Presentations

Keynotes

“Welcome to SecTor 2016” – Brian Bourne
Defense Against the Dark Arts: Examining, Fixing and Fighting for our Cyber Defenses – Edward Snowden
It’s 2016: What can you do about gender balance in Information Security? – Laura Payne and Co., Alexis Lavi, Andrea Stapley, Julie Leo, Karen Nemani, Marilyn Blamire
Retaking surrendered ground: making better decisions to fight cybercrime – Chris Pogue
Securing Our Future – Mikko Hypponen

Tech Track

[Ab]using TLS for defensive wins – Lee Brotherston
AirBnBeware: short-term rentals, long-term pwnage – Jeremy Galloway
CANtact: Open Source Automotive Tools – Eric Evenchick
Control system security, are we living on luck? – Chris Sistrunk
Crash Course in Kubernetes & Security – Matt Johansen
EventID Field Hunter (EFH) – Looking for malicious activities in your Windows events – Rodrigo Montoro
Hack Microsoft by using Microsoft signed binaries – Pierre-Alexandre Braeken
Hiding in Plain Sight – Taking Control of Windows Patches – Travis Smith
How to build a malware classifier [that doesn’t suck on real-world data] – John Seymour
How To Secure Serverless Applications – Kellman Meghu
Jihadism and Cryptography, from internet to softwares – Julie Gommes
Lessons Learned Hunting IoT Malware – Olivier Bilodeau
Making sense of a million samples per day: Behavior-based Methods for Automated, Scalable Malware Analysis – Stefano Zanero
Open Source Malware Lab – Robert Simmons
Practical Static Analysis for Continuous Application Security – Justin Collins
Purple Teaming the Cyber Kill Chain: Practical Exercises for Management – Chris Gates, Haydn Johnson
RTF Abuse: Exploitation, Evasion and Counter Measures – Devon Greene
Securing Network Communications: An Investigation into Certificate Authorities on Mobile – Andrew Blaich
The State of SCADA on the Internet – Kyle Wilhoit
Utilizing Memory and Network Forensics for Scalable Threat Detection and Response – Andrew Case
WiFi Exploitation: How passive interception leads to active exploitation – Solomon Sonya

Management Track

Cybersecurity in an era with quantum computers: will we be ready? – Michele Mosca
Data-Driven Computer Security Defense – Roger Grimes
Getting Business Value from Penetration Testing – Mark Bassegio, Tim West
How to Rob a Bank or The SWIFT and Easy Way to Grow Your Online Savings – Cheryl Biswas
Introducing G.Tool – A batteries included framework for building awesome GRC tools without wasting money. – Ben Sapiro
Safety Should be the Security Paradigm – Chris Wysopal
Security by Consent, or Peel’s Principles of Security Operations – Brendan O’Connor

SECurity FUNdamentals

All roads lead to domain admin, a part of a presentation series: From breach to C.D.E. Part I – Yannick Bedard
Can massive data harvesting drive down the time to breach detection? – Sean Earhard
Expanding Your Toolkit the DIY Way – Chris Maddalena
IPv6 for the InfoSec Pro on the Go – Allan Stojanovic
Lighting up the Canadian Darknet Financially – Milind Bhargava, Peter Desfigies, Philip Shin
The Power of DNS: Gaining Security Insight Through DNS Analytics – Scott Penney
The Security Problems of an Eleven Year Old and How To Solve Them – Jake Sethi-Reiner
Fail Panel – James Arlen

Sponsor Track

An Effective Approach to Automating Compliance Activities – Dave Millier
Defending Against Phishing: Effective Phishing Incident Response Using Employees, Incident Responders, and Intelligence. – Mike Saurbaugh
Eliminating the Automation and Integration Risks of the “Security Frankenstein” – Chris Pogue
Exposing Ransomware: Intelligent cybersecurity for the real world. – Sean Earhard
Global Encryption Usage is on the Rise! – Si Brantley
Held for Ransom: Defending your Data Against Ransomware – James L. Antonakos
Lessons from the Attack Chain: Bolster Your IR Program – Eric Sun
Network virtualization to enhance context, visibility and containment – Bruno Germain
Next-Gen Now, Outsmarting ransomware, exploits and zero-day attacks – Keir Humble
Overwhelmed By Security Vulnerabilities? Learn How To Prioritize Remediation – Amol Sarwate
Rethinking Threat Intelligence – Danny Pickens
Securing a Cloud-Based Data Center – Peter Cresswell
Stopping the Attacker You Know – Brian Read
The Cyber Security Readiness of Canadian Organizations – Ryan Wilson
The Emerging Era of Cognitive Security – Peter Allor
The Industry Need for Cloud Generation Security – Ryan Leonard
Understanding Ransomware: Clear and Present Danger – Raul Alvarez
Threat Landscape, Technology in action – Robert Falzon
Why Technology is Not the Answer to Cybersecurity – Sean Blenkhorn

