Presentations

The presentations and videos for 2017 will be posted in the week(s) following the conference. Be sure to check back regularly, and follow our social media on @sectorca, /SecTorConference, /SecTorConference, and on our blog at sector.ca/category/blog for updates.

Keynotes

“Welcome to SecTor 2017” – Brian Bourne
Fighting Cyber(in)securityDavid Shrier
Prosperity and Security: A Renewed Approach to Cyber Security for CanadaColleen Merchant
Security and Privacy in a Hyper-connected WorldBruce Schneier
Winning DefenseAllison Miller

Tech Track

“BlueBorne” Explained – New Attack Vector Exposing 5B+ DevicesNadir Izrael
A Deep Dive into the Digital Weapons of Mysterious Cyber ArmyChi-en Shen (Ashley)
Attacking Modern SaaS CompaniesSean Cassidy
Botract – Abusing smart contracts and blockchain for botnet command and controlMajid Malaika
Breaking the Laws of Robotics: Attacking Industrial RobotsStefano Zanero
Disrupting the Mirai BotnetChuck McAuley
FAIL Panel Version 5 – EquiFAIL!James Arlen, Dave Lewis, Ben Sapiro, Rich Mogull
Gitting Betrayed: How agile practices can make you vulnerableClint Gibler, Noah Beddome
Improving Incident Response for ICSDean Parsons
Incident Response and Forensics in AWSJonathon Poling
Lies and Damn Lies: Getting Past the Hype Of Endpoint Security SolutionsLidia Giuliano
MS Just Gave the Blue Team Tactical Nukes (And How Red Teams Need to Adapt)Chris Thompson
Pwning a Smart Home in Under 10 MinutesAditya Gupta
Reverse Engineering Automotive DiagnosticsEric Evenchick
Rootkits vs Ransomware 2.0. Using evil to fight for goodBoris Rudakov
Securing Shopify’s PaaS on GKEJonathan Pulsifer
The Black Art of Wireless Post-ExploitationGabriel Ryan
The Cyberwar Playbook: Financial Services as Critical InfrastructureJennifer Fernick, Louise Dandonneau
The quantum threat: what really matters today?Michele Mosca, Vlad Gheorghiu
Threat Hunting an Evolving Malware Campaign and the Actors Behind ItJeremy Richards
When Two-Factor Authentication is a Foe: Breaking the iCloud KeychainVladimir Katalov

Management Track

Best Practices to Secure Application Containers and MicroservicesAnil Karmel
Does a BEAR Leak in the Woods? What the DNC breach, Guccifer and Russian APT’s have taught us about attribution analysisToni Gidwani
Establishing the CSIRT Team for The Rio 2016 Olympic GamesRômulo Rocha
GDPR for Canadian Organisations – What you need to know!Bruce Cowper
Leveraging Best Practices to Determine Your Cyber Insurance NeedsDave Millier, Matthew Davies
Power Up/Level Up: Supercharging Your Security Program for Cloud and DevOpsRich Mogull
Your Chance to Get It Right: 5 Keys to Building AppSec Into DevOpsChris Wysopal

SECurity FUNdamentals

After the Incident: DIY Forensic CollectionEugene Filipowicz
Barbarians At The Gate(way): An Examination Of The Attacker’s Tool BoxDave Lewis
Breach Happens: Effectively Responding to a Data BreachIain Paterson
Building Your Own Open-source Android Penetration Testing PlatformAmadeus Konopko, Jean-Paul Mitri
Common Attacks Against Active Directory and How to Protect your Organization Against ThemKevin McBride
Frugal Web Application Testing – Can in-house penetration testing achieve industry standard results while saving you money?Harshal Chandorkar, Natalia Wadden
Top SIEM Use Cases You Should Implement TodayJulian Pileggi

Sponsor Track

Boosting Canada’s Cyber Immune System for Internet HealthMatt Broda
Building a Secure Foundation for the Internet of Things (IoT)John Grimm
Building Your Own Automated Malware Analysis Lab for Insights on Active Threats.Kurtis Armour
Cloud Security is Application Security – Securing the Cloud as a TeamJohn Turner
Cyber Crime and Financial Crime: different sides of the same coinTyson Macaulay
Decoding Cyberespionage from Insider MistakesKen Bell
How to Ramp Up Security Operations to Stop Advanced ThreatsDavid Millar
Hunting Ransomware: Automate protection to get ahead of the next global outbreakSean Earhard
Insider Threat Analytics & Anomalous BehaviorsCarl Miller
Moving Up the Security Maturity Curve – The Sisyphean TaskJamie Hari
Prioritizing Vulnerability Remediation From an Attacker’s PerspectiveBharat Jogi
Privileged Access Security for Hybrid Cloud: Secure Amazon, Azure and Google EnvironmentsWade Tongen
Security Automation and Orchestration That Won’t Get You FiredSyra Arif
Security consideration for Microservices using Container TechnologyRalph Janke
Skin​ ​in​ ​the​ ​Game:​ ​How​ ​Security​ ​Teams​ ​are​ ​Scaling​ ​Through​ ​IT​ ​OrchestrationJen​ ​Andre
Take Best Practices to the Next LevelKen Muir
The Future of PrivacyDavid Fewer
The Power Of IntegrationBrian Read
The Spy in Your PocketBobby Buggs
The State of the Phish and ResponseMike Saurbaugh
Threat hunting demystified – Strengthening risk management through proactive investigation and responseMichael Otto

