Announcing the BlueHat v17 Schedule

September is here!  The dash from the close of the call for papers to now has been amazing.  We had nearly two hundred submissions spanning the gamut of security topics and presenters.  The result is a solid schedule that will challenge and educate all attendees.  On behalf of the content advisory board, I want to thank everyone who submitted a paper for consideration.  There were a lot of great ideas, but we could not put all of them on stage for this instance of BlueHat.  We look forward to continuing the security conversation with you in the future.

Microsoft is proud to announce the schedule for the BlueHat v17 Security Conference.

Wednesday, November 8th, 2017 | General Audience

TRACK Time Speaker Company Talk Subject
KEYNOTE 9:00 – 9:50 AM Merike Kaeo Farsight Security Keynote
Track 1 -Encrypt all the things 10:00 – 10:50 AM Alban Diquet
Thomas Sileo
Data Theorem Where, how, and why is SSL traffic on mobile getting intercepted? A look at three million real-world SSL incidents
11:00 – 11:50 AM Joseph Salowey Tableau Software TLS 1.3 – Full speed ahead… mind the warnings – the great, the good and the bad
Track 1 – Battles in Silicon 1:00 – 1:50 PM Alex Matrosov Cylance Betraying the BIOS: Where the Guardians of the BIOS are Failing
2:00 – 2:50 PM Niek Timmers
Cristofaro Mune
Riscure B.V. &

Independent Embedded Security Consultant

KERNELFAULT: R00ting the Unexploitable using Hardware Fault Injection
3:00 – 3:50 PM Rob Turner Qualcomm Technologies Raising the Bar: New Hardware Primitives for Exploit Mitigations
4:00 – 4:50 PM Gunter Ollmann Microsoft Extracting Secrets from Silicon – A New Generation of Bug Hunting
Track 2 – Hey Microsoft, you got it wrong! 10:00 – 10:50 AM Casey Smith Red Canary You Are Making Application Whitelisting Difficult
11:00 – 11:50 AM Yong Chuan Koh MWR Infosecurity Corrupting Memory in Microsoft Office Protected-View Sandbox
Track 2 – Advancing products meet the new threats 1:00 – 1:50 PM Saruhan Karademir

David Weston

Microsoft Securing Windows Defender Application Guard
2:00 – 2:50 PM Mark Wodrich

Jasika Bawa

Microsoft Mitigations for the Masses: From EMET to Windows Defender Exploit Guard
3:00 – 3:25 PM Dean Wells Microsoft Don’t let your virtualization fabric become the attack vector
3:30 – 3:55 PM Jonathan Birch Microsoft Dangerous Contents – Securing .Net Deserialization
4:00 – 4:50 PM Filippo Seracini

Lee Holmes

Microsoft Born secure. How to design a brand new cloud platform with a strong security posture


Thursday, November 9th, 2017 | General Audience

TRACK Time Speaker Company Talk Subject
Track 1 – I swear it wasn’t me! 9:00 – 9:50 AM Kymberlee Price
Sam Vaughan
Microsoft Down the Open Source Software Rabbit Hole
10:00  – 10:50 AM Sean Metcalf Trimarc Active Directory Security: The Journey
11:00 – 11:50 AM Alex Ionescu Crowdstrike Baby’s First Bounty: Lessons from bypassing Arbitrary Code Guard
Track 1 – Cloud Chasing 1:00 – 1:50 PM Nate Warfield
Ben Ridgway
Microsoft All your cloud are belong to us; hunting compromise in Azure
2:00 – 2:25 PM Oran Brill
Tomer Teller
Microsoft Go Hunt: An automated approach for security alert validation
2:30 – 2:55 PM Matt Swann Microsoft Scaling Incident Response – 5 keys to successful defense at scale
3:00 – 3:50 PM Greg Foss LogRhythm PIE – An Active Defense PowerShell Framework for Office365
4:00 – 4:50 PM Mathias Scherman
Daniel Edwards
Tomer Koren
Microsoft Leveraging Honeypots to Train a Supervised Model for Brute-Force Detection
Track 2 – Phishing for Trust 9:00 – 9:50 AM Billy Leonard Google 10 Years of Targeted Credential Phishing
10:00 – 10:50 AM Alex Weinert
Dana Kaufman
Microsoft Account Compromise 2017: in the Trenches with the Microsoft Identity Security and Protection Team
11:00 – 11:50 AM Yacin Nadji Georgia Institute of Technology 28 Registrations Later: Measuring the Exploitation of Residual Trust in Domains
Track 2 – Attacking Products 1:00 – 1:50 PM Lei Shi
Mei Wang
Qihoo 360 Out of The Truman Show: VM escape in VMware gracefully
2:00 – 2:50 PM Matt Nelson SpecterOps “_____ Is Not a Security Boundary.” Things I Have Learned and Things That Have Gotten Better from Researching Microsoft Software
3:00 – 3:50 PM Alexander Chistyakov Kaspersky Lab Detection is not a classification: reviewing machine learning techniques for cybersecurity specifics
4:00 – 4:50 PM Andrea Lelli Microsoft WannaCrypt + SMBv1.0 vulnerability = One of the most damaging ransomware attacks in history
Track 3 -Threat Intelligence 9:00 – 9:50 AM Nick Anderson Facebook Detecting compromise on Windows endpoints with osquery
10:00 – 10:50 AM Brian Hooper
Jagadeesh Parameswaran
Microsoft Tales from the SOC: Real-world Attacks Seen Through Defender ATP
11:00 – 11:50 AM Mark Parsons Microsoft Using TLS Certificates to Track Activity Groups
1:00 – 1:50 PM Chaz Lever Georgia Institute of Technology A Lustrum of Malware Network Communication: Evolution and Insights
2:00 – 2:50 PM Andrew Brandt Symantec Dyre to Trickbot: An inside look at TLS-encrypted command-and-control traffic
3:00 – 3:25 PM Alexis Dorais-Joncas
Thomas Dupuy
ESET Sednit Reloaded: The Bears’ Operations From Christmas to Halloween
3:30 – 4:50 PM Chuck McAuley Ixia Communications Disrupting the Mirai Botnet


View full Conference Agenda and Talk AbstractsBlueHat-v17-GA-Agenda

Planning for the conference is well underway.  This year we have secured the entire conference center so that we can accommodate even more participants.  For external community members this is an invite-only conference.  The initial round of external invites will go out later today with details on how to register and the timeframe for response.  The registration site is live for external participants.
Keep watching here for more updates as we get closer to the event.

About BlueHat

BlueHat v17 is a two-day security conference for general audiences.  It will be held November 8-9, 2017 at the Microsoft Conference Center here in Redmond.  This year will see a larger event, over one thousand people expected in person, as BlueHat welcomes partners from the Microsoft Security Response Alliance Summit.  The conference is open to invited external guests and Microsoft employees and contingent staff.  More details on logistics and about the conference will be posted throughout the summer and fall here on the BlueHat blog.  Check back to get the latest here.  We look forward to hearing from you and meeting you again in November.


Phillip Misner,

Principal Security Group Manager, MSRC