Keynotes

“Welcome to SecTor 2015” – Brian Bourne
Big Data Needs Big Privacy … Enter Privacy by Design – Dr. Ann Cavoukian
IT Security Operations: Successful Transformation – Kristin Lovejoy
Globalization of Cybercrime – Jason Brown
Maturing InfoSec: Lessons from Aviation on Information Sharing – Trey Ford

Tech Track

Automation is your Friend: Embracing SkyNet to Scale Cloud Security – Mike Rothman
Breaking Access Controls with BLEKey – Mark Bassegio and Eric Evenchick
Breaking and Fixing Python Applications – Enrico Branca
Complete Application Ownage via Multi-POST XSRF – Adrien de Beaupré
Confessions of a Professional Cyber Stalker – Ken Westin
Cymon – An Open Threat Intelligence System – Roy Firestein
Data-Driven Threat Intelligence: Metrics on Indicator Dissemination and Sharing – Alex Pinto
DevOps For The Home – Kellman Meghu
Drug Pump and Medical Device Security – Jeremy Richards
Exploitation Trends: From Potential Risk to Actual Risk – Tim Rains
Hijacking Arbitrary .NET Application Control Flow – Topher Timzen
Incoming Threats At the Speed of Retail – Wendy Nather
Learning To Love Your Attackers – Ryan Linn
Making & Breaking Machine Learning Anomaly Detectors in Real Life – Clarence Chio
Malware Activity in Mobile Networks – An Insider View – Kevin McNamee
Software Defined Networking / Attacker Defined Networking – Rob VandenBrink
Stealth Attack From The Produce Aisle – Todd Dow and Keith Benedict
Stealthier Attacks and Smarter Defending with TLS Fingerprinting – Lee Brotherston
UNMASKING MALWARE – Christopher Elisan
What Google knows about you and your devices, and how to get it – Vladimir Katalov
Xenophobia is Hard on Data: Forced Localization, Data Storage, and Business Realities – Brendan O’Connor and James Arlen

Management Track

Bulletproofing Your Incident Response Plan: Effective Tabletops – Reg Harnish
CISO Survival Guide: How to thrive in the C-Suite and Boardroom – Chris Wysopal
Dolla Dolla Bill Y’all: Cybercrime Cashouts – Benjamin Brown
Make Metrics Matter – Jessica Ireland
The Effective Use of Cyber Ranges for Application Performance and Security Resilience – Train Like You Fight! – Bob DuCharme
There’s no such thing as a coincidence – Discovering Novel Cyber Threats – Jim Penrose
What does it take to deliver the most technologically advanced Games ever? – Enzo Sacco and Quang Tu

SECurity FUNdamentals

Agile Incident Management – Bringing the “Win” Back to Data and Privacy Breach Responses – Robert Beggs
Building an Effective Vulnerability & Remediation Management Program – Dave Millier
Ground Zero Financial Services: Targeted Attacks from the Darknet – Joe Pizzo
Peeling The Layers Of Vawtrak – Raul Alvarez
Preventing Home Automation Security Disasters – James Arlen
Run Faster, Continuously Harden – Embracing DevOps to Secure All The Things – Chayim Kirshen
Security for non-Unicorns – Ben Hughes
The Internet of Bad Things and Securing the Software Defined Data Center – Ian Redden and Marc Edun

Sponsor Track

2015 State of Vulnerability Exploits – Amol Sarwate
Advanced Threat Analytics: Adapt as Fast as Your Enemies – Jasbir Gill and Lanny Cofman
Advanced Threats: Eliminating the Blind Spot – Fahmy Kadiri
Browser and Environment Hardening – Kurtis Armour
Building Better Indicators: Crowdsourcing Malware IOCs – Sean Wilson
Business Backed CVEs – The Major Vulnerabilities of the Past Year – Atif Ghauri and Brad Antoniewicz
Certifi-gate: Has your Android device been Pwned? – Shai Yanovski
Changing the Game of Threat Hunting – Jim Penrose
Detecting the Bear in Camp: How to Find Your True Vulnerabilities – Ryan Poppa
Effective Ways to Tackle Vulnerability Remediation – Dave Millier
Ensuring the Success of Your IAM Project – Jeremy Hanlon
Exposing Advanced Threats: How big data analytics is changing the way advanced threat defense is deployed, managed and measured – Sean Earhard
Insider Threat – The Soft Underbelly of CyberSecurity – Harold Byun
Knowing what happened is only half the battle. – Grayson Lenik
Mitigating the Alert – Impact Prevention in a super active security battlefield – Brian Read
One Ring to Rule Them All – Hardware isolation and the future of virtualization security – Simon Crosby
SIEM and the Art of Log Management – Jeff Pold and Ron Pettit
Taking back Endpoint Control! – John Beal
The State of Software Security – Chris Wysopal

