|
|
October 25-27, 2010
MTCC, Toronto, ON, Canada |
| |
 |
|
|
KeyNote -
Growing the Security Profession
- Richard Reiner
As the field of information security matures, several significant barriers to progress that exist today will have to be removed if our capability to manage security risks is to improve. This presentation focuses on several of these, including the lack of truly effective channels to convey current knowledge to front-line practitioners; the division of the information security world into sub-cultures (vendor, researcher, enterprise, academic, and industrial) that communicate little with each other; the frequently non-constructive interactions that exist between security researchers and software vendors, and also between enterprise security professionals and other IT professionals; fragmentation among the available infosec certifications; and more.
|
|
top
|
|
KeyNote -
Zen and the Art of Cybersecurity
- Ira Winkler
The biggest problem in corporate information security is the people performing the work. I have found that there are people outside the security field, and even many people inside the field, who think they know what they need to know about security but clearly don't.
Additionally, some people know a great deal about one aspect of security, but are woefully weak in other aspects and don't know it (or want to know it). Because of this phenomenon, most organizations have a very false sense of security. Using entertaining analogies from martial arts and psychology, this presentation discusses this critical security failing. Attendees will learn how to tell if they are dealing with people who are properly skilled, and how to plan their security programs accordingly.
|
|
top
|
|
KeyNote -
Attack Trends and Techniques: What's Hot!?
- Steve Riley
The bad guys just keep getting better! They're constantly changing their tactics and inventing new techniques to cause you harm, damage your data, and make your resources unavailable. Why do they do this? What motivates someone to -- let's call it what it is -- commit computer-related crimes? How have they changed and improved? What kinds of attacks are popular now and why are they so effective? What might we expect to see in the future? Steve Riley will help you understand the latest in attack trends and techniques, and maybe even scare you a bit, too!
|
|
top
|
|
KeyNote -
A Law Enforcement Perspective
- Carole Bird, RCMP Today, more than ever, law enforcement must work closely with various partners to identify and develop strategies to address the challenges posed by the diversity and speed of crime on the internet. The fact that a significant percentage of Canada's critical infrastructure is owned and operated by the private sector and that the diversity of crime on the internet continues to grow makes it key that we work closely with the private sector to develop appropriate multi-pronged strategies address cyber crime.
This presentation will review the nature of the current threats in cyber crime and how they appear to be evolving as well as strategies being developed to counter cyber crime. |
|
top
|
|
The Evolution of Phishing to Organized Crime
- Rohyt Belani This presentation will discuss the
evolution of phishing from being a
means of stealing user identities to
becoming a mainstay of organized
crime. Today, phishing is a key
component in a "hackers' repertoire.
It has been used to hijack online
brokerage accounts to aid pump 'n
dump stock scams, and as a means of
creating covert channels from
compromised user machines to the
Internet. During this talk, I will
present the techniques used by
attackers to execute such attacks
and real-world cases that I have
responded to that will provide
perspective on the impact.
|
|
top
|
|
DNSSEC: Theory and Worldwide Operational Experiences
- Paul Wouters The Domain Name System (DNS) has been up for an overhaul for many years, as the last "core internet" protocol left without any security. Attacks abusing the DNS to hijack domains, spoof websites and bypass spam filters are on the rise. July 2007 saw a major DNS hijacking attack. Gartner prominently added DNS attacks to their 2007 Hype Cycle.
DNSSEC is the technology to protect DNS against spoofing. With the US government pushing for adoption through FISMA, and the experience of a few early adopter countries such as Sweden and Bulgaria, DNSSEC deployment is now picking up speed.
Is the world ready for DNSSEC? Who is deploying DNSSEC right now? Does it really mean giving the keys of the Internet to the US Government? Can users gain the advantages of DNSSEC now? Is deployment too risky for the benefits gained? When should you start thinking about DNSSEC?
After attending his presentation, you will be able to make an informed decision about DNSSEC and your organization.
