or determine which devices are vulnerable to known threats — much less detect a hidden implant or backdoor. These blind spots allow attackers to subvert traditional security controls and persist undetected, leaving organizations exposed to device tampering, ransomware, and data breaches.

Watch Now>

Webinar: Put Zero Trust in Your Devices

On Demand

Online Event

The recent shift to a remote work environment has created new challenges for many businesses and government institutions with profound impacts on organizational security models. Suddenly, many users are no longer protected by the many layers of security found on-premise in the corporate network. Incorporating security concepts like Zero Trust can be a critical part of securing these remote work environments, which often include a mix of corporate laptops, BYOD devices, and home networking gear. If the integrity of these devices isn’t assured, then it is impossible to assure the safety of the operating systems and other software running on them. Yet for many organizations, device integrity remains a blindspot where Zero Trust principles are not yet applied, and as a result, security is assumed instead of verified.

Watch now >

Webinar: Top Five Threats to Firmware Security

On Demand

As firmware-level threats continue to gain popularity in the wild, security teams need to understand how these threats work and the real-world risks they pose to an organization’s security. In this live briefing, Eclypsium will update you on the latest threats to firmware and hardware that need to be on your radar for 2021. 

Watch Now >

Webinar: Safeguarding Device Integrity in the Supply Chain and Beyond

March 3, 2021

Online Event

As cybersecurity improves, attackers are seeking new methods to subvert While most organizations are accustomed to dealing with external threats such as malware, the technology supply chain itself has rapidly emerged as an important source of risk. Proliferating vulnerabilities at the firmware and hardware level have opened the door for nation-state and ransomware attackers to gain control over laptops, servers, and network devices. Vulnerabilities or compromises in the supply chain can affect devices long before they are delivered and unboxed by the eventual owner, as well as during the update process.

Watch now >

Webinar: Sometimes the Best Place to Escape is Underground

On Demand

Online Event

There are some things that just don’t change. One of them is that criminals look for dark places to evade scrutiny. They lurk where the lights are out and the security guards are missing.

So it is in cyberspace too, where APT and criminal actors are moving down the stack to hide from security teams.

Watch now >

Webinar: Attackers Are Targeting Firmware

January 21, 2021

Online Event

The infamous TrickBot malware has a new module that is targeting firmware. In this webinar, hosted by Carahsoft, learn why firmware threats are so dangerous, what systems are affected by TrickBoot, what it takes to recover, how to tell if your firmware has been compromised and how to protect your organization from a variety of firmware threats.

Watch Now >

Webinar: Assessing Enterprise Firmware Security Risk – 2021

On Demand

Online Event

2020 saw a dramatic increase in firmware level threats, including widespread attacks against VPN devices, newly discovered UEFI implants, and a new TrickBot module scanning for firmware vulnerabilities. And, while analysis of the SolarWinds Orion supply chain SUNBURST campaign is ongoing, multiple threat actors, including those currently suspected in this campaign by public sources, have demonstrated the ability to introduce firmware-based persistence that evades majority endpoint protection or detection as well as traditional host-forensic detection. In this environment, how should CISOs assess their firmware security risk in 2021?

Watch now >

Webinar: Top 5 Threats to Firmware Security

On Demand

Online Event

As firmware-level threats continue to gain popularity in the wild, security teams need to understand how these threats work and the real-world risks they pose to an organization’s security. In this live briefing, Eclypsium will update you on the latest threats to firmware and hardware that need to be on your radar for 2021.

Watch Now >

Webinar: What’s Under The Hood In Your Devices

On Demand

Online Event

How well do you know what’s inside your computer? Today’s laptops and servers are powered by dozens of components with their own complex programming that runs independently of the operating system. Attackers increasingly target vulnerabilities in firmware and hardware, and most organizations lack visibility into this attack surface. In this webinar we’ll explore what manufacturers are doing to improve platform security, what kinds of vulnerabilities attackers are targeting, and what IT and security professionals need to do to protect their devices.

