The state of packet capture in a hybrid infrastructure: the more you know

Digital Forensics, Incident Response, Troubleshooting, Compliance, and Deep Packet Inspection are important use cases for packet capture. However, as environments continue to adopt virtualized, cloud-based infrastructure, network security practitioners will find it necessary to understand the specific tactics and protocols available for use in each environment. This paper catalogs and details the state of packet […]

Read more

Security Architecture Review for Cloud-based Applications – Where to Start and How to Shift Left?

Application security architecture reviews are used to identify and assess security weaknesses due to architectural flaws in an application. This effort results in specific mitigation or remediation advice meant to strengthen the security posture of the application and reduce risk to the organization. As organizations increase their cloud adoption and innovate at an ever-increasing pace […]

Read more

New Memory Forensics Techniques to Defeat Device Monitoring Malware

Malware that is capable of monitoring hardware devices poses a significant threat to the privacy and security of users and organizations. Common capabilities of such malware include keystroke logging, clipboard monitoring, sampling of microphone audio, and recording of web camera footage. All modern operating systems implement APIs that provide hardware access to processes and all […]

Read more

Deep Dive into SBOMs and Microsoft’s SBOM Tool

Software Bill of Materials (SBOMs) provide numerous security benefits such as software transparency, software integrity, and software identity. SBOMs are being included in a lot of regulatory requirements, such as the U.S. Presidential Executive Order 14028 and the U.S. Food and Drug Administration (FDA) for medical devices. Come learn about the specific benefits SBOMs provide, […]

Read more

Defrauding Merchants like it’s Y2K

In 2022, most of us have bought goods and services online or using mobile apps, for convenience, for safety (e.g., pandemic) or as a matter of personal preference. As mobile payments and integrations with third-party payment processors become more and more prevalent, common AppSec mistakes from the past reappear under new forms. Merchants who overlook […]

Read more

Why Do We Accept Gaps in Our Data Protection Practices?

For years, organizations have struggled to meet the requirements of regulatory compliance, incident response, security, and best practice for their critical data. And now, with the huge upsurge in the number of innovative fintech applications in use and the pressure to migrate to the cloud or to manage a hybrid solution, data security and compliance […]

Read more

Preparing SRM Leaders to Communicate the Relationship Between the Cyber Risks and Physical and Human Systems

By effectively communicating the association between cyber and physical and human systems, SRM leaders effectively improve senior stakeholders’ awareness, gain buy-in and get their risk management initiatives funded to better protect human and physical systems. As our networks continue to become more hybrid and the number of endpoints increases logarithmically due to the explosion of […]

Read more

State of Cloud Security in Canada: How Does Your Organization Measure Up?

Cloud security requires different tools, processes and skills than on-prem. How are organizations progressing in their security capabilities along this cloud transition? To find out, we collaborated with research firm IDC on a Canada-wide study to benchmark cloud security activity and outcomes. During this session we will discuss the security gaps that can appear as […]

Read more

Protecting Your Critical Data and Enhancing Cyber Recovery

Businesses today rely heavily on technology and data. Though most organizations have developed strategies to access critical data during an outage caused by natural disasters or power disruptions, these strategies have proven to be ineffective during a cyber-attack. Interconnected users, servers, cloud devices, and continuous web access results in an environment that is open for […]

Read more

Calculating Risk in the Era of Obscurity: Reading Between the Lines of Security Advisories

Compliance with industry standards as well as various government regulations also requires a robust servicing and patching strategy. Beyond compliance, you must understand the risk to your resources from poor servicing. To help with this effort, standards exist to help assess risk. However, vendors can manipulate these standards, which can lead to errors when enterprises […]

Read more

Securing Your Operational Technologies

New Operational Technology (OT) systems support TCP/IP connectivity and are often interfaced with corporate IT networks. While this convergence brings many advantages from an operational perspective, it also exposes companies to considerable cyber risks if not managed properly.  In his presentation, the speaker will highlight the main differences between IT and OT systems, most of which […]

Read more

Scaling Security Operations: The Answer To The Challenge of Threat Inflation

Expressions such as “the growing threat landscape” are commonplace in cybersecurity conversations. In fact, organizations are living in a world where “threat inflation” is the reality and there is no reason to believe it will change anytime soon. How can we handle this without making our cybersecurity teams become the highest number in our budget? […]