Keynotes

“Welcome to SecTor 2014” – Brian Bourne
New Era Risk Management: Using Information to Predict, Understand and Mitigate Organizational Threats – Ray Boisvert
The Connected Car: Security Throwback – Chris Valasek
The Extinction of Trust – Felix ‘FX’ Lindner
$#!T My Industry Says. . . – Kellman Meghu

Tech Track

ALL YOUR MACS ARE BELONG TO US – Christopher Elisan
Attrition Forensics, Digital Forensics For When the Going Gets Tough and the Stakes Are High – Troy Larson
Corporation in The Middle – Lee Brotherston
Demystifying the mobile network – Chuck McAuley
Document Tracking for Fun, Insight, and Profit – Roy Firestein
Elevator Hacking: From the Pit to the Penthouse – Deviant Ollam and Howard Payne
Cybercrime 101 – Christopher Pogue
Hide it with encryption, display it with performance – Brandon Niemczyk and Prasad Rao
How’d That End Up On Pastebin? – Ryan Linn
Hunting Malware on Linux Production Servers: The Windigo Backstory – Olivier Bilodeau
KickaaS Security with DevOps and Cloud – Rich Mogullsau
Mobile Fail: Cracking Open “Secure” Android Containers – Chris John Riley
Pentesting in SDN – Owning the controllers – Roberto Soares
Play Flappy Bird while you pentest Android in style – Chris Liu and Matthew Lionetti
POS Malware Evolved – Josh Grunzweig
Predictions Panel – Moderated by Bruce Cowper
Reverse Engineering a Web Application – For Fun, Behavior & WAF Development – Rodrigo Montoro and Daniel Cid
Stay Out of the Kitchen: A DLP Security Bake-off – Zach Lanier
The Internet of Fails: Where IoT Has Gone Wrong and How We’re Making It Right – Mark Stanislav and Zach Lanier
The Latest Changes to SAP Security Landscape – Alexander Polyakov
Unmasking Careto through Memory Analysis – Andrew Case

Management Track

Asymmetry in Network Attack and Defense – William Peteroy
FAIL Panel Again! Third time’s the charm – Ben Sapiro, Dave Lewis, James Arlen
Human Metrics – Measuring Behavior – Lance Spitzner
Quantitative Risk Analysis and Information Security: An OpenFair Case Study from BMO – Laura Payne
Re-Thinking Security Operations – Dave Millier and Mike Lecky
Scaling Security in Agile Scrum – Chris Eng
Security Awareness Has Failed: A Suggested New Approach! – Francois van Heerden

SECurity FUNdamentals Track

Covering my IaaS: Security and Extending the Datacenter – Brian Bourne and Tadd Axon
Identity in the Age of the Cloud – Madhu Mahadevan
Pulling back the covers on credit card fraud: A detailed look at financial fraudware. – Chester Wisniewski
So, you want to be a pentester? – Heather Pilkington
Stupid H4x0r Tricks v2.0 – Stupid is as Stupid Does – Chris Pogue and Grayson Lenik
The Things You See (and Application Scanners Won’t) – Chuck Ben-Tzur
What’s Behind “Big Data” and “Behavioral Analytics” – Stephan Jou

Sponsors Track

4 Undeniable Truths about Advanced Threat Protection – Patrick Vandenberg
A New Way to Look at Endpoint Security – IT’s Job in a Connected World – Claudio Damaso and Alex Binotto
Anatomy of a Credit Card Stealing POS Malware – Amol Sarwate
Casting Light on a Dark Web – Aamir Lakhaniaaron
Check Point Compliance Software Solutions “Your Second Set of Eyes” – Scott Tripp
CYDBA: Protecting Your Applications’ Rear End – Josh Shaul
Data protection and Identity Management at cloud scale – Jasbir Gill
The Theory of Cyber Security Evolution: Adopting Continuous Active Threat Protection and Security as a Service – Mark Sangster
Getting Into Mobile Without Getting Into Trouble, A Guide for the Stodgy Old Enterprise – Greg Kliewer
How Scalar is Providing Information Security Services to the TO2015 Pan Am and Parapan American Games – Frederic Dorré
Introducing Recog, an open source project utilizing Sonar data for asset and service identification – Ross Barrett & Ryan Poppa
Next Generation SOC: Building a Learning Security Ecosystem Using HP ArcSight Technology – Matt Anthony
OS Legacy Systems – Alexander Rau
Phishers are Boring Party Guests: The Value of Analyzing Stale, Recycled Phishing Content – Aaron Higbee
Security for the People: End-User Authentication Security on the Internet – Mark Stanislav
SilverBlight – Craig Williams
The Rise of Threat Detection and Response – Lucas Zaichkowsky

