Toronto Communities Keynote

Toronto has a vibrant and active security community. Join the founders and leaders of 6 of Toronto’s most active security communities for a “fireside chat”. Why do these communities exist? What are they up to these days? What are they working on next? How can you get involved? Join what will be a fun and […]

Read more

Cloud Adoption – Trends and Recommendations for Security Teams

Organizations adopting cloud-based delivery are often at a loss as to how to navigate the technological and organizational changes introduced by this movement. Are we ahead? Are we behind? Do we really need to deploy to production hourly? What about security? This presentation provides insights from 451 Research’s view of technology and security trends as […]

Read more

Catching and Cleaning Phish (for O365)

Attackers keep getting cleverer with their phishing attacks and if you’re a high value target or a large enterprise you’re probably also getting many targeted attempts every day. This session will cover the best practices for O365 for detecting, removing and investigating phishing attempts against an O365 tenant.

Read more

IoT Security: An Insiders Perspective

The IoT industry is often lambasted for lax security, however it does face unique challenges. This talk brings expertise from a veteran security engineer who has spent the last few months embedded (hah!) in an IoT manufacturer, working on security from the inside. We will explore some of the unique challenges in this space, and […]

Read more

Profiling Fraudsters from the Darknet to ICQ

Anonymity tools such as the tor network and cryptocurrencies are increasingly adopted by fraudsters to hide their tracks. They have enabled a darknet underground economy that centers around online illicit markets which has generated over USD$500 million in sales in the past year. Within online illicit markets, fraudsters create profiles and post ads for their […]

Read more

Chip.Fail – Glitching the Silicon of the Connected World

All smart devices, from cars to IoT, are based around processors. Often these processors are not considered as part of the threat model when designing a product. Instead, there is an implicit trust that they just work and that the security features in the datasheet do what they say. This is especially problematic when the […]

Read more

Poisoned RDP Offense and Defense

It’s safe to assume that many people reading this text have heard of using the Remote Desktop Protocol (RDP) to connect to other machines. But has anyone ever considered that merely using RDP can compromise their own computer? In this talk, we will not be covering a typical RDP vulnerability where a server is attacked […]

Read more

Do you trust or fear technology?

Our future is inseparable from technology and the choices we make will determine if we trust or fear the infrastructure our societies are built on. We as the people that dream, design, implement and talk about technology are seminal to determining which direction the world around us takes. What we do and say today really […]

Read more

Made in Canada – the Significance of Canadian Security Technology

From startups to large enterprise to academia, Canada has more influence on the global security market and innovation than one might expect. This panel will discuss Canadian businesses’ stance in IT security and take a forward look at what it will take to become a stronger competitor in world markets. Expect conversation from funding innovative startups to […]

Read more

Threat hunting in the cloud

Threat hunting in the cloud is something that is not often talked about from a security strategy perspective. This talk will specifically cover techniques that can be used to support hunting within cloud environments. Recently, we have seen both Amazon and Microsoft release traffic mirroring capabilities within cloud environments which has allowed traditional network security solutions […]

Read more

Identity – the Foundation of your Zero Trust Architecture

The evolution to a mobile and cloud-first approach to IT has made the old perimeter-centric view of security obsolete. We are opening our systems, information, and businesses to access from anywhere at any time. In this new reality we need to securely enable, manage, and govern access for all users, from employees to partners, customers, […]

Read more

Beyond the Ones and Zeros: Aligning Effective Infosec and People Leadership Principles

It was the best of times, it was the worst of times… that pretty much sums up infosec today. We can’t figure out how to align to our businesses effectively, we love our silos, and constantly hire the wrong people. This presentation will address common issues in information security and people leadership areas, giving you […]

Read more

Malware in Google Play: Latest tactics used to penetrate the official app store

This presentation focuses on the malicious actors’ efforts to introduce and spread malicious apps through the Google Play app store, and how various players (consumers, internet providers, security firms, etc.) can help to thwart these efforts. One of the most common ways of conducting cyber security attacks (beside phishing) is through trojenized applications that end […]