This presentation will include demonstrations of DNSSEC enhanced end user applications.
Paul Wouters has been running DNSSEC on a few hundred domains since 2003, making him one of the most experienced in the field. |
|
top
|
Process
Control and SCADA:
Protecting
Industrial Systems from Cyber Attack
- Mark Fabro
With the recent advancements in
national security initiatives, as
well as parallel efforts in research
by both the public and the private
community, there is an immediate
requirement for the strategic
development of plans to protect
Critical Information and Key
Resources (CI/KR) from cyber attack.
As such, Process Control and SCADA
systems are beginning to move to the
forefront as it relates to threats
and vulnerabilities. The PCS domain,
along with SCADA systems, is
becoming more at risk from a cyber
perspective. The migration of
traditionally closed control
networks to open and common
protocols, as well as Internet
connectivity, introduces severe
cyber security risk. Moreover,
attacks on industrial command and
control systems in the cyber domain
often will manifest in the physical
domain, putting the systems that
control dams, pipelines, and energy
distribution (among others) at risk.
The briefing will be a concise
introduction to the cyber security
issues in the control systems
environment, will review historical
issues and incidents, and discuss
emerging mitigation strategies to
help secure critical infrastructure
information resources. Topics
include:
- Cyber threats and vulnerabilities
in the process control/SCADA domain
- Historical analysis of open source
security incidents
- Current technical problems
requiring attention to mitigate the
issues
- Protocol analysis and inherent
security weaknesses in process
control
- Strategies for defense (Firewalls,
IDS, encryption) in process control
systems
- Mapping standards to the process
control domain
- Forward looking strategies by
governments and the public sector
|
|
top
|
Modern Trends in Network
Fingerprinting - Jay
Graver and Ryan Poppa
Both a WhiteHat Audit and a BlackHat
Compromise begin with scoping out
the network. Using OS and
Application fingerprinting
techniques have
been staples of Network
Reconnaissance for close to a
decade. Today's
techniques include passive, active,
blind and invasive fingerprinting.
A brief review of current and past
strategies explains the strengths
and pitfalls of each fingerprinting
technique. This leads to the
introduction of our new
fingerprinting technique and the
release of
our new fingerprinting tool which
will attempt to safely and
accurately
identify HTTP servers with a single
RFC compliant request. |
|
top
|
|
|
|
NAC@ack
- Dror-John Roecher and Michael Thumann
The last two years have seen a big
new marketing-buzz named "Admission
Control" or "Endpoint Compliance
Enforcement" and most major network
and security players have developed
a product-suite to secure their
share of the cake. While the market
is still evolving one framework has
been getting a lot of market-attention:
"Cisco Network Admission Control".
NAC is a pivotal part of Cisco's
"Self Defending Network"
strategy and supported on the
complete range of Cisco network- and
security-products. From a security
point of view "NAC" is a very
interesting emerging technology
which deservers some scrutiny. The
Cisco NAC solution contains two
major design-flaws which enable us
to hack (at least) two of the three
different variants using some kind
of "posture spoofing attack". We
will demonstrate code & tool for
posture spoofing in Cisco NAC
'secured' networks.
|
|
top
|
Security Challenges in Virtualized Environments
- Joanna Rutkowska
This presentation tries to show different security problems that might arise in virtualized environments. It first talks about virtualization based rootkits (AKA "blue pills") -- what so special about them, clarifies some misunderstandings and also discusses how real this threat is today. It also touches on the subject of virtual machine isolation and why we should aim towards thin hardware-based hypervisors. Nested virtualization and its impact on security of virtualized systems is also discussed.
|
|
top
|
Human Factor vs. Technology
- Joanna Rutkowska
This lecture will present current challenges in operating systems security - from both a human as well as a technical perspective - and views on possible ways of addressing those issues. The main message will be that the so-called "human factor" is not, in contrast to common belief, the weakest link in IT security, as eliminating the incompetence of users and administrators does not solve many of the serious problems we're facing today.