Read more

Master of Audits – Vulnerability and Risk Management in 2022

Vulnerability and Risk management has been a thorn in the side of many organizations and has been exacerbated in recent years. Patch management, vulnerability management technologies, and risk management strategies have all left many organizations confused and worse exposed. The problem with vulnerability management today, stems from a number of recent trends in the evolution […]

Read more

A Hermit Out of Its Shell

We have discovered a family of targeted surveillance malware for mobile devices used by the government of Kazakhstan, Italian law-enforcement authorities, and previously deployed against the Kurdish minority in the conflict-plagued northeastern Syrian region of Rojava. The malware, which we named Hermit, is connected to Italian-based surveillance tech vendor RCS Lab S.p.A. and a related […]

Read more

Anti-Abuse Operations and the Abuse Bestiary

When we talk about “abuse”, we use the term as shorthand for the much more encompassing “Abuse, Misuse, Malice and Crime” (with credit to Trey Ford). Within this definition we find that there are three subcategories of activities; Monetisation, Weaponization, and Misinformation campaigns. And although not perfect, it certainly starts to feel like we have […]

Read more

Zhadnost – Finding and Tracking a GRU-controlled Botnet

This presentation details the discovery and analysis of a new botnet, named Zhadnost, first discovered by the author conducting DDoS attacks on Ukrainian government and financial websites shortly before and during Russia’s invasion of Ukraine. The botnet was later used against Finnish Government websites, on the same date President Zelensky addressed the Finnish parliament, and […]

Read more

Understanding, Abusing and Monitoring AWS AppStream 2.0

Amazon Web Services (AWS) is a complex ecosystem with hundreds of different services. In the case of a security breach or compromised credentials, attackers look for ways to abuse the customer’s configuration of services with their compromised credentials, as the credentials are often granted more IAM permissions than is usually needed. Most research to date […]

Read more

DIY Tooling for Incident Responders

Successful incident response requires swift action to contain. Whether it is a breach, insider threat or other attack the longer the adversary pivots in your network, the more difficult the event will be to contain. There are numerous tools available today to perform key orchestration tasks referred to as EDR or Endpoint Detection and Response […]

Read more

De-Escalate the Overly-Permissive Cloud IAMs

The principle of least privilege states that a subject should be given only those privileges needed for it to complete its task. The concept is not new, but our recent research on 18,000 production cloud accounts across AWS and Azure showed that 99% of the cloud identities were overly-permissive. The majority of the identities only […]

Read more

Azure AD and Microsoft 365 Security Fundamentals

Microsoft invests massively both to provide the tools to protect organizations against cyberattacks, as well as to actively identify and defend against them. Unfortunately, most organizations don’t take full advantage of these tools, and many leave themselves very exposed. This session is an overview of a full day workshop on the same topic. With so […]

Read more

Extend Falco with Plugins, Detect and React to Security Incidents from Any Stream of Events

CNCF provides great solutions for managing security of Kubernetes Environment, like OPA and Kyverno for Policies, but what about threats or strange behaviours that may happen inside running containers? In your Cloud account? In the SaaS you use? Falco, the runtime security engine provides a way to detect all these patterns by analysing syscalls with […]

Read more

Java Crypto: Don’t Just Get it Working, Use it Securely

JavaCrypto is easy-to-use, light-weight, modern library for all core cryptographic operations needed to build higher-level cryptographic tools. It’s a drop-and-hook bundle of APIs responsible for performing various cryptographic primitives, such as encryption, decryption, digital signatures, password storage etc in the most secure way possible while using Java Cryptography Architecture (JCA). Why do we need this […]

Read more

The Power of the Pico: Replacing Expensive Toys with the Raspberry Pi Pico

At SecTor 2021, as part of the IoT Hack Lab, I demoed a new toy I was working on – a Raspberry Pi Pico that would emulate an HID when plugged into a device and issue commands. I called it my poor person’s USB Rubber Ducky. The demo was a hit and numerous people were […]

Read more

AI in a Minefield: Learning from Poisoned Data

Data poisoning is one of the main threats on AI systems. When malicious actors have even limited control over the data used for training a model, they can try to fail the training process, prevent it from convergence, skewing the model or install so-called ML backdoors – areas where this model makes incorrect decisions, usually […]

Read more

GitHub Actions: Vulnerabilities, Attacks, and Counter-measures

More organizations are applying a DevOps methodology to optimize software development. One of the main tools used in this process is a continuous integration (CI) tool that automates code changes from multiple developers working on the same project. In 2019, GitHub released its own CI tool called GitHub Actions. According to GitHub, GitHub Actions help […]

