Conference will Explore How to Automate Cyber Security Faster than the Hackers

How can human protectors keep watch over massively increasing lines of software code, now generated for millions of devices and services—even as automated coding and hacking increase the speed of the onslaught?

Researchers and information security professionals will tackle the new challenge of automating security during the THREADS conference, to be held during the 11th annual Cyber Security Awareness Week (CSAW) at the New York University Polytechnic School of Engineering.

National Security Agency Chief of Tailored Access Operations Robert E. Joyce will open the two-day conference for students, academics and professionals. Cutting-edge research and pragmatic advice will be offered by featured speaker White Ops CEO Michael Tiffany and more than a dozen presenters from some of the best-known tech companies and research institutions.

“The CSAW THREADS conference will present new research and workshops on integrating security into modern software development and operations, focusing on automation, integration, detection, and response time,” said Dan Guido, the school’s Hacker in Residence and founder of security company Trail of Bits. “We want to show how to make security a fundamental part of development and operations–without turning it into a roadblock.”

CSAW THREADS—a peer-reviewed conference focused on pragmatic security research and discoveries in network attack and defense—will be held Thursday and Friday, November 13 and 14, 2014, at NYU Polytechnic School of Engineering in Downtown Brooklyn. It serves as a prelude to the world’s largest student information security event, CSAW.

Mr. Joyce leads an organization that provides tools and expertise in computer network exploitation to deliver foreign intelligence to U.S. leadership and the intelligence community. He served at the NSA for more than 25 years, holding various leadership positions within the Information Assurance and Signals Intelligence Directorates.  He began his career as an engineer and holds a bachelor’s degree in electrical and computer engineering from Clarkson University and a master’s degree in electrical engineering from The Johns Hopkins University.

Presentations will include:

  • Marc-Etienne M. Léveillé of ESET—“Are Attackers Using Automation More Efficiently than Defenders?” He will detail the highly automated attacks from Operation Windigo that successfully redirected more than 500,000 Internet users to malicious content and sent millions of spam messages, even though it used an unreliable network running a wide range of operating systems.
  • Mike Arpaia of Facebook—“Operating System Analytics and Host Intrusion Detection at Scale.” This presentation will examine how to use, at no cost, the same software that Facebook employs to address the normally complex, expensive task of host intrusion detection.
  • Scott J. Roberts of GitHub—“Building Your Own DFIR Sidekick.” He will discuss how to build a personalized robot (using an open-source chat bot called Hubot Variable Threat Response) for rapid response, automation, collaboration, reverse engineering, defense tasks (and finding cat pictures) on the web.
  • Neil Matatall of Twitter—“Security Automation Database (SADB): Two Years Later and Two Years from Today.” He will describe Twitter’s security automation dashboard and detail how its security team uses open-source static analysis tools to automatically identify issues in software before they reach production.
  • Jared Carlson and Andrew Reiter of Veracode—“Reasoning About Optimal Solutions to Automation Problems.”  They will outline research to help automate and scale techniques for recognizing weaknesses or malware in mobile applications.
  • Xiaoning Li of Intel and Michael Crouse of Harvard University—“Transparent ROP Detection using CPU Performance Counters.” They will explain how to use performance counters available on most modern computers to detect subversive attacks without the usual performance penalties.
  • Scott Behrens and Andy Hoernecke of Netflix—“Cleaning Up the Internet with Scumblr and Sketchy.” They will discuss ways to monitor sites like Pastebin, Google, and Twitter for database leaks or even planned hacktivist attacks, using their open-source tools, and suggest other workflows for a robust proactive security system.
  • Nirav Dave of SRI International—“Smten and the Art of Satisfiability-Based Search.” The presentation will introduce Smten, a tool that makes Satisfiability Modulo Theories (SMT)-based queries easier to use and enables automated exploration of a program's security posture.
  • Artem Dinaburg and Andrew Ruef of Trail of Bits—“Static Translation of X86 Instruction Semantics to LLVM with McSema.” They will demonstrate how their open-source and licensed McSema translator allows the analysis of software downloaded from the Internet as though you wrote it yourself.
  • Michael Goffin and Wesley Shields of MITRE—“CRITs: Collaborative Research into Threats.” The presentation will describe the open-source malware and threat repository used by hundreds of organizations to work cooperatively to centralize their intelligence.
  • Brendan Dolan-Gavitt of Columbia University—“Reverse All the Things with PANDA.” He will describe how to use the new, open-source tool for whole-system reverse engineering.
  • Laszlo Szekeres of Stonybrook University—“Code-Pointer Integrity.” He will introduce new exploit mitigations that guarantee the integrity of all code pointers in a program (e.g., function pointers and saved return addresses) and thereby prevent control-flow hijack attacks, including exploits that use return-oriented programming.
  • Omar Ahmed of Etsy and Tyler Bohan of the NYU Polytechnic School of Engineering—“Augmenting Binary Analysis with Python and Pin.” The researchers will profile several real-world use cases for the Intel Pin framework and introduce an easy-to-use Python wrapper to lower the bar for wider adoption.

For more information and to register, visit

Institutions supporting CSAW include: Gold Sponsor—the U.S. Department of Homeland Security; Silver Sponsors—GitHub and Yahoo; Bronze Sponsors—Facebook, National Security Agency, NCC Group North America, Palantir, and Raytheon; and Supporting Sponsors—Accuvant, BlackRock, Cigital, FireEye, Intel, NYU Information Systems and Internet Security, Microsoft, MIT Lincoln Laboratory, PwC, Sandia National Laboratories, Stroz Friedberg, Trail of Bits (founding sponsor of THREADS), Two Sigma, United States Secret Service, and Yelp.
The NYU Polytechnic School of Engineering was one of the first universities to develop a cyber security program, launching its master’s degree in cyber security in 2009. Since then, graduates have gone on to careers as developers of security products, security application programmers, security analysts, penetration testers, vulnerability analysts, and security architects. The school also offers numerous cyber security courses and extra-curricular opportunities for undergraduates. It has received all three Center of Excellence designations from the National Security Agency and the United States Cyber Command. Its cyber security program was previously singled out by the Sloan Consortium as the outstanding graduate online program.