|
|
top
|
Hacking Hollywood
- Johnny Long
Hacking stuff is for the birds. I'm taking a new path in life. I've decided to become a technical consultant for Hollywood. (No, not really, but work with me here). In my new role, I've decided it's time to take up the torch for all my fellow consultants who have been abused by you people through the years. We're all just sick and tired of your snide little comments about hackers in the movies. So go ahead. Make fun of Hollywood. Poke fun at A-list actors who "slide in [a] Trojan horse riding a worm" or B-movie bandits that use "mega modems with compression". Snort your snooty little snicker at smarties who smash 128-bit DES encryption in a skimpy 60 seconds. Who do you think you are, anyway? You've probably never even USED 128-bit DES.
Think you're all �ber because you can sling a bit of code? Let's see you sling a multi-headed worm that sniffs out latent digital footprints throughout an encrypted network. Not leet enough? That's OK. I'll show you how it's done. Think you've found a movie line that's just slam-dunk stupid? A movie line that proves Hollywood is just clueless about technology? Think again. You just misunderstood.
I'll use video clips and ultra-magnified freeze-framed screen stills to prove to you that Hollywood is clue++. Failing that, I'll at least distract you with seriously classified hardware and 0day exploits that were leaked through Hollywood films. Then again, you just might be safer if you keep on thinking they're only cheesy movie props. Come and hang out for a while as I continue my crusade to inject fun back into security. NOTICE: Persons with bladder control issues should sit this one out.
|
|
top
|
Exploit-Me
Series - Free Firefox Application
Penetration Testing Suite Launch
- Nish Bhalla and Rohit Sethi
Security Compass is pleased to
announce the release of the free
Exploit-Me series of application
penetration testing tools at SecTor.
The toolset is made specifically for
security consultants, developers and
QA staff to facilitate testing of
applications. The Exploit-Me series
of tools are plug-ins to Firefox
that allow for easy "right-click"
style parameter fuzzing for web
applications.
Included in the Exploit-Me series
are:
SQL Inject-Me - Point to any HTML
field in your Firefox browser and
try to inject it with an individual
SQL injection payload or
multiple-payloads via fuzzing by
simply right clicking on the field
and selecting "SQL-Inject Me".
XSS-Me - As with SQL-Inject me,
point to any field on an HTML
document
and attempt to perform Cross-site
scripting by right-clicking and
choosing "XSS-Me".
Web Service Exploit-Me - Enter a
valid WSDL location and try fuzzing
various parameters in a
simple-to-use HTML interface in
Firefox using
Web Service Exploit-Me. The
interface will also allow for you to
attempt SQL-Injection and XSS
through web services.
|
|
top
|
SQL Server Database Forensics - Kevvie Fowler
Databases are the single most
valuable asset a business owns.
Databases store and process critical
financial, healthcare and HR data,
yet businesses place very little
focus on securing and logging the
underlying database transactions. As
well, in an effort to trim costs,
many organizations are consolidating
several databases on to single
mission critical systems which are
frequently targeted by attackers.
With large data security breaches
occurring at an alarming rate,
several database logging tools have
been released in the industry,
however adoption of these products
is slow leaving these mission
critical systems vulnerable and
ill-equipped for traditional
forensic analysis.
Database forensics is a relatively
unknown area of digital
investigation but critical to
investigating data security
breaches. There is very limited
information available today on this
subject and, at the time of this
writing, no known information
targeting SQL Server 2005 forensics.
This presentation provides attendees
a 'real world' view into SQL Server
2005 forensics. How to gather
evidence from hidden database
repositories using forensically
sound practices, and the
investigation pitfalls to avoid. |
|
top
|
TCP/IP Perversion - Rares
Stefan
The evolution of rogue code has
somewhat ignored the opportunities
offered by kernel network drivers.
