The Evolution of Ransomware

Ransomware has evolved from a relatively minor annoyance with negligible costs into a multi-billion-dollar international criminal economy. With the advent of nation-state sponsored support for these evolving campaigns, it’s important to understand the various mitigation options so you never have to rely upon the “honour amongst thieves” in order to recover your data. Based on […]

Read more

Software Supply Chain Security: Knowing What You Don’t Know

Attackers know that the majority of modern application code is composed of open source software. Today, Checkmarx researchers witness, in real-time, attackers planting packages with malicious code into open source software supply chains. As a result, as application developers perform builds, malicious code becomes part of the applications you are publishing. Making matters even worse, […]

Read more

Researching Risk: The Qualys Approach to Identifying and Reducing Risk

In recent years the number of vulnerabilities, threat actors, tools, tactics, and techniques has grown exponentially. Keeping track of what is important is a daunting task for an organization of any size. At Qualys, the research team is looking at the threat landscape around the clock to prioritize what is important for our customers. This […]

Read more

Indicators Everywhere! How SOCs Can Maintain Efficiency Against Any Attack

Security Operations Center (SOC) teams are being stress-tested today like never before. With increasing pressure to respond to a variety of signals demanding their attention, optimizing a security operations center has proven to be increasingly challenging. The SOC strategy you implement can not only help to prevent threats from causing harm, but it can also […]

Read more

Into the Abyss: Cybersecurity Tool Selection, Rationalization, and Decommissioning

The information security space is awash in point technology solutions. As a defender, how does one choose where to spend a limited security budget when faced with this sea of choices? How can we minimize overlap within the highly dynamic toolset we already own, rationalize vendor relationships, and decommission tools that overlap or no longer […]

Read more

Mobile Security – The Hackers Next Frontier

At the intersection between business and pleasure, mobile social applications access the most sensitive information about us and the world we live in. Hackers are focused on Mobile attacks now more than ever, as they represent the next frontier for security risk.

Read more

Time to Re-evaluate Your Security Layers

The layers of security we’ve deployed over the last 30 years must be re-evaluated since many organizations have fallen victim to cyber-attacks. How will today’s cyber security solutions solve the many business problems? This discussion highlights the pros and cons of the past solutions vs the present.

Read more

What is Linux Kernel Keystore and Why You Should Use It in Your Next Application

Did you know that Linux has a full-featured keystore ready to be used by any application or service it runs? Applications can securely store and share credentials, secrets and cryptographic keys, sign and encrypt data, negotiate a common encryption key – all this by never touching a single byte of the underlying cryptographic material. This […]

Read more

10th Anniversary FAILtacular!

They’ve let us do this 10 times now. It’s either SecTor’s longest running joke or the single most successful panel in the history of Canadian Security Conferences – it’s the “Littlest Hobo” of Security! As in years past, you’ll be treated to time with a distinguished panel of guest speakers (who are rarely told beforehand […]

Read more

A Diamond is an Analyst’s Best Friend: The Diamond Model for Influence Operations Analysis

Malign influence is one of the greatest challenges the world faces today. State-sponsored threat actors, criminals, and political actors alike are weaponizing information in online spaces to thwart elections, incite social division, disrupt supply chains, and manipulate markets. Due to the inherent overlaps in modern day digital influence campaigns and cyber intrusion campaigns, information security […]

Read more

Under the Hood of Wslink’s Multilayered Virtual Machine

In October 2021, we published the first analysis of Wslink – a unique loader likely linked to the Lazarus group. Most samples are packed and protected with an advanced virtual machine (VM) obfuscator; the samples contain no clear artifacts and we initially did not associate the obfuscation with a publicly known VM, but we later […]

Read more

The COW (Container On Windows) Who Escaped the Silo

Virtualization and containers are the foundations of cloud services. Containers should be isolated from the real host’s settings to ensure the security of the host. In this talk we’ll answer these questions: “Are Windows process-isolated containers really isolated?” and “What can an attacker achieve by breaking the isolation?” Before we jump into the vulnerabilities, we’ll […]

Read more

The Development of a Completely Unsupervised Machine Learning Pipeline for Security Analytics – from Ingestion to Analytics

Since the proliferation of data science applications in cyber security, there has been a complimentary division in the approaches to threat detection: Traditional and Machine Learning (ML). The traditional approach remains the predominate method in cyber security and is primarily based on identifying indicators-of-compromise via known signatures. On the other hand, ML applications are focused […]

Read more

Data-First SASE Using Behavior Intelligence and Risk Analytics

Do you have any idea how much time it will take to scan, identify, and secure every organization file containing sensitive information? Me neither, data are everywhere! You can’t mitigate data exfiltration with an IT tool. It’s an enterprise initiative to detect and respond to broken business processes and irregular activities. In this session, we’ll […]

Read more

Behavioral Biometrics – Attack of the Humanoid

The way we move our mouse, use our keyboard, and touch our phones is unique to us. Behavioral biometrics allows security systems to identify computer users across a wide variety of devices uniquely. While AI can help secure computer infrastructure, they are vulnerable to data-based type attacks. By capturing user interaction data, an attacker may […]

Read more

The Story of Ghost One

Rogue digital cinema server A15591 hadn’t just been modified to unlock encrypted feature films before release – it gave rise to a sprawling, parallel theatre distribution operation, one with its own insiders and security. How was it possible to unravel the heavily protected path from post-production to silver screen? Why did the scheme fail? At […]

Read more

The Call Is Coming from Inside the House-The Truth About Linux and Cloud Security

This presentation will discuss how reliance on cloud services and traditional hardening practices leads to increased successful attacks. We’ll look at how even non-APT attackers now invest more time and effort into creating custom malware, and we’ll discuss the solution to how companies can adjust their security posture to address cloud environments’ continuously changing threat […]

Read more

Deconstructing a Ransomware Attack: A Case Study in Privileged Account Misuse

Virtually every headline-generating breach is the result of misuse or abuse of privileged credentials. Proper PAM practices would have gone a long way towards preventing, speeding recovery, and minimizing damages from these incidents. In this session, we’ll discuss recent ransomware attacks, looking at what went wrong and how earlier detection of privileged account misuse could […]

Read more

Many Stunts, One Design: A Crash Course in Dissecting Native IIS Malware

Internet Information Services (IIS) is a Microsoft web server software for Windows with an extensible, modular architecture, allowing developers to replace or extend core IIS functionality. This session looks at how the same extensibility is misused by malicious threat actors to intercept or modify network traffic flowing through the IIS servers. These powers allow IIS […]