Watch now >

Webinar: Trickbot’s New Trickboot Module Targets Your Firmware

On Demand

Online Event

TrickBot malware now has functionality designed to inspect and potentially target the UEFI/BIOS firmware of targeted systems. TrickBoot makes use of open-source tools to check devices for a vulnerability that can allow Trickbot operators to read, write, or erase the UEFI/BIOS firmware of a device. This new capability targets all Intel-based systems produced in recent years and is one line of code away from bricking any device it finds to be vulnerable. In this webinar, Vitali Kremez, Scott Scheferman, and Jesse Michael provide key insights, implications, and mitigations for one of the biggest discoveries of 2020: Trickboot. 

Watch now >

Webinar – What’s Really Down Under

On Demand

Online Event

Lying below the traditional operating system (Windows, Linux, Mac) is an entire “world down under” ripe for attacking. The firmware and hardware attack surface is diverse and wrought with vulnerabilities that are increasingly being exploited to great effect. Attackers have learned to fly under the radar, dip down underneath the traditional security stack, and persist indefinitely, all while enjoying the omnipotence and flexibility that firmware-level attacks provide. In this webinar, Scott Scheferman, Principal Cyber Strategist at Eclypsium, will share insights from recent attacks that challenge how we think about device security. 

Watch now >

Webinar: Protecting Your Organization From MosaicRegressor and Other UEFI Implants

On Demand

Online Event

The recent discovery of MosaicRegressor spyware is the latest in an ongoing trend of UEFI implants observed in the wild. These threats are particularly powerful because their malicious code runs before and supersedes the operating system, while also allowing the threat to persist within firmware even after a system is re-imaged. The implant code itself is universal and easy to build and the UEFI file system format is largely unmodified by individual OEMs. This creates a relatively low barrier to entry for attackers making it likely we will see this type of capability show up in other campaigns. Learn more in this webinar.

Watch now >

FS-ISAC Fall Summit

October 14-15, 2020

Online Event

Current risk frameworks may not be built to support the radical changes financial institutions are confronting. Members will meet at the FS-ISAC virtual summit this fall to understand the technology trends and emerging paradigms that are shaping information security at financial firms. Eclypsium will present an on-demand session entitled “Put Zero Trust in Your Devices.”

Join us >

NLIT Summit 2020

October 13-16, 2020

Online Event

The NLIT Summit facilitates the exchange of best practices and ideas between IT professionals and providers within the DOE complex to strengthen IT infrastructure and reduce costs within the DOE laboratory system. Eclypsium is a sponsor of this event, and welcomes the opportunity to engage with the DOE labs to protect IT infrastructure down to the firmware and hardware level.

Join us >

Webinar: Down the Rabbit Hole – Attackers Moving Down As We Move Up

On Demand

Online Event

Cyber adversaries are not “sophisticated”, rather they are pragmatic. The endpoint, still the nexus of the cyber problem, is challenging lately for adversaries to evade detection and persist at the operating system level due to advances in AI/ML, EDR, and threat intelligence. This talk exposes the reasons why attackers are going further down the rabbit hole in order to gain footholds and persist below the surface of the rest of the entire security stack.

Watch now >

Webinar: Mitigating Device Security Risks in Data Centers, Remote Use and Supply Chains

ON DEMAND

Online

Join this ISE® Fireside Webinar featuring Eclypsium CEO, Yuriy Bulygin, and a CISO panel for a discussion of best practices for CISOs and their security teams to mitigate security risks targeting the device integrity of data center environments, remote users and supply chains.

Watch now >

Webinar: Detecting & Defeating Persistent Attacks

ON DEMAND

Online

Is your organization equipped to detect and defeat firmware attacks? Eclypsium’s Ron Talwalkar and Jesse Michael describe how such attacks can persist undetected by traditional security solutions, surviving operating system reinstalls and even hard drive replacement. Learn about vulnerabilities that can leave you open to attack, and see how Eclypsium can help you detect and defend against them.

Watch Now >

Webinar: Best Practices for Firmware Updates

ON DEMAND

Online

A disciplined process of firmware updates is an essential element of good cybersecurity hygiene but can be challenging for many enterprises. Eclypsium’s John Loucaides and Steve Mancini provide IT and security leaders with insights into firmware update management and guidance on best practices. 

Watch now >

Past Events

Eclypsium @ Black Hat 2022

August 9-11, 2022

In Person & Online Event

We are excited to be back at Black Hat this year, where we will showcase security solutions that go beneath the software layers of a device  and address some of the toughest problems in device integrity and supply chain security. Schedule a meeting with our team to learn more.

