Demystifying the mobile network

We all have smart phones in our pockets these days allowing high speed network access just about anywhere. But few of us consider what is between the phone+tower and the Internet.  There is a magical jungle called the Evolved Packet Core (EPC) which is full of byzantine, arcane, and strange acronyms full of juicy attack […]

Read more

Predictions Panel

Ever wonder what the next big information security threat will be? So do we… and let’s face it, if we knew for certain, we would be keeping quiet and likely very rich. However, this panel session brings together a group with their collective finger on the pulse of information security in Canada and beyond, who […]

Read more

Mobile Fail: Cracking Open “Secure” Android Containers

We’ve known for some time that physical access to a device means game over. In response, we’ve begun to rely more and more on “secure” container applications to keep our private and company data secured. Whether you use LastPass to secure your passwords, or GOOD for Enterprise to make sure your company emails are locked […]

Read more

Anatomy of a Credit Card Stealing POS Malware

Credit card payment processing and point-of-sale (POS) systems are like a black box for most people without knowledge of its internal working. Recent data breaches of thousands of credit cards have shown that determined attackers have mastered ways to steal old fashioned magnetic stripe cards and are now targeting EMV card data (chip-and-PIN, chip-and-signature, chip-and-choice).  […]

Read more

The Latest Changes to SAP Security Landscape

The world of SAP deployments continues to evolve and certainly one of the big additions is the deployment of SAP HANA. This talk will review the current SAP security landscape, what attacks are currently prevalent and which ones are possible.  The talk will then take a deeper look specifically at HANA as a rich target […]

Read more

Unmasking Careto through Memory Analysis

In early 2014 Kaspersky Labs reported on an extremely advanced malware sample that was used in a sophisticated espionage campaign (http://bit.ly/1bl4L0e). As with many samples seen in these types of campaigns (Stuxnet, Duqu, etc.), Careto went undetected for a long period of time, even on systems with updated AV and HIPs products installed. In this […]

Read more

Hide it with encryption, display it with performance

A network protocol has performance requirements. In order to address these requirements, many implementations will leak some side-channel information, indicating how a tunnel is being used. Particularly approximate packet sizes and timing can be tied to a particular use of an encrypted tunnel. Pacumen is an open-source tool which can learn what a specific application […]

Read more

The Things You See (and Application Scanners Won’t)

Application scanners are a very common tool often used by security professionals to identify vulnerabilities and weaknesses in (mostly) web applications. However, due to the “developer factor”, applications often include weakness and vulnerabilities that are simply not “detectable” by scanners, and relying on these results often means ignoring significant security risks that are still presented […]

Read more

What’s Behind “Big Data” and “Behavioral Analytics”

“Big Data” and “Behavioral Analytics” are the latest hot terms in threat detection, but what do they mean and how do they work when applied to security? This presentation will uncover the math behind behavioral analytics explaining the principles and mathematics that make accurate threat detection based on anomalous behavior possible.  It will explain why […]

Read more

Stupid is as Stupid Does – The Good, The Bad and The Idiots

How Hackers get caught Everyone sees the daily stories about hackers stealing personal data and credit cards but the media moves on to the newest breach the next week. What happens to these cases and the criminals behind them? This presentation will cover Law Enforcement (the good), criminals and their motives (the bad) and the […]

Read more

Scaling Security in Agile Scrum

Agile Scrum is here to stay, and security teams aren’t adapting quickly enough. “Best-practice” Agile SDL models aren’t very helpful because they assume a simplified, idealized model of how software is built. In the real world, software development often involves multiple Scrum teams working on various components of a larger product. As a result, application […]

Read more

Human Metrics – Measuring Behavior

The human element is one of the weakest links, as a result your employees are now the primary attack vector.  From phishing and infected USB drives to lost mobile devices and weak passwords, people represent the greatest risk to most organizations.  Many organizations are now rolling out security awareness programs with the intent of changing […]

Read more

Cybercrime 101

Cybercrime continues to rise. While many businesses are improving their overall security posture using GRC regimes like PCI, HIPAA-HITECH, and SOX, and technologies such as Web Application Firewalls, Network Access Control devices, and SIEM solutions, attackers are making adjustments to avoid detection, becoming more creative in their approach to the attacks, and leveraging more complex […]