Tools Track

Chkrootkit: Eating APTs at Breakfast Since 1997Nelson Murilo
Extending BloodHound for Red TeamersTom Porter
Metasploit Community: Tips, Tricks and What’s NewJeffrey Martin
NOAH: Uncover the Evil Within! Respond Immediately by Collecting All the Artifacts AgentlesslyPierre-Alexandre Braeken
Security Training in a (Virtual) BoxMarcelle Lee, Joe Gray
TLS Tools for Blue TeamsLee Brotherston
Weapons of a PentesterNick Aleks

Career Track

Developing Your Career in IT Security (2017)Dave Millier, Eric Belzile, Laura Payne, Mike Murray, Nik Alleyne

Keynotes

“Welcome to SecTor 2016” – Brian Bourne
Defense Against the Dark Arts: Examining, Fixing and Fighting for our Cyber Defenses – Edward Snowden
It’s 2016: What can you do about gender balance in Information Security? – Laura Payne and Co., Alexis Lavi, Andrea Stapley, Julie Leo, Karen Nemani, Marilyn Blamire
Retaking surrendered ground: making better decisions to fight cybercrime – Chris Pogue
Securing Our Future – Mikko Hypponen

Tech Track

[Ab]using TLS for defensive wins – Lee Brotherston
AirBnBeware: short-term rentals, long-term pwnage – Jeremy Galloway
CANtact: Open Source Automotive Tools – Eric Evenchick
Control system security, are we living on luck? – Chris Sistrunk
Crash Course in Kubernetes & Security – Matt Johansen
EventID Field Hunter (EFH) – Looking for malicious activities in your Windows events – Rodrigo Montoro
Hack Microsoft by using Microsoft signed binaries – Pierre-Alexandre Braeken
Hiding in Plain Sight – Taking Control of Windows Patches – Travis Smith
How to build a malware classifier [that doesn’t suck on real-world data] – John Seymour
How To Secure Serverless Applications – Kellman Meghu
Jihadism and Cryptography, from internet to softwares – Julie Gommes
Lessons Learned Hunting IoT Malware – Olivier Bilodeau
Making sense of a million samples per day: Behavior-based Methods for Automated, Scalable Malware Analysis – Stefano Zanero
Open Source Malware Lab – Robert Simmons
Practical Static Analysis for Continuous Application Security – Justin Collins
Purple Teaming the Cyber Kill Chain: Practical Exercises for Management – Chris Gates, Haydn Johnson
RTF Abuse: Exploitation, Evasion and Counter Measures – Devon Greene
Securing Network Communications: An Investigation into Certificate Authorities on Mobile – Andrew Blaich
The State of SCADA on the Internet – Kyle Wilhoit
Utilizing Memory and Network Forensics for Scalable Threat Detection and Response – Andrew Case
WiFi Exploitation: How passive interception leads to active exploitation – Solomon Sonya

Management Track

Cybersecurity in an era with quantum computers: will we be ready? – Michele Mosca
Data-Driven Computer Security Defense – Roger Grimes
Getting Business Value from Penetration Testing – Mark Bassegio, Tim West
How to Rob a Bank or The SWIFT and Easy Way to Grow Your Online Savings – Cheryl Biswas
Introducing G.Tool – A batteries included framework for building awesome GRC tools without wasting money. – Ben Sapiro
Safety Should be the Security Paradigm – Chris Wysopal
Security by Consent, or Peel’s Principles of Security Operations – Brendan O’Connor

SECurity FUNdamentals

All roads lead to domain admin, a part of a presentation series: From breach to C.D.E. Part I – Yannick Bedard
Can massive data harvesting drive down the time to breach detection? – Sean Earhard
Expanding Your Toolkit the DIY Way – Chris Maddalena
IPv6 for the InfoSec Pro on the Go – Allan Stojanovic
Lighting up the Canadian Darknet Financially – Milind Bhargava, Peter Desfigies, Philip Shin
The Power of DNS: Gaining Security Insight Through DNS Analytics – Scott Penney
The Security Problems of an Eleven Year Old and How To Solve Them – Jake Sethi-Reiner
Fail Panel – James Arlen

Sponsor Track

An Effective Approach to Automating Compliance Activities – Dave Millier
Defending Against Phishing: Effective Phishing Incident Response Using Employees, Incident Responders, and Intelligence. – Mike Saurbaugh
Eliminating the Automation and Integration Risks of the “Security Frankenstein” – Chris Pogue
Exposing Ransomware: Intelligent cybersecurity for the real world. – Sean Earhard
Global Encryption Usage is on the Rise! – Si Brantley
Held for Ransom: Defending your Data Against Ransomware – James L. Antonakos
Lessons from the Attack Chain: Bolster Your IR Program – Eric Sun
Network virtualization to enhance context, visibility and containment – Bruno Germain
Next-Gen Now, Outsmarting ransomware, exploits and zero-day attacks – Keir Humble
Overwhelmed By Security Vulnerabilities? Learn How To Prioritize Remediation – Amol Sarwate
Rethinking Threat Intelligence – Danny Pickens
Securing a Cloud-Based Data Center – Peter Cresswell
Stopping the Attacker You Know – Brian Read
The Cyber Security Readiness of Canadian Organizations – Ryan Wilson
The Emerging Era of Cognitive Security – Peter Allor
The Industry Need for Cloud Generation Security – Ryan Leonard
Understanding Ransomware: Clear and Present Danger – Raul Alvarez
Threat Landscape, Technology in action – Robert Falzon
Why Technology is Not the Answer to Cybersecurity – Sean Blenkhorn

Career Track

Developing Your Career in IT Security – Panel

Keynotes

“Welcome to SecTor 2015” – Brian Bourne
Big Data Needs Big Privacy … Enter Privacy by Design – Dr. Ann Cavoukian
IT Security Operations: Successful Transformation – Kristin Lovejoy
Globalization of Cybercrime – Jason Brown
Maturing InfoSec: Lessons from Aviation on Information Sharing – Trey Ford

