Welcome to BlueHat IL Nights 2023!

BlueHat IL Nights is our notorious summer bash for security professionals, featuring a distinguished keynote speaker followed by our famous all-night party.
This year’s special guest is Microsoft MSTIC’s Ned Moran, researcher and disrupter of Middle Eastern state-sponsored actors. Ned will walk us through the world of Iranian cyber operators to reveal their shift in strategy and how they’ve embraced an 'asymmetric' approach to achieve their objectives.
Brace yourself for some major revelations and join the crowd of notorious hackers, cyber-research revolutionaries, security game changers, and thought leaders.

See you there.



Mingling, snacks and drinks




Keynote- The Evolving Trends in Iranian Computer Network Operations

Ned Moran, Microsoft




Happy Hour

John Lambert

Ned Moran,

Principal Software Engineer at Microsoft

Ned has over 15 years of experience in the security community. In his role at Microsoft on the MSTIC Adversary Research Team, he is responsible for identifying and disrupting state sponsored actors originating from the Middle East and coordinating the dissemination of all of MSTIC’s intelligence to Microsoft Incident Response team. Previous to Microsoft, Ned worked as research fellow at the Citizen Lab, as a staff member at the Shadowserver Foundation, and as an adjunct professor at Georgetown University.

Keynote- The Evolving Trends in Iranian Computer Network Operations
In his keynote, Ned will discuss about how Iranian cyber operators continue to evolve their tradecraft and embrace ‘asymmetry’ to achieve their objectives. Beginning in 2012 with Shamoon and continuing through 2022 with Zerocleare, Iranian cyber operators have developed a reputation for aggressively employing destructive tools and tactics to compel or deter their adversaries.

However, a closer analysis of the data suggests that although the threat of destructive attacks remain, Iranian operators have continued to evolve and are now less reliant on ‘big bang’ attacks.

In this talk, we will highlight recent trends in Iranian computer network operations including:

A decreased reliance on destructive attacks
An increase in the use of information operations to amplify more frequent but less impactful attacks
An increase in the speed of exploit weaponization
An increase in targeting of ‘cloud’ resources

We will close with some lessons learned with clustering and attributing Iranian computer network operations.


3 Alan Turing St. Herzliya


Due to limited capacity, you must register in advance. It will not be possible to register on-site.
Throughout the event, a variety of refreshments will be served. There will be gluten-free, vegan, and vegetarian options available.
Yes, all the food will be kosher
All talks will be in English, some jokes will be in Hebrew.
We’ll publish some of the presentations and videos on the website post conference, depending on the speakers’ approval.
Footage of the event will be taken by Microsoft and media channels. Microsoft may use this footage for communication and publication purposes.
Entrance to Microsoft’s events with any kind of weapon is prohibited.