Read more

The Theory of Cyber Security Evolution: Adopting Continuous Active Threat Protection and Security as a Service

We’re all aware that the cyber threat landscape continues to shift and evolve at a staggering pace. Attacks are becoming more sophisticated and let’s face it – the notion that signatures are dead is an exaggeration. Cyber security is continuing to shift too, as industry experts begin to prescribe continuous monitoring over incident response. Recognizing […]

Read more

Fighting Next-Generation Adversaries with Shared Threat Intelligence

Adversaries today are technically advanced, structured around an underground governed by market forces, and using paradigm shifts in technology to compromise more victims. Through specialization and collaboration, attackers are becoming more effective and continue to cause widespread damage, even as systems become more secure. However, recent advances in technology provide the foundation for a new […]

Read more

Play Flappy Bird while you pentest Android in style

Doesn’t it bother you that you have to give up all your mobility when penetration testing Android applications and spend the majority of your time sitting in front of another device that has a running proxy? That will now be history. In this talk we will present a fully interactive proxy that runs as an […]

Read more

How’d That End Up On Pastebin?

Defenders are at a huge disadvantage, often investigating compromise with educated guesses based on theoretical knowledge of kill chains, anomaly detection, and IOCs. Experience adds the benefit of recognizing what has been done before, but few blue team members understand how attacks work and how attackers move or escalate during attacks. This talk will explore […]

Read more

Security for the People: End-User Authentication Security on the Internet

Despite the continued success by attackers to brute-force accounts, phish credentials, and otherwise impact the online security of consumers, a large portion of the sites and services consumers utilize still don’t take authentication security seriously enough. This presentation will review recent research into the state of end-user-facing authentication security as it relates to strong authentication, […]

Read more

KickaaS Security with DevOps and Cloud

Think DevOps and cloud reduce your security? Think again. In this session we will dive into the world of DevOps and show how it can dramatically improve security through consistency, resiliency, and standardization. We will demonstrate specific technical techniques for integrating security into DevOps, including automating security policy compliance through injection of security baselines, and […]

Read more

So, you want to be a pentester?

This presentation is designed to provide practical career advice to aspiring penetration testers, or those who want more insight into what the actual day to day life of a penetration tester is like. This presentation examines social, psychological, and physical issues surrounding a career in one of information security’s most popular fields. October 21, 2014 […]

Read more

Getting Into Mobile Without Getting Into Trouble, A Guide for the Stodgy Old Enterprise

Mobile platforms have taken the world by storm. Smart phones and tablets, connected watches, thermostats, light fixtures and alarm systems, connected cars, even remote control drones – whether it’s our clients, customers, or employees – everyone’s got them. And they are going to use them. What this means for those of us who work in […]

Read more

Corporation in The Middle

My ISP was deliberately MiTM’d my connection.  This talk discusses how they did it, how I detected what they did and what this means.  This talk covers what I learnt over three months of analysis focusing on the technology involved both on the ISP side and my own. I cover in detail how I went […]

Read more

The Internet of Fails: Where IoT Has Gone Wrong and How We’re Making It Right

This presentation will dive into research, outcomes, and recommendations regarding information security for the “Internet of Things”. Mark and Zach will discuss IoT security failures both from their own research as well as the work of people they admire. Attendees are invited to laugh/cringe at concerning examples of improper access control, a complete lack of […]

Read more

A New Way to Look at Endpoint Security – IT’s Job in a Connected World

Session 1: The Evolving Adversary Calls for a New Way to Look at Endpoint Security An organization’s employees are a threat actor’s most desirable and easily exploited target, ultimately gaining access to your entire network. Visibility into the by-products from keystrokes, contextualized with intelligence, is critical to pinpoint exactly where you are compromised and who […]

Read more

Re-Thinking Security Operations

Do your security solutions deliver effective coverage against the challenging new threat environment?  The threat environment has grown to be a too large a problem with protection infrastructures too narrow a solution to cover every possible attack in every circumstance.  Progressive (and costly) concepts like situation awareness, globally integrated intelligence and access to advanced tools […]

