CyberPoint's Nate Rogers and Ben Lelonek to Speak at Ruxcon

BALTIMORE, MD, October 19, 2016 — Nate Rogers and Ben Lelonek will discuss Event Tracing for Windows (ETW) and its untapped potential for both offensive and defensive purposes. On October 23, 2016 at 12pm (October 22, 9pm EST) at Ruxcon in Melbourne, Australia, they will present their talk entitled, Make ETW Great Again! An article entitled Logging Keystrokes with Event Tracing for Windows (ETW) will be posted to our blog around the time of the talk, so stay tuned.


Event Tracing for Windows (ETW) is nothing new. It's existed in all versions of Windows since Vista and has many detailed blog postings from Microsoft when it first came out (around 2009). It's also been used in a few instances of cyber security related research as well as tools ranging from malware research in Academia to abused Admin ("badmin") tools for red teams and penetration testers. In spite of all this, and for reasons we can't figure out, the real potential for ETW remains untapped for both offensive and defensive purposes in virtually all these previous applications.

This talk will show ETW's previous usage in both industry and academia but will focus on its underutilized potential. For the defensive, anti-malware side of the industry ETW has vast potential as new vector for data capture. It can capture ("trace" in ETW speak) events from every facet of a system, including the kernel, file I/O, memory allocation, network activity and .NET usage to name a few, all the while remaining relatively difficult (from malware's perspective) to detect as this mechanism is already native to modern versions of Windows. These events can be captured and parsed dynamically as well as aggregated and parsed later. This versatility allows ETW to provide an alternative mechanism for anti-malware tools but also has applications in sandboxing and automated malware analysis and research. For the anti-malware minded folks in the industry, ETW provides a valuable data source to pursue or aid in the pursuit of existing tools and research.

For the Red Teamers and Pen-Testers, ETW appears to have far more potential than what is currently being leveraged publicly in the community. While examples of cookie stealing and netflow exist this is just the tip of the iceberg. ETW provides thousands of types of events an attacker can potentially access giving him virtually any desired detail about the system. We'll discuss a few of these events in detail and give demos on how they can be abused. Lastly we will demonstrate their usage while highlighting the "stealth" of ETW and why it will be difficult for the AV industry to prevent abuse of ETW by attackers.

About Nate Rogers

Nate is the tech lead of the Security Research Team [SRT] at CyberPoint International. His research focuses on vulnerability research, fuzzing, analyzing high profile malware, dodging managerial responsibilities, and exploring the latest new attack vectors and ways to detect/mitigate them. Professionally, his experience covers the following areas: reverse engineering, malware analysis, infosec-related software development, and penetration testing. He loves tinkering in all areas infosec related and often spends his free time bug hunting or struggling at CTFs. He is currently a graduate student studying Cyber Security at NYU Poly.

About Ben Lelonek

Ben is currently a member of the Security Research Team [SRT] at CyberPoint International. Most of his experience is in software development, primarily on tools for malware analysis. His research interests include automating malware analysis, honeypots, and the Internet of Things. He is currently a graduate student studying Computer Science at UMBC.

About CyberPoint

At CyberPoint, we work to create a future where individuals and organizations from across the globe can operate safely and securely in cyberspace and benefit from the technological innovations that increasingly connect our world. A rapidly growing cyber security company, CyberPoint integrates and delivers innovative, leading-edge services, solutions, and products to protect what's invaluable to customers worldwide. We discover the threats and vulnerabilities that expose data, systems, and infrastructure to compromise, we quantify risks, and we design defenses that provide critical protection. Learn more at

CONTACT: CyberPoint International, LLC,

Vicki Gumtow Featured in "Powered By Women: Meet Maryland's female tech leaders" (Daily Record)

CyberPoint wants the Force to be with you when thinking about your firm's cyber security (Baltimore Business Journal)

CyberPoint CEO Karl Gumtow Honored for International Leadership

CyberPoint Patents Similarity Search and Malware Prioritization

This video shows why the Death Star needed a cybersecurity platform ( Baltimore)

CyberPoint's 2015 Women in Cyber Security Reception

Patent Issued for Similarity Search and Malware Prioritization (USPTO 9197665) (

Baltimore Artists Anna and Caroline Zellhofer, Selected to Create New Work for Annual Women in Cyber Security Reception

