SentinelOne to Discuss Cryptomining and Memory Mapped Files at Black Hat USA 2018

Endpoint Protection Leader to Share Research and Insight on Modern Cyber Threats at World’s Leading InfoSec Event

Mountain View, Calif.  – July 30, 2018SentinelOne, the autonomous endpoint protection company, today announced details of its participation at Black Hat USA 2018, August 4-9 at the Mandalay Bay Resort and Casino in Las Vegas, NV.

SentinelOne will be leading two, 50-minute sessions, discussing research and best practices for maintaining organizational security against today’s most pressing cyber threats. In addition to its speaking sessions, SentinelOne will be located at booth #212, sharing insight and demonstrations as to why autonomous endpoint protection is the best answer to diverse modes of attack.


Session 1: CryptoMiners – Holding Your CPU for Ransom

Who: Eran Ashkenazi, Vice President, Services & Field Operations, SentinelOne

What: Recent research from Palo Alto Networks shows that at least $175M in Monero cryptocurrency has been mined using malicious code – 5 percent of its present circulation. Ashkenazi will explore how cyber criminals are evolving their attack methods beyond ransomware to more sophisticated, harder to detect forms of abstracting money from organizations, and will demonstrate SentinelOne’s detection power in these advanced attacks.

When: Wednesday, August 8 | 10:20am-11:10am

Where: Oceanside F, Mandalay Bay Resort and Casino, Las Vegas, NV


Session 2: MMFML – Exploring How Memory-Mapped Files Hide From AV and Execute Malicious Code

Who: Parker Crook, Solutions Engineer, SentinelOne and Ben Holder, Senior Principal Consultant & Penetration Testing Lead, Sirius Security

What: Not only can the most well-known exploit code be dumped into memory-mapped files (MMF) and go completely undetected, but the code can also be executed directly out of MMF using C#.

In this session, Crook and Holder will discuss how the utilization of MMF for high-speed IO when accessed, should be user memory space and not executable by convention, and how through failed code and extensive research, they have found that shell dumped into non file-backed MMF can sit in memory and remain undetected while the most in-depth scans are run. Crook and Holder will demonstrate how their research has moved beyond storage of malicious payloads, and the techniques they use that allow a memory address in MMF to be repeatedly identified and utilized for code execution.

When: Thursday, August 9 | 3:40pm-4:30pm

Where: Oceanside E, Mandalay Bay Resort and Casino, Las Vegas, NV


To view SentinelOne’s full participation schedule at Black Hat USA 2018, go to


About SentinelOne

SentinelOne delivers autonomous endpoint protection through a single agent that successfully prevents, detects and responds to attacks across all major vectors. Designed for extreme ease of use, the S1 platform saves customers time by applying AI to automatically eliminate threats in real time for both on premise and cloud environments and is the only solution to provide full visibility across networks directly from the endpoint. To learn more visit or follow us at @SentinelOne, on LinkedIn or Facebook.

Jake Schuster
fama PR for SentinelOne
[email protected]