Read more

Food Production is Critical Infrastructure

Security researchers love talking about critical infrastructure. Power grids and pipelines! Transportation systems and communication networks! IoT and ICS! Medical devices and smart cities! Why aren’t people talking about food production? You all like to eat, right? Agriculture 4.0 is a few years old at this point. Smart farms and precision agriculture are becoming much […]

Read more

Purple RDP: Red and Blue Tradecraft Around Remote Desktop Protocol

Remote Desktop Protocol (RDP) is the de facto standard for remoting in Windows environments. It grew in popularity over the last couple of years due to the pandemic. In addition to system administrators, many remote workers are now relying on it to perform duties on remote systems. RDP is secure when well deployed but, unfortunately, […]

Read more

Tokenizing the Dark Web: Applying NLP in the Context of Cyber Threat Intelligence

Training a model using Natural Language Processing (NLP) is challenging. Training one adapted to the unique vocabulary of malicious actors becomes even more difficult. This complex process highlights the need of having a continuously adaptive lexical able to follow new trends in illicit communities. To overcome the challenge of the distinct vocabulary used by malicious […]

Read more

Adventures in the Underland: Uncommon Hacker’s Persistency Methods and Countermeasures

Persistence is one of the main aspects that hackers pay special attention to during the malware development and during the attack phase. The goal is very simple: to be as stealth as possible. Usually, attackers aim to maintain the presence in the target’s network by installing malware on various workstations and servers. However, the main […]

Read more

Advanced Bot Landscape

Bots are software’s that automate web requests for various tasks without human intervention. Some are beneficial for the Internet but many of them represent a plague for ecommerce websites. Bad bots traffic represents around a quarter of the whole Internet traffic today and is predicted to increase. This traffic includes website content scanning, stolen credit […]

Read more

Build More Secure Apps by Harnessing the Power of OWASP SKF & ASVS on Kubernetes

Did you know OWASP Application Security Verification Standard (ASVS) can be used as a set of application security requirements? Do you know what the Security Knowledge Framework (SKF) is, and how you can use it to manage your application security requirements and train developers? Are you curious what it takes to deploy a containerized application […]

Read more

Evasive Manoeuvres: Analysing the Past to Predict the Future of Malware Evasion Techniques

Malware is one of the prevalent security threats. Sandboxes and, more generally, instrumented environments play a crucial role in dynamically analysing malware samples, providing key threat intelligence results and critical information to update detection mechanisms. In this talk, we will analyse the evasive behaviours employed by malware authors to hide the malicious activity of samples […]

Read more

Trust or Dare: Supply Chain Risks in Aviation

The Civil Aviation sector is transforming itself to the next generation of digital technologies that will thrust it to the next stage of autonomous systems onboard aircrafts, including 5G service in the cabin, preventive maintenance, etc. Now that we are here, it’s time to perform not only the safety of the flight but security of […]

Read more

OPSEC is Not a Buzzword

Information security practitioners pride themselves on precision and attention to detail. We cringe at slick catchphrases. Yet there’s something that continues to elude many: what OPSEC really means, and where it applies. It’s time to change that. Delve into the history and evolution of Operations Security, gain familiarity with OPSEC assessment, analysis, and measures, and […]

Read more

Pentesting for Success – Critical Success Factors

Most organizations conduct a vulnerability assessment or penetration test of their network as part of their security program. Testing may be conducted by employees, or by external specialists, and the results may be used to comply with regulations such as PCI DSS, or they may just satisfy your sense of “security’s being done right”. However, […]

Read more

Got DA?

Penetration Tests and/or Red Team Engagements are usually aimed at getting the highest level of privileges in an organization’s Active Directory domain aka Domain Admin. However, what most teams miss or simply ignore is the fact that there are things that can be done even when you have obtained Domain Admin privilege. This talk’s primary […]

Read more

Visualizing Your Security Posture from Link, to Gateway, and Beyond

The intersections between IT, OT, and (I)IOT has continued to fuse multiple domains within the organization. And in a world where we need to fully understand our security posture and react to the world around us, visualization is key. During this presentation we will dive deep on the toolsets, tradecraft and methodologies to render (visualize) […]

Read more

Powershell is Dead. Long Live C#

The PowerShell bubble has burst. With offensive use going down and detections and defences rising, the need for an alternative means to operate offensively against Windows environments is well underway and a big part of that is due to C# and .NET. In this presentation, Lee will take the audience through the rise of weaponized […]

Read more

Do you trust or fear technology?