Read more

The Threat Landscape

The Rapid7 Labs team vigilantly scans the horizon to discover new tactics being used by attackers as well as wide-spread vulnerabilities that must be addressed. The team has uncovered a myriad of important issues including significant configuration issues with serial servers, Amazon S3 storage, UPnP and more. The team is consistently tracking and analyzing malware […]

Read more

SDN : Radically New Network Architecture, Same Old Cyber Security Protection

As Virtual Machines (VM’s) were the disruptive technology at the end of last century for server and storage platforms, Software Defined Networks (SDN) will be (already is) the first industry-changing, disruptive technology for switch and router platforms in this young century. SDN has already gained grass roots momentum as early adopters Google, Goldman Sachs and […]

Read more

Popping the Penguin: An Introduction to the Principles of Linux Persistence

Breaking in is half the battle. I’ve talked to so many people whose only objective is to try and break into systems. I get that. It’s awesome, the rush you get when you bring up that shell. But what then? Ops hardening does not end at the outer shell. Once you’re in, you still have […]

Read more

Stopping Cross Contamination with Network Access Control…”The ULTIMATE PATCH”

This session will highlight how Network Access Control is the ultimate patch checking system. By utilizing a set of key protocols NAC will define and implement a policy that will define the access requirement for devices attempting to access your network. Those policies are designed to look for among other things pre-admission endpoint security policy […]

Read more

Building a Security Operations Center – Lessons Learned

This presentation will go through the various steps required to craft a Security Operations Center; including hiring and managing an array of human resources, monitoring, reporting, and mitigating technology, and covering the definition of repeatable, scalable processes, such as the OODA loop. The presentation will address the fundamental concepts related to training, structuring, and running […]

Read more

Running at 99%, mitigating a layer 7 DoS

Application-Level Denial of Service (DoS) attacks are a threat to nearly everyone hosting content on the Internet. DoS attacks are simple to launch, but are often very difficult to defend against. Modern websites are a diverse set of moving parts, and a malicious actor only needs to find the point at which any one of […]

Read more

Today’s Cyber Threat Landscape – Prevention is no cure

AccessData will talk about Today’s Cyber Threat Landscape – The traditional cyber security infrastructure is riddled with blind spots… open doorways for threats you can’t see, because the tools you’re relying on can’t see them We will discuss how to eliminate those blind spots, allowing you to catch the data leakage your DLP misses, detect […]

Read more

It Takes a Village: Reducing the Threat Gap by Allying with Your Competition

With the maturation of IPS and other threat prevention technologies, security vendors have significantly narrowed the patch gap, but is it enough? The rise in APTs has opened a threat gap that most likely cannot be solved without some collaboration among the good guys – even if they are the competition. Learn how organizations utilize […]

Read more

Return of the Half Schwartz FAIL Panel w/Tales from beyond the echo chamber

The ugly bastard child of FAIL Panel, in its 2nd year running, a discussion on Malware letters received to our mailbag and other general observations on infosec. We’ll disagree, agree, talk over each other, ramble until cut-off, throw things and generally entertain you. Vendor and FUD free since last we last remembered to wear underwear.

Read more

Software Refined Networking – The Path To Hell Is Paved With Good Abstraction

New application architectures, programmatic languages and frameworks, the (un)availability of exposed platform security capabilities combined with virtual/physical networking and workload mobility are beginning to stress our “best practices” from a security perspective. What are the real security issues (or hype) of Software Defined Networking (SDN) and the vision of the Software Defined Datacenter?

Read more

Ending the information security arms race with end-to-end encryption

Information security today has evolved into a big data arms race. As vendors create ever more elaborate and sophisticated systems to flag and investigate abnormal events, the huge amounts of log data is driving up costs for storage, processing, software and network transport. A more effective, less costly information security approach is to protect information […]

Read more

Analyzing Exploit Packs: Tips & Tricks

In this 30 minute session, we will look at tips and techniques that can help malware analysts and Incident Responders perform effective analysis and de-obfuscate/decode malicious exploit code. Primary focus will be on exploit delivery obfuscation and JAR exploit debugging.