Tech Track

Automation is your Friend: Embracing SkyNet to Scale Cloud Security – Mike Rothman
Breaking Access Controls with BLEKey – Mark Bassegio and Eric Evenchick
Breaking and Fixing Python Applications – Enrico Branca
Complete Application Ownage via Multi-POST XSRF – Adrien de Beaupré
Confessions of a Professional Cyber Stalker – Ken Westin
Cymon – An Open Threat Intelligence System – Roy Firestein
Data-Driven Threat Intelligence: Metrics on Indicator Dissemination and Sharing – Alex Pinto
DevOps For The Home – Kellman Meghu
Drug Pump and Medical Device Security – Jeremy Richards
Exploitation Trends: From Potential Risk to Actual Risk – Tim Rains
Hijacking Arbitrary .NET Application Control Flow – Topher Timzen
Incoming Threats At the Speed of Retail – Wendy Nather
Learning To Love Your Attackers – Ryan Linn
Making & Breaking Machine Learning Anomaly Detectors in Real Life – Clarence Chio
Malware Activity in Mobile Networks – An Insider View – Kevin McNamee
Software Defined Networking / Attacker Defined Networking – Rob VandenBrink
Stealth Attack From The Produce Aisle – Todd Dow and Keith Benedict
Stealthier Attacks and Smarter Defending with TLS Fingerprinting – Lee Brotherston
UNMASKING MALWARE – Christopher Elisan
What Google knows about you and your devices, and how to get it – Vladimir Katalov
Xenophobia is Hard on Data: Forced Localization, Data Storage, and Business Realities – Brendan O’Connor and James Arlen

Management Track

Bulletproofing Your Incident Response Plan: Effective Tabletops – Reg Harnish
CISO Survival Guide: How to thrive in the C-Suite and Boardroom – Chris Wysopal
Dolla Dolla Bill Y’all: Cybercrime Cashouts – Benjamin Brown
Make Metrics Matter – Jessica Ireland
The Effective Use of Cyber Ranges for Application Performance and Security Resilience – Train Like You Fight! – Bob DuCharme
There’s no such thing as a coincidence – Discovering Novel Cyber Threats – Jim Penrose
What does it take to deliver the most technologically advanced Games ever? – Enzo Sacco and Quang Tu

SECurity FUNdamentals

Agile Incident Management – Bringing the “Win” Back to Data and Privacy Breach Responses – Robert Beggs
Building an Effective Vulnerability & Remediation Management Program – Dave Millier
Ground Zero Financial Services: Targeted Attacks from the Darknet – Joe Pizzo
Peeling The Layers Of Vawtrak – Raul Alvarez
Preventing Home Automation Security Disasters – James Arlen
Run Faster, Continuously Harden – Embracing DevOps to Secure All The Things – Chayim Kirshen
Security for non-Unicorns – Ben Hughes
The Internet of Bad Things and Securing the Software Defined Data Center – Ian Redden and Marc Edun

Sponsor Track

2015 State of Vulnerability Exploits – Amol Sarwate
Advanced Threat Analytics: Adapt as Fast as Your Enemies – Jasbir Gill and Lanny Cofman
Advanced Threats: Eliminating the Blind Spot – Fahmy Kadiri
Browser and Environment Hardening – Kurtis Armour
Building Better Indicators: Crowdsourcing Malware IOCs – Sean Wilson
Business Backed CVEs – The Major Vulnerabilities of the Past Year – Atif Ghauri and Brad Antoniewicz
Certifi-gate: Has your Android device been Pwned? – Shai Yanovski
Changing the Game of Threat Hunting – Jim Penrose
Detecting the Bear in Camp: How to Find Your True Vulnerabilities – Ryan Poppa
Effective Ways to Tackle Vulnerability Remediation – Dave Millier
Ensuring the Success of Your IAM Project – Jeremy Hanlon
Exposing Advanced Threats: How big data analytics is changing the way advanced threat defense is deployed, managed and measured – Sean Earhard
Insider Threat – The Soft Underbelly of CyberSecurity – Harold Byun
Knowing what happened is only half the battle. – Grayson Lenik
Mitigating the Alert – Impact Prevention in a super active security battlefield – Brian Read
One Ring to Rule Them All – Hardware isolation and the future of virtualization security – Simon Crosby
SIEM and the Art of Log Management – Jeff Pold and Ron Pettit
Taking back Endpoint Control! – John Beal
The State of Software Security – Chris Wysopal

Keynotes

“Welcome to SecTor 2014” – Brian Bourne
New Era Risk Management: Using Information to Predict, Understand and Mitigate Organizational Threats – Ray Boisvert
The Connected Car: Security Throwback – Chris Valasek
The Extinction of Trust – Felix ‘FX’ Lindner
$#!T My Industry Says. . . – Kellman Meghu