Read more

Hashes, hashes everywhere, but all I see is plaintext

I will recap traditional cracking techniques before utilising combinator attacks to challenge recent password guidance of passphrases over passwords. I will then focus on more advanced methods, leveraging additional tools to launch attacks such as Fingerprint, PRINCE and Purple Rain. Non-deterministic techniques will be shown that are designed for infinite runtime, resulting in candidate generation […]

Read more

Post-Quantum Manifesto

In recent years, the threat to the public key infrastructure posed by quantum computers has gained some attention. Standards agencies such as NIST and ETSI have begun efforts to standardize encryption and signature algorithms that are quantum resistant. This talk will introduce attendees to the threat posed by quantum computing and explain which parts of […]

Read more

The SOC Counter ATT&CK

The goal of the talk is to answer a few questions we often see or hear : “ATT&CK is nice and all, but how do I (we) get started?”, “How can I (we) detect those TTP?”, “Why use the ATT&CK Framework?”, etc. The ATT&CK Framework from Mitre is the new honest in the InfoSec world. […]

Read more

AI, Intelligently. A Current Look into AI in Cyber Security.

Algorithms are being used to choose who lives and who dies. Computers are being programmed to make ethical decisions that impact every facet of our lives. Based on the ethics of cyber-criminals, Check Point has made another gigantic leap forward by teaching our gateways to use algorithms to detect the DNA of Malware in an […]

Read more

Data Governance for Risk Reduction and Value Creation

In this session, we will explore how organizations can adopt a single data governance framework to discover and protect sensitive data while mitigating cyber risks, reducing storage costs and addressing increasing privacy regulations.

Read more

Your Tools are Protecting the Network but What is Protecting the Tools?

With the increased focus on cybersecurity over the past several years, organizations are proactively adopting security practices and deploying security solutions to harden their networks. This is in the hopes of not being the next victim of a security breach. The emphasis on securing the network perimeter has driven organizations to deploy multiple inline security […]

Read more

Modern MDR and Machine-Accelerated Human Response

The cybersecurity market is teeming with new tools and technologies, each promising to detect and respond to threats better than the rest. But if your business is like most, you’re probably struggling with a shortage of security-focused manpower and expertise to manage those tools with skill, speed, and precision. The reality is that effective security […]

Read more

Phishing Defense: The Art of Human Intuitive Repulsion

As human beings we often sense when things aren’t quite right. The same is true as it applies to cybersecurity. This session examines why human intuition is a key part of any organization’s phishing defense. Learn about the types of phishing attacks seen in the wild, how attackers evolve their tactics to avoid perimeter controls, […]

Read more

Chaos, order and the road forward – perspectives on evolving cybersecurity

Never before has the creation and preservation of value depended so much on effective cyber security, nor has the means to “getting security right” been so complex. Many aspects of traditional security management are urgently being reconsidered as security teams seek to stay aligned with the characteristics of the modern enterprise and ahead of the […]

Read more

The Value of Threat Intelligence

This presentation is a non-technical look at the benefits of threat intelligence and the challenges that organizations face when attempting to utilize and operationalize threat intelligence within their infrastructure. Existing resources (human and infrastructure), security tools, the difference between threat data sources and cybersecurity program maturity are just a few of the areas we will […]

Read more

Key elements to prioritizing security vulnerabilities and risks

Join Scalar, a CDW Company for a discussion on the key elements to prioritizing your security vulnerabilities and risks. Taking a holistic approach to risk management, we will help you understand how to follow best practices and manage your risk effectively and efficiently. Darren and Benjamin will go through some of the key elements that […]

Read more

Code Signing: What You Don’t Secure Can Hurt You

When you sign a piece of code, you make a statement that it comes from your trusted brand and that you stand behind it. But what happens when that trust is broken? Recent attacks underscore the importance of managing reputational risk. As attackers become increasingly skilled in the art of signing and spreading malware, technologists […]

Read more

ARUBA + ZSCALER = Better Together Network Transformation

Risk is a balance between security and usability, when security is too restrictive users naturally find ways around it. As organizations seek to improve the user experience and while maintaining the required level of security, questions of risk arise. How do we deploy Cloud solutions with direct to Internet connectivity and still maintain visibility over […]