See Firmware Security in Action:
Visit Booth #1768!

RSA Conference 2022

June 6-9, 2022

In-Person Event

RSA 2022 is back in person! The Eclypsium team will be there ready to meet you.

Join us at Booth #0344 South Hall

Schedule a meeting with our executive team

Join us for an amazing Emerging Technology Party at the Children’s Museum June 8th

In-Person: Black Hat Cutting-Edge Technology and Cocktails

August 5, 2021

Libertine Social

Eclypsium is excited to be back at Black Hat this year, where we will showcase innovative new solutions for some of the toughest problems in device integrity and supply chain security. Join Eclypsium and SevCo at Libertine Social for cocktails and conversation around up-and-coming technology spanning device integrity, supply chain security, and inventory monitoring and analysis.

Register Now >

In-Person: Black Hat Hands-On Technology Day

August 5, 2021

Eclypsium Suite at Mandalay Bay

Eclypsium is excited to be back at Black Hat this year, where we will showcase innovative new solutions for some of the toughest problems in device integrity and supply chain security. Join Eclypsium for a hands-on technology day. This event will take place in Eclypsium’s Mandalay Bay suite. We will email details closer to the event.

Register Now >

In-Person: Black Hat Scotch Tasting & Poker Night

August 4, 2021

Eclypsium Suite at Mandalay Bay

Eclypsium is excited to be back at Black Hat this year, where we will showcase innovative new solutions for some of the toughest problems in device integrity and supply chain security. Bet on your cards, not on your devices. Join Eclypsium for a unique scotch tasting and poker game at Mandalay Bay and see how we can help you gain visibility into your devices.

Register Now >

In-Person: Black Hat Drinks & Discussion

August 4, 2021

Kumi

Eclypsium is excited to be back at Black Hat this year, where we will showcase innovative new solutions for some of the toughest problems in device integrity and supply chain security. Join Eclypsium at Kumi for drinks and discussion around some of the toughest problems in device integrity, supply chain security, risk management, and security controls. 

Register Now >

ISE FIRESIDE WEBINAR: What President Biden’s Executive Order Means for Zero Trust and Device Integrity

July 22, 2021

Online Event

President Biden’s Executive Order on improving the nation’s cybersecurity comes on the heels of multiple cyber supply chain attacks, each one a sobering reminder of enterprise vulnerabilities against sophisticated cyberattacks. The Executive Order outlines the actions needed to modernize cybersecurity defense in federal networks and strengthen incident response across sectors. However, the order is also large and sweeping, leaving security professionals with the task of transforming “paper” making cybersecurity improvements into actionable real-life applications.

Register Now >

June 2021 Lunch & Learn: Automating Your Device-Level Inventory Process

June 23, 2021

Online Event

The first step in addressing device-level security concerns – from supply chain threats to VPN attacks –  is getting clear visibility into what devices you have and what’s inside them. Are your servers running the latest firmware or are some vulnerable to holes in the boot process? Are the hardware security configurations on your endpoints set properly, or open to attackers? How many of your VPN appliances are vulnerable to the latest zero-day attack? 

Staying Alert: What Gets You Up in the Morning? Coffee, Duh!

May 25, 2021

Online Event

During this exclusive round table discussion with your peers, we’ll talk through cybersecurity pain points that keep you up at night, while we all participate in the coffee brewing experience. Coffee expert Patrick O’Malley will guide you through the brewing process. With over 30 years of experience working in the coffee industry around the world, Patrick will share a coffee tasting menu that will make you feel like a roast master! You will walk away with a truly special coffee experience, eye-opening while engaging with like-minded people. 

AZ Tech Council: 2021 Virtual Cybersecurity Summit

May 6, 2021

Online Event

The Cybersecurity Summit provides an opportunity for government and business leaders to learn about the threats, vulnerabilities and consequences related to data security and privacy matters. Join these great Arizona organizations for this educational summit that provides actionable solutions, as numerous AZTC and ACTRA member organizations virtually showcase their available resources, products and services geared toward helping protect your intellectual property and customer data. There will be panel discussions, keynote speaker, sponsor, and other exceptional presentations. 