Keynotes

“Welcome to SecTor 2013” – Brian Bourne
“How the West was Pwned” – G. Mark Hardy
“Why We Need DevOps Now: A Fourteen Year Study Of High Performing IT Organizations” – Gene Kim
“Crossing the line; career building in the IT security industry” – Keynote Panel
“Tech it out ” – Marc Saltzman

Tech Track

“BIOS Chronomancy” – John Butterworth
“Big Data Security, Securing the insecurable” – Kevvie Fowler
“Malware Automation” – Christopher Elisan
“MILLION BROWSER BOTNET” – Matt Johansen
“RATastrophe: Monitoring a Malware Menagerie” – Seth Hardy and Katie Kleemola
“Software Refined Networking – The Path To Hell Is Paved With Good Abstraction” – Christofer Hoff
“Running at 99%, mitigating a layer 7 DoS” – Ryan Huber
“Popping the Penguin: An Introduction to the Principles of Linux Persistence” – Mark Kikta
“Exploiting the Zero’th Hour: Developing your Advanced Persistent Threat to Pwn the Network” – Solomon Sonya and Nick Kulesza
“Swiping Cards At The Source: POS & Cash Machine Security” – Ryan Linn and John Hoopes
“Cryptographically Isolated Virtualized Networks – A Community of Interest Approach” – Robert Johnson
“.NET Reversing: The Framework, The Myth, The Legend” – Kelly Lum
“CeilingCat IS Watching You” – Shane MacDougall
“Build Your Own Android Spy-Phone” – Kevin McNamee
“Weaponized Security” – Kellman Meghu
“The World’s Deadliest Malware” – Christopher Pogue
“Your own pentesting army complete with air support” – Philip Polstra
“BREACH: SSL, Gone in 30 seconds” – Angelo Prado and Yoel Gluck
“Pivoting in Amazon clouds” – Andrés Riancho
“Fiber Channel – Your OTHER Data Center Network” – Rob VandenBrink
“Needle in a Haystack – Harnessing Big Data for Security” – Dana Wolf

Management Track

“Return of the Half Schwartz FAIL Panel w/Tales from beyond the echo chamber” – James Arlen, Dave Lewis, Mike Rothman and Ben Sapiro
“Building a Security Operations Center – Lessons Learned” – Yves Beretta
“Reacting to Cyber Crime: Preserving Crucial Evidence for Law Enforcement” – David Connors and Stéphane Turgeon
“SDN : Radically New Network Architecture, Same Old Cyber Security Protection ” – Llewellyn Derry
“Data in the Cloud. Who owns it and how can you get it back?” – Dave Millier
“Microsoft Security Intelligence Report, Canadian Edition” – Tim Rains
“FUFW: 5 Steps to Re-architecting Your Perimeter” – Mike Rothman

SECurity FUNdamentals

“CRYPTOGEDDON – Sector 2013 Edition: Online Cyber Security War Game ” – Todd Dow
“Watching the watchers: hacking wireless IP security cameras” – Artem Harutyunyan and Sergey Shekyan
“Threat Modeling 101” – Leigh Honeywell
“Appsec Tl;dr” – Gillis Jones
“Frayed Edges; Monitoring a perimeter that no longer exists” – Mark Nunnikhoven
“Vulnerability analysis of 2013 SCADA issues” – Amol Sarwate
“How they get in and how they get caught” – Schuyler Towne

Sponsor Track

“Beyond the Smokers Entrance – Physical Security Assessments in Hardened Environments” – Mark Baseggio and Jamie Gamble
“Analyzing Exploit Packs: Tips & Tricks” – Mohamad AL-Bustami
“It Takes a Village: Reducing the Threat Gap by Allying with Your Competition” – Michael A Barkett
“The Threat Landscape” – Ross Barrett and Ryan Poppa
“Stopping Cross Contamination with Network Access Control…”The ULTIMATE PATCH” ” – Toni Buhrke
“Enterprise Forensics = new category that focuses on user activity and what drives the business (analytics + behavior) ” – Gary Freeman
“How to Connect Security to the Business” – Jeanne Glass
“Information & Risk Mitigation” – Neils Johnson
“Trust No One: The New Security Model for Web APIs” – Greg Kliewer
“The US Department of Homeland Security’s Software Assurance Enumerations” – David Maxwell
“Enabling Access Assurance and Identity Intelligence for a multi-perimeter world ” – Sridhar Muppidi
“Vulnerability Management Programs and Lessons Learned from the Field” – Bill Olson
“Securing Enterprise Mobility beyond MDM” – Danny Pehar and Ali Afshari
“The Bad Boys of Cybercrime” – Christopher Pogue
“Identity & Access Governance: Key to Security or Completely Useless?” – Jackson Shaw
“Modern Malware and APTs – What Current Controls Can’t See” – Ajay Sood
“Ending the information security arms race with end-to-end encryption” – Jill Walsh
“Fortifying Canada’s Cyberspace: Together” – John Weigelt
“Today’s Cyber Threat Landscape – Prevention is no cure” – Lucas Zaichkowsky

