Awake Security Demonstrates the Power of the Network for Stopping Non-Malware Attacks at Black Hat and DEF CON 26

Awake Presentations Showcase How Network Traffic Analysis Can Counter Damaging Attack Techniques Such as Remote Access Exploitation, Lateral Movement, Data Exfiltration and More

Las Vegas – August 1, 2018Awake Security today announced details regarding its upcoming presence at Black Hat 2018. Rahul Kashyap, President & CEO, along with threat researchers Troy Kent and David Pearson, will be presenting and hosting workshops demonstrating how the most damaging, non-malware attacks can be detected and remediated using the power of Network Traffic Analysis (NTA). A sponsor of Black Hat 2018, Awake be demonstrating its Network Detection and Response Platform in the Business Hall, booth #IC2529.

The recent indictment of 12 Russian military intelligence officials for attacking the DNC emphasizes the importance of NTA solutions in identifying behaviors indicative of malicious intent. These activities include attack techniques such as remote access, privileged escalation and lateral movement, data exfiltration and more. According to Gartner, “Enterprises looking for a network-based approach to identify advanced attacks that have bypassed perimeter security should consider NTA as a way to help identify, manage and triage these events.” Through their presentations, Awake will demonstrate how the power of the network can be used to detect and respond to today’s advanced attacks.

Awake will be participating in the following sessions at the AGC Partner’s 2018 Disrupt!on Conference, Black Hat and DEF CON 26:

Session Title: Cyber Data Distillation

Presenter: Rahul Kashyap, President & CEO

In this panel, Kashyap will discuss the tremendous volume of data that cybersecurity teams are being asked to work with and how artificial intelligence and machine learning can help democratize capabilities such as network traffic analysis for organizations that struggle to find human talent to fill those needs.

This session will be held at the AGC Partners 2018 Disrupt!on Conference, August 7, 2018, from 4:50 – 5:25 p.m. PDT, at the Luxor Hotel & Casino.

Session Title: Unknown Knowns: Missing the Attacker Hiding in Plain Sight

Presenter: Troy Kent, Threat Researcher

This session will explore attack scenarios designed to confuse and trick security analysts to bypass detection. Kent will dive into specific examples of the protocols and techniques attackers use and how network traffic analysis can identify these patterns to dramatically reduce attacker dwell time.

This session will be held on Wednesday, August 8, 2018 from 2:25 – 2:45 pm PDT at the Innovation Theater, Oceanside, Mandalay Bay.

Session Title: Back to the Future: A Radical Insecure Design of KVM on ARM

Presenters: Rahul Kashyap, President & CEO; Baibhav Singh, Security Researcher, Samsung Research America

The KVM Hypervisor is part of the Linux kernel and by default it is enabled on all supported ARM system. In ARM architecture KVM is implemented through split-mode virtualization and runs across different privileged CPU modes. This talk will discuss about the design and a security issue in a way Linux kernel initializes the KVM Hypervisor. An attacker having access to host EL1 can execute code in EL2. This security issue can be exploited by an attacker to install a Hypervisor root kit on ARM system.

This session will be held Wednesday, August 8, 2018 from 5:05 – 5:30 p.m. PDT, at Lagoon JKL, Mandalay Bay.

Workshop Title: The Truth is in the Network: Reverse Engineering Application-Layer Protocols Via PCAP

Presenter: David Pearson, Principal Threat Researcher

Reverse engineering has become an increasingly important element of network security. The ability to break a system down in order to understand its base components and how they interact is critical to understanding not just how the system works, but the ways it can leave your network vulnerable. This training will provide a deep technical dive into the network traffic of a common remote access application.

This training will be held at DEF CON 26 on Thursday, August 9, 2018 from 2:30 – 6:30 pm PDT, in Icon F, The LINQ Hotel & Casino.

For full details on Awake at Black Hat, please visit

About Awake Security

Awake’s Network Detection and Response Platform helps organizations detect and hunt for threats missed by traditional security solutions. The company’s innovations in artificial intelligence and advanced network traffic analysis transform security operations by automatically detecting attackers’ evolving tactics, techniques and procedures, including non-malware activity. The platform continuously discovers and scores entities based on risk by profiling network traffic to learn and analyze the behaviors of managed and unmanaged users, devices and applications as well as the external destinations they interact with. All of this is done without relying on agents, integrations, training periods or continuous model updates.

Recognized as one of the top 10 security innovators at the RSA Conference 2018, Awake is headquartered in Sunnyvale, CA and backed by Greylock Partners and Bain Capital Ventures. Learn more at and follow Awake on Twitter, LinkedIn and Facebook.