Our future is inseparable from technology and the choices we make will determine if we trust or fear the infrastructure our societies are built on. We as the people that dream, design, implement and talk about technology are seminal to determining which direction the world around us takes. What we do and say today really […]

Read more

Made in Canada – the Significance of Canadian Security Technology

From startups to large enterprise to academia, Canada has more influence on the global security market and innovation than one might expect. This panel will discuss Canadian businesses’ stance in IT security and take a forward look at what it will take to become a stronger competitor in world markets. Expect conversation from funding innovative startups to […]

Read more

Enabling Zero Trust with Artificial Intelligence

The Zero Trust security model assumes a hostile network with relentless external and internal threats. Authenticating and authorizing every device, user and network flow requires real-time algorithmic processing of telemetry from as many sources of data as possible. Applying mature machine learning data science to the Zero Trust problem provides a wholistic solution to multiple […]

Read more

The Year in Cybersecurity Law

CIPPIC is the Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic, Canada’s only public interest technology law clinic. CIPPIC is based at the University of Ottawa’s Centre for Law Technology and Society. In this session, CIPPIC staff will review the year’s legal developments in cybersecurity and provide a look ahead at what we might expect […]

Read more

How to Build an Insecure System out of Perfectly Good Cryptography

Cryptographers focus on provably secure cryptographic primitives. Standards bodies focus on syntax of messages. But there are many system issues that get ignored, leading to interesting security problems. Examples include trust models for PKI, misuse of web cookies, naming issues, and placing unreasonable demands on users. This session provides lessons on and mechanisms for avoiding […]

Read more

Outrunning the Avalanche of Unmanaged, Un-agentable Devices

There’s a torrent of unmanaged, un-agentable devices sweeping across businesses in every industry. From devices like smart TVs, MRI machines, patient infusion pumps, industrial device controllers, and manufacturing robotic arms, to printers, smartwatches, smart HVACs, and badge readers. These devices form an attack surface which is neither protected by nor monitored by traditional security products. […]

Read more

The Tools of a Web App Pentester

During a web application penetration test, a tester often encounters different technology stacks and security controls implementations that requires the use of different tools and testing approaches. While commercial tools are often available for these specific scenarios – these can be hard to get in a short time frame (and can be very costly if […]

Read more

Beyond Spam: Using CASL to Stop the Spread of Malware in Canada

The purpose of this session is to explain the less well-known aspects of the Canadian Anti-Spam Legislation (CASL or the Act) and illustrate those in action through a series of case studies based on the actual enforcement activities of the Canadian Radio-television and Telecommunications Commission (CRTC). In so doing, we aim to position CASL as […]

Read more

Risk Transformation: Plan-Build-Run in a World Without Time

Life is rough for a security leader! The security product landscape is increasingly complicated but seems to always lag behind malicious actor capabilities. Organizations need proven security programs that demonstrate visible ROI, but once-vaunted security concepts have been sacrificed upon the altars of speed and mobility. Organizational leadership-level involvement has never been greater, offering access […]

Read more

FAIL Panel: I Quit Securi7y

In order to save the security industry, someone had to quit or be fired. Is this the ultimate fail or the only way to beat Thanos? This year’s panel includes all the best viewpoints: a vendor, an academic, a startup, and a quitter. Half the panel does more operations work than security work and has […]

Read more

Step by step AWS Cloud Hacking

This talk focuses on real-life exploitation techniques in AWS cloud and the tools used to perform them. We will focus on these steps: Identify a server-side request forgery Gain access to instance meta-data credentials Enumerate IAM permissions Privilege escalation Connecting to internal VPC services via VPN Multiple tools, such as nimbostratus, enumerate-iam, Pacu and vpc-vpn-pivot […]

Read more

Revitalizing the Scotiabank SOC with Big Data Security Analytics and Automation

Behavioral analytics helps IT professionals predict and understand consumer trends, but it can also assist CISOs in understanding potential threats—and unearthing them before they wreak major havoc. Additionally, automation helps to respond rapidly, thus reducing your mean time to resolve (MTTR) and improve SOC efficiency. Join this session to discuss: Using behavior analytics as a […]

Read more
Subscribe to the Sector Blog
Enter your contact information below to have future blog posts delivered directly to your inbox!