Security Architecture Review for Cloud-based Applications – Where to Start and How to Shift Left?

Application security architecture reviews are used to identify and assess security weaknesses due to architectural flaws in an application. This effort results in specific mitigation or remediation advice meant to strengthen the security posture of the application and reduce risk to the organization. As organizations increase their cloud adoption and innovate at an ever-increasing pace […]

Read more

Protecting Your Critical Data and Enhancing Cyber Recovery

Businesses today rely heavily on technology and data. Though most organizations have developed strategies to access critical data during an outage caused by natural disasters or power disruptions, these strategies have proven to be ineffective during a cyber-attack. Interconnected users, servers, cloud devices, and continuous web access results in an environment that is open for […]

Read more

Securing Your Operational Technologies

New Operational Technology (OT) systems support TCP/IP connectivity and are often interfaced with corporate IT networks. While this convergence brings many advantages from an operational perspective, it also exposes companies to considerable cyber risks if not managed properly.  In his presentation, the speaker will highlight the main differences between IT and OT systems, most of which […]

Read more

De-Escalate the Overly-Permissive Cloud IAMs

The principle of least privilege states that a subject should be given only those privileges needed for it to complete its task. The concept is not new, but our recent research on 18,000 production cloud accounts across AWS and Azure showed that 99% of the cloud identities were overly-permissive. The majority of the identities only […]

Read more

Azure AD and Microsoft 365 Security Fundamentals

Microsoft invests massively both to provide the tools to protect organizations against cyberattacks, as well as to actively identify and defend against them. Unfortunately, most organizations don’t take full advantage of these tools, and many leave themselves very exposed. This session is an overview of a full day workshop on the same topic. With so […]

Read more

Advanced Bot Landscape

Bots are software’s that automate web requests for various tasks without human intervention. Some are beneficial for the Internet but many of them represent a plague for ecommerce websites. Bad bots traffic represents around a quarter of the whole Internet traffic today and is predicted to increase. This traffic includes website content scanning, stolen credit […]

Read more

Build More Secure Apps by Harnessing the Power of OWASP SKF & ASVS on Kubernetes

Did you know OWASP Application Security Verification Standard (ASVS) can be used as a set of application security requirements? Do you know what the Security Knowledge Framework (SKF) is, and how you can use it to manage your application security requirements and train developers? Are you curious what it takes to deploy a containerized application […]

Read more

Trust or Dare: Supply Chain Risks in Aviation

The Civil Aviation sector is transforming itself to the next generation of digital technologies that will thrust it to the next stage of autonomous systems onboard aircrafts, including 5G service in the cabin, preventive maintenance, etc. Now that we are here, it’s time to perform not only the safety of the flight but security of […]

Read more

OPSEC is Not a Buzzword

Information security practitioners pride themselves on precision and attention to detail. We cringe at slick catchphrases. Yet there’s something that continues to elude many: what OPSEC really means, and where it applies. It’s time to change that. Delve into the history and evolution of Operations Security, gain familiarity with OPSEC assessment, analysis, and measures, and […]

Read more

Cloudy with a Chance of APT: Novel Microsoft 365 Attacks in the Wild

This past year has proved the point that advanced nation-state backed threat actors are increasingly investing their time and money to develop novel ways to access the cloud. These actors are especially interested in Microsoft 365, where more and more organizations are collaborating and storing some of their most confidential data. Especially for threat groups […]

Read more

Bot Shops and Info Stealers – Exploring the Dark Web’s Newest Frontier

Carding is one of the earliest forms of cybercrime. Since the 1980s, cybercriminals have developed various fraud tactics to steal and monetize credit card information. To prevent these types of attacks, financial institutions have developed anti-fraud measures to detect and prevent fraudulent transactions. These security precautions include checking various parameters like IP address, operating system, […]

Read more

For the Greater Good: Challenging the Vulnerability Disclosure Status-Quo

Over the last five years, we have publicly disclosed the details about dozens of software vulnerabilities with varying degrees of severity and their effect on a wide range of vendors including Oracle, Pulse Secure, Microsoft, Antidote, and Akamai. We have acquired hard-earned experience on the difficulty faced dealing with clients and vendors, the risks and […]

