ALL YOUR MACS ARE BELONG TO US

Attackers have already set their sights on Mac. They have been thinking of and finding ways to cash out. This talk shows one of those ways. In this presentation, I will show and demonstrate live how attackers pwn Macs using browsers running in Mac and hold the system hostage until the user posts a “ransom.” […]

Read more

Data protection and Identity Management at cloud scale

Security of corporate resources has never been as important as it is in todays mobile first cloud first world. The proliferation of remote access, mobile access and various cloud storage solutions, among other things, has led to the erosion of the classic enterprise security moat. We need to look at security under the context of […]

Read more

Check Point Compliance Software Solutions “Your Second Set of Eyes”

No one in the Security Industry wants to talk compliance and most of us think of it as a burden.  Since almost all organizations today have to comply with some regulations, it has become important for us to discuss. The session will explore how compliance and network security are tied together and by simply improving […]

Read more

The Things You See (and Application Scanners Won’t)

Application scanners are a very common tool often used by security professionals to identify vulnerabilities and weaknesses in (mostly) web applications. However, due to the “developer factor”, applications often include weakness and vulnerabilities that are simply not “detectable” by scanners, and relying on these results often means ignoring significant security risks that are still presented […]

Read more

The Rise of Threat Detection and Response

It seems like it was only yesterday that security was focused almost exclusively on preventative mechanisms as though we’re still facing the same self-replicating viruses from 15 years ago. Overnight it seems, organizations recognize that modern threats like information stealers, botnets, and targeted attacks regularly bypass preventative measures. As a result, great investments are being […]

Read more

Fighting Next-Generation Adversaries with Shared Threat Intelligence

Adversaries today are technically advanced, structured around an underground governed by market forces, and using paradigm shifts in technology to compromise more victims. Through specialization and collaboration, attackers are becoming more effective and continue to cause widespread damage, even as systems become more secure. However, recent advances in technology provide the foundation for a new […]

Read more

Human Metrics – Measuring Behavior

The human element is one of the weakest links, as a result your employees are now the primary attack vector.  From phishing and infected USB drives to lost mobile devices and weak passwords, people represent the greatest risk to most organizations.  Many organizations are now rolling out security awareness programs with the intent of changing […]

Read more

The Theory of Cyber Security Evolution: Adopting Continuous Active Threat Protection and Security as a Service

We’re all aware that the cyber threat landscape continues to shift and evolve at a staggering pace. Attacks are becoming more sophisticated and let’s face it – the notion that signatures are dead is an exaggeration. Cyber security is continuing to shift too, as industry experts begin to prescribe continuous monitoring over incident response. Recognizing […]

Read more

Security for the People: End-User Authentication Security on the Internet

Despite the continued success by attackers to brute-force accounts, phish credentials, and otherwise impact the online security of consumers, a large portion of the sites and services consumers utilize still don’t take authentication security seriously enough. This presentation will review recent research into the state of end-user-facing authentication security as it relates to strong authentication, […]

Read more

KickaaS Security with DevOps and Cloud

Think DevOps and cloud reduce your security? Think again. In this session we will dive into the world of DevOps and show how it can dramatically improve security through consistency, resiliency, and standardization. We will demonstrate specific technical techniques for integrating security into DevOps, including automating security policy compliance through injection of security baselines, and […]

Read more

Stay Out of the Kitchen: A DLP Security Bake-off

Despite a plethora of data security and protection standards and certifications, companies and their systems are still leaking information like a sieve. Data Loss Prevention (DLP) solutions have often been touted as the “silver bullet” that will keep corporations from becoming the next headline. With deployment models ranging from a fat agent on an endpoint, […]

Read more

A New Way to Look at Endpoint Security – IT’s Job in a Connected World

Session 1: The Evolving Adversary Calls for a New Way to Look at Endpoint Security An organization’s employees are a threat actor’s most desirable and easily exploited target, ultimately gaining access to your entire network. Visibility into the by-products from keystrokes, contextualized with intelligence, is critical to pinpoint exactly where you are compromised and who […]

Read more

Reverse Engineering a Web Application – For Fun, Behavior & WAF Development

Screening HTTP traffic can be something really tricky and attacks to applications are becoming increasingly complex day by day. By analyzing thousands upon thousands of infections, we noticed that regular blacklisting is increasingly failing so we started research on a new approach to mitigate the problem. We started with reverse engineering the most popular CMS applications such […]

