In just a few short weeks we'll be boarding a flight to Las Vegas, NV for Black Hat USA 2013. In addition to clothes and toiletries, I want to make sure you go to the annual conference with a full list of Mandiant's activities at the show.

Black Hat Exhibitor Floor:

  • Visit Mandiant at booth #325
  • Pick-up a t-shirt and talk to some Mandiant folks



Join Mandiant for an unforgettable evening at the famed Shadow Bar, in Caesars Palace. The evening will showcase silhouetted performances by the shadow dancers, and libations will be served up by the venues world-class bartenders who are known to juggle bottles, toss limes, twirl glasses and even do back-flips.

Books & Beer Signing:

  • Richard Bejtlich: "The Practice of Network Security Monitoring"
    Wednesday, July 31
    4:30 - 5:00 PM
    M Lair: Verona Room, The Promenade Level

Book signing with Richard Bejtlich for his new release, "The Practice of Network Security Monitoring", and happy hour. The first five people in line for the book signing will win an invitation to a very special VIP dinner with Richard Bejtlich and Michael Sikorski, and will receive a free copy of their books. The first 30 people in line receive a FREE copy of Richard's book!

  • Michael Sikorski: "Practical Malware Analysis"
    Thursday, Aug 1
    4:30 - 5:00 PM
    M Lair: Verona Room, The Promenade Level

Book signing with Michael Sikorski for his 2012 release, "Practical Malware Analysis", and happy hour. The first 30 people in line receive a FREE copy of Michael's book!

A Day in the Life Presentations

  • Mandiant Labs (M-Labs)
    Wednesday, July 31
    12:45-1:30 PM

Mandiant's Michael Sikorski and Stephen Davis will walk attendees through a typical day for a malware analyst and how they have successfully integrated machine learning into their research.

  • Mandiant MCIRT Analysts
    Thursday, August 1
    12:45 - 1:30 PM

Mandiant's James Condon and Mike Scutt will walk attendees through a typical day as an MCIRT Analyst, using an attack scenario to highlight the tools and processes used by MCIRT Analysts to successfully investigate a compromise.


  • IOCWriter_11
    Presented by William (Will) Gibb
    Thursday, August 1
    10:00 AM - 12:30 PM
    Station 7

With the impending release of the OpenIOC 1.1 format for sharing threat intelligence, Mandiant will be releasing a set of open source tools for creating and manipulating OpenIOC objects and moving data in and out of the OpenIOC format.

Demonstrations will cover how the tools can be used to create and modify OpenIOC documents, show how it is possible to store Snort and Yara signatures in OpenIOC format and convert those OpenIOC documents back into their native formats. In addition, the integration of these tools into other open source applications will be demonstrated with tools that can automatically extract IOCs from unstructured content.

  • Mandiant Redline™
    Presented by Theodore (Ted) Wilson
    Thursday, August 1
    12:45 - 3:15 PM
    Station 7

Redline, Mandiant's premier free tool, provides host investigative capabilities to users to find signs of malicious activity through memory and file analysis, and the development of a threat assessment profile. With Redline, users can:

- Thoroughly audit and collect all run processes, audit data, and memory images.

- Analyze and view imported audit data, including narrowing and filtering results around a given timeframe using Redline's - Timeline functionality with the TimeWrinkle™ and TimeCrunch™ features.

- Streamline memory analysis with a proven workflow for analyzing malware based on relative priority.

- Identify processes more likely worth investigating based on the Redline Malware Risk Index (MRI) score.

- Perform Indicator of Compromise (IOC) analysis. Supplied with a set of IOCs, the Redline Portable Agent is automatically configured to gather the data required to perform the IOC analysis and an IOC hit result review.

  • OWASP Broken Web
    Presented by Chuck Willis
    Thursday, August 1
    12:45 - 3:15 PM
    Station 8

The Open Web Application Security Project (OWASP) Broken Web Applications project ( provides a free and open source virtual machine loaded with web applications containing security vulnerabilities. This session will showcase the project VM and exhibit how it can be used for training, testing, and experimentation by people in a variety of roles.

Demonstrations will cover how the project can be used by penetration testers who discover and exploit web application vulnerabilities, by developers and others who prevent and defend against web application attacks, and by individuals who respond to web application incidents. New features and applications in the recently released version 1.1 of the VM will also be highlighted.

Let us know if you'll be at Black Hat USA 2013!