Read more

Coverage: How to Get Results from Threat Detection and Response Solutions

The security market is full of solutions to support threat detection and response: EDR, NDR, SIEM, XDR, SOAR, you name it. But just deploying tools is not enough to get results. Organizations must ensure they have the appropriate coverage of threats and technologies to detect and respond to incidents and minimize impact. This session introduces […]

Read more

Software Composition Analysis 101: Knowing What’s Inside Your Apps

The term Software Composition Analysis (SCA) is relatively new to the security world. However, similar approaches have been used since the early 2000s to indicate security verifications on open-source components. SCA has become an evolution of that. It is the process of identifying and listing all the components and versions present in the code and […]

Read more

An Anatomy of a DevOps Tool Chain Attack

Businesses are building their digital transformation strategies around in-house development and embracing the DevOps philosophy and associated tooling. However, DevOps tooling is commonly insecure by default, misconfigured and rely on the open-source community to keep things up to date and secure. While cyber security folks are catching up with how to secure the Cloud and […]

Read more

Broken Brokers in Boxes: Fuzzing Breaks Everything, Even Erlang

Behind the scenes of a trio of recently disclosed vulnerabilities are two innovations. First, putting fuzzing targets in containers makes memory exhaustion much easier to observe. Second, widening our definition of failure makes it possible to locate vulnerabilities even in “safe” environments like Erlang. This presentation begins with a brief review of fuzzing, focusing on […]

Read more

Adventures in Underland: What Your System Stores on the Disk Without Telling You

Even though you are the only person using a computer, you are not the only one writing to your disk drive! Surprisingly, your disk drive contains a lot of juicy information that can reveal a lot of secrets and history about what you did in the past. There are also places where data can be […]

Read more

Attacker Techniques: Data Exfiltration

Data exfiltration, or data theft, is a common event that occurs during a breach. This talk will go into detail on specific tools and techniques that attackers have used to exfiltrate data from victim organizations and the ways that we can identify evidence of data access, data staging or data theft. By understanding how attackers […]

Read more

Got DA?

Penetration Tests and/or Red Team Engagements are usually aimed at getting the highest level of privileges in an organization’s Active Directory domain aka Domain Admin. However, what most teams miss or simply ignore is the fact that there are things that can be done even when you have obtained Domain Admin privilege. This talk’s primary […]

Read more

How to Build an Insecure System out of Perfectly Good Cryptography

Cryptographers focus on provably secure cryptographic primitives. Standards bodies focus on syntax of messages. But there are many system issues that get ignored, leading to interesting security problems. Examples include trust models for PKI, misuse of web cookies, naming issues, and placing unreasonable demands on users. This session provides lessons on and mechanisms for avoiding […]

Read more

The CIS Critical Controls for Free – Defend all the Things!

The CIS Critical Controls are recognized as a good start in setting up a defensible infrastructure. They are platform / OS agnostic, aren’t driven by vendor agendas, and are very much community and volunteer driven. In this talk, we’ll discuss a typical organization, one that we’d see in many security engagements. We’ll discuss the various […]

Read more

A Few Things Right: Insights from Live and Simulated Incident Response Failures

While we continue to support the concepts of compliance, defense, governance, and prevention, it’s time to shift our focus beyond those measures with more emphasis on strategic response to incidents. This talk offers real stories of failure and practical, quick-win lessons on how to be prepared to respond quickly, accurately, and confidently when incidents occur. […]

Read more

Expand your cybersecurity program with complete visibility!

As enterprises face pressure amid growing internal and external compliance requirements, these organizations are looking for ways to expand visibility throughout their environments. Mark Holub offers insights on how companies can gain visibility throughout their environments to improve asset management, software inventory, vulnerability assessment, configuration compliance and more. Using real-world examples and forward-looking principles, Mark […]

Read more

OAuth – Everything You Wanted to Know but Not Really!