Read more

Threats and Trends of 2019

Amidst the ever-evolving threat landscape, 2018 was a particularly nasty year that saw an increased threat of cryptojacking to the ever-expanding reach of emotet and all of its variants. In 2019 these threats – and others – have expanded their reach and shifted away from SMBs towards enterprise businesses. Join me for a dive into […]

Read more

Advanced security automation made simple

Security is often misunderstood and addressed in the last stages of a build. Operationally, it’s ignored until there is an emergency. In this talk, we review a few advanced security processes and discuss how to easily automate them using common tools in the Cloud. This approach will help you and your team increase the security […]

Read more

Navigating Cyberspace: Identifying a New Path to Defeating Tomorrow’s Attacks

The cyber landscape has evolved beyond the intent of its original creation. This system once built on trust has been compromised by an ever-increasing advancement in cyber-attacks, malware proliferation, data loss, and data contamination. Although security vendors try hard to detect these cyber-attacks, skilled adversaries have successfully defeated current paradigms used to protect our computer […]

Read more

Career Panel and Career Fair 2019

Whether you are looking for industry insight, your first job, changing careers or professional development, the Career Panel and Career Fair at SecTor 2019 is for you. Join our panelists as they answer your questions and debate how different segments of the industry are viewing the type of talent they want to gain, train and […]

Read more

Introduction to Advanced Persistent Threats

This presentation is a non-technical, introductory-level presentation of current APT threats (from a North American perspective). The focus of this presentation will be the geo-political environment that motivates APT activity from one nation-state to another. We will cover a selection of nation-state activities, focusing on the most prevalent and prolific. We will additionally cover a small selection of […]

Read more

Behind the Scenes: The Industry of Social Media Manipulation Driven by Malware

This talk is the ‘grand finale’ of a four-year long investigation that started with analyzing an IoT botnet, to discovering the structured industry that exists behind social media manipulation (SMM). SMM is the deliberate act of paying for popularity with followers or activity on social media. Adopting a bottom-up approach, the thorough methodology undertaken to […]

Read more

FLAIR (Fuzzy simiLArIty fRamework)

FLAIR (Fuzzy simiLArIty fRamework): A comprehensive study on APT analysis using Fuzzy hash similarity algorithms by providing a framework comprises of more than 25 Fuzzy hashing algorithms Finding similar files has been a long recognized and ever-increasing need in malware research and forensic investigation. Cryptographic hash functions such as MD5, SHA1 and SHA256 are the […]

Read more

Creating a Culture to Foster Collaboration, Creativity, and Critical Thinking

After years of working to make computer networks more robust, I’ve observed protocol flaws that disrupt effective interactions between carbon-based life forms. This talk shows how ill-defined buzzwords and hype lead to technical miscommunication and offers advice for how an organization can make it safe to question, easy to learn, and encourage working with others.

Read more

One-Person Army – A playbook on how to be the first Security Engineer at a company

How often have you heard that ‘Early stage startups don’t care much about Security because if there is no product, there is nothing to secure?’ Although there is merit in the argument that startups need to build product to sustain and grow, it often puts the person in charge of securing them in a tricky […]

Read more

Your phone is using TOR and leaking your PII

Do you have a cellphone? Do you run apps on it? Your personal information is most probably traversing over TOR without your knowledge or consent. As part of our research, we identified a surprising amount of unencrypted, sensitive and confidential user data originating from mobile devices traversing the TOR network, which included: GPS coordinates, WiFi […]

Read more

Conquering Complexity: Addressing Security Challenges of the Connected Vehicle

As vehicles around the world become more and more automated, ongoing security threats become an even greater risk. But for the automotive industry, addressing end-to-end security poses significant challenges. Building a car isn’t done in isolation – components, manufacturers and global supply chains must be synchronistic to make the connected vehicle completely secure. In this […]

Read more

Twisted Haystack: Protecting Industrial Systems with Dynamic Deception

Deception techniques for cybersecurity are not new – honeypots have been used for many years. However, new types of deception techniques are being developed to supplement the classic honeypot approach. Deception can be used in several ways and for various end results. In this presentation, we will cover two main areas related to deception-based cybersecurity. […]

