Tech 2 (718B) | SecTor 2022

August 18, 2022

Preparing SRM Leaders to Communicate the Relationship Between the Cyber Risks and Physical and Human Systems

By effectively communicating the association between cyber and physical and human systems, SRM leaders effectively improve senior stakeholders’ awareness, gain buy-in and get their risk management initiatives funded to better protect human and physical systems. As our networks continue to become more hybrid and the number of endpoints increases logarithmically due to the explosion of […]

August 18, 2022

State of Cloud Security in Canada: How Does Your Organization Measure Up?

Cloud security requires different tools, processes and skills than on-prem. How are organizations progressing in their security capabilities along this cloud transition? To find out, we collaborated with research firm IDC on a Canada-wide study to benchmark cloud security activity and outcomes. During this session we will discuss the security gaps that can appear as […]

August 18, 2022

A Hermit Out of Its Shell

We have discovered a family of targeted surveillance malware for mobile devices used by the government of Kazakhstan, Italian law-enforcement authorities, and previously deployed against the Kurdish minority in the conflict-plagued northeastern Syrian region of Rojava. The malware, which we named Hermit, is connected to Italian-based surveillance tech vendor RCS Lab S.p.A. and a related […]

August 18, 2022

Zhadnost – Finding and Tracking a GRU-controlled Botnet

This presentation details the discovery and analysis of a new botnet, named Zhadnost, first discovered by the author conducting DDoS attacks on Ukrainian government and financial websites shortly before and during Russia’s invasion of Ukraine. The botnet was later used against Finnish Government websites, on the same date President Zelensky addressed the Finnish parliament, and […]

June 20, 2022

AI in a Minefield: Learning from Poisoned Data

Data poisoning is one of the main threats on AI systems. When malicious actors have even limited control over the data used for training a model, they can try to fail the training process, prevent it from convergence, skewing the model or install so-called ML backdoors – areas where this model makes incorrect decisions, usually […]

June 20, 2022

Purple RDP: Red and Blue Tradecraft Around Remote Desktop Protocol

Remote Desktop Protocol (RDP) is the de facto standard for remoting in Windows environments. It grew in popularity over the last couple of years due to the pandemic. In addition to system administrators, many remote workers are now relying on it to perform duties on remote systems. RDP is secure when well deployed but, unfortunately, […]

June 20, 2022

Tokenizing the Dark Web: Applying NLP in the Context of Cyber Threat Intelligence

Training a model using Natural Language Processing (NLP) is challenging. Training one adapted to the unique vocabulary of malicious actors becomes even more difficult. This complex process highlights the need of having a continuously adaptive lexical able to follow new trends in illicit communities. To overcome the challenge of the distinct vocabulary used by malicious […]

June 20, 2022

Evasive Manoeuvres: Analysing the Past to Predict the Future of Malware Evasion Techniques

Malware is one of the prevalent security threats. Sandboxes and, more generally, instrumented environments play a crucial role in dynamically analysing malware samples, providing key threat intelligence results and critical information to update detection mechanisms. In this talk, we will analyse the evasive behaviours employed by malware authors to hide the malicious activity of samples […]

August 26, 2021

Towards Developing the Human Risk Assessment Platform

The threat landscape is expanding, even though the cybersecurity community enhances the efforts to address cyberattacks. The majority of cyberattacks begin with a spear-phishing email, which is commonly used to infect organizations with ransomware. The importance of establishing a cybersecurity ecosystem has been acknowledged by all sectors. Currently, the Covid-19 pandemic has demonstrated the different […]

August 23, 2021

Exposing Ransomware-As-a-Service and Where It’s Going Next

Ransomware attacks have been proliferating over the past five years, becoming an easy source of revenue for cybercriminals, and putting businesses at risk. How did we get here? What can security teams do differently to detect and respond to attacks more effectively? In this session, Ordr Evangelist Jamison Utter shares research on why ransomware exists […]

August 23, 2021

Building a Response Strategy to Advanced Threats

The SolarWinds SUNBURST attack was a rude awakening for many security teams, and it won’t be the last time Security leaders face tough questions about how an adversary evaded defenses and stayed hidden. With threats persisting inside the network for months, security teams need a new plan. In this session, CISO Jeff Costlow discusses strategies, […]

August 23, 2021

How We Automated Ourselves Out of On-Call Burnout … and You Can Too!