Watch the Recording >

ISACA National Conference

May 4 – May 6, 2021

Online Event

In the past year APT and ransomware threat actors targeted enterprise VPNs en masse, the widespread BootHole vulnerability put virtually all Windows and Linux devices at risk for bootkits, TrickBot added firmware-specific capabilities and the Sunburst attack exposed pervasive risks in the technology supply chain. To keep pace, organizations and auditors must incorporate firmware security into risk management and compliance processes and address blind spots that have given attackers a new foothold. You’ll leave this presentation with a checklist for assessing firmware security risk mapped to NIST standards.

Staying Alert: What Keeps You Up At Night? Coffee, Duh!

April 22, 2021

Online Event

During this exclusive round table discussion with your peers, we’ll talk through cybersecurity pain points that keep you up at night, while we all participate in the coffee brewing experience. Coffee expert Patrick O’Malley will guide you through the brewing process. With over 30 years of experience working in the coffee industry around the world, Patrick will share a coffee tasting menu that will make you feel like a roast master! You will walk away with a truly special coffee experience, eye-opening while engaging with like-minded people. 

Webinar: Assuring Device Integrity

April 6, 2020

Online Event

Compromises in cyber supply chains are putting financial organizations at risk. Proliferating vulnerabilities at the firmware and hardware level have opened the door for nation state and ransomware attackers to gain control over laptops, servers and network devices. In this FS-ISAC webinar, you’ll learn what you can do today to begin verifying device integrity in the supply chain and in operational use, and what’s coming down the road in the NIST Supply Chain Assurance project.

Exclusively available to FS-ISAC members >


FCW Workshop – Managing Supply Chain Security

January 19, 2021

Online Event

The global information technology supply chain has been hit with a growing and unprecedented number of attacks as adversaries attempt to compromise systems with various forms of malware in an attempt to steal or compromise or hold for ransom sensitive information. Join us at this virtual workshop on supply chain security hosted by FCW, featuring speakers from NIST and CISA. John Loucaides, VP of Research and Development at Eclypsium, will give a talk on Assuring Device Integrity in the Supply Chain and Beyond, at 10:40 AM ET.

Join us >

Security Weekly Unlocked

December 10, 2020

Online Event >

Security Weekly’s Paul Asadoorian interviews Eclypsium’s John Loucaides about TrickBoot, a newly discovered TrickBot malware module that is targeting UEFI firmware. Learn why this threat is so dangerous, what systems are affected, and how you can protect your enterprise in this video, recorded at Security Weekly Unlocked in December.

Watch video – TrickBot is After Your Firmware >

Get access to the full Security Weekly Unlocked event on-demand >

SANS Cyber Solutions Fest

October 8-9, 2020

Online event

This action packed 2-day virtual event brings together an ensemble of security professionals, solution providers, gurus and experts ready to share the latest developments and innovative technologies in the cybersecurity industry. Eclypsium’s John Loucaides will lead a Tech Talk exploring how you can get visibility into – and protect – the firmware and hardware that attackers are targeting in 2020.

Join us >

CISO Forum

September 23-24, 2020

Online

SecurityWeek’s prestigious CISO Forum focuses on information security leadership and strategy. This year’s event take place online and is sponsored by Eclypsium. Reserve your spot now to hear Eclypsium Principal Cyber Strategist Scott Scheferman’s talk on “The New Endpoint Challenge – Cracks in the Foundation” and stop by our online booth to chat with our technical team.

Join us at the CISO Forum >

Virtual Air Space Cyber Conference

September 14-16, 2020

Online

The Air Force Association’s virtual Air, Space & Cyber Conference (vASC) is the premier event for defense and aerospace professionals. Eclypsium is a sponsor of this conference which provides Airmen, Space Professionals, and industry leaders direct insights into the plans, policies and vision of Air Force and Space Force leadership, and emerging trends and developments in aerospace and cyber technology. Request a meeting to see Eclypsium’s comprehensive device security platform designed for tough DoD environments.

Join us at the vASC conference >

Webinar: Exploring the BootHole Vulnerability

On Demand

Online Event


The BootHole vulnerability, disclosed by Eclypsium researchers Mickey Shkatov and Jesse Michael in July, exposes billions of devices to attack. The vulnerability they discovered in the GRUB bootloader can be used to gain arbitrary code execution during the boot process even when Secure Boot is enabled. This can allow attackers to install persistent and stealthy bootkits, rootkits, or malicious bootloaders that would provide full control over the victim device.