Tech Track

ALL YOUR MACS ARE BELONG TO US – Christopher Elisan
Attrition Forensics, Digital Forensics For When the Going Gets Tough and the Stakes Are High – Troy Larson
Corporation in The Middle – Lee Brotherston
Demystifying the mobile network – Chuck McAuley
Document Tracking for Fun, Insight, and Profit – Roy Firestein
Elevator Hacking: From the Pit to the Penthouse – Deviant Ollam and Howard Payne
Cybercrime 101 – Christopher Pogue
Hide it with encryption, display it with performance – Brandon Niemczyk and Prasad Rao
How’d That End Up On Pastebin? – Ryan Linn
Hunting Malware on Linux Production Servers: The Windigo Backstory – Olivier Bilodeau
KickaaS Security with DevOps and Cloud – Rich Mogullsau
Mobile Fail: Cracking Open “Secure” Android Containers – Chris John Riley
Pentesting in SDN – Owning the controllers – Roberto Soares
Play Flappy Bird while you pentest Android in style – Chris Liu and Matthew Lionetti
POS Malware Evolved – Josh Grunzweig
Predictions Panel – Moderated by Bruce Cowper
Reverse Engineering a Web Application – For Fun, Behavior & WAF Development – Rodrigo Montoro and Daniel Cid
Stay Out of the Kitchen: A DLP Security Bake-off – Zach Lanier
The Internet of Fails: Where IoT Has Gone Wrong and How We’re Making It Right – Mark Stanislav and Zach Lanier
The Latest Changes to SAP Security Landscape – Alexander Polyakov
Unmasking Careto through Memory Analysis – Andrew Case

Management Track

Asymmetry in Network Attack and Defense – William Peteroy
FAIL Panel Again! Third time’s the charm – Ben Sapiro, Dave Lewis, James Arlen
Human Metrics – Measuring Behavior – Lance Spitzner
Quantitative Risk Analysis and Information Security: An OpenFair Case Study from BMO – Laura Payne
Re-Thinking Security Operations – Dave Millier and Mike Lecky
Scaling Security in Agile Scrum – Chris Eng
Security Awareness Has Failed: A Suggested New Approach! – Francois van Heerden

SECurity FUNdamentals Track

Covering my IaaS: Security and Extending the Datacenter – Brian Bourne and Tadd Axon
Identity in the Age of the Cloud – Madhu Mahadevan
Pulling back the covers on credit card fraud: A detailed look at financial fraudware. – Chester Wisniewski
So, you want to be a pentester? – Heather Pilkington
Stupid H4x0r Tricks v2.0 – Stupid is as Stupid Does – Chris Pogue and Grayson Lenik
The Things You See (and Application Scanners Won’t) – Chuck Ben-Tzur
What’s Behind “Big Data” and “Behavioral Analytics” – Stephan Jou

Sponsors Track

4 Undeniable Truths about Advanced Threat Protection – Patrick Vandenberg
A New Way to Look at Endpoint Security – IT’s Job in a Connected World – Claudio Damaso and Alex Binotto
Anatomy of a Credit Card Stealing POS Malware – Amol Sarwate
Casting Light on a Dark Web – Aamir Lakhaniaaron
Check Point Compliance Software Solutions “Your Second Set of Eyes” – Scott Tripp
CYDBA: Protecting Your Applications’ Rear End – Josh Shaul
Data protection and Identity Management at cloud scale – Jasbir Gill
The Theory of Cyber Security Evolution: Adopting Continuous Active Threat Protection and Security as a Service – Mark Sangster
Getting Into Mobile Without Getting Into Trouble, A Guide for the Stodgy Old Enterprise – Greg Kliewer
How Scalar is Providing Information Security Services to the TO2015 Pan Am and Parapan American Games – Frederic Dorré
Introducing Recog, an open source project utilizing Sonar data for asset and service identification – Ross Barrett & Ryan Poppa
Next Generation SOC: Building a Learning Security Ecosystem Using HP ArcSight Technology – Matt Anthony
OS Legacy Systems – Alexander Rau
Phishers are Boring Party Guests: The Value of Analyzing Stale, Recycled Phishing Content – Aaron Higbee
Security for the People: End-User Authentication Security on the Internet – Mark Stanislav
SilverBlight – Craig Williams
The Rise of Threat Detection and Response – Lucas Zaichkowsky

Keynotes

“Welcome to SecTor 2013” – Brian Bourne
“How the West was Pwned” – G. Mark Hardy
“Why We Need DevOps Now: A Fourteen Year Study Of High Performing IT Organizations” – Gene Kim
“Crossing the line; career building in the IT security industry” – Keynote Panel
“Tech it out ” – Marc Saltzman

Tech Track

“BIOS Chronomancy” – John Butterworth
“Big Data Security, Securing the insecurable” – Kevvie Fowler
“Malware Automation” – Christopher Elisan
“MILLION BROWSER BOTNET” – Matt Johansen
“RATastrophe: Monitoring a Malware Menagerie” – Seth Hardy and Katie Kleemola
“Software Refined Networking – The Path To Hell Is Paved With Good Abstraction” – Christofer Hoff
“Running at 99%, mitigating a layer 7 DoS” – Ryan Huber
“Popping the Penguin: An Introduction to the Principles of Linux Persistence” – Mark Kikta
“Exploiting the Zero’th Hour: Developing your Advanced Persistent Threat to Pwn the Network” – Solomon Sonya and Nick Kulesza
“Swiping Cards At The Source: POS & Cash Machine Security” – Ryan Linn and John Hoopes
“Cryptographically Isolated Virtualized Networks – A Community of Interest Approach” – Robert Johnson
“.NET Reversing: The Framework, The Myth, The Legend” – Kelly Lum
“CeilingCat IS Watching You” – Shane MacDougall
“Build Your Own Android Spy-Phone” – Kevin McNamee
“Weaponized Security” – Kellman Meghu
“The World’s Deadliest Malware” – Christopher Pogue
“Your own pentesting army complete with air support” – Philip Polstra
“BREACH: SSL, Gone in 30 seconds” – Angelo Prado and Yoel Gluck
“Pivoting in Amazon clouds” – Andrés Riancho
“Fiber Channel – Your OTHER Data Center Network” – Rob VandenBrink
“Needle in a Haystack – Harnessing Big Data for Security” – Dana Wolf