In this paper we will analyze such
opportunities and demonstrate
several methods of data theft and
system commandeering while evading
perimeter/host based security
systems and operating undetected in
the long term.
End node TCP/IP perversion relies on
a kernel module in the data path
that will passively (without
initiating a network session itself)
modify incoming and outgoing
traffic. We will focus on the
Microsoft kernel and present several
ways to insert an inline network
driver that will intercept, redirect
and modify TCP sessions. ..
|
|
top
|
Wireless Security - What Were They
Thinking - Brad "Renderman"
Haines
Wireless technology was supposed to mean freedom from wires and desks. It has instead become one of the biggest security nightmares for IT. How did we get here, what are the threats (existing and emerging), and where do we go from there.
With wireless available on every new laptop and even Ipods now, it's with us to stay for quite a while and IT professionals have to live with it. This talk will provide a look at past, present, and proposed security standards and the weaknesses of each, as well as some of the process that caused these problems to occur. We'll also look at some emerging threats to some of the latest security standards for 802.11 networks, as well as bluetooth and RFID, the often forgotten wireless.
|
|
top
|
Hacking Bluetooth for Fun, Fame and Profit - Dino Covotsos
Enhancements in cellular technology and mobile computing in recent years has lead to the availability of affordable and powerful mobile devices. Where before cellular phones where relegated only to the business class and other members of the upper-echelon of society, today they are deemed a necessity and have become so cheap in comparison to phones of years past that almost anybody can own one.
One of these enhancements is definitely the Bluetooth specification, which allows for the creation of short range wireless personal area networks. In recent years however, it has come to light that various flaws exist in certain Bluetooth implementations. Our paper aims at demystifying these vulnerabilities. Amongst other things it will include the procedures involved in bluesnarfing, the potential hazards of bluejacking as well as the backdooring of mobile devices. We will also be demonstrating the tools and techniques used in accomplishing the above listed attacks.
|
|
top
|
Securing Commodity Systems using Virtual Machines - David Lie
In this talk, I will summarizing advances in academic research for mechanisms that use Virtual Machine Monitors (VMMs) to increase the security of commodity systems. Commodity systems are often required to support functionality required by legacy applications that is often at odds with security. For example, commodity systems feature dynamic extensibility, and many commodity applications require super-user privileges to run. As a result, commodity system users often experience difficulties when trying to retrofit such systems to be secure. VMMs operate at a level that is invisible to software in commodity systems, thus providing a means to secure commodity systems transparently. This enables computer users to elide many of the issues that arise when trying to retrofit security onto commodity systems that have not been designed with security as a priority. VMMs also naturally provide features that are well-suited for improving security, such as strong isolation among Virtual Machines, and a higher level of assurance and reliability than commodity systems due to their smaller code base and leaner interface. Some of the security issues we will be looking at will be how VMMs can perform both signature-based and signature-free detection of intrusions, root-kits and covert malware, aid trusted computing and remote attestation, check for intrusions after the discovery of a zero-day vulnerability, and provide interim protection for such vulnerabilities until a patch is available and has passed acceptance testing.
|
|
top
|
Data on Threat Evolution - What 47 Leading Security Vendors Are Seeing - Ben Sapiro
Forty-seven of the world's leading security vendors collaborate with a single centralized, private source of threat intelligence for the data and technical analysis that drives their daily product updates and helps focus their longer-term technology innovations. This presentation draws directly on that same key data source to derive hard data regarding the evolution of threats and risks, including:
- Evolution of threats related to application vulnerabilities
- Evolution of threats related to infrastructure vulnerabilities
- Targeting of desktops vs. servers vs. web vs. virtualized and other environments
- Evolution of the exploit cycle (time to patch, time to exploit,
- Evolution of spyware risks
|
|
top
|
Web Application Worms: The Future of Browser Insecurity - Mike Shema
The traditional conception of web application security covers how attacks piggyback HTTP(S) through a firewall to attack servers. Yet this is a bidirectional path; web browsers can be attacked by compromised sites with malicious payloads. Such attacks exploit assumptions of trust and security between the browser and web site.
