SIGS Afterwork Event Berne

Threat Intelligence – How, What and Why
… and “Bring Your Own Malware Indicators”

Save the DateKlick for the .ics file to save the date

Target Audience Information Security Professionals
CIO’s, CISO, IT Manager, Security Officer, Security Architects and Engineers – all from end customer side who are interested in IT Security

From Consultancies and Resellers/Integrators are only technical peoples allowed to take part. Vendors and people with a Sales/Marketing role are not authorized as participants.

CPE Credits Earn 2 CPE (Continuing Professional Education) for attending this SIGS Afterwork Event. Please request a confirmation.
Location PostFinance Arena
Mingerstrasse 12
3014 Bern (Wankdorf)

Date of Event 30th of November 2017

Language English

Participation Costs Fr. 30.–
This includes presentations, all beverages and aperitif (food)


4:00 – 4:30 Registration & Kaffee
4:30 – 6:30 Alex Hinchliffe, Threat Intelligence Analyst in Unit 42
Alex Hinchliffe is a Threat Intelligence Analyst in Unit 42. Based in EMEA, his main responsibilities include research into security threats, the groups behind them and their motivations, tactics and resources to enrich intelligence and disseminate information to the public.

He started his career as an intern at the then Dr Solomon’s Anti-Virus company in the United Kingdom. Almost two decades later, his research has largely focused on Windows malware and recently, on Android. He regularly speaks on these and related topics. While previously working for McAfee Labs, Alex co-created the industry’s first cloud-based Anti-Malware reputation system, Artemis, decreasing time to protection without signatures to help fight the huge growth in malicious threats.

Threat Intelligence, How, What and Why – the Unit 42 way of doing it
In this live presentation you will learn about how researches work and with what tools an techniques they are unveiling the adversaries secrets. Learn what a adversary playbook is and why you should care. In the second part follow the deep dive walkthrough of the KHART research including sample analysis.

For your own interest you can bring Malware indicators: hashes (md5, sha1, sha2); IP addresses, domain names, registry keys, mutexes etc etc and Alex will show you what we know about it.


  • Introductions: Alex and Unit 42
  • “State of the Nation” – what are current and future threats
  • Threat Intelligence: How, What, Why etc. This leads into:
  • Adversary playbooks (a new concept we’re talking about to represent and programmatically share information about adversaries and their TTPs)
  • Walk-through and deeper dive into KHRAT Malware research:
    • AutoFocus indicators, searching, pivoting.
    • Maltego maps (using AutoFocus, VirusTotal, PassiveTotal etc APIs)
    • Sample analysis – reversing, debuggers, hexadecimal stuff
  • Bring your own Malware indicators – analysis
  • MineMeld (demo)
  • Wrap-up / take aways
6:30 – open end Apéro & Networking

The sponsors of this event are:

So don’t wait and register here if you have a XING account. If you don’t have or don’t like to have a XING account, just send us an email

With the registration for this event you accept, that SIGS may use the data entered for its own purposes and may share it with its event partners and event sponsors of this specific platform.

Mobile Menu