Friday, May 19, 2017

Cylance Steals The Show With the UNDRWRLD Live Demo at InteropITX


I know it doesn't have anything to do with wireless, but I wanted to take a moment to give some love to a great vendor demo. From time to time you come across vendors who can really nail a point and drive it home without being cheesy or too salesy.

Sean Blanton was a perfect example of this. His “Wall of Sheep” demo at AirTight (now Mojo) Networks has been duplicated by a number of partners, including me. Showing off how technology works not by explaining a dashboard, but by engaging the audience and walking them through what the problem is and clearly defining how their solution can be the fix. Doing it with personality, some flair, a few laughs, and a little bit of uneasiness goes a long way.

A post shared by Wireless Nerd (@wirelessnerd) on

At InteropITX this year I was beckoned into a booth by a loud and excited individual named Richard from Cylance. Granted, I had NO idea who Cylance was. Other than the few years that their advertisements in SJC and airports around the US had replaced Barracuda for “airport sponsorship", I had never engaged with them. I don’t know why, I mean I knew the name, I just figured they were good at what they did .. but not for me. The advertising worked is what I’m saying, kind of. I thought it was Cyclance. Whatever. Haha. I should've checked em out is all I'm saying.

So Richard belts out a “GOOD MORNING” to me and I engage. I walk into the booth and say “Tell me what Cyclance does” he says “It’s actually Cylance, but hey at least that’s one way to start a conversation”. Done. Hooked. Great job.

Yada yada yada, he hands me a ticket for an event they’re doing that evening and introduces me to Matt. They explain that it’s a history of the criminal underworld and how it’s changing with time. The event is called UNDRWRLD. I’m intrigued and interested. He asks me to come on by, check it out and grab a drink. He lets me know I’ll learn about the product and get my questions answered .. and hey, free booze in Vegas right?

A post shared by Wireless Nerd (@wirelessnerd) on

I recruit two of my friends to go with me and we roll into the Ling Ling at Hakkasan, a darkened room, big enough for the event, but small enough to be cozy. They get started.

What transpired was freaking awesome.
It wasn’t the fact that they proved a point, handed out free stuff, and had a great time with us, it was that they communicated what their product did absolutely effectively, with real-world examples and in a way that left no doubt that they had the capability to solve the problems of everyone in the room. It was nerd-goosebump inducing. The fact that I’m 6 paragraphs into a blog post about a vendor demo should tell you how impressed I was. I cannot be appreciative enough of the Richard & Matt. Well done guys.

What was the demo?

It was sick. And they do it on tour. So if you see them coming into town, I would totally sign-up to see it.


Essentially they had an audience member, a random person, in this case a female attendee come up to the front. They walked her through building a malware package using freely available tools. It wasn’t some bullshit malware package that had no teeth. It was a payload that delivered ransomware that held the computer hostage for 65 bitcoin. If you didn’t pay the ransom it scaled to 180 bitcoins over 120 days.

They took it and ran it through an online tool (Metadefender) to check how many Anti-Virus programs would identify it as malware. Out of I think 40, there were 20% or so that it could slide by. Scarier than that, they were names that you and I know on a daily basis.

So, they solicited another random audience member and had him kick it up a notch. He ran it through a stub generator program, again another freely available tool, and stuck an MS Office icon onto it. This time when they ran it through the Metadefender: undetectable. By every one of the toolsets you would normally know.

They had just produced legitimate ransomware in front of us using random audience members, paid in cash and champagne, in less than 10 minutes.

Please note on this, they were not doing this as a training lesson on how to build ransomware. They didn't provide links or software so we could do this. They didn't promote it as a session to learn how to build ransomware, they did it to prove a point. 
A point that EVERYONE got: anyone can do this now. Anyone.


So what do you think they did next?

They deployed it on a machine not running their software.
The effect? They locked up one of their own boxes in front of us using ransomware created on a website on the darkweb,. A gutsy move by anyone.
Next, they deployed it on another machine protected by their tool, and obviously it didn’t even execute the file.

What happened next was even more awesome.

In the 2nd week of May 2017 a distributed ransomware attack took Fortune 100 companies and over 150 countries by storm. It was called WanaCry. It was the largest deployment of ransomware with the largest effect of any distributed ransom based malware to date.

They had 3 variants of it on hand. It was almost the digital equivalency of playing with a vial of HIV tainted blood.

What next? What do you think?


They fired off the WanaCry executables on a machine protected with their software.
All 3 variants failed to even execute.

And the gutsiest part? They did it on their algorithm from 2015, 2 years before WanaCry even existed. Just to prove a point.

A point well taken.

To learn more about Cylance, visit them online at https://www.cylance.com/



Please Note: this post was NOT sponsored, endorsed, provoked, or even asked-for by Cylance or the crew that made it happen. I just had to show some love to some guys who put their heart into making it awesome.

No comments:

Post a Comment