Keynotes

“When Does Lawful Access Become Lawful Surveillance: The Future of Lawful Access in Canada” – Michael Geist
“How NOT to do Security: Lessons Learned from the Galactic Empire”
– Kellman Meghu
“Exploring the NFC attack surface” – Charlie Miller
“Global Efforts to Secure Cloud Computing” – Jim Reavis

Tech Track

“With new technologies come new vulnerabilities” – Chuck Ben-Tzur
“Sploitego – Maltego’s (Local) Partner in Crime” – Nadeem Douba
“Pwned in 60 Seconds – From Network Guest to Windows Domain Admin”
– Zack Fasel
“Hadoop Forensics, Tackling the elephant in the room” – Kevvie Fowler
“The More Things Change: The vulnerabilities that time forgot” – Jamie Gamble
“Poortego: An OS-INT correlation tool for the 99%” – Mike Geide
“Recent Advances in IPv6 Security” – Fernando Gont
“APT ALL THE THINGS: are Mac users no longer safe?” – Seth Hardy
“Monday Night Malware” – Jibran Ilyas & Christopher Pogue
“Conquer the Beast – How to Effectively Manage Open-source Intelligence Outbursts” – Kevvie Fowler and Naveed Ul Islam
“Reversing Patches for Exploit Creation, Pen-Testing or Just Fun!” – Bharat Jogi
“Hunting Carders for fun and profit” – Grayson Lenik
“Hey, I just middled you, and this is crazy” – Ryan Linn
“Hacking .NET Applications: The Black Arts (v2)” – Jon McCoy
“Threat Attribution via DNS” – Gunter Ollmann
“Introducing ‘Android Security Evaluation Framework’ – ASEF” – Parth Patel
“Anti-Forensic Techniques and Countermeasures” – Michael Perklin
“Sniper Forensics: Reloaded” – Christopher Pogue
“Microsoft Security Intelligence Report; Canadian Edition” – Tim Rains
“VMware ThinApp: Does Isolation Trim your Risk?” – Tyler Reguly
and Jordan Powers
“Building Dictionaries and Destroying Hashes Using Amazon EC2”
– Steve Werby

Management Track

“*PT, Chinese cyber-something, the summer of breach and doing it wrong”
– Ben Sapiro, Mike Rothman, Dave Lewis and James Arlen
“Cybercrime in Canada: a Law Enforcement Perspective” – Dave Black
“How I Learned to Stop Worrying and Love the Cloud ” – Chris Carpenter
“The Defense RESTs: Automation and APIs for Better Security” – David Mortman
“Controlling BYOD before it Becomes Your Own Demise” – Mike Rothman
“Microsoft’s Response Process: 10 Years of Hard-Knock Learning”
– David Seidman and Jeremy Tinder
“A Forecast of Data Loss in Canada” – Dave Senf
“BlackHat to Black Suit” – James Arlen
“Network forensics – the orphan child of cyber investigations” – Robert Beggs
“Targeted Malware Attacks – Sophisticated Criminals or Babytown Frolics?”
– Josh Grunzweig and Ryan Merritt
“Introduction to Web Application Testing” – Dave Millier and Assef G. Levy
“Physical Security In Context” – Schuyler Towne
“Inside the Blackhole Exploit Kit (BHEK)” – Chester Wisniewski
“DNSSEC: Securing the DNS and beyond” – Paul Wouters

Turbo Track

“Hitting Above The Security Mendoza Line” – Ed Bellis
“Getting Shells When Metasploit Fails” – Ryan Linn
“Security Organizational Behaviour – making people part of the solution”
– John Proctor
“Forget Malicious Links and Fear the QR Code” – Steve Werby

Sponsor Track

“Life’s a Breach! Lessons Learned from Recent High Profile Data Breaches”
– Ross Barrett
“Web Application Scanning in the SDLC” – Will Bechtel
“Best Practices on building and operationalizing Microsoft SCOM for health and performance monitoring.” – Rodney Buike
“Engineering the Social Animal” – Robert Falzon
“Mobile Security: Protecting your Corporate Smartphones from Malware & Targeted Attacks” – Dennis Fisher
“Face Today’s Threats Head-On: Best Practices for a BYOD World”
– Sangameswaran Manikkayam Iyer
“Exposing Enterprise Services to Mobile Platforms” – Greg Kliewer
“Differences between SOA/XML Gateway and a Web Application Firewall”
– Jason Macy
“Importance of integrating network forensics with host forensics” – Jason Mical
“ACTing Out – Automated Compliance Testing” – Dave Millier
“Microsoft Trustworthy Computing Cloud Security, Privacy, and Reliability in a Nutshell” – Tim Rains
“Using a SIEM Solution to Enable the Business” – Matthew Schnarr
“The Kill Chain and Evolution in Intrusion Detection Mechanisms ”
– Eldon Sprickerhoff
“Threat Intelligence: What makes it smart” – C. Thomas
“The Benefit of a “Research-Driven” IT Security Partner, especially in this day of Modern Malware” – William Tysiak and Elvis Gregov