Management Track

“Return of the Half Schwartz FAIL Panel w/Tales from beyond the echo chamber” – James Arlen, Dave Lewis, Mike Rothman and Ben Sapiro
“Building a Security Operations Center – Lessons Learned” – Yves Beretta
“Reacting to Cyber Crime: Preserving Crucial Evidence for Law Enforcement” – David Connors and Stéphane Turgeon
“SDN : Radically New Network Architecture, Same Old Cyber Security Protection ” – Llewellyn Derry
“Data in the Cloud. Who owns it and how can you get it back?” – Dave Millier
“Microsoft Security Intelligence Report, Canadian Edition” – Tim Rains
“FUFW: 5 Steps to Re-architecting Your Perimeter” – Mike Rothman

SECurity FUNdamentals

“CRYPTOGEDDON – Sector 2013 Edition: Online Cyber Security War Game ” – Todd Dow
“Watching the watchers: hacking wireless IP security cameras” – Artem Harutyunyan and Sergey Shekyan
“Threat Modeling 101” – Leigh Honeywell
“Appsec Tl;dr” – Gillis Jones
“Frayed Edges; Monitoring a perimeter that no longer exists” – Mark Nunnikhoven
“Vulnerability analysis of 2013 SCADA issues” – Amol Sarwate
“How they get in and how they get caught” – Schuyler Towne

Sponsor Track

“Beyond the Smokers Entrance – Physical Security Assessments in Hardened Environments” – Mark Baseggio and Jamie Gamble
“Analyzing Exploit Packs: Tips & Tricks” – Mohamad AL-Bustami
“It Takes a Village: Reducing the Threat Gap by Allying with Your Competition” – Michael A Barkett
“The Threat Landscape” – Ross Barrett and Ryan Poppa
“Stopping Cross Contamination with Network Access Control…”The ULTIMATE PATCH” ” – Toni Buhrke
“Enterprise Forensics = new category that focuses on user activity and what drives the business (analytics + behavior) ” – Gary Freeman
“How to Connect Security to the Business” – Jeanne Glass
“Information & Risk Mitigation” – Neils Johnson
“Trust No One: The New Security Model for Web APIs” – Greg Kliewer
“The US Department of Homeland Security’s Software Assurance Enumerations” – David Maxwell
“Enabling Access Assurance and Identity Intelligence for a multi-perimeter world ” – Sridhar Muppidi
“Vulnerability Management Programs and Lessons Learned from the Field” – Bill Olson
“Securing Enterprise Mobility beyond MDM” – Danny Pehar and Ali Afshari
“The Bad Boys of Cybercrime” – Christopher Pogue
“Identity & Access Governance: Key to Security or Completely Useless?” – Jackson Shaw
“Modern Malware and APTs – What Current Controls Can’t See” – Ajay Sood
“Ending the information security arms race with end-to-end encryption” – Jill Walsh
“Fortifying Canada’s Cyberspace: Together” – John Weigelt
“Today’s Cyber Threat Landscape – Prevention is no cure” – Lucas Zaichkowsky

Keynotes

“When Does Lawful Access Become Lawful Surveillance: The Future of Lawful Access in Canada” – Michael Geist
“How NOT to do Security: Lessons Learned from the Galactic Empire”
– Kellman Meghu
“Exploring the NFC attack surface” – Charlie Miller
“Global Efforts to Secure Cloud Computing” – Jim Reavis

Tech Track

“With new technologies come new vulnerabilities” – Chuck Ben-Tzur
“Sploitego – Maltego’s (Local) Partner in Crime” – Nadeem Douba
“Pwned in 60 Seconds – From Network Guest to Windows Domain Admin”
– Zack Fasel
“Hadoop Forensics, Tackling the elephant in the room” – Kevvie Fowler
“The More Things Change: The vulnerabilities that time forgot” – Jamie Gamble
“Poortego: An OS-INT correlation tool for the 99%” – Mike Geide
“Recent Advances in IPv6 Security” – Fernando Gont
“APT ALL THE THINGS: are Mac users no longer safe?” – Seth Hardy
“Monday Night Malware” – Jibran Ilyas & Christopher Pogue
“Conquer the Beast – How to Effectively Manage Open-source Intelligence Outbursts” – Kevvie Fowler and Naveed Ul Islam
“Reversing Patches for Exploit Creation, Pen-Testing or Just Fun!” – Bharat Jogi
“Hunting Carders for fun and profit” – Grayson Lenik
“Hey, I just middled you, and this is crazy” – Ryan Linn
“Hacking .NET Applications: The Black Arts (v2)” – Jon McCoy
“Threat Attribution via DNS” – Gunter Ollmann
“Introducing ‘Android Security Evaluation Framework’ – ASEF” – Parth Patel
“Anti-Forensic Techniques and Countermeasures” – Michael Perklin
“Sniper Forensics: Reloaded” – Christopher Pogue
“Microsoft Security Intelligence Report; Canadian Edition” – Tim Rains
“VMware ThinApp: Does Isolation Trim your Risk?” – Tyler Reguly
and Jordan Powers
“Building Dictionaries and Destroying Hashes Using Amazon EC2”
– Steve Werby

