Training: 8–9 November 2016
Tutorials & Conference: 9–11 November 2016
Amsterdam, NL

Talking to the bad guys

Nav Jagpal (Google)
16:45–17:25 Friday, 11 November, 2016
Bridging business and security
Location: G106/107 Level: Non-technical
Average rating: ****.
(4.00, 3 ratings)

Prerequisite knowledge

What you'll learn

  • Explore lessons learned and recommendations on how to design systems and develop policies to deal with spectrums of behavior from Google’s Safe Browsing team


Google’s Safe Browsing team’s charter is to protect end users from malware and deceptive practices on the Web. Recently, the team has been focusing heavily on unwanted software (UwS). Google’s systems and tools were able to help detect this software because of its resemblance to malware. Unlike most malware, however, UwS is often created and distributed by companies that operate in the open.

By engaging with these companies, the Safe Browsing team has learned how stakeholders view Google’s systems from the outside; key lessons include the efforts these companies go through to bypass Google’s evasion, how much knowledge they have about how Google’s systems operate, and how their return on investment (ROI) can make spending $50K a month on new domains a drop in the bucket.

Nav Jagpal shares fun stories about the Safe Browsing team’s engagement efforts last year and lessons that others in security may find useful when building systems and engaging with ecosystems that host a spectrum of adversaries and allies.

Photo of Nav Jagpal

Nav Jagpal


Nav Jagpal is a renegade software engineer on Google’s Safe Browsing team and has been with Google for over nine years. Nav specializes in fighting Chrome extensions malware and unwanted software. Nav’s publications include “Trends and Lessons from Three Years Fighting Malicious Extensions,” “Ad Injection at Scale: Assessing Deceptive Advertisement Modifications,” and “Trends in Circumventing Web-Malware Detection.”