The repetitive nature of response tasks is one of the biggest causes of fatigue and burnout among Incident Responders. Anyone who’s been on-call on a Security team can remember how many hours they’ve spent opening the same tabs, clicking the same buttons, copy+pasting the same indicator data, and performing other similar tasks repeatedly. Imagine if […]

August 23, 2021

JavaScript Obfuscation – It’s All About the Packers

The use of JavaScript obfuscation techniques has become prevalent in today’s threats. From phishing pages to Magecart, supply chain injection to JavaScript malware droppers, they all use JavaScript obfuscation techniques on some level. The use of JavaScript obfuscation enables evasion from detection engines and poses a challenge to security professionals, as it hinders them from getting […]

June 7, 2021

Common NGINX Misconfigurations That Leave Your Web Server Open to Attack

NGINX is the web server powering one-third of all websites in the world. Detectify’s Security Research team analyzed almost 50,000 unique NGINX configuration files downloaded from GitHub with Google BigQuery and discovered common misconfigurations that, if left unchecked, leave your web site vulnerable to attack. This training will walk through the most common issues, including […]

May 31, 2021

hAFL1: Our Journey of Fuzzing Hyper-V and Discovering a 0-Day

In this session, we present hAFL1 and provide the implementation bits required to write a Hyper-V fuzzer. We uncover a critical 0-day in Hyper-V vmswitch which was found using our fuzzer – an arbitrary read vulnerability. Finally, we show a live demo of exploiting this vulnerability, which until only a few weeks ago could take […]

May 31, 2021

Full Circle Detection: From Hunting to Actionable Detection

How do you create new efficient, accurate, and resilient detection rules? There are a lot of steps to follow. This talk will take you through what I call Full Circle Detection. I’ll start with where to get hunting ideas and then to giving a turnkey alert for your Security Analysts using a real-world step by […]

May 31, 2021

Large-Scale Security Analysis of IoT Firmware

Today, the number of IoT devices in both the private and corporate sectors are steadily increasing. IoT devices like IP cameras, routers, printers, and IP phones have become ubiquitous in our modern homes and enterprises. To evaluate the security of these devices, a security analysis must be performed for every single device. Since manual analysis […]

September 16, 2019

IoT Security: An Insiders Perspective

The IoT industry is often lambasted for lax security, however it does face unique challenges. This talk brings expertise from a veteran security engineer who has spent the last few months embedded (hah!) in an IoT manufacturer, working on security from the inside. We will explore some of the unique challenges in this space, and […]

September 16, 2019

Chip.Fail – Glitching the Silicon of the Connected World

All smart devices, from cars to IoT, are based around processors. Often these processors are not considered as part of the threat model when designing a product. Instead, there is an implicit trust that they just work and that the security features in the datasheet do what they say. This is especially problematic when the […]

August 19, 2019

Threat hunting in the cloud

Threat hunting in the cloud is something that is not often talked about from a security strategy perspective. This talk will specifically cover techniques that can be used to support hunting within cloud environments. Recently, we have seen both Amazon and Microsoft release traffic mirroring capabilities within cloud environments which has allowed traditional network security solutions […]

August 19, 2019

Identity – the Foundation of your Zero Trust Architecture

The evolution to a mobile and cloud-first approach to IT has made the old perimeter-centric view of security obsolete. We are opening our systems, information, and businesses to access from anywhere at any time. In this new reality we need to securely enable, manage, and govern access for all users, from employees to partners, customers, […]

August 14, 2019

Malware in Google Play: Latest tactics used to penetrate the official app store

This presentation focuses on the malicious actors’ efforts to introduce and spread malicious apps through the Google Play app store, and how various players (consumers, internet providers, security firms, etc.) can help to thwart these efforts. One of the most common ways of conducting cyber security attacks (beside phishing) is through trojenized applications that end […]

August 12, 2019

The SOC Counter ATT&CK

The goal of the talk is to answer a few questions we often see or hear : “ATT&CK is nice and all, but how do I (we) get started?”, “How can I (we) detect those TTP?”, “Why use the ATT&CK Framework?”, etc. The ATT&CK Framework from Mitre is the new honest in the InfoSec world. […]

August 6, 2019

AI, Intelligently. A Current Look into AI in Cyber Security.