Management Track

“*PT, Chinese cyber-something, the summer of breach and doing it wrong”
– Ben Sapiro, Mike Rothman, Dave Lewis and James Arlen
“Cybercrime in Canada: a Law Enforcement Perspective” – Dave Black
“How I Learned to Stop Worrying and Love the Cloud ” – Chris Carpenter
“The Defense RESTs: Automation and APIs for Better Security” – David Mortman
“Controlling BYOD before it Becomes Your Own Demise” – Mike Rothman
“Microsoft’s Response Process: 10 Years of Hard-Knock Learning”
– David Seidman and Jeremy Tinder
“A Forecast of Data Loss in Canada” – Dave Senf
“BlackHat to Black Suit” – James Arlen
“Network forensics – the orphan child of cyber investigations” – Robert Beggs
“Targeted Malware Attacks – Sophisticated Criminals or Babytown Frolics?”
– Josh Grunzweig and Ryan Merritt
“Introduction to Web Application Testing” – Dave Millier and Assef G. Levy
“Physical Security In Context” – Schuyler Towne
“Inside the Blackhole Exploit Kit (BHEK)” – Chester Wisniewski
“DNSSEC: Securing the DNS and beyond” – Paul Wouters

Turbo Track

“Hitting Above The Security Mendoza Line” – Ed Bellis
“Getting Shells When Metasploit Fails” – Ryan Linn
“Security Organizational Behaviour – making people part of the solution”
– John Proctor
“Forget Malicious Links and Fear the QR Code” – Steve Werby

Sponsor Track

“Life’s a Breach! Lessons Learned from Recent High Profile Data Breaches”
– Ross Barrett
“Web Application Scanning in the SDLC” – Will Bechtel
“Best Practices on building and operationalizing Microsoft SCOM for health and performance monitoring.” – Rodney Buike
“Engineering the Social Animal” – Robert Falzon
“Mobile Security: Protecting your Corporate Smartphones from Malware & Targeted Attacks” – Dennis Fisher
“Face Today’s Threats Head-On: Best Practices for a BYOD World”
– Sangameswaran Manikkayam Iyer
“Exposing Enterprise Services to Mobile Platforms” – Greg Kliewer
“Differences between SOA/XML Gateway and a Web Application Firewall”
– Jason Macy
“Importance of integrating network forensics with host forensics” – Jason Mical
“ACTing Out – Automated Compliance Testing” – Dave Millier
“Microsoft Trustworthy Computing Cloud Security, Privacy, and Reliability in a Nutshell” – Tim Rains
“Using a SIEM Solution to Enable the Business” – Matthew Schnarr
“The Kill Chain and Evolution in Intrusion Detection Mechanisms ”
– Eldon Sprickerhoff
“Threat Intelligence: What makes it smart” – C. Thomas
“The Benefit of a “Research-Driven” IT Security Partner, especially in this day of Modern Malware” – William Tysiak and Elvis Gregov

Keynotes

“Trust me, I am a cloud vendor!” – Bruce Cowper
“Thinking Differently: Bringing the Hacker Mindset to the Corporate Environment” – Joe Grand
“Online Attacks and Espionage by Nation-States” – Mikko Hypponen
“The Bizarre Business of Rogue Internet Pharmacies” – Brian Krebs

Tech Track

“Near Field Communications (NFC) mobile security for those with No F’ing Clue” – Corey Benninger and Max Sobell
“FireShark – A Tool to Link the Malicious Web” – Stephan Chenette
“Weaponizing The Smartphone: Deploying The Perfect WMD” – Nicholas Donarski
“Finding Evil in Live Memory” – Michael J. Graven
“What is an APT without a sensationalist name?” – Seth Hardy
“Time and Place: Finding Evil with Atemporal Time Line Analysis” – Dave Hull
“A Replicant by Any Other Name: A Security Analysis of the BlackBerry PlayBook” – Zach Lanier and Ben Nell
“I’m Your MAC(b)Daddy” – Grayson Lenik
“Progression of a Hack” – Ryan Linn
“Browser Security Face-off: Browser Security Edition” – Paul Mehta and Shawn Moyer
“HTTP Header Hunter – Looking for malicious behavior into your http header traffic” – Rodrigo Montoro
“A Technical View on Cloud Security: How Not To Get Your Undies In A Bunch aka Please Don’t Squeeze The Charmin ” – David Mortman
“SSD: Solid State Drives & How They Work For Data Recovery And Forensics” – Scott Moulton
“Targeted and Opportunistic Botnet Building” – Gunter Ollmann
“Malware FreakShow” – Nicholas J. Percoco and Jibran Ilyas
“Sniper Forensics v3.0: Hunt” – Chris Pogue
“Infosec Sheepdogs: Creating an Abstraction/Translation Layer Between InfoSec and Law Enforcement” – Nick Selby
“How to Survive DDoS the Play at Home Game” – Michael Smith
“Bust a Cap in an Android App” – Patrick Szeto and Maxim Veytsman
“Wireless Hacking Techniques and Tips” – Kent Woodruff
“FACEROUTE: Mapping and Harvesting Social Media Sites” – Rob VandenBrink

Management Track

“Security When Nanoseconds Count” – James Arlen
“It’s Not About the “Warm Fuzzy” – How to Plan for a Comprehensive Penetration Exercise” – Kai Axford
“The Search for Intelligent Life” – Ed Bellis
“Built What? Why The Bad Guys Do It Better” – Sean Bodmer
“Change Happens: CISO Survival Through Adaptation” – Jack Daniel, David Mortman, Gal Shpantzer, Michael Smith and Stacy Thayer
“Everything You Need to Know about Cloud Security (and then some)” – Mike Rothman
“Binary Risk Analysis” – Ben Sapiro

Turbo Track

“OSSAMS, Security Testing Automation and Reporting” – Adrien de Beaupré
“Cubical Warfare, The next Arms Race” – Jason Kendall
“Incident Response Kung fu: Tree Style” – Jason Kendall
“Disc Detainer Locks” – Schuyler Towne