Watch now >

How Much Trust Can You Put In Your Devices? A Conversation For The Financial Industry

August 13, 2020

Online

Join T.E.N. and Eclypsium on August 13th at 5:30 pm ET for this exclusive virtual ISE® Cocktails & Conversations where we will discuss “How Much Trust Can You Put in Your Devices? A Conversation for the Financial Industry.”

To attend, please email djones@ten-inc.com

DEF CON 28 SAFE MODE

August 6-9, 2020

Online

Eclypsium Principal Researchers Mickey Shkatov and Jesse Michael will present “Bytes in Disguise” at DEF CON 28 SAFE MODE.

Non-Volatile Memory. EVERY computer has it, from the chip that stores your BIOS to the controller that runs your laptop trackpad and even your new USB-C monitor. These small nooks of storage can be (ab)used by anyone to store data or code without causing any side effects and none would be the wiser. Mickey and Jesse will show you more than one example of how this is possible, walk through how to do it, and what can be done to detect and lock down systems.

Their presentation will be available on Sunday, August 9th, and you can join them for a live Q&A online at 10:30 AM. Details here >

ESW Interviews John Loucaides on #BootHoleVulnerability

August 5, 2020

Online

Paul Asadoorian and the crew of Enterprise Security Weekly dive deep into the #BootHoleVulnerability with Eclypsium’s John Loucaides in this special “Hacker Summer Camp” edition of the ESW podcast.

Watch the video >

Webinar: Managing the Hole in Secure Boot

On Demand

Online

Eclypsium researchers have discovered an arbitrary code execution vulnerability – dubbed BootHole – in the GRUB2 bootloader that can bypass UEFI and OS Secure Boot, impacting other OS defenses. Attackers exploiting this vulnerability can install persistent and stealthy bootkits or malicious bootloaders that could give them near-total control over the victim device. The majority of laptops, desktops, servers and workstations are affected, as well as network appliances and other special purpose equipment used in industrial, healthcare, financial and other industries.

In this webinar Yuriy Bulygin, CEO and John Loucaides, VP of Research and Development at Eclypsium, will provide a briefing on the key issues enterprise IT and security leaders need to know in order to effectively mitigate this issue.

Watch Now >

Webinar: Put Zero Trust in Your Devices

July 28, 2020

On Demand

In today’s remote work environment, where users are no longer protected by the many layers of security found on-premise in the corporate network, organizations must consider how to adapt core security concepts like Zero Trust to cover corporate laptops, BYOD devices and home networking gear. Yet for many organizations, device integrity remains a blindspot where Zero Trust principles are not yet applied, and as a result, security is assumed instead of verified.

In this webinar we discuss how much trust you can put in your devices and what organizations can do to assess and verify device integrity down to the firmware and hardware level.

Watch Now >

Webinar: Improve Device Security Using the CMMC Framework

On Demand

Online


Build device security into your overall cybersecurity plan with simple steps that help you progress from basic cyber hygiene to preventing advanced persistent threats using the Cybersecurity Maturity Model Certification (CMMC) framework as a guideline. John Loucaides, VP of R&D at Eclypsium, will share insights on how attackers compromise device integrity and how you can defeat them by designing device security into your cybersecurity practices.

Watch Now >

InfoSec World Digital

June 22 – 24, 2020

Online

For over 25 years InfoSec World has been the “business of security” conference. To manage today’s threats, security practitioners must have the skills to be both a business partner and enabler, and have the technical expertise to prevent, detect and respond to security challenges. At this year’s InfoSec World Digital, Eclypsium’s John Loucaides presented “Hacking Firmware: The Unprotected Attack Surface of the Enterprise.” Meet John, and the rest of the Eclypsium team at our online booth.

Contact us to schedule a meeting >

Virtual Event: FS-ISAC Spring Summit

On Demand

Online

The financial services industry is evolving its business models to serve its customers and employees in a world where digitization is no longer an option. In this new era, where not only customers but also employees must adjust to operating virtually nearly overnight, cyber criminals are seeing endless opportunity. Eclypsium CEO, Yuriy Bulygin, spoke live at this FS-ISAC event, on “The Anatomy of a Firmware Attack”.

