Popping the Penguin: An Introduction to the Principles of Linux Persistence

Breaking in is half the battle. I’ve talked to so many people whose only objective is to try and break into systems. I get that. It’s awesome, the rush you get when you bring up that shell. But what then? Ops hardening does not end at the outer shell. Once you’re in, you still have […]

Read more

Enterprise Forensics = new category that focuses on user activity and what drives the business (analytics + behavior)

Many Security Analysts are tasked with assisting in Corporate Governance. This session explores the concept of network forensic investigations using a SIEM, and how security analysts can use it to assist in Governance, HR or law enforcement with network interception to gather evidence that must preserve chain-of-custody. With the challenges of cloud-based computing and mobile […]

Read more

The Bad Boys of Cybercrime

These silent attackers hit more than 1,000 victims annually. They shows no prejudice, have no compassion. They come like an unseen thief in the night to steal. They are, the Bad Boys of Cyber Crime. Point of Sale breaches continue to plague the business world. Credit card data is being stolen in ever increasing numbers […]

Read more

Data in the Cloud. Who owns it and how can you get it back?

With the rush to take advantage of all “the Cloud” has to offer, many companies are struggling with the new reality that their data is being sent outside the confines of the corporate environment and being stored in multiple geographic locations. With the Cloud comes the challenge of securing your data, understanding where it is […]

Read more

Malware Automation

Automation is key when it comes to production. The same is true for malware. Malware production has moved on from the traditional manual method to a more efficient automated assembly line. In this talk, I will take the audience on an over-the-shoulder look at how attackers automate malware production. Discussion will focus on the tools […]

Read more

Beyond the Smokers Entrance – Physical Security Assessments in Hardened Environments

This session will discuss conducing physical penetration tests in environments that have some level of security protections. A general framework of social engineering, physical intrusions and practical reviews will be proposed. We will explore how to bypass hard physical security controls, how to conduct comprehensive physical security assessments and how to implement more effective physical […]

Read more

Trust No One: The New Security Model for Web APIs

There are many great things about the new world of mobile and cloud applications. They enable us to be more connected and productive in our daily lives, whether it be tracking our exercise with a mobile app, banking on our phones, or seamlessly accessing the same data – whether it be for business or personal […]

Read more

Reacting to Cyber Crime: Preserving Crucial Evidence for Law Enforcement

Evidence handling is of primary importance for the RCMP Tech Crime Unit Members when called upon to investigate a possible cybercrime. When such an incident occurs, it is important that the IT personnel in place is in a position to clearly identify the potential digital-related evidence and to properly preserve it upon the arrival of […]

Read more

“Big Data Security, Securing the insecurable”

Big data is one of the fastest growing areas within IT. The benefits of big data have been well publicised however little is known about the actual security risks associated with the technology. This session cuts through the hype and will expose big data security risks, a new class of attack and the practical guidance […]

Read more

Stopping Cross Contamination with Network Access Control…”The ULTIMATE PATCH”

This session will highlight how Network Access Control is the ultimate patch checking system. By utilizing a set of key protocols NAC will define and implement a policy that will define the access requirement for devices attempting to access your network. Those policies are designed to look for among other things pre-admission endpoint security policy […]

Read more

Microsoft Security Intelligence Report, Canadian Edition

Threats have changed in dramatic and unexpected ways around the world over the past year as attackers continue to hone and evolve their strategies and tactics, and Internet-connected devices proliferate. Using the latest data from hundreds of millions of systems around the world and some of the Internet’s busiest online services, this session will provide […]

Read more

Fiber Channel – Your OTHER Data Center Network

The majority of large datacenter storage architectures in the world are currently based on Fiber Channel networks. Unfortunately, the emphasis on security, compliance, and audit remains on hosts and traditional Ethernet networks, leaving the Fiber Channel behind as “a storage thing” that for some reason is never secured. Abdicating this responsibility leaves the Fiber Channel […]

Read more

BIOS Chronomancy

In 2011 the National Institute of Standard and Technology (NIST) released a draft of special publication 800-155. This document provides a more detailed description than the Trusted Platform Module (TPM) PC client specification for content that should be measured in the BIOS to provide an adequate Static Root of Trust for Measurement (SRTM). To justify […]