Sponsor Track

“Security Testing” – Areg Alimian
“Walking on the Crocs back – when security measures fail” – Travis R. Barlow
“Mapping The Penetration Tester’s Mind – An introduction to a pentester’s approach to security audits” – Nicholas Donarski
“Detecting The Insider Threat- Finding The Needle in Stack of Needles” – Omar Garcia
“Earth vs. The Giant Spider: Amazingly True Stories of Real Penetration Tests” – Rob Havelt
“Be Ready for IPv6 Migration and Beyond! ” – Cricket Liu
“Evolution of Digital Forensics” – Jason Mical
“Building a GRC Strategy” – Dave Millier
“Anatomy of a Data Breach: Exploring the Current Threat Landscape” – Paul Pinkney
“Cybersecurity, the Law, and You” – Bill Roth
“Think outside the enterprise security box” – John Trollinger
“Information Security and Risk pertaining to smart phone and mobile devices” – Nicholas (Nic) Wetton

Keynotes

SecTor 2010 Introduction – Brian Bourne
“The Problem with Privacy is Security” – Tracy Ann Kosa
“Today’s Face of Organized Cyber Crime: A Paradigm for Evaluating Threat” – Steve Kelly
“Attribution for Intrusion Detection” – Greg Hoglund
“Involuntary Case Studies in Data Security” – Mike Rothman

Tech Track

“SCADA and ICS for Security Experts: How to avoid cyberdouchery” – James Arlen
“Starting an InfoSec Company: Three Founder’s Stories” – Robert Beggs, Dave Millier, Brian O’Higgins and Eldon Sprickerhoff
“Building the DEFCON network, making a sandbox for 10,000 hackers” – David Bryan and Luiz Eduardo
“Dissecting the Modern Threatscape: Malicious Insiders, Industrialized Hacking, and Advanced Persistent Threats” – Brian Contos
“Sharingan – A Ninja art to Copy, Analyze and Counter Attack” – Mrityunjay Gautam
“CLOUDINOMICON: Idempotent Infrastructure, Survivable Systems & Bringing Sexy Back to Information Centricity” – Chris Hoff
“Google’s approach to malware on the web” – Fabrice Jaubert
“IPv6, for worse or better” – Joe Klein
“Metasploit Tips and Tricks” – Ryan Linn
“Inside The Malware Industry” – Garry Pejski
“Malware Freakshow 2010” – Jibran Ilyas and Nicholas J. Percoco
“How I Met Your Girlfriend” – Samy Kamkar
“Into the Black: Explorations in DPRK” – Mike Kemp
“What’s Old Is New Again: An Overview of Mobile Application Security” – Zach Lanier and Mike Zusman
“Into the Rabbit Hole” – Rafal Los
“Black Berry Security FUD Free” – Adam Meyers
“Beyond Exploits: Real World Penetration Testing” – HD Moore
“The Four Types of Lock” – Deviant Ollam
“Sniper Forensics v2.0 – Target Acquisition” – Christopher Pogue
“Web Application Payloads” – Andres Pablo Riancho
“Distributed Denial of Service: War Stories from the Cloud Front” – Michael Smith

Management Track

“Gates, Guards, and Gadgets: An Introduction to the Physical Security of IT” – Kai Axford
“SDL Light: A practical Secure Development Lifecycle for the rest of us” – Marisa Fagan
“Mastering Trust: Hacking People, Networks, Software, and Ideas.” – Pete Herzog
“How Many Vulnerabilities? And Other Wrong Questions” – David Mortman
“Smashing the stats for fun and profit v.2010” – Ben Sapiro
“400 Apps in 40 Days” – Sahba Kazerooni and Nish Bhalla
“How do we prevent, detect, respond and recover from CRM failures?” – Kelly Walsh

Turbo Track

“Cloud definitions you’ve been pretending to understand” – Jack Daniel
“64-bit Imports Rebuilding and Unpacking” – Sebastien Doucet
“Building your own secure U3 launchable Windows forensic toolkit” – Jason Kendall
“Securing your network with open-source technologies and standard protocols: Tips & Tricks” – Nick Owen
“Fuzzing Proprietary Protocols – A Practical Approach” – Thomas Proll
“Barcodes: Read it, Write it, Hack it” – Michael Smith
“BLINDELEPHANT: Web Application Fingerprinting with Static Files” – Patrick Thomas
“OMG-WTF-PDF” – Julia Wolf

Sponsor Track

“Microsoft’s cloud security strategy” – Mohammad Akif
“Do it yourself – Security Assessments made easy and FREE” – John Andreadis
“Crime & Carelessness: Gaps that Enable the Theft of Your Most Sensitive Information” – Ryan Boudreau
“Unidirectional Connectivity as a Security Enabler for SCADA and Remote Monitoring Applications” – Lior Frenkel
“Beyond Aurora’s Veil: A Vulnerable Tale” – Derek Manky
“A Day in the life of APT” – Adam Meyers
“Realize More Value From Your Existing security Tools” – Dave Millier
“Metasploit Pro – An HD Moore Production” – HD Moore
“Culture Shift: Social Networking and Enterprise Environments (Security Risk vs Reward)” – John W. Pirc
“Today’s Reality: Living in Compromise to Advanced Persistent Threats” – Charlie Shields
“By The Time You’ve Finished Reading This Sentence, ‘You’re Infected'” – Eldon Sprickerhoff
“Emerging Threats, The Battle for the Access edge” – Mark Townsend

Keynotes

SecTor 2009 Introduction – Brian Bourne
“Cloudification” – Christofer Hoff
“A day in the life of a hacker…” – Adam Laurie (Major Malfunction)
“Consumer Internet Identity” – Andrew Nash , Paypal
 