View Yuriy’s Talk (FS-ISAC members only) >

Webinar: Protecting Device Integrity in the Supply Chain

On Demand

Online

How is your organization addressing risks to device integrity in the technology supply chain? In this panel discussion, experts from TAG Cyber, Johns Hopkins, NIST and Eclypsium explore how to improve visibility into your device supply chain and protect your organization from cybersecurity threats targeting vulnerabilities and weak points.

Watch now >

i-4 Forum 99

March 9-11, 2020

Orlando, FL

Alex Bazhaniuk, CTO & Co-Founder of Eclypsium, will join Sergej Epp, Chief Security Officer, Palo Alto Networks, for a discussion on Incident Response and Red Teaming at the International Information Integrity Institute forum on Monday, March 9.

Contact us to schedule a meeting >

Webinar: Anatomy of a Firmware Attack

ON DEMAND

Online


Explore the techniques of successful firmware attacks as they apply to stages of a kill chain in this Eclypsium webinar designed to help you assess and defend enterprise devices from firmware and hardware threats.

Watch now>

RSA 2020

February 24-28, 2020

San Francisco, CA

Join top cybersecurity leaders and a dedicated community of peers at RSA 2020 as we exchange the biggest, boldest ideas that will help propel the industry forward. Firmware security will be a hot topic. To learn more, visit Eclypsium at booth 29 in the Early Stage Expo at Moscone South, Tuesday evening and all day Wednesday and Thursday.

Contact us to schedule a meeting >

Webinar: Perilous Peripherals

ON DEMAND

Online

Eclypsium researchers Jesse Michael and Rick Altherr will describe new research showing how unsigned firmware in WiFi adapters, USB hubs, trackpads, laptop cameras and network interface cards provides pathways for malicious attackers to compromise laptops and servers.

Watch now >

Webinar: How Direct Memory Access Attacks Bypass Hardware Protections

ON DEMAND

Online

New research from Eclypsium shows that high-speed DMA attacks can bypass built-in hardware protections on enterprise devices. Jesse Michael and Mickey Shkatov describe their research, and discuss the ramifications for enterprise security.

Watch now>

SANS Cyber Defense Initiative

December 10-17, 2019

Washington, DC

Sharpen your defenses with this week of cyber security training put on by SANS. Then on Friday, December 13th, join Eclypsium at the vendor solutions exposition to see to a demonstration on how to defend the unprotected firmware and hardware layer of the enterprise – including laptops, servers, and networking infrastructure.

Contact us to schedule a meeting >

FS-ISAC Fall Summit

November 17-20, 2019

Washington, DC

Information security leaders from the financial sector will come together for three days of thought-provoking and interactive sessions at this fall’s FS-ISAC Americas Summit. Eclypsium’s CEO, Yuriy Bulygin will give a talk on “Firmware: The Unprotected Attack Surface” on Tuesday Nov 19th, and we’re hosting a special reception that evening.

Contact us to schedule a meeting >

Webinar: Screwed Drivers

On demand

Online

A common design flaw uncovered in drivers from 20 vendors allows widespread Windows compromise. In this webinar, Eclypsium researchers Jesse Michael and Mickey Shaktov take you behind the scenes to show how and why this happened, and disclose the latest updates to their research.

Watch now >

ToorCon

November 8-10, 2019

San Diego, CA

ToorCon is changing it up this year with a Red-Day, a Blue-Day and a Fun-Day. Eclypsium’s Alex Ivkin is a Blue-Day speaker. His talk, “Down the sinkhole with Kubernetes” will be at noon on November 8th. Don’t miss it!

Learn more about ToorCon >

SINET Showcase

November 6-7, 2019

Washington, DC

SINET Showcase provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity. Don’t miss the panel discussion on “Trust but Verify Firmware in the Supply Chain”, featuring Gene Casady of Global Payments, Kevin Nally of the US Secret Service, Steve Orrin of Intel, Chad Sweet of The Chertoff Group and Eclypsium CEO Yuriy Bulygin.