Read more

How they get in and how they get caught

This talk will take you through the basics of how to pick, rake, bump, impression and bypass a lock, but be careful, you’re leaving a lot of evidence behind. Using datagram’s work at lockpickingforensics.com as a jumping off point we’ll explore how a picker gets in, and how, with careful observation and some practice, we […]

Read more

Threat Modeling 101

Threat modeling allows developers and security professionals to collaborate and catch vulns before they ship – and potentially before the code is even written. In this hands-on workshop, Leigh will teach the basics of threat modeling using a game called Elevation of Privilege.

Read more

Swiping Cards At The Source: POS & Cash Machine Security

You put your credit card in, I take your cash out. Point of Sale systems and Cash Machines are frequently targeted but rarely discussed. This talk will be a frank discussion about the types of attacks Ryan and John have both seen and executed against these types of machines, where these systems are vulnerable from […]

Read more

Building a Security Operations Center – Lessons Learned

This presentation will go through the various steps required to craft a Security Operations Center; including hiring and managing an array of human resources, monitoring, reporting, and mitigating technology, and covering the definition of repeatable, scalable processes, such as the OODA loop. The presentation will address the fundamental concepts related to training, structuring, and running […]

Read more

The US Department of Homeland Security’s Software Assurance Enumerations

The benefits of CVE, CWE, MAEC, CWSS, CAPEC, STIX and TAXII can often be at work without the users knowledge. Learn how these standards are working behind the scenes, and how you can use them to support information sharing and gain an advantage from crowd-sourced security information. Prior to 1999, software vulnerabilities were not widely […]

Read more

FUFW: 5 Steps to Re-architecting Your Perimeter

The hype train around next-generation firewalls (NGFW) continues to race forward, but replacing one device with a new shiny object isn’t going to ultimately solve the security problem. Securosis analyst Mike Rothman will put NGFW into proper context regarding the evolution of network security and give you 5 steps to move your perimeter protection forward.

Read more

Build Your Own Android Spy-Phone

Know your enemy! Attendees will see a live demonstration of how we built a proof-of-concept Android Spy-Phone. We will show how we developed the Android spy-phone module and demonstrate how to inject it into legitimate applications to infect unsuspecting victims. We will demonstrate how the spy-phone command and control server can take complete control of […]

Read more

Information & Risk Mitigation

Information is the lifeblood of today’s connected world. It plays a critical role in our personal lives and drives our businesses. Each year, the amount of information we create – from digital photos to business critical data – increases exponentially. Securing and managing our information, and the identities to access that information, becomes even more […]

Read more

How to Connect Security to the Business

When CISOs are briefing their executive teams or boards on the organization’s security (usually only when there’s a security incident), this is usually the challenge. Distill the volumes of data, assets, silos, operations, threats, and remediations down to a couple of key points. And this is to an audience who typically get their security information […]

Read more

Cryptographically Isolated Virtualized Networks – A Community of Interest Approach

Two ongoing industry trends are in conflict with each other. On the one hand, networks are increasingly being consolidated into shared infrastructure utilized by many different clients. From converged hardware networks, through virtualized IT shops, into the cloud, more and more traffic is being merged and intermixed on this shared infrastructure. Conversely, industry regulatory and […]

Read more

Enabling Access Assurance and Identity Intelligence for a multi-perimeter world

In today’s increasing open and interconnected enterprise, traditional perimeters are quickly being extended to multi-perimeters to support secure adoption of mobile, cloud, social and information interactions. The traditional network, IT, and end-point security capabilities are being enhanced to support these interactions and similar demands are put on the Identity and Access Management systems too. In […]

Read more

Analyzing Exploit Packs: Tips & Tricks

In this 30 minute session, we will look at tips and techniques that can help malware analysts and Incident Responders perform effective analysis and de-obfuscate/decode malicious exploit code. Primary focus will be on exploit delivery obfuscation and JAR exploit debugging.

