Join us at the Rocky Mountain Hackfest, Live Online!! Virtual summit and courses take place June 4-13.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right.Once you register, you can download the presentaion slides below.

BadLock: What you need to know

  • Wednesday, April 13, 2016 at 1:00 PM EDT (2016-04-13 17:00:00 UTC)
  • Chris Wysopal, Johannes Ullrich, PhD


  • Veracode

You can now attend the webcast using your mobile device!



The SAMBA team announced a critical vulnerability affecting not just SAMBA, but the Microsoft Windows implementation of the SMB protocol as well. SMB is a widely used protocol and many networks rely on SMB for file sharing. In this webcast, we will show how the BadLock vulnerability affects you, how to detect exploitation and how to mitigate some of the risks associated with the vulnerability. Given the advance notice, exploit writers are already looking for potential vulnerabilities in SAMBA and are actively working to create exploits. While the pre-announcement gave defenders ample time to get ready, in the end you will have to patch and patch fast to be able to mitigate this vulnerability.

Speaker Bios

Johannes Ullrich, PhD

As chief research officer for the SANS Institute, Johannes is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. He founded in 2000, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Johannes worked as a lead support engineer for a Web development company and as a research physicist. Johannes holds a PhD in Physics from SUNY Albany and is located in Jacksonville, Florida. He also enjoys blogging about application security tips.

Chris Wysopal

Chris Wysopal is Co-Founder, Chief Technology Officer at Veracode, which he co-founded in 2006. He oversees technology strategy and information security. Prior to Veracode, Chris was vice president of research and development at security consultancy @stake, which was acquired by Symantec.

In the 1990's, Chris was one of the original vulnerability researchers at The L0pht, a hacker think tank, where he was one of the first to publicize the risks of insecure software. He has testified to the US Congress on the subjects of government security and how vulnerabilities are discovered in software.

Chris received a BS in computer and systems engineering from Rensselaer Polytechnic Institute. He is the author of The Art of Software Security Testing.

Chris is often called upon to download the latest Minecraft mods for his 6-year-old son. An avid photographer and nature-lover, Chris spends his free time hiking the many conservation trails near his home outside Boston.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.