Keynotes

“Trust me, I am a cloud vendor!” – Bruce Cowper
“Thinking Differently: Bringing the Hacker Mindset to the Corporate Environment” – Joe Grand
“Online Attacks and Espionage by Nation-States” – Mikko Hypponen
“The Bizarre Business of Rogue Internet Pharmacies” – Brian Krebs

Tech Track

“Near Field Communications (NFC) mobile security for those with No F’ing Clue” – Corey Benninger and Max Sobell
“FireShark – A Tool to Link the Malicious Web” – Stephan Chenette
“Weaponizing The Smartphone: Deploying The Perfect WMD” – Nicholas Donarski
“Finding Evil in Live Memory” – Michael J. Graven
“What is an APT without a sensationalist name?” – Seth Hardy
“Time and Place: Finding Evil with Atemporal Time Line Analysis” – Dave Hull
“A Replicant by Any Other Name: A Security Analysis of the BlackBerry PlayBook” – Zach Lanier and Ben Nell
“I’m Your MAC(b)Daddy” – Grayson Lenik
“Progression of a Hack” – Ryan Linn
“Browser Security Face-off: Browser Security Edition” – Paul Mehta and Shawn Moyer
“HTTP Header Hunter – Looking for malicious behavior into your http header traffic” – Rodrigo Montoro
“A Technical View on Cloud Security: How Not To Get Your Undies In A Bunch aka Please Don’t Squeeze The Charmin ” – David Mortman
“SSD: Solid State Drives & How They Work For Data Recovery And Forensics” – Scott Moulton
“Targeted and Opportunistic Botnet Building” – Gunter Ollmann
“Malware FreakShow” – Nicholas J. Percoco and Jibran Ilyas
“Sniper Forensics v3.0: Hunt” – Chris Pogue
“Infosec Sheepdogs: Creating an Abstraction/Translation Layer Between InfoSec and Law Enforcement” – Nick Selby
“How to Survive DDoS the Play at Home Game” – Michael Smith
“Bust a Cap in an Android App” – Patrick Szeto and Maxim Veytsman
“Wireless Hacking Techniques and Tips” – Kent Woodruff
“FACEROUTE: Mapping and Harvesting Social Media Sites” – Rob VandenBrink

Management Track

“Security When Nanoseconds Count” – James Arlen
“It’s Not About the “Warm Fuzzy” – How to Plan for a Comprehensive Penetration Exercise” – Kai Axford
“The Search for Intelligent Life” – Ed Bellis
“Built What? Why The Bad Guys Do It Better” – Sean Bodmer
“Change Happens: CISO Survival Through Adaptation” – Jack Daniel, David Mortman, Gal Shpantzer, Michael Smith and Stacy Thayer
“Everything You Need to Know about Cloud Security (and then some)” – Mike Rothman
“Binary Risk Analysis” – Ben Sapiro

Turbo Track

“OSSAMS, Security Testing Automation and Reporting” – Adrien de Beaupré
“Cubical Warfare, The next Arms Race” – Jason Kendall
“Incident Response Kung fu: Tree Style” – Jason Kendall
“Disc Detainer Locks” – Schuyler Towne

Sponsor Track

“Security Testing” – Areg Alimian
“Walking on the Crocs back – when security measures fail” – Travis R. Barlow
“Mapping The Penetration Tester’s Mind – An introduction to a pentester’s approach to security audits” – Nicholas Donarski
“Detecting The Insider Threat- Finding The Needle in Stack of Needles” – Omar Garcia
“Earth vs. The Giant Spider: Amazingly True Stories of Real Penetration Tests” – Rob Havelt
“Be Ready for IPv6 Migration and Beyond! ” – Cricket Liu
“Evolution of Digital Forensics” – Jason Mical
“Building a GRC Strategy” – Dave Millier
“Anatomy of a Data Breach: Exploring the Current Threat Landscape” – Paul Pinkney
“Cybersecurity, the Law, and You” – Bill Roth
“Think outside the enterprise security box” – John Trollinger
“Information Security and Risk pertaining to smart phone and mobile devices” – Nicholas (Nic) Wetton

Keynotes

SecTor 2010 Introduction – Brian Bourne
“The Problem with Privacy is Security” – Tracy Ann Kosa
“Today’s Face of Organized Cyber Crime: A Paradigm for Evaluating Threat” – Steve Kelly
“Attribution for Intrusion Detection” – Greg Hoglund
“Involuntary Case Studies in Data Security” – Mike Rothman