Read more

Pivoting in Amazon clouds

From no access at all, to the company Amazon’s root account, this talk will teach attendees about the components used in cloud applications like: EC2, SQS, IAM, RDS, meta-data, user-data, Celery; and how misconfigurations in each can be abused to gain access to operating systems, database information, application source code and Amazon’s services through it’s […]

Read more

Today’s Cyber Threat Landscape – Prevention is no cure

AccessData will talk about Today’s Cyber Threat Landscape – The traditional cyber security infrastructure is riddled with blind spots… open doorways for threats you can’t see, because the tools you’re relying on can’t see them We will discuss how to eliminate those blind spots, allowing you to catch the data leakage your DLP misses, detect […]

Read more

Needle in a Haystack – Harnessing Big Data for Security

The polymorphic nature of malware, failure of signature-based security tools and massive amounts of data and traffic flowing in and out of enterprise networks is making threat management virtually impossible using traditional approaches without copies, samples or details how can one possibly prevent, contain and inform on targeted attacks? This session will demonstrate how to […]

Read more

Your own pentesting army complete with air support

This talk will discuss pentesting with an army of low-powered devices running a custom Linux distro (known as The Deck). The devices are connected via 802.15.4 networking for command and control. The Deck runs on the BeagleBone and BeagleBoard family of devices. An airborne version of The Deck which (along with wireless sensors) is embedded […]

Read more

Life’s a Breach! Lessons Learned from Recent High Profile Data Breaches

In this session, “Life’s a Breach! Lessons Learned from Recent High Profile Data Breaches,” Rapid7 will discuss what we can learn from recent high profile breaches including LinkedIn and Global Payments.

Read more

Microsoft’s Response Process: 10 Years of Hard-Knock Learning

The Microsoft Security Response Center has been responding to security vulnerabilities and incidents for more than 10 years, and we’ve learned a few things along the way. In this presentation, we’ll pull back the curtain and walk you through the formal processes and informal guidelines that we use to handle hundreds of vulnerability reports every […]

Read more

Monday Night Malware

As companies increase funding for Network Security and get mature in that space, the attackers are shifting their methodologies and attack vectors as well. Targeted malware is not the exception but a norm these days. “Data in Transit” is becoming the new goldmine as the data in database gets ample encryption treatment these days. Parsing […]

Read more

Building Dictionaries and Destroying Hashes Using Amazon EC2

By aggregating and creating new dictionaries and manipulating them to guess plaintext and hashed passwords in high profile password exposures, I’ll demonstrate which dictionary attacks are the most effective. I will also demonstrate the building of passphrase dictionaries, an analysis of their effectiveness, and demonstrate a tool for building passphrase dictionaries. The password and passphrase […]

Read more

*PT, Chinese cyber-something, the summer of breach and doing it wrong

The ugly bastard child of FAIL Panel, a discussion on Malware letters received to our mailbag and other general observations on infosec. We’ll disagree, agree, talk over each other, ramble until cut-off, throw things and generally entertain you (we may bring chocolates and super secure LiquidMatrix USB keys – as seen as DEFCON). Vendor and […]

Read more

Threat Intelligence: What makes it smart

SIEM and feeds intelligence are common words found in the information security industry. We see them popping up in areas ranging from application, business, situation and threat intelligence. Whether the meaning is automated log analyses or manually generated reports of OSINT, threat intelligence is quickly becoming a must have item in any companies security arsenal. […]

Read more

Face Today’s Threats Head-On: Best Practices for a BYOD World

Today’s threat landscape is evolving radically and BYOD (Bring Your Own Device) is all the rage. In 2011 alone, Symantec detected and blocked 5.5 billion malicious attacks, an increase of more than 81 percent from the previous year. Social networks and mobile computing are opening up new security vulnerabilities and personal sites and blogs were […]

Read more

Introduction to Web Application Testing

Have you ever wondered what SQL injection was, and how it worked? Couldn’t figure out how someone could take over your web browsing and redirect you to another site entirely, or intercept and replace legitimate web traffic with some nasty malware? Dave Millier and Assef G. Levy will give you an overview of web application […]

Read more

Recent Advances in IPv6 Security

The IPv6 protocol suite was designed to accommodate the present and future growth of the Internet, and is expected to be the successor of the original IPv4 protocol suite. It has already been deployed in a number of production environments, and many organizations have already scheduled or planned its deployment in the next few years. […]