Read more

How to Select your Future Hardware Security Module (HSM)

Hardware Security Modules (HSMs) come in a variety of shapes, forms and sizes, and are used for different purposes. They are also deployed in a myriad of ways based on your needs. If you are thinking about using HSMs, just curious about what is out there, or using them today and not sure if you […]

Read more

Developing Your Career in IT Security (2018)

Whether you are looking for industry insight, your first job, changing careers or professional development, this year’s Developing Your Career in IT Security panel and networking session in the Keynote Hall on Tuesday, October 2 from 2:55pm is for you. Join our panelists as they answer your questions and debate how different segments of the […]

Read more

Behavior Analytics and Model Driven Security

Imagine using a risk score to determine whether to grant a user access to an application, a system, a device. Wouldn’t it be a huge time-saver if you could auto-approve low risk access requests instead of manually granting such requests? On the flip side, wouldn’t it be great to automatically ensure that privileged access requests […]

Read more

The Human Firewall is on Fire – What Do You Do When the Smoke Clears?

Many enterprises are focused on prevention and are too busy with day-to-day firefights to look beyond the flames and think about how to recover. Beyond preventing attacks, organizations need to focus on detection and response. It’s no longer a matter of if you’re going to be attacked, but when. Join this session to: Learn the […]

Read more

Collaborating for a Secure Canada

Building a resilient cyber security ecosystem is crucial for levelling the playing field against adversaries. The newly established Canadian Centre for Cyber Security, as part of the Communications Security Establishment (CSE), sees the increasing need for widespread innovation and collaboration to secure our country’s future. Collaboration is a point of pride and necessity from a […]

Read more

The Future of Cyber Security – From a Friendly Hacker’s Perspective

Cyber security is no longer about protecting secrets. It’s about our way of life: from autonomous cars, to webcams medical devices, to the manipulation of political campaigns and global markets. But are you thinking about what’s next? This talk will aim to inspire the audience of security professionals to take action about the things that require our […]

Read more

Fail Panel: Revenge of the Sixth

The Fails just keep on failing. We’re back for the 6th examination of the wide range of failures that our industry is not simply capable of but also EXCELS at. All the blinkie lights and all the shiny things that directly provide for day-to-day Fail. We know that this is sounding repetitive, but that’s kind […]

Read more

ATT&CKing the Command Line and Hunting for More

The MITRE ATT&CK framework has emerged as the most complete and detailed body of knowledge of adversary techniques and tools ever compiled. As such, anyone in threat detection and response should be studying it. In this talk we will provide a brief overview of MITRE ATT&CK and how it can be used to help organize and focus […]

Read more

Security is an Illusion: How I Rob Banks

A light-hearted trip through security failures both physical and electronic that have enabled me over the years to circumvent security of most of the world’s largest banks. Through the use of tales from the front line and useful illustrative slides, I will attempt to take you through the lessons to be learned from an ethical […]

Read more

The Chrome Crusader

Crusade into the wild world of malicious browser extensions. You will learn how to do keylogging, cookie stealing, credential harvesting and building a C&C server allowing you to execute arbitrary JavaScript remotely of your choosing. We will also be talking about CORS (Cross-Site Resource Sharing) and some interesting quirks with the browser extension environment. If […]

Read more

5G: Security Status and Opportunities

The next evolution of the global mobile communications network is on the horizon and the technology standards are being developed to support it…but how secure will it be? This talk will present an overview of the 5G security evolution and current status at the half-way point before official 5G release. The new network will not […]

Read more

Smart Contract Vulnerabilities: The Most Interesting Transactions on the Ethereum Blockchain

Smart contract security is a brave, new, and sometimes terrible field. This presentation will take you through a storytelling history of some of the most famous vulnerabilities of these first few years (from the Dao hack, to the Parity wallet vulnerabilities and including less-well-known but very interesting events like the DDOS attacks from late 2016). […]

Read more
Subscribe to the Sector Blog
Enter your contact information below to have future blog posts delivered directly to your inbox!