Come see us in action at Black Hat 2025 for:
Your Traffic Doesn’t Lie: Unmasking Supply Chain Attacks via Application Behaviour
Thursday, August 7th at 11:20 AM
Location: South Seas A & B, Level 3
Speakers: Colin Estep – Principal Engineer, Netskope,
Dagmawi Mulugeta – Staff Threat Research Engineer, Netskope
Supply chain attacks, like SolarWinds, exploit trusted apps. BEAM detects these by analyzing web traffic without agents or code changes. It uses LLMs, behavioral signals, and baselines from 40B+ transactions to achieve over 95% accuracy. This open-source tool offers a new, effective defense against evasive threats, providing automated, scalable monitoring for both off-the-shelf and custom applications.
This session includes a live demo and practical takeaways for defenders, researchers, and security engineers alike.
Whispers Through the Firewall: Data Exfiltration and C2 with Port Knocking
Location: Las Vegas Convention Center (LVCC)
Speakers: Hubert Lin – Principal Threat Research Engineer, Netskope
Description: Port knocking is a stealthy network authentication technique (T1205.001) in which a client sends a specific sequence of connection attempts (or “knocks”) to closed ports on a server. When the correct sequence is received, the server dynamically opens a port or triggers an action, enabling concealed access or communication. Saucepot C2 elevates the port knocking technique to a new level. Instead of using destination ports (DstPorts) in TCP sessions as knock sequences, it leverages source ports (SrcPorts), also known as ephemeral ports. This approach allows data exfiltration even in highly restrictive firewall environments where only a single outbound port, such as port 443, is allowed.
Your Traffic Doesn’t Lie: Unmasking Supply Chain Attacks via Application Behaviour
Thursday, August 7th at 11:20 AM
Location: South Seas A & B, Level 3
Speakers: Colin Estep – Principal Engineer, Netskope,
Dagmawi Mulugeta – Staff Threat Research Engineer, Netskope
Supply chain attacks, like SolarWinds, exploit trusted apps. BEAM detects these by analyzing web traffic without agents or code changes. It uses LLMs, behavioral signals, and baselines from 40B+ transactions to achieve over 95% accuracy. This open-source tool offers a new, effective defense against evasive threats, providing automated, scalable monitoring for both off-the-shelf and custom applications.
This session includes a live demo and practical takeaways for defenders, researchers, and security engineers alike.
Whispers Through the Firewall: Data Exfiltration and C2 with Port Knocking
Location: Las Vegas Convention Center (LVCC)
Speakers: Hubert Lin – Principal Threat Research Engineer, Netskope
Description: Port knocking is a stealthy network authentication technique (T1205.001) in which a client sends a specific sequence of connection attempts (or “knocks”) to closed ports on a server. When the correct sequence is received, the server dynamically opens a port or triggers an action, enabling concealed access or communication. Saucepot C2 elevates the port knocking technique to a new level. Instead of using destination ports (DstPorts) in TCP sessions as knock sequences, it leverages source ports (SrcPorts), also known as ephemeral ports. This approach allows data exfiltration even in highly restrictive firewall environments where only a single outbound port, such as port 443, is allowed.
Stop by our booth to see the latest innovations in action. Presentations are every hour on the hour.
Detecting and Disrupting Malleable C2 Frameworks
Security and Network Performance: No Trade-offs
Transform Branch Connectivity
Optimize Remote Access: Anyone, Anywhere, Any Device
Protect Data Everywhere with Unified Security
Live Demos
Date: Tuesday, August 5
Time: 6:30-8:30pm
Location: Swingers – The Crazy Golf Club | Mandalay Bay
You’re Invited to the Ultimate Black Hat Bash!
GuidePoint Security is turning up the energy with another unforgettable Black Hat Party, this time at a brand-new venue: Swingers – The Crazy Golf Club.
Join us for a night of networking, mini golf, and great vibes as you connect with our security experts and industry partners. It’s the perfect way to tee off an action-packed week in Vegas.
Spots are limited, so bring your A-game and get ready for a night to remember.
Meet with our subject matter experts and learn how Netskope, a leader in Security Service Edge (SSE) and Secure Access Service Edge (SASE), delivers unmatched security and uncompromising performance at the edge
Netskope Booth #1864