Andrew HendelaAndrew Hendela

Most software supply chain-related tools fall into a few categories: SBOM generation, vulnerability analysis, build policies, and source-code analysis. These do not address the problem exemplified by the SolarWinds supply-chain malware insertion attack. Software Bills of Behaviors provide an understanding of what the software is doing and how it has changed providing a defense against Solarwinds-style attacks.

About Andrew – Andrew has over a decade of cybersecurity experience leading teams tackling hard challenges. His technical expertise involves automating a wide range of problems, including cyber attribution, malware analysis, and vulnerability research.


Drew SchmittDrew Schmitt

Ransomware rebranding is becoming a common technique that ransomware groups are leveraging to obfuscate their operations and remain under the radar. From high-profile groups like Evil Corp to groups like AlphV and Blackbyte, the rebranding process has provided viable solution for extending operational capabilities after high profile attacks. This talk will examine rebranding trends since 2020 and provide a thorough review of the impacts ransomware rebranding has had on the operational capacity of multiple ransomware groups. Lastly, this talk will analyze methods that threat intelligence analysts can utilize to compare traits and behaviors between ransomware groups to determine if the group is a likely rebrand or a new group altogether.

About Drew – Drew Schmitt is the GuidePoint Research and Intelligence Team Lead Analyst and is responsible for coordinating threat research, malware analysis, and operationalized intelligence teams. Drew is especially fond of malware research and reverse engineering. When not neck deep in malware, he loves to create new and open-source tools and improve his techniques and capabilities. Drew is also an avid teacher and mentor, and really enjoys helping other people realize their love of malware, threat intelligence, and–above all–making threat actors’ lives harder. In past lives, Drew spent time as an incident responder, threat hunter, and IT administrator.