Read more

Hunting Malware on Linux Production Servers: The Windigo Backstory

Operation Windigo is a large server-side malware campaign that targets Unix systems (BSD, Linux, etc.). Its operators control more than 25,000 compromised servers. Every day, they use this infrastructure to redirect more than 500,000 end-users to malicious content and send more than 35M spam messages. This talk will cover what we have done and what […]

Read more

Next Generation SOC: Building a Learning Security Ecosystem Using HP ArcSight Technology

The concept of defense in depth has attracted a lot of attention over the past decade. Several organizations have invested heavily in a broad collection of technologies in an effort to better secure their information. The objective of defense in depth is to use complementary technologies to cover the gaps and limitations of each other […]

Read more

Security Awareness Has Failed: A Suggested New Approach!

For over 30 years, the security community mantra has been to deliver annual or regular security awareness education sessions to staff. And for over 30 years, the “big stick” approach has failed to produce any appreciable results. For the most part security awareness training has become ” a corporate check box” and is used to […]

Read more

Hide it with encryption, display it with performance

A network protocol has performance requirements. In order to address these requirements, many implementations will leak some side-channel information, indicating how a tunnel is being used. Particularly approximate packet sizes and timing can be tied to a particular use of an encrypted tunnel. Pacumen is an open-source tool which can learn what a specific application […]

Read more

4 Undeniable Truths about Advanced Threat Protection

Are you prepared for the next attack targeting your organization? Multi-faceted, persistent threats continue to increase and evolve, evading traditional stand-alone security technologies and forcing a critical need for an integrated, multi-dimensional approach. Today’s targeted attacks require the ability to disrupt the attack lifecycle in order to prevent further compromise. This session will discuss the […]

Read more

Identity in the Age of the Cloud

Organizations have traditionally enforced access to various services, applications, resources by establishing a person’s identity. Identity Management encompasses a number of processes such as authentication, authorization, provisioning, deprovisioning throughout a person’s life-cycle in the context of the organization. As employees bring their own devices and applications move beyond the firewall to the cloud, how should […]

Read more

Mobile Fail: Cracking Open “Secure” Android Containers

We’ve known for some time that physical access to a device means game over. In response, we’ve begun to rely more and more on “secure” container applications to keep our private and company data secured. Whether you use LastPass to secure your passwords, or GOOD for Enterprise to make sure your company emails are locked […]

Read more

OS Legacy Systems

Legacy operating systems in an unsecure world. Many organizations are still running applications on legacy operating systems for one reason or another. Be it their applications do not run on newer operating systems or hardware or simply a matter of cost. In April 2014 Microsoft stopped patch support for Windows XP and in July 2015 […]

Read more

Elevator Hacking: From the Pit to the Penthouse

Throughout the history of hacker culture, elevators have played a key role.  From the mystique of students at MIT taking late-night rides upon car tops (don’t do that, please!) to the work of modern pen testers who use elevators to bypass building security systems (it’s easier than you think!) these devices are often misunderstood and […]

Read more

Phishers are Boring Party Guests: The Value of Analyzing Stale, Recycled Phishing Content

As security organizations have come to value the impact of programs designed to change employee behavior, we have continued to largely ignore the humanity of the attacker. In this presentation Aaron Higbee will examine how the attackers are obsessively focused on the technology involved in phishing attacks, but are lacking some of the human skills […]

Read more

Introducing Recog, an open source project utilizing Sonar data for asset and service identification

Project Sonar is a community effort to improve security through the active analysis of public networks. This includes running scans across public internet-facing systems, organizing the results, and sharing the data with the information security community. This talk will detail Project Recog, a derivative of project Sonar which normalizes and open sources service fingerprinting information […]

Read more

Play Flappy Bird while you pentest Android in style

Doesn’t it bother you that you have to give up all your mobility when penetration testing Android applications and spend the majority of your time sitting in front of another device that has a running proxy? That will now be history. In this talk we will present a fully interactive proxy that runs as an […]