Tech Track

“SCADA and ICS for Security Experts: How to avoid cyberdouchery” – James Arlen
“Starting an InfoSec Company: Three Founder’s Stories” – Robert Beggs, Dave Millier, Brian O’Higgins and Eldon Sprickerhoff
“Building the DEFCON network, making a sandbox for 10,000 hackers” – David Bryan and Luiz Eduardo
“Dissecting the Modern Threatscape: Malicious Insiders, Industrialized Hacking, and Advanced Persistent Threats” – Brian Contos
“Sharingan – A Ninja art to Copy, Analyze and Counter Attack” – Mrityunjay Gautam
“CLOUDINOMICON: Idempotent Infrastructure, Survivable Systems & Bringing Sexy Back to Information Centricity” – Chris Hoff
“Google’s approach to malware on the web” – Fabrice Jaubert
“IPv6, for worse or better” – Joe Klein
“Metasploit Tips and Tricks” – Ryan Linn
“Inside The Malware Industry” – Garry Pejski
“Malware Freakshow 2010” – Jibran Ilyas and Nicholas J. Percoco
“How I Met Your Girlfriend” – Samy Kamkar
“Into the Black: Explorations in DPRK” – Mike Kemp
“What’s Old Is New Again: An Overview of Mobile Application Security” – Zach Lanier and Mike Zusman
“Into the Rabbit Hole” – Rafal Los
“Black Berry Security FUD Free” – Adam Meyers
“Beyond Exploits: Real World Penetration Testing” – HD Moore
“The Four Types of Lock” – Deviant Ollam
“Sniper Forensics v2.0 – Target Acquisition” – Christopher Pogue
“Web Application Payloads” – Andres Pablo Riancho
“Distributed Denial of Service: War Stories from the Cloud Front” – Michael Smith

Management Track

“Gates, Guards, and Gadgets: An Introduction to the Physical Security of IT” – Kai Axford
“SDL Light: A practical Secure Development Lifecycle for the rest of us” – Marisa Fagan
“Mastering Trust: Hacking People, Networks, Software, and Ideas.” – Pete Herzog
“How Many Vulnerabilities? And Other Wrong Questions” – David Mortman
“Smashing the stats for fun and profit v.2010” – Ben Sapiro
“400 Apps in 40 Days” – Sahba Kazerooni and Nish Bhalla
“How do we prevent, detect, respond and recover from CRM failures?” – Kelly Walsh

Turbo Track

“Cloud definitions you’ve been pretending to understand” – Jack Daniel
“64-bit Imports Rebuilding and Unpacking” – Sebastien Doucet
“Building your own secure U3 launchable Windows forensic toolkit” – Jason Kendall
“Securing your network with open-source technologies and standard protocols: Tips & Tricks” – Nick Owen
“Fuzzing Proprietary Protocols – A Practical Approach” – Thomas Proll
“Barcodes: Read it, Write it, Hack it” – Michael Smith
“BLINDELEPHANT: Web Application Fingerprinting with Static Files” – Patrick Thomas
“OMG-WTF-PDF” – Julia Wolf

Sponsor Track

“Microsoft’s cloud security strategy” – Mohammad Akif
“Do it yourself – Security Assessments made easy and FREE” – John Andreadis
“Crime & Carelessness: Gaps that Enable the Theft of Your Most Sensitive Information” – Ryan Boudreau
“Unidirectional Connectivity as a Security Enabler for SCADA and Remote Monitoring Applications” – Lior Frenkel
“Beyond Aurora’s Veil: A Vulnerable Tale” – Derek Manky
“A Day in the life of APT” – Adam Meyers
“Realize More Value From Your Existing security Tools” – Dave Millier
“Metasploit Pro – An HD Moore Production” – HD Moore
“Culture Shift: Social Networking and Enterprise Environments (Security Risk vs Reward)” – John W. Pirc
“Today’s Reality: Living in Compromise to Advanced Persistent Threats” – Charlie Shields
“By The Time You’ve Finished Reading This Sentence, ‘You’re Infected'” – Eldon Sprickerhoff
“Emerging Threats, The Battle for the Access edge” – Mark Townsend

Keynotes

SecTor 2009 Introduction – Brian Bourne
“Cloudification” – Christofer Hoff
“A day in the life of a hacker…” – Adam Laurie (Major Malfunction)
“Consumer Internet Identity” – Andrew Nash , Paypal
 

