35+ Cyber Security Courses at SANS Cyber Defense Initiative® in Washington, DC! Save up to $300 thru 10/16.

SANSFIRE 2019

Washington, DC | Sat, Jun 15 - Sat, Jun 22, 2019
This event is over,
but there are more training opportunities.

Cutting the wrong wire: how a clumsy attacker revealed a global cryptojacking campaign

  • Renato Marinho- ISC Handler
  • Tuesday, June 18th, 7:15pm - 8:15pm

We saw a massive spike in malicious crypto mining campaigns killing themselves for the chance to have their victimâs CPU in 2018. The shorter and shorter time window between vulnerability disclosure and cryptojacking opportunistic attacks taking advantage of them may help us to understand how profitable they are to the point of getting priority over ransomware attacks. This presentation consists of a walk-through on a remarkable incident caused by an eager and clumsy attacker which ended up revealing multiple cryptojacking campaigns targeting large organizations across the world in early 2018 and the current panorama with the drop in the value of cryptocurrencies.

Renato Marinho is Chief Research Officer at Morphus Labs and Incident Handler at SANS Internet Storm Center. His journey in the area began in 2001 when he created Nettion, one of the first firewalls to use the contemporary UTM (Unified Threat Management) concept. Experienced in cybersecurity, Marinho was internationally recognized in 2016 by his research that unveiled Mamba, the first full disk encryption ransomware. At Morphus Labs, he oversees research, innovation, and development of new products. Master and PhD candidate in Applied Informatics, he is also a professor at the University of Fortaleza teaching Computer Forensics in the post-graduate course. He is also a speaker having presented at Botconf 2017/2018, SANS DFIR Prague 2018, RSA Conference 2018, SANS Blue Team Summit 2018, SANS Data Breach Chicago 2017; Ignite Vancouver 2017; BSides Delaware, Vienna and SP 2016; WSKS Portugal 2013 and Brazilian CSIRTs Forum 2015/2017/2018.