Algorithms are being used to choose who lives and who dies. Computers are being programmed to make ethical decisions that impact every facet of our lives. Based on the ethics of cyber-criminals, Check Point has made another gigantic leap forward by teaching our gateways to use algorithms to detect the DNA of Malware in an […]

May 27, 2019

Behind the Scenes: The Industry of Social Media Manipulation Driven by Malware

This talk is the ‘grand finale’ of a four-year long investigation that started with analyzing an IoT botnet, to discovering the structured industry that exists behind social media manipulation (SMM). SMM is the deliberate act of paying for popularity with followers or activity on social media. Adopting a bottom-up approach, the thorough methodology undertaken to […]

May 21, 2019

Your phone is using TOR and leaking your PII

Do you have a cellphone? Do you run apps on it? Your personal information is most probably traversing over TOR without your knowledge or consent. As part of our research, we identified a surprising amount of unencrypted, sensitive and confidential user data originating from mobile devices traversing the TOR network, which included: GPS coordinates, WiFi […]

September 5, 2018

How to Select your Future Hardware Security Module (HSM)

Hardware Security Modules (HSMs) come in a variety of shapes, forms and sizes, and are used for different purposes. They are also deployed in a myriad of ways based on your needs. If you are thinking about using HSMs, just curious about what is out there, or using them today and not sure if you […]

August 20, 2018

Security is an Illusion: How I Rob Banks

A light-hearted trip through security failures both physical and electronic that have enabled me over the years to circumvent security of most of the world’s largest banks. Through the use of tales from the front line and useful illustrative slides, I will attempt to take you through the lessons to be learned from an ethical […]

August 20, 2018

5G: Security Status and Opportunities

The next evolution of the global mobile communications network is on the horizon and the technology standards are being developed to support it…but how secure will it be? This talk will present an overview of the 5G security evolution and current status at the half-way point before official 5G release. The new network will not […]

August 20, 2018

Smart Contract Vulnerabilities: The Most Interesting Transactions on the Ethereum Blockchain

Smart contract security is a brave, new, and sometimes terrible field. This presentation will take you through a storytelling history of some of the most famous vulnerabilities of these first few years (from the Dao hack, to the Parity wallet vulnerabilities and including less-well-known but very interesting events like the DDOS attacks from late 2016). […]

August 20, 2018

Internet of Things: Is Winter Coming?

The concept of the Internet of Things (IoT) truly represents a radical shift in how companies will operate, governments will govern, and individuals will live their lives. Microcomputetechnologies and autonomous systems will permeate our day-to-day activities. They will introduce opportunities for simplification, optimization and accuracy, and they will threaten to distribute cyber threats into the deepest […]

August 20, 2018

Streamlining Compliance Programs for Operational Security

Enterprises today face pressure to improve security posture while also satisfying growing compliance requirements. These organizations are looking for ways to both unify their controls to measure and achieve multiple compliance requirements, and ways to assess them on a continuous basis for effective reporting and risk-based decisions. Mark will offer insights on how companies can focus their efforts, […]

June 4, 2018

Unblockable Chains – Is Blockchain the Ultimate Malicious Infrastructure?

In this principal research, we investigate the possibilities blockchain technologies pose as an infrastructure for malicious operations. We will demonstrate a POC of a fully functional C&C infrastructure on top of the Ethereum network – the second largest public blockchain which also acts as a distributed computing platform featuring a smart contract functionality. As Blockchain technologies gain more traction in recent […]

May 24, 2018

Deep Learning – Classifying Malicious Websites with Image Recognition Models

I will go over how transfer learning can be used to retrain a convolutional neural network (CNN) to accurately predict and label images of botnet C2 web panels and phishing websites. Image recognition to classify malicious websites can benefit in optimizing incident analysis as well as enhancing threat label data.

May 15, 2018

How to Spot a Fake: Improve Your Security Operations with Real-world AI

AI and machine learning are increasingly popular buzzwords cybersecurity, but not all AI techniques deliver the same value for every use case. Security professionals need to understand the different applications of AI and machine learning and how they can best be applied to address an organization’s specific needs. The potential of data science, artificial intelligence […]

September 28, 2017

FAIL Panel Version 5 – EquiFAIL!

In 2012, we talked about the APT. In 2013, we talked about BYOD and Consumerized IT. In 2014, it was #failAMA. In 2015, Ben Sapiro FAILED to submit an abstract. In 2016, James was VOLUNTOLD to do the thing. It’s 2017, and the voluntoldee said yes again. This is the time when we talk about […]

September 26, 2017

Securing Shopify’s PaaS on GKE

Shopify has leveraged Kubernetes through Google Container Engine (GKE) to build its new cloud platform. This PaaS is currently serving the majority of the company’s internal tools as well as business-critical production workloads. Moving to Kubernetes and a public cloud is no easy task, especially for a security team. Unfortunately for us, a hosted solution […]