HTML, JavaScript and similar engines like ActiveX, Flash, and Java present a relatively uniform, cross-platform exploit environment for attackers. This combination of delivery mechanism (a vulnerable web application), large victim base (web browsers), and access (no intervening firewalls) produces a significant risk to users. It enables new generations of botnets and provides new threats to users' information.
This presentation will summarize past web application worms and present the potential for new types of worms and browser attacks. One consequence of widespread web application attacks is phishing (identity theft). As worms become more complex, they may gain persistence, cross-application targeting, intranet reconnaissance, and take advantage of the inherent trust firewalls place in permitting web traffic into a network. Attendees will be shown how previous worms have exploited browsers as well as JavaScript source, examples and techniques that new ones might use.
Understanding the capabilities of a web application worm is important for creating defenses. Web browsers have started to implement countermeasures to phishing. Browsers are the gateway between a host and the Internet, a path which is all too often unaffected by firewalls or network security devices.
|
|
top
|
State of the Hack - Kevin Mandia
During the last ten years, Kevin Mandia has been on the front lines assisting organizations in
responding to international computer intrusions, theft of customer credentials, and widespread
compromise of sensitive data. During his efforts to resolve these incidents, many similar
challenges and issues confronted each organization. During this presentation, Mr. Mandia will
provide case studies that describe in detail the most recent computer security incidents he has
responded to on behalf of the organizations. He will discuss how these incidents impact
organizations, and discuss the challenges that each organization faced. He demonstrates the
'State-of-the-Art' methods being used to respond to these incidents, and he addresses emerging
trends and technologies that offer strategic approaches to minimize the risks an organization
faces from the liabilities the information age has brought.
|
|
top
|
Black Ops 2007: DNS Rebinding Attacks - Dan Kaminsky
The web has grown beyond anyone's wildest expectations -- but it's still based on Internet protocols that go back thirty years. In this talk, I explore an interesting fault in the fundamental design of the web, which exposes every corporate network to the Internet and makes click fraud, SPAM, and worse distressingly trivial. Interestingly, the techniques identified in this research may be useful in detecting hostile network providers that are selectively interfering with network traffic.
|
|
top
|
You're Just Not Pretty Enough to Do Investigations - Kai Axford and local law enforcement
You're not attractive enough to be on CSI: Miami, but who cares...this is real life. Join Kai Axford and members of Canadian law enforcement best cybercrime teams, for a fun and engaging session, as we demonstrate tools and techniques that will prove useful in your own computer investigations. Got questions on how RCMP and TPS really track down the bad guys? This session is your chance to find out and then apply the procedures to your own environment. This is definitely not a "death by PPT" session!
|
|
top
|
How Close is the Enemy - Kevin G. Coleman
Hackers, terrorists, insiders, nation states and others all pose threats, but who really is capable of damaging our critical systems infrastructure. Not too long ago we were only concerned about hackers breaking into our systems. Today, we face a number of threats in cyber space. Trusted insiders now account for more that fifty percent of the system breaches that occur, poor quality software provides vulnerabilities for exploitation, and the most recent threat of being caught up in a cyber war. This presentation will examine and put into context these three threat areas in an effort to assist you in determining the current threat level as well as insight into the threat level near term. All information presented here has been developed in the past four months. Get the latest Intel on these threats.
|
|
top
|
Cybercrime, CVEs, OVAL, CME and why you must care! - Gary S. Miliefsky
95% of downtime and successful criminal hacker attacks are because of your known vulnerabilities - find out what they are, current standards and new trends from the international standards body at MITRE, funded by the US Department of Homeland Security. Miliefsky is a Board member of this organization and will provide insights and free resources you can take advantage of today to harden your networks against attack, downtime and IT related regulatory compliance issues.
|
|
top
|
|
|
|
|
|