Sessions

“To cache a thief | Using database caches to detect SQL Injection attacks” – Kevvie Fowler
“w3af – A framework to own the web – Part 1” – Andres Riancho
“Nsploit: Popping boxes with Nmap” – Ryan Linn
“The GhostNet Story” – Nart Villeneuve
“Smashing the stats for fun and profit” – Ben Sapiro
“Weaponizing the Web: More attacks on User-Generated Content” – Nathan Hamiel and Shawn Moyer
“Towards a more secure online banking… ” – Nick Owen
“Game Over, Man: Gamers Under Fire” – Chris Boyd
“Portable Document Malware, the Office, and You – Get owned with it, can’t do business without it” – Seth Hardy
“Your Mind: Legal Status, Rights and Securing Yourself” – James Arlen, Tiffany Strauchs Rad
“When Web 2.0 Attacks – Understanding AJAX, Flash and “Highly Interactive” Technologies” – Rafal Los
“Crimeware: Web Exploitation Kits Revealed” – Roy Firestein
“DNSSEC deployment in Canada” – Paul Wouters, Norm Ritchie
“Sniper Forensics – Changing the Landscape of Modern Forensics and Incident Response”” – Christopher E. Pogue
“Malware Freakshow” – Nicholas Percoco and Jibran Ilyas
“SSLFail.com Panel Discussion” – Jay Graver, Tyler Reguly, Mike Zusman
“Hacking the Privacy Legislation” – Tracy Ann Kosa
“The Past, Present & Future – SQL Injection” – Jerry Mangiarelli
“Massively Scaled Security Solutions for Massively Scaled IT” – Michael Smith
“Cain BeEF Hash: Snagging passwords without popping boxes” – Ryan Linn
“Consumerization and Future State of Information Warfare” – Robert “RSnake” Hansen
“Retaliation: Breaking Attack Vectors in the Infrastructure” – Jennifer Jabbusch
“Deblaze – A remote method enumeration tool for flex servers” – Jon Rose

Keynotes

SecTor 2008 Introduction – Brian Bourne
David Black – The RCMP National Security Criminal Investigations Program
Lunch Panel: Security in the Real World
No-Tech Hacking – Johnny Long
Baggage: What I took with me when I ‘left’ Computer Security – Stephen Toulouse
 

Sessions

Security and Robustness in Backbone Design – Raven Alder
Exploit-Me for Fun and Profit – Jamie Gamble & Tom Aratyn
Security Heretic: We’re Doing It Wrong – James Arlen
Owning the Users with The Middler – Jay Beale
Pwning the proxy – Dino Covotsos
More SCADA/ICS Security: Findings from the field – Mark Fabro
Double Trouble: SQL Rootkits and Encryption – Kevvie Fowler
Googless – Christian Heinrich
The New New Thieves and Contemporary Security Analysis – Pete Herzog
The Four Horsemen Of the Virtualization Security Apocalypse: My Little Pwnie Edition – Christofer Hoff
Under the iHood – Cameron Hotchkies
Network Security Stripped: From layered technologies to the bare essentials – Jennifer Jabbusch (jj)
RFID Unplugged – 3ric Johanson
New Research on Canadian Privacy Breaches – Tracy Ann Kosa
Metasploit Prime – H D Moore
Ten Things Everyone Should Know About Lockpicking & Physical Security – Deviant Ollam
Advanced Spear Phishing Attack Framework – Joshua Perrymon
Novel Malware Detection – Bruce Potter
Tracking Current and Future Botnets – Matt Sergeant
Finding Cryptography in Object Code – Jason Wright
The Future of Snort: Why it must change for network security to live – William Young

Keynotes

SecTor 2007 Introduction – Brian Bourne
Growing The Security Profession – Dr. Richard Reiner
Zen and the Art of Cybersecurity – Ira Winkler
Defending Layer 8 – Steve Riley
A Law Enforcement Perspective – Carole Bird
 

Sessions

Black Ops 2007: DNS Rebinding Attacks – Dan Kaminsky
Cybercrime, CVEs, OVAL, CME and why you must care! – Gary S. Miliefsky
Data on Threat Evolution – What 47 Leading Security Vendors Are Seeing – Ben Sapiro
DNSSEC: Theory and Worldwide Operational Experiences – Paul Wouters
Exploit-Me Series – Free Firefox Application Penetration Testing Suite Launch – Nish Bhalla and Rohit Sethi
Hacking Bluetooth for Fun, Fame and Profit – Dino Covotsos
Hacking Hollywood – Johnny Long
How Close is the Enemy – Kevin G. Coleman
Human Factor vs. Technology – Joanna Rutkowska
Modern Trends in Network Fingerprinting – Jay Graver and Ryan Poppa
NAC@ack – Dror-John Roecher and Michael Thumann
Process Control and SCADA: Protecting Industrial Systems from Cyber Attack – Mark Fabro
Security Challenges in Virtualized Environments – Joanna Rutkowska
Securing Commodity Systems using Virtual Machines – David Lie
SQL Server Database Forensics – Kevvie Fowler
State of the Hack – Kevin Mandia
TCP/IP Perversion – Rares Stefan
The Evolution of Phishing to Organized Crime – Rohyt Belani
Web Application Worms: The Future of Browser Insecurity – Mike Shema
Wireless Security – What Were They Thinking – Brad ‘Renderman’ Haines
You’re Just Not Pretty Enough to Do Investigations – Kai Axford and local law enforcement
Legend: Video Presentation
PDF of Presentation
Tools