OAuth is a popular authorization schema used by many iOS and Android apps to delegate user authentication and authorization to a known third-party entity such as Google, Facebook or LinkedIn. This includes apps that enterprises develop or use to connect to G Suite or cloud providers such as BOX and Google Firebase. When users grant […]

Read more

Serverless Security Top 10 Risks

When adopting serverless technology, we eliminate the need to develop a server to manage our application and by doing so, we also pass some of the security threats to the infrastructure provider. However, serverless functions, even without provisioning or managing servers, still execute code. If this code is written in an insecure manner, it can […]

Read more

Surviving a Ransomware Attack – Lessons from the Field

Many have succumbed to the various forms on ransom-based malware. Whether it is Cryptolocker, Wannacry, Crysis or the many other forms on ransomware, numerous organizations assume they are not at risk and end up having to respond to a ransomware attack without proper preparation. This presentation will include firsthand case studies and lessons learned during […]

Read more

It’s Never DNS…. It Was DNS: How Adversaries Are Abusing Network Blind Spots

While DNS is one of the most commonly used network protocols in most corporate networks, many organizations don’t give it the same level of scrutiny as other network protocols present in their environments. Attackers have recognized this and have begun increasingly abusing DNS to establish command and control channels, exfiltrate sensitive information and bypass many […]

Read more

A Peep into the Iron Triangle: IoT Purchasing in a ‘Me First’ Society

With a plethora of IoT devices on the market, and consumer devices being used in the enterprise, it becomes ever trickier to decide on the right strategy for choosing. Product development lives and dies by the phrase ‘Fast, Good, Cheap – Pick Two’. Today, as we push the bleeding edge and strive for instant improvements […]

Read more

Threat Hunting: From Platitudes to Practical Application

Since its inception, the security industry has been inundated with trendy defense techniques, topics, terms, and products that once implemented will solve all of our security woes. For the last several years one of those terms, threat hunting, has become the darling of defenders and vendors worldwide. But just what is threat hunting? Is it […]

Read more

PCI for Pen Testers, Now with 100% More Cloud!

The Payment Card Industry Data Security Standard has a bad rap with the security community and for good reason. We’re doing it wrong. Penetration Testers in particular can play a key role in the effectiveness of PCI, but most have never read the Standard and even fewer really understand it. In this talk we’ll cover […]

Read more

Make Your Own Cloud Security Monitoring Solution

Established methodologies for monitoring cloud-based environments are less than ideal. They come with significant downsides, including the ability for attackers and mischievous users to avoid detection and bypass security controls. I would like to explore how we can use existing technologies like log management systems, SIEMs and the auditing features that cloud platforms already provide […]

Read more

Orchestrate. Automate. Accelerate.

As today’s digitally connected ecosystem continues to evolve, adapt and innovate, there has been a consistent, underlying theme across the landscape – teams are struggling to balance their increasing workloads with the limited resources at their disposal. As a result, it is becoming more difficult for Security, IT and DevOps teams to accomplish their goals, […]

Read more

From Profit to Destruction: Analyzing Today’s Threat Landscape

The security threat landscape is constantly in flux as attackers evolve their skills and tactics. Cisco’s Talos team specializes in early-warning intelligence and threat analysis necessary to help secure networks in today’s volatile threat landscape. In this talk, Earl will analyze how the threat landscape has evolved over the last year or so by looking […]

Read more

25 Techniques to Gather Threat Intel and Track Actors

In recent years, we have delivered many talks detailing threat actors, their operations, and their tools. How did we conduct such research and gather such intel? In this talk, we share 25 techniques for gathering threat intel and tracking actors (for example: crimeware (undisclosed) vulnerabilities, C&C misconfig, and underground marketplaces). We explain our use of […]

Read more

Pragmatic Cloud Security: The Future is Now

Cloud is a new frontier that requires new architectures, higher velocity processes and crisper business-level metrics—none which are really strengths of security programs and practitioners. Given that everything cloud is automated and API-enabled, security teams now have a big opportunity to build and embed security into the cloud technology stack. From continuous guardrails to automated workflows and […]

Read more

Building Bespoke Threat Intelligence Enrichment Platforms

The aggregation, normalization, enrichment, and contextualization of threat data and intelligence en masse necessitates a robust mix of innovation, automation, and flexibility. The Threat Analyst Workbench should provide mechanisms for extracting data from internal and external sources and building catalogues of intelligence. It should facilitate the analyst to characterize threats, identify outcomes, develop courses of […]

Read more

Barbarians At The Gate(way): An Examination Of The Attacker’s Tool Box

Attackers are always trying their best to breach your network to steal the secret sauce hidden inside. This session will delve into the attacker’s tool set and focus on the types of attacks that are being leveraged against companies today. I will examine tools, case studies and my own war stories.