CyberPoint Delivers Keynote and Technical Talk at RSA Abu Dhabi

Karl and Vicki Gumtow: Giving back is everybody's business (Daily Record)

CyberPoint International Commits $1,000,000 to New Charitable Endowed Fund at the Baltimore Community Foundation

CyberPoint pledges $1 million to Baltimore community fund (The Baltimore Sun)

CyberPoint hopes to inspire others to give by creating $1M charitable fund (Baltimore Business Journal)

David S. Clapp and Vicki Gumtow Elected to Baltimore Community Foundation Board of Trustees

"Not the Wild West." Squadron Leader Emma Lovett, Royal Australian Air Force, Talks Cyberspace and International Law at CyberPoint Speaker Series

When Opportunity Knocks, CyberPoint Answers

CyberPoint Recognized as One of Fastest Growing US Private Companies—Making 2015's Inc. 5000 List

Keith Mularski, FBI Cyber Expert, Describes Cyber Mob-Busting at CyberPoint Speaker Series

CyberPoint Interns Set Sail!

Cybersecurity firm commissions work of art ( Baltimore)

CyberPoint's Karl Gumtow Named One of Maryland's "Most Admired CEOs" by Daily Record

EY Names CyberPoint CEO Karl Gumtow Maryland Entrepreneur of the Year in Technology Category

Planit, CyberPoint founders take home 'Entrepreneur of the Year' awards ( Baltimore)

CyberPoint Welcomes Fourth Year of Summer Interns!

CyberPoint Announces Next Speaker Series Guest: Keith Mularski from the FBI Cyber Squad

Challenge Accepted: CyberPoint is Getting Fit

DARPA Awards CyberPoint New $6M Research Contract

CyberPoint Supports the Fund for Rebuilding Baltimore

CyberPoint at RSA 2015

CyberPoint Supports the 2015 Women in Cybersecurity Conference

University of Maryland Highlight's James Ulrich's Research

Dawn C. Meyerriecks, the CIA's Deputy Director for Science and Technology, Speaks at CyberPoint on Empowering Intelligence Integration

CyberPoint International Acquiring High-End Engineering Firm Bitmonix

CyberPoint Wins $5.4M Advanced Cyber Research Contract for DARPA VET Program

CyberPoint Celebrates 4th Year Mentoring Cristo Rey Jesuit High School Students

Security Ledger Talks About Prescient's "Made Overseas, Secured in America" Approach

CyberPoint's Prescient T700S-FW VTC System Named as Finalist for 2013 Golden Bridge Hardware Security Innovation Award

Bloomberg Adds CyberPoint's Prescient to the Conversation about Securing Technology Products Made Overseas

CyberPoint among Daily Record's "Innovators of the Year"

CyberPoint's CTIC hosts Baltimore's Meetup on Growing Maryland's Cybersecurity Industry

CyberPoint CEO Karl Gumtow Discusses Future of Cyber Security Industry

CyberPoint's David Tohn to Discuss New Approaches to Cyber Security Staffing and Training

CyberPoint's Paul Kurtz to Discuss Cyber Security for the Aviation Industry

Congressman Ruppersberger's Tech Trek takes him to CyberPoint

Robert Vamosi, Security Analyst and Bestselling Author, Speaks at CyberPoint on the Security Cost of Digital Convenience

Cyber Security Leaders Gather at the CTIC to Discuss Business Growth

Sherri Ramsay, Former NTOC Director, Speaks at CyberPoint on Why Cyber Security is a Team Sport

The Cyber Security LifeJourney™ Premieres at RSA 2013

Technology from China, Made More Secure in the US

RSA Update: CyberPoint's Jerry Caponera Will Speak About How Prescient Enhanced the Security of a Chinese-made VTC System

CyberPoint Recognized by Baltimore Magazine as one of the 'Best Places to Work 2013'

CyberPoint Develops DarkPoint, a New Tool Applying Machine Learning to the Problem of Automating Malware Analysis

CyberPoint Helps Prepare First-of-Its-Kind Cyber Jobs Report for Maryland

CyberPoint's James Ulrich Tells FloCon How CyberVaR Assesses Value-at-risk