I know it doesn’t have anything to do with wireless, but I wanted to take a moment to give some love to a great vendor demo. From time to time you come across vendors who can really nail a point and drive it home without being cheesy or too salesy.

Sean Blanton was a perfect example of this. His “Wall of Sheep” demo at AirTight (now Mojo) Networks has been duplicated by a number of partners, including me. Showing off how technology works not by explaining a dashboard, but by engaging the audience and walking them through what the problem is and clearly defining how their solution can be the fix. Doing it with personality, some flair, a few laughs, and a little bit of uneasiness goes a long way.

At InteropITX this year I was beckoned into a booth by a loud and excited individual named Richard from Cylance. Granted, I had NO idea who Cylance was. Other than the few years that their advertisements in SJC and airports around the US had replaced Barracuda for “airport sponsorship, I had never engaged with them. I don’t know why, I mean I knew the name, I just figured they were good at what they did but not for me. The advertising worked is what I’m saying, kind of. I thought it was Cyclance. Whatever.

 So Richard belts out a “GOOD MORNING” to me and I engage. I walk into the booth and say “Tell me what Cyclance does” he says “It’s actually Cylance, but hey at least that’s one way to start a conversation”. Done. Hooked. Great job.

 Yada yada yada, he hands me a ticket for an event they’re doing that evening and introduces me to Matt. They explain that it’s a history of the criminal underworld and how it’s changing with time. The event is called UNDRWRLD. I’m intrigued and interested. He asks me to come on by, check it out and grab a drink. He lets me know I’ll learn about the product and get my questions answered .. and hey, free booze in Vegas right?

I recruit two of my friends to go with me and we roll into the Ling Ling at Hakkasan, a darkened room, big enough for the event, but small enough to be cozy. They get started.

 What transpired was freaking awesome.
 It wasn’t the fact that they proved a point, handed out free stuff, and had a great time with us, it was that they communicated what their product did absolutely effectively, with real-world examples and in a way that left no doubt that they had the capability to solve the problems of everyone in the room. It was nerd-goosebump inducing. The fact that I’m 6 paragraphs into a blog post about a vendor demo should tell you how impressed I was. I cannot be appreciative enough of the Richard & Matt. Well done guys.

What was the demo?

It was sick. And they do it on tour. So if you see them coming into town, I would totally sign-up to see it.

Essentially they had an audience member, a random person, in this case and older female come up to the front and they walked her through building a malware package using freely available tools. It wasn’t some bullshit malware package that had no teeth. It was a payload that delivered ransomware that held the computer hostage for 65 bitcoin. If you didn’t pay the ransom it scaled to 180 bitcoins over 120 days.

 They took it and ran it through an online tool (Metadefender) to check how many Anti-Virus programs would identify it as malware. Out of I think 120, there were 40 that it could slide by, and they were names that you and I know on a daily basis.

 So, they solicited another random audience member and had him kick it up a notch. He ran it through a stub generator program, again another freely available tool, and stuck an MS Office icon onto it. This time when they ran it through the Metadefender: undetectable. By everyone one of the toolset you would normally know. They had just produced legitimate ransomware in front of us using audience members in less than 10 minutes.

Please note on this, they were not doing this as a training lesson on how to build ransomware. They didn’t provide links or software so we could do this. They didn’t promote it as a session to learn how to build ransomware, they did it to prove a point.
A point that EVERYONE got: anyone can do this now. Anyone.

So what do you think they did next?

They deployed it on a machine not running their software.
 The effect? They locked up one of their own boxes in front of us using ransomware created on a website on the darkweb,. A gutsy move by anyone.
 Next, they deployed it on another machine protected by their tool, and obviously it didn’t even execute the file.

What happened next was even more awesome.

In the 2nd week of May 2017 a distributed ransomware attack took Fortune 100 companies and over 150 countries by storm. It was called WanaCry. It was the largest deployment of ransomware with the largest effect of any distributed ransom based malware to date.
 They had 3 variants of it on hand. It was almost the digital equivalency of playing with a vial of HIV tainted blood.

What next? What do you think?

They fired off the WanaCry executables on a machine protected with their software.
All 3 variants failed to even execute.

 And the gutsiest part? They did it on their algorithm from 2015, 2 years before WanaCry even existed. Just to prove a point.

 A point well taken.

Originally published on Blogger