Market Overview

SentinelOne to Discuss Cryptomining and Memory Mapped Files at Black Hat USA 2018


Endpoint Protection Leader to Share Research and Insight on Modern
Cyber Threats at World's Leading InfoSec Event

the autonomous endpoint protection company, today announced
details of its participation at Black
Hat USA 2018
, August 4-9 at the Mandalay Bay Resort and Casino in
Las Vegas, NV.

SentinelOne will be leading two, 50-minute sessions, discussing research
and best practices for maintaining organizational security against
today's most pressing cyber threats. In addition to its speaking
sessions, SentinelOne will be located at booth #212, sharing insight and
demonstrations as to why autonomous endpoint protection is the best
answer to diverse modes of attack.

Session 1: CryptoMiners
- Holding Your CPU for Ransom

Who: Eran Ashkenazi, Vice President, Services & Field Operations,

What: Recent research from Palo Alto Networks shows that at least
$175M in Monero cryptocurrency has been mined using malicious code – 5
percent of its present circulation. Ashkenazi will explore how cyber
criminals are evolving their attack methods beyond ransomware to more
sophisticated, harder to detect forms of abstracting money from
organizations, and will demonstrate SentinelOne's detection power in
these advanced attacks.

When: Wednesday, August 8 | 10:20am-11:10am

Where: Oceanside F, Mandalay Bay Resort and Casino, Las Vegas, NV

Session 2: MMFML
- Exploring How Memory-Mapped Files Hide From AV and Execute Malicious

Who: Parker Crook, Solutions Engineer, SentinelOne and Ben
Holder, Senior Principal Consultant & Penetration Testing Lead, Sirius

What: Not only can the most well-known exploit code be dumped
into memory-mapped files (MMF) and go completely undetected, but the
code can also be executed directly out of MMF using C#.

In this session, Crook and Holder will discuss how the utilization of
MMF for high-speed IO when accessed, should be user memory space and not
executable by convention, and how through failed code and extensive
research, they have found that shell dumped into non file-backed MMF can
sit in memory and remain undetected while the most in-depth scans are
run. Crook and Holder will demonstrate how their research has moved
beyond storage of malicious payloads, and the techniques they use that
allow a memory address in MMF to be repeatedly identified and utilized
for code execution.

When: Thursday, August 9 | 3:40pm-4:30pm

Where: Oceanside E, Mandalay Bay Resort and Casino, Las Vegas, NV

To view SentinelOne's full participation schedule at Black Hat USA 2018,
go to

About SentinelOne
SentinelOne delivers autonomous endpoint
protection through a single agent that successfully prevents, detects
and responds to attacks across all major vectors. Designed for extreme
ease of use, the S1 platform saves customers time by applying AI to
automatically eliminate threats in real time for both on premise and
cloud environments and is the only solution to provide full visibility
across networks directly from the endpoint. To learn more visit
or follow us at @SentinelOne,
on LinkedIn
or Facebook.

View Comments and Join the Discussion!