Read more

Needle in a Haystack – Harnessing Big Data for Security

The polymorphic nature of malware, failure of signature-based security tools and massive amounts of data and traffic flowing in and out of enterprise networks is making threat management virtually impossible using traditional approaches without copies, samples or details how can one possibly prevent, contain and inform on targeted attacks? This session will demonstrate how to […]

Read more

RATastrophe: Monitoring a Malware Menagerie

Over the last three years, our visibility into the threat landscape of civil society organizations and human rights NGOs has led to a number of discoveries about how various threat actors are engaging in espionage against civilian targets. Attacks in this area are often overlooked by AV and security companies due to the low resources […]

Read more

Fortifying Canada’s Cyberspace: Together

The foundation of Canada’s economy is increasingly dependent of the digital infrastructure that supports all sectors of industry. Confidence in this infrastructure is essential if individuals and businesses are to harness the opportunities it presents. Maintaining this confidence is a complex challenge, especially in face of continually evolving threats. Staying ahead of the threats to […]

Read more

How they get in and how they get caught

This talk will take you through the basics of how to pick, rake, bump, impression and bypass a lock, but be careful, you’re leaving a lot of evidence behind. Using datagram’s work at lockpickingforensics.com as a jumping off point we’ll explore how a picker gets in, and how, with careful observation and some practice, we […]

Read more

Fiber Channel – Your OTHER Data Center Network

The majority of large datacenter storage architectures in the world are currently based on Fiber Channel networks. Unfortunately, the emphasis on security, compliance, and audit remains on hosts and traditional Ethernet networks, leaving the Fiber Channel behind as “a storage thing” that for some reason is never secured. Abdicating this responsibility leaves the Fiber Channel […]

Read more

MILLION BROWSER BOTNET

Online advertising networks can be a web hacker’s best friend. For mere pennies per thousand impressions (that means browsers) there are service providers who allow you to broadly distribute arbitrary javascript — even malicious javascript! You are SUPPOSED to use this “feature” to show ads, to track users, and get clicks, but that doesn’t mean […]

Read more

Modern Malware and APTs – What Current Controls Can’t See

In this seminar, Ajay K. Sood will: Discuss the motivation and nature of APT and Modern Malware Outline malware trends, and the Modern Malware lifecycle Reveal how Modern Malware defeats current countermeasures Give examples of Data Exfiltration and botnet control

Read more

Beyond the Smokers Entrance – Physical Security Assessments in Hardened Environments

This session will discuss conducing physical penetration tests in environments that have some level of security protections. A general framework of social engineering, physical intrusions and practical reviews will be proposed. We will explore how to bypass hard physical security controls, how to conduct comprehensive physical security assessments and how to implement more effective physical […]

Read more

Pivoting in Amazon clouds

From no access at all, to the company Amazon’s root account, this talk will teach attendees about the components used in cloud applications like: EC2, SQS, IAM, RDS, meta-data, user-data, Celery; and how misconfigurations in each can be abused to gain access to operating systems, database information, application source code and Amazon’s services through it’s […]

Read more

Malware Automation

Automation is key when it comes to production. The same is true for malware. Malware production has moved on from the traditional manual method to a more efficient automated assembly line. In this talk, I will take the audience on an over-the-shoulder look at how attackers automate malware production. Discussion will focus on the tools […]

Read more

The Bad Boys of Cybercrime

These silent attackers hit more than 1,000 victims annually. They shows no prejudice, have no compassion. They come like an unseen thief in the night to steal. They are, the Bad Boys of Cyber Crime. Point of Sale breaches continue to plague the business world. Credit card data is being stolen in ever increasing numbers […]

Read more

Frayed Edges; Monitoring a perimeter that no longer exists

The foundations of traditional network security are crumbling in the public cloud. Old assumptions will leave your cloud deployments vulnerable and exposed. In this talk, we’ll examine the existing models of network security and how you can transition to new cloud-friendly models that take advantage of dynamic cloud environments. With the stage set, we’ll dive […]

Read more

Your own pentesting army complete with air support

This talk will discuss pentesting with an army of low-powered devices running a custom Linux distro (known as The Deck). The devices are connected via 802.15.4 networking for command and control. The Deck runs on the BeagleBone and BeagleBoard family of devices. An airborne version of The Deck which (along with wireless sensors) is embedded […]

Read more
Subscribe to the Sector Blog
Enter your contact information below to have future blog posts delivered directly to your inbox!
Fields marked with an * are required