Read more

Today’s Cyber Threat Landscape – Prevention is no cure

AccessData will talk about Today’s Cyber Threat Landscape – The traditional cyber security infrastructure is riddled with blind spots… open doorways for threats you can’t see, because the tools you’re relying on can’t see them We will discuss how to eliminate those blind spots, allowing you to catch the data leakage your DLP misses, detect […]

Read more

Needle in a Haystack – Harnessing Big Data for Security

The polymorphic nature of malware, failure of signature-based security tools and massive amounts of data and traffic flowing in and out of enterprise networks is making threat management virtually impossible using traditional approaches without copies, samples or details how can one possibly prevent, contain and inform on targeted attacks? This session will demonstrate how to […]

Read more

Your own pentesting army complete with air support

This talk will discuss pentesting with an army of low-powered devices running a custom Linux distro (known as The Deck). The devices are connected via 802.15.4 networking for command and control. The Deck runs on the BeagleBone and BeagleBoard family of devices. An airborne version of The Deck which (along with wireless sensors) is embedded […]

Read more

Identity & Access Governance: Key to Security or Completely Useless?

Jackson Shaw will take the audience thru the state of Identity & Access Governance and why having an IAG strategy is key to security for corporations big and small. He will also highlight how, in today’s rapidly changing environment of APTs, foreign intrigue & hacking why even with a strong IAG strategy you will still […]

Read more

Fortifying Canada’s Cyberspace: Together

The foundation of Canada’s economy is increasingly dependent of the digital infrastructure that supports all sectors of industry. Confidence in this infrastructure is essential if individuals and businesses are to harness the opportunities it presents. Maintaining this confidence is a complex challenge, especially in face of continually evolving threats. Staying ahead of the threats to […]

Read more

Frayed Edges; Monitoring a perimeter that no longer exists

The foundations of traditional network security are crumbling in the public cloud. Old assumptions will leave your cloud deployments vulnerable and exposed. In this talk, we’ll examine the existing models of network security and how you can transition to new cloud-friendly models that take advantage of dynamic cloud environments. With the stage set, we’ll dive […]

Read more

Vulnerability Management Programs and Lessons Learned from the Field

Often Vulnerability Management program managers are missing the mark by focusing on the wrong information, communicating poorly and not understanding the business criticality as it relates to the technical risk found in scanning. This creates a “bad data” scenario where all the data collected is seen to have little or no value – which increases […]

Read more

SDN : Radically New Network Architecture, Same Old Cyber Security Protection

As Virtual Machines (VM’s) were the disruptive technology at the end of last century for server and storage platforms, Software Defined Networks (SDN) will be (already is) the first industry-changing, disruptive technology for switch and router platforms in this young century. SDN has already gained grass roots momentum as early adopters Google, Goldman Sachs and […]

Read more

Running at 99%, mitigating a layer 7 DoS

Application-Level Denial of Service (DoS) attacks are a threat to nearly everyone hosting content on the Internet. DoS attacks are simple to launch, but are often very difficult to defend against. Modern websites are a diverse set of moving parts, and a malicious actor only needs to find the point at which any one of […]

Read more

Vulnerability analysis of 2013 SCADA issues

This session is result of a yearlong study of the most recent SCADA vulnerabilities and includes root cause analysis, attack vector scrutiny, consequence of successful attack and remediation study. Attendees will get an insight into the factors that resulted in the nature and magnitude of the harmful outcomes in order to identify what actions need […]

Read more

Return of the Half Schwartz FAIL Panel w/Tales from beyond the echo chamber

The ugly bastard child of FAIL Panel, in its 2nd year running, a discussion on Malware letters received to our mailbag and other general observations on infosec. We’ll disagree, agree, talk over each other, ramble until cut-off, throw things and generally entertain you. Vendor and FUD free since last we last remembered to wear underwear.