Read more

Breach Happens: Effectively Responding to a Data Breach

Data breaches are the new reality, with the severity and cost of reported breaches escalating constantly. How an organization responds, and how prepared they are in the event of a breach can mean the difference between swift recovery and extended business interruption. This talk will cover: Pre-Breach planning and readiness Incident Response during a breach […]

Read more

How to Ramp Up Security Operations to Stop Advanced Threats

As attacks have become more sophisticated and continue to evolve, static technologies can’t keep up. Siloed solutions fragment your defenses. It takes power and precision to stop attacks. Join this session where we will explore; Do you have an intelligent, orchestrated and automated approach to prevent, detect and respond to threats? How did GFL Environmental […]

Read more

After the Incident: DIY Forensic Collection

Description: When it comes to a post incident self-collection of digital data such as: employee dismissal, data exfiltration, inappropriate behavior/computer usage, or security breach, there is potential for litigation. Whatever the situation, IT personnel should utilize forensic best practices to assure that the information is accurate, admissible, and that the data and original sources are […]

Read more

Moving Up the Security Maturity Curve – The Sisyphean Task

Compressed timelines, skill gaps, staff shortages, and an endless sea of new security technology options challenge organizations to keep pace with rapidly advancing threats. It’s easy for technology leaders to fall into the trap of spending their entire budget on bigger firewalls and trendy new endpoint solutions, while ignoring the simple things. Sometimes the best […]

Read more

Frugal Web Application Testing – Can in-house penetration testing achieve industry standard results while saving you money?

We live in a time where web applications play crucial roles in our society. To deploy a web application into production without properly securing the code and conducting a penetration test to identify the vulnerabilities for remediation, is to welcome an adversary to negatively impact business function, bypass access controls and steal data. While third party companies offer […]

Read more

Common Attacks Against Active Directory and How to Protect your Organization Against Them

This is not new research, and is really just a demonstration and summary of research done by Sean Metcalf, Rob Fuller, Tim Medin, Tal Be’ery, Benjamin Delpy and others (and they will be credited). It’s all too common that I see people who do not have a good understanding of common attacks against Active Directory […]

Read more

Top SIEM Use Cases You Should Implement Today

Developing and maintaining an effective SIEM often takes a small army, and can be quite vexatious. In this talk, the audience will be presented with a compilation of the best and most effective SIEM use cases. Gone are the days of noisy, false positive prone alerts – this talk is focused on high accuracy use cases […]

Read more

Building Your Own Open-source Android Penetration Testing Platform

Android has had a major growth spurt over the last few years and as a result the attack surface is expanding. Many tools for remotely controlling smartphones and obtaining the sensitive information that reside on them have been developed. At the same time, the penetration testing community hasn’t developed an established open source platform for […]

Read more

Rethinking Threat Intelligence

Optiv research has identified that one of the key challenges to Cyber Threat Intelligence providing impact is that the term “threat intelligence” has become heavily diluted and attached to a very diverse array of products, services and capabilities which are not easily adopted across the various enterprise security use cases. Our experience has shown that […]

Read more

When ‘Oops’ Isn’t An Acceptable Answer

You probably have an IT budget which includes security to some extent. You realize security is important but just don’t have the amount of people that you need to handle the influx of new exploits as well as manage day to day operations. Learning from others is always a good practice, however with most companies, […]

Read more

Can massive data harvesting drive down the time to breach detection?

With the time to breach detection remaining at 100-200 days and the 100’s of millions of dollars that will be lost to ransomware this year, it is safe to say that modern, relentless attackers have revealed a fundamental flaw in the traditional layered defense model. Any individual layer, when it receives updated security intelligence, does […]

Read more

Lighting up the Canadian Darknet Financially

Most are familiar with the term Darknet. Many have ventured a few times out of curiosity. For us, Darknet is an untapped source of Threat Intelligence and in some cases amusement. The news you see online about things being sold on the Darknet generally focuses on the United States, Russians, credit cards and drugs. While those are […]

Read more

The Power of DNS: Gaining Security Insight Through DNS Analytics

DNS is a critical component to all technology running on an enterprise network. Whether it is IT infrastructure, a corporate server, a desktop, a laptop, a POS system, external devices connected to a guest network or even unmanaged devices, such as smart phones or any other connected “thing,” they all use DNS to communicate internally and […]

Read more
Subscribe to the Sector Blog
Enter your contact information below to have future blog posts delivered directly to your inbox!