Read more

Web Application Scanning in the SDLC

This presentation will review some of the reasons that web application security is so important – citing data from the Verizon Data Breach Investigations Report which identified web applications as one of the primary attack and data loss vectors. Next, an overview of a conventional scanning program will be outlined as well as how a […]

Read more

The Defense RESTs: Automation and APIs for Better Security

Want to get better at security? Improve your ops and improve your dev. Most of the security tools you need aren’t from security vendors, they don’t even need to be commercial. You need tools like chef & puppet, jenkins, logstash + elasticsearch & splunk or even hadoop to name but a few. The key is […]

Read more

VMware ThinApp: Does Isolation Trim your Risk?

Does using VMware ThinApp isolation trim your risk? This presentation uses known vulnerabilities in popular software products like Firefox, Internet Explorer, Java, and Flash to compare the security implications of native installations and the three ThinApp Isolation modes to determine the viability of ThinApp as a means of using archaic/legacy software. The end result will […]

Read more

Importance of integrating network forensics with host forensics

No matter what anyone tells you, no investigation is complete or comprehensive if it only includes host-based forensic analysis. The fact is the host never has all of the relevant information, and there are way too many techniques for ensuring that no incriminating evidence is ever left on the disk. Because of this reality, it […]

Read more

Hey, I just middled you, and this is crazy

But, here’s your password. Reset it, maybe? Everyone thinks they know about the Man in the Middle. Most places think as long as they have SSL, they’re immune. Attackers know better. We’ll demonstrate implications of Man in the Middle vulnerability that go beyond the 101. We’ll show how layer 2 weaknesses can be turned into […]

Read more

Anti-Forensic Techniques and Countermeasures

Digital investigations may be conducted differently by various labs (law enforcement agencies, private firms, enterprise corporations) but each lab performs similar steps when acquiring, processing, analyzing, or reporting on data. This updated talk will discuss techniques that criminals can use to throw wrenches into each of these steps in order to disrupt an investigation, and […]

Read more

The Kill Chain and Evolution in Intrusion Detection Mechanisms

Intrusion defense mechanisms have been around for approximately two decades. However, slippery assailants continue to evade even state-of-the-art mechanisms. We have more technology than ever but few approaches that work reliably, especially given with the explosion of attack vectors. The problem of accurate and consistent attack detection and defense amid a sea of noise appears […]

Read more

Security Organizational Behaviour – making people part of the solution

Why technology and process don’t solve the problem alone and how to make security part of the normal pattern of behaviour for your organization. Instead of assuming that “humans are the weakest link” this talk will show how to make people the first line of defence and make them an asset, instead of a liability.

Read more

APT ALL THE THINGS: are Mac users no longer safe?

A new development of 2012, targeted attacks (APTs) against human rights now often include malware specifically designed to compromise Macs. Mac users have long thought they’re safe, for a variety of reasons including: “nobody ever targets us” (not anymore!), “Macs are based on Unix so have additional security” (not if new vulnerabilities are found, or […]

Read more

Microsoft Security Intelligence Report; Canadian Edition

Threats have changed in dramatic and unexpected ways around the world over the past year as attackers continue to hone and evolve their strategies and tactics, and Internet-connected devices proliferate. Using the latest data from hundreds of millions of systems around the world and some of the Internet’s busiest online services, this session will provide […]

Read more

Forecast of Data Loss in Canada

How many breaches occurred in Canada last year? And how many might there be by 2015? How much personal confidential Canadian data will be lost next year? Join this session to learn which types of firms are losing data and how. He won’t name names, but Dave will quickly walk you through a cool model […]

Read more

Reversing Patches for Exploit Creation, Pen-Testing or Just Fun!

How many times have you wondered what really gets fixed inthe security patches released by vendors? Are you curious to find new vulnerabilities that could be introduced due to faulty patches? This talk will go over some basic reversing techniques that anyone can use to read what exactly gets fixed in patches. These techniques can […]

Read more
Subscribe to the Sector Blog
Enter your contact information below to have future blog posts delivered directly to your inbox!
Fields marked with an * are required