Sessions

“To cache a thief | Using database caches to detect SQL Injection attacks” – Kevvie Fowler
“w3af – A framework to own the web – Part 1” – Andres Riancho
“Nsploit: Popping boxes with Nmap” – Ryan Linn
“The GhostNet Story” – Nart Villeneuve
“Smashing the stats for fun and profit” – Ben Sapiro
“Weaponizing the Web: More attacks on User-Generated Content” – Nathan Hamiel and Shawn Moyer
“Towards a more secure online banking… ” – Nick Owen
“Game Over, Man: Gamers Under Fire” – Chris Boyd
“Portable Document Malware, the Office, and You – Get owned with it, can’t do business without it” – Seth Hardy
“Your Mind: Legal Status, Rights and Securing Yourself” – James Arlen, Tiffany Strauchs Rad
“When Web 2.0 Attacks – Understanding AJAX, Flash and “Highly Interactive” Technologies” – Rafal Los
“Crimeware: Web Exploitation Kits Revealed” – Roy Firestein
“DNSSEC deployment in Canada” – Paul Wouters, Norm Ritchie
“Sniper Forensics – Changing the Landscape of Modern Forensics and Incident Response”” – Christopher E. Pogue
“Malware Freakshow” – Nicholas Percoco and Jibran Ilyas
“SSLFail.com Panel Discussion” – Jay Graver, Tyler Reguly, Mike Zusman
“Hacking the Privacy Legislation” – Tracy Ann Kosa
“The Past, Present & Future – SQL Injection” – Jerry Mangiarelli
“Massively Scaled Security Solutions for Massively Scaled IT” – Michael Smith
“Cain BeEF Hash: Snagging passwords without popping boxes” – Ryan Linn
“Consumerization and Future State of Information Warfare” – Robert “RSnake” Hansen
“Retaliation: Breaking Attack Vectors in the Infrastructure” – Jennifer Jabbusch
“Deblaze – A remote method enumeration tool for flex servers” – Jon Rose

Keynotes

SecTor 2008 Introduction – Brian Bourne
David Black – The RCMP National Security Criminal Investigations Program
Lunch Panel: Security in the Real World
No-Tech Hacking – Johnny Long
Baggage: What I took with me when I ‘left’ Computer Security – Stephen Toulouse
 

Sessions

Security and Robustness in Backbone Design – Raven Alder
Exploit-Me for Fun and Profit – Jamie Gamble & Tom Aratyn
Security Heretic: We’re Doing It Wrong – James Arlen
Owning the Users with The Middler – Jay Beale
Pwning the proxy – Dino Covotsos
More SCADA/ICS Security: Findings from the field – Mark Fabro
Double Trouble: SQL Rootkits and Encryption – Kevvie Fowler
Googless – Christian Heinrich
The New New Thieves and Contemporary Security Analysis – Pete Herzog
The Four Horsemen Of the Virtualization Security Apocalypse: My Little Pwnie Edition – Christofer Hoff
Under the iHood – Cameron Hotchkies
Network Security Stripped: From layered technologies to the bare essentials – Jennifer Jabbusch (jj)
RFID Unplugged – 3ric Johanson
New Research on Canadian Privacy Breaches – Tracy Ann Kosa
Metasploit Prime – H D Moore
Ten Things Everyone Should Know About Lockpicking & Physical Security – Deviant Ollam
Advanced Spear Phishing Attack Framework – Joshua Perrymon
Novel Malware Detection – Bruce Potter
Tracking Current and Future Botnets – Matt Sergeant
Finding Cryptography in Object Code – Jason Wright
The Future of Snort: Why it must change for network security to live – William Young

Keynotes

SecTor 2007 Introduction – Brian Bourne
Growing The Security Profession – Dr. Richard Reiner
Zen and the Art of Cybersecurity – Ira Winkler
Defending Layer 8 – Steve Riley
A Law Enforcement Perspective – Carole Bird
 

Sessions

Black Ops 2007: DNS Rebinding Attacks – Dan Kaminsky
Cybercrime, CVEs, OVAL, CME and why you must care! – Gary S. Miliefsky
Data on Threat Evolution – What 47 Leading Security Vendors Are Seeing – Ben Sapiro
DNSSEC: Theory and Worldwide Operational Experiences – Paul Wouters
Exploit-Me Series – Free Firefox Application Penetration Testing Suite Launch – Nish Bhalla and Rohit Sethi
Hacking Bluetooth for Fun, Fame and Profit – Dino Covotsos
Hacking Hollywood – Johnny Long
How Close is the Enemy – Kevin G. Coleman
Human Factor vs. Technology – Joanna Rutkowska
Modern Trends in Network Fingerprinting – Jay Graver and Ryan Poppa
NAC@ack – Dror-John Roecher and Michael Thumann
Process Control and SCADA: Protecting Industrial Systems from Cyber Attack – Mark Fabro
Security Challenges in Virtualized Environments – Joanna Rutkowska
Securing Commodity Systems using Virtual Machines – David Lie
SQL Server Database Forensics – Kevvie Fowler
State of the Hack – Kevin Mandia
TCP/IP Perversion – Rares Stefan
The Evolution of Phishing to Organized Crime – Rohyt Belani
Web Application Worms: The Future of Browser Insecurity – Mike Shema
Wireless Security – What Were They Thinking – Brad ‘Renderman’ Haines
You’re Just Not Pretty Enough to Do Investigations – Kai Axford and local law enforcement
Legend: Video Presentation
PDF of Presentation
Tools