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
  • Vendor: Events hosted by external vendor exhibitors.
  • Lunch & Learn: Short presentations given during the lunch break.
Sunday, June 16
Session Speaker Time Type
SANSFIRE 2019 Welcome Reception & Early Check-In Sunday, June 16th, 5:00pm - 7:00pm Special Events
Monday, June 17
Session Speaker Time Type
General Session - Welcome to SANS Dr. Johannes Ullrich Monday, June 17th, 8:00am - 8:30am Special Events
Product Test Drive: IBM - Defeat Cyber Insider Threats with IBM's Threat Management Solutions IBM Technical Experts Monday, June 17th, 6:00pm - 8:00pm Vendor Event
State of the Internet Panel Discussion Dr. Johannes Ullrich, ISC Director, Marcus Sachs, and Internet Storm Center Handlers Monday, June 17th, 7:15pm - 9:15pm Keynote
Tuesday, June 18
Session Speaker Time Type
: Retrospective analysis with threat intelligence and historical log data David Leslie, CyberSecurity Engineer Tuesday, June 18th, 12:30pm - 1:15pm Lunch and Learn
IoT Cybersecurity â Simplified and Unhackable Scott Coleman, Director of Product Management and Marketing Tuesday, June 18th, 12:30pm - 1:15pm Lunch and Learn
Advantages of deploying zero trust, mobile-centric security Corey Lund, Senior Solutions Engineer MobileIron Tuesday, June 18th, 12:30pm - 1:15pm Lunch and Learn
Threat Hunting - Automating Detection and Responses David Barton, Chief Information Security Officer Tuesday, June 18th, 12:30pm - 1:15pm Lunch and Learn
Same Circus, Different Clowns TK Keanini Distinguished Engineer, Advanced Threat Solutions - USACisco Tuesday, June 18th, 12:30pm - 1:15pm Lunch and Learn
Using Security Orchestration and Automation to Respond to Insider Threats John Avendano, Technical Consultant, IBM Security Tuesday, June 18th, 12:30pm - 1:15pm Lunch and Learn
Product Test Drive: Owl Cyber Defense - Meet DiOTa: The Data Diode, Reimagined Tuesday, June 18th, 6:00pm - 8:00pm Vendor Event
Product Test Drive: Cisco Threat Hunting Workshop Cisco Advanced Threat Solutions Team Tuesday, June 18th, 6:00pm - 8:00pm Vendor Event
GIAC Overview Presentation Kim Lucht Tuesday, June 18th, 6:15pm - 7:00pm Special Events
Moving Past Just Googling It: Harvesting and Using OSINT Micah Hoffman Tuesday, June 18th, 7:15pm - 8:15pm SANS@Night
Modern Information Security: Forget Cyber, It's All About AppSec Adrien de Beaupre Tuesday, June 18th, 7:15pm - 8:15pm SANS@Night
Cutting the wrong wire: how a clumsy attacker revealed a global cryptojacking campaign Renato Marinho- ISC Handler Tuesday, June 18th, 7:15pm - 8:15pm SANS@Night
Leveraging the common language - MITRE ATT&CK Erik Van Buggenhout Tuesday, June 18th, 7:15pm - 8:15pm SANS@Night
Staying Offensive: The Changing Landscape of Offense Tim Medin Tuesday, June 18th, 8:15pm - 9:15pm SANS@Night
Pcap or It Didn't Happen: Sanitizing Pcap Files to Share With the Community Brad Duncan- ISC Handler Tuesday, June 18th, 8:15pm - 9:15pm SANS@Night
Infrastructure as Code is REAL! Using the Cloud to Provision Infrastructure with Software Shaun McCullough Tuesday, June 18th, 8:15pm - 9:15pm SANS@Night
DevSecOps: Key Controls For Modern Security Success Eric Johnson Tuesday, June 18th, 8:15pm - 9:15pm SANS@Night
From the Mean Streets to the Information Superhighway John TerBush Tuesday, June 18th, 8:15pm - 9:00pm SANS@Night
Wednesday, June 19
Session Speaker Time Type
Coffee & Donuts with the Graduate Students Wednesday, June 19th, 7:30am - 9:00am Reception
Vendor Solutions Expo Wednesday, June 19th, 12:00pm - 1:30pm Vendor Event
Vendor Solutions Expo Wednesday, June 19th, 5:15pm - 6:15pm Vendor Event
Women's CONNECT Wednesday, June 19th, 6:15pm - 7:15pm Reception
Product Test Drive: Pulse Secure - Network Security Wednesday, June 19th, 6:30pm - 8:30pm Vendor Event
Product Test Drive: Fidelis Cybersecurity - Protecting Cyber Terrain and Defining Your Attack Surface Wednesday, June 19th, 6:30pm - 8:30pm Vendor Event
Let's Go Hunting Bad Guys John Strand Wednesday, June 19th, 7:15pm - 8:15pm SANS@Night
Oh, you got this? Practical Attacks on Modern Infrastructure Moses Frost Wednesday, June 19th, 7:15pm - 8:15pm SANS@Night
Securing All the Things - CIS Benchmarks for the Win! Rob Vandenbrink- ISC Handler Wednesday, June 19th, 7:15pm - 8:15pm SANS@Night
Adventures of the 100Gb Bloodhound Tom Webb- ISC Handler Wednesday, June 19th, 7:15pm - 8:15pm SANS@Night
The Data Privacy Imperative Ben Wright Wednesday, June 19th, 7:15pm - 8:15pm SANS@Night
Come to the Dark Side: Python's Sinister Secrets Mark Baggett Wednesday, June 19th, 8:15pm - 9:15pm SANS@Night
Building and Operating an OT/ICS SOC Robert M. Lee Wednesday, June 19th, 8:15pm - 9:15pm Special Events
Threat Hunting with OSSEC Xavier Mertens- ISC Handler Wednesday, June 19th, 8:15pm - 9:15pm SANS@Night
A BEAST and a POODLE celebrating SWEET32 Bojan Zdrnja- ISC Handler Wednesday, June 19th, 8:15pm - 9:15pm SANS@Night
Thursday, June 20
Session Speaker Time Type
IOC to Domain and DNS Infrastructure Intelligence - Building Supporting Evidence Corin Imai - Senior Security Advisor Thursday, June 20th, 12:30pm - 1:15pm Lunch and Learn
Adversary Tradecraft and The Need for Speed Cristian Rodriguez, Manager, Sales Engineering – Public Sector & Health Care, East Thursday, June 20th, 12:30pm - 1:15pm Lunch and Learn
Machine Learning and Network Security Monitoring: You Canât Have One Without the Other Dr. Scott Miserendino, VP of Research and Development, BluVector, A Comcast Company Thursday, June 20th, 12:30pm - 1:15pm Lunch and Learn
Top 10 Writing Mistakes in Cybersecurity and How You Can Avoid Them Lenny Zeltser Thursday, June 20th, 7:15pm - 8:15pm SANS@Night