Read more

RATastrophe: Monitoring a Malware Menagerie

Over the last three years, our visibility into the threat landscape of civil society organizations and human rights NGOs has led to a number of discoveries about how various threat actors are engaging in espionage against civilian targets. Attacks in this area are often overlooked by AV and security companies due to the low resources […]

Read more

Watching the watchers: hacking wireless IP security cameras

Low cost commodity IP surveillance cameras are becoming increasingly popular among households and small businesses. As of April 2013 Shodan (www.shodanhq.com) shows close to 100000 cameras active all over the world. Despite the fact that there are many models by different vendors, most of them are actually based on the identical hardware and firmware setup. […]

Read more

The World’s Deadliest Malware

This silent threat infects more than 1,000 victims annually. It shows no prejudice, it has no compassion. It comes like an unseen thief in the night to steal. It IS the World’s Deadliest Malware. Point of Sale breaches continue to plague the business world. Credit card data is being stolen in ever increasing numbers with […]

Read more

Software Refined Networking – The Path To Hell Is Paved With Good Abstraction

New application architectures, programmatic languages and frameworks, the (un)availability of exposed platform security capabilities combined with virtual/physical networking and workload mobility are beginning to stress our “best practices” from a security perspective. What are the real security issues (or hype) of Software Defined Networking (SDN) and the vision of the Software Defined Datacenter?

Read more

Ending the information security arms race with end-to-end encryption

Information security today has evolved into a big data arms race. As vendors create ever more elaborate and sophisticated systems to flag and investigate abnormal events, the huge amounts of log data is driving up costs for storage, processing, software and network transport. A more effective, less costly information security approach is to protect information […]

Read more

.NET Reversing: The Framework, The Myth, The Legend

This talk will cover the current state of the art in .NET reversing, down from PE format of .NET assemblies through various types of obfuscation, and into reversing tools and techniques. Finally, we will explore reversing popular .NET RE tools in an attempt to modify their behavior.

Read more

MILLION BROWSER BOTNET

Online advertising networks can be a web hacker’s best friend. For mere pennies per thousand impressions (that means browsers) there are service providers who allow you to broadly distribute arbitrary javascript — even malicious javascript! You are SUPPOSED to use this “feature” to show ads, to track users, and get clicks, but that doesn’t mean […]

Read more

CRYPTOGEDDON – Sector 2013 Edition: Online Cyber Security War Game

A CSEC cybersecurity analyst has gone rogue. He has taken a large cache of top secret files that include the names and identities of several secret agents working in foreign countries. This rogue analyst has stowed these files on the internet in an encrypted format and he is now threatening to share the location of […]

Read more

Securing Enterprise Mobility beyond MDM

Enterprise Mobility offers great challenges and great opportunities. There are a plethora of technologies that are constantly entering and evolving in the market (much of them overlapping) to address the security and manageability related to enterprise mobility (including BYOD). This discussion will focus on demystifying the landscape and to provide perspectives on leveraging Secure Enterprise […]

Read more

BREACH: SSL, Gone in 30 seconds

In this hands-on talk, we will introduce new targeted techniques and research that enable an attacker to reliably retrieve encrypted secrets (session identifiers, CSRF tokens, OAuth tokens, email addresses, ViewState hidden fields, etc.) from an HTTPS channel. We will demonstrate that this new compression oracle is real and practical by executing a PoC against a […]

Read more

The Threat Landscape

The Rapid7 Labs team vigilantly scans the horizon to discover new tactics being used by attackers as well as wide-spread vulnerabilities that must be addressed. The team has uncovered a myriad of important issues including significant configuration issues with serial servers, Amazon S3 storage, UPnP and more. The team is consistently tracking and analyzing malware […]

Read more

Appsec Tl;dr

Have you ever wondered what it takes to get one of those “Elusive” bug bounties that people are always snapping up? In this presentation, Gillis Jones will walk you through the fundamentals of the web, and on to the art of hacking the planet. Complete with examples, secrets that the professionals try and keep quiet, […]

Read more

CeilingCat IS Watching You

It shouldn’t be news to anyone that people share too much information online. In fact, one major problem that attackers and defenders have is the sheer volume of data that they need to sort through. In this presentation, Shane MacDougall will demonstrate leaked information that can lead to a successful attack, walk through a couple […]

Read more

Exploiting the Zero’th Hour: Developing your Advanced Persistent Threat to Pwn the Network

Advanced Persistent Threats (APT) and Botnets represent one of the largest security concerns with regards to network defense and exploitation. Most security professionals know about these advanced tools; many people have even discussed the overall concept regarding command and control of networked systems, however, many experts to not yet understand how to create a botnet […]

Read more
Subscribe to the Sector Blog
Enter your contact information below to have future blog posts delivered directly to your inbox!
Fields marked with an * are required