Contact us to schedule a meeting >

PacSec 2019

November 6-7, 2019

Tokyo, Japan

To address the increasing importance of information security in Japan, the best known figures in the international security industry will get together with leading Japanese researchers to share best practices and technology at PacSec in Tokyo this November. Eclypsium researchers Jesse Michael and Mickey Shaktov will present “Get Off The Kernel If You Can’t Drive” – showing how common drivers can be used to compromise the security of the platform.

Contact us to schedule a meeting >

BSides Portland

October 25-26, 2019

Portland, OR

Eclypsium is sponsoring BSides PDX, a gathering of the most interesting infosec minds in Portland and the Pacific Northwest! Several of our Oregon team members will be in attendance – be sure to connect. And don’t miss our own Alex Ivkin’s talk, “Argghh, yer kubernetes be now a shark bait!” Saturday at 12:30 PM.

See the video of Alex’s talk >

Virus Bulletin

October 2-4, 2019

London, England

In its 29th year, the annual Virus Bulletin International Conference (VB2019) is one of the most international threat intelligence events of the year, focusing on the sharing of intelligence between researchers and analysts, product managers and CISOs from around the world. Together with Intel, Eclypsium will showcase advanced firmware attack detection technology.

Learn more about Virus Bulletin >

Platform Security Summit

Oct 1-3, 2019

Redmond, WA

PSEC 2019 brings together security architects, researchers and developers from the ecosystems of hyperscalers, service operators, product vendors, academia and open-source. Eclypsium’s John Loucaides will speak on “The Tragedy of the Commons in Platform Security” – that a single vulnerability or failure at the platform level breaks years of investment and progress in security.

Watch John’s presentation >

Ekoparty

September 25-27, 2019

Buenos Aires, Argentina

This annual security conference brings together specialists in the field from around the world for training, talks, games, challenges and much more. Eclypsium’s Daniel Gutson and Mauricio Sanfilippo will lead a workshop on Reverse Mathematics showcasing a new technique for detecting vulnerabilities. Daniel, together with Erik Ccanto and Juan Melquiot are also leading a workshop on Frida LangGo, dynamically reversing and implementing applications made in Go to spy on sensitive information.

Learn more about Ekoparty >

CISO FORUM

September 24-26, 2019

Half Moon Bay, California

SecurityWeek’s invitation-only 2019 CISO Forum, presented by Intel, brings together security leaders to discuss, share and learn information security strategies. Eclypsium CEO, Yuriy Bulygin, will take part in a panel discussion on “Assessing Security in the Hardware Supply Chain.”

Learn more about CISO Forum >

Open Source Firmware Conference

September 3-6, 2019

Sunnyvale, CA

This year’s Open Source Firmware Conference will feature more than 40 presentations over four days, and include an entire track on firmware security as well as a hackathon. Eclypsium’s Rick Altherr will present a comprehensive threat model for BMCs along with methodologies, practices, and techniques that can be used to avoid these common security mistakes.

Download Rick’s presentation >

DEF CON 27

August 8-11, 2019

Las Vegas, NV

DEF CON is the largest sponsor free hacking conference. You have to earn your speaking spot by impressing the CFP review team – and we’re pleased to report that Eclypsium researchers Jesse Michael and Mickey Shaktov made the grade. They will present “Get off the Kernel if you can’t Drive” on Saturday, August 10 at 15:00. Don’t miss it!

Read Eclypsium’s DEF CON presentation

Black Hat

August 7-8, 2019

Las Vegas, NV

Now in its 22nd year, Black Hat USA is the world’s leading information security event, providing attendees with the very latest in research, development and trends. See a demonstration of the Eclypsium firmware protection platform at booth #IC2109, or contact us to schedule a private meeting.

Contact us to schedule a meeting >

RSA 2019

March 4-7, 2019

San Francisco, CA

The RSA Conference brings together top cybersecurity leaders and a dedicated community of peers to exchange the biggest, boldest ideas that will help propel the industry forward. Eclypsium is honored to have been named a Top 10 Finalist in the 2019 RSA Innovation Sandbox. Catch CEO Yuriy Bulygin’s presentation live on March 4th, or see a demonstration of our newly released firmware protection platform at our booth in the Early Stage Expo.

Watch the video of Yuriy’s presentation