September 25, 2017

Botract – Abusing smart contracts and blockchain for botnet command and control

In this talk, we discuss a possible new technique where hackers could abuse smart contracts that are deployed on the blockchain as means of command and control (C2) for botnets. We call this novel technique ‘botract’; derived by merging two words: ‘bot’ and ‘contract’. In this talk, we describe how hackers can exploit smart contracts […]

September 25, 2017

Reverse Engineering Automotive Diagnostics

Automotive diagnostics provide access for manufacturing, service, and forensics of automotive systems, and are present in nearly every vehicle on the road today. These systems provide a large attack surface, and often contain undocumented features. Unfortunately, information about these systems is proprietary, and tools for interacting with them are expensive. In this talk, we’ll introduce […]

September 25, 2017

Gitting Betrayed: How agile practices can make you vulnerable

Trust is an implicit requirement of doing business. At some point, we must trust employees, peers, and technology to a degree. The lack of proper management or understanding of these various trust relationships is a leading cause of security exposure. This talk will cover the analysis and exploitation of the trust relationships between code, platforms, […]

September 11, 2017

Decoding Cyberespionage from Insider Mistakes

People are not computers. This seems like an obvious statement, but many of our security controls treat people as though they are neat streams of code. This can cause problems when it comes to insider threat programs. If we approach insider threat analysis as a black and white then we risk more than wasted time […]

September 5, 2017

The Spy in Your Pocket

You walk into a meeting and the person you are about to talk to informs you that they will be video and audio recording everything. Would that change what you might say or do? What if we told you that your mobile device could be doing that, or worse, to you already? Visit this session […]

May 9, 2017

MS Just Gave the Blue Team Tactical Nukes (And How Red Teams Need to Adapt)

Windows Defender Advanced Threat Protection will soon be available for all Blue Teams to utilize within Windows 10 Enterprise, which includes detection of post breach tools, tactics and techniques commonly used by Red Teams, as well as behavior analytics. Combined with Microsoft Advanced Threat Analytics for user behavior analytics across the Domain, red teamers will […]

May 9, 2017

Pwning a Smart Home in Under 10 Minutes

This is an informative and action-packed session revealing the scary secrets of the current state of IoT device security. It focuses on the various techniques which Gupta and his team used to break into several smart homes (and enterprises) taking advantage of the insecurity in smart devices. Some of the devices he will cover during the talk […]

September 14, 2016

Control system security, are we living on luck?

Control systems are all around us, working in the background of our lives providing us light, water, heat, transportation, and many good things. These systems are becoming more digital and more connected than ever before, so we must consider control system security just like we do with IT systems. We certainly have seen a jump […]

September 12, 2016

Lessons from the Attack Chain: Bolster Your IR Program

It’s challenging to build out your Incident Detection & Response program when you’re wading in alerts and expected to cover cloud services, contractors, and remote workers, as well as your core infrastructure. In this session, Eric Sun will cover best practices from Rapid7’s Incident Response and Penetration Testing teams, and share the top gaps in […]

September 12, 2016

The Emerging Era of Cognitive Security

Today, businesses and data security leaders are looking for ways to better anticipate and even predict threats before they happen. Companies have a huge amount of data to process and very little time to do it, and new forms of targeted attacks have evolved. These new threats require new thinking, and that’s where the latest […]

September 1, 2016

Hiding in Plain Sight – Taking Control of Windows Patches

On the second Tuesday of every month, Windows administrators stand ready to deploy the swarm of patches issues by Microsoft addressing new vulnerabilities found on mission-critical systems. Although this patch management routing may have system admins feeling overwhelmed, Patch Tuesdays are expected, allowing them to plan accordingly for the maintenance windows. But IT organizations are […]

May 2, 2016

CANtact: Open Source Automotive Tools

Car hacking really came to light in 2015. We saw Jeeps getting attacked over the air, BMWs being remotely unlocked, and attacks on Tesla’s Model S. Yes, today’s cars are computers, and they going to have vulnerabilities. While cars have had in-vehicle networking for the last 25 years, only recently have we seen public attacks […]

May 2, 2016

Jihadism and Cryptography, from internet to softwares

Cryptography and social networks are some of the online tools used today to protect the communications of terrorists and to affirm their membership in terrorist organisations. The Internet has become the method of choice for communication. The number of sites calling for a jihad rose from 28 in 1997 to over 5,000 in 2005. The […]

Subscribe to the Sector Blog
Enter your contact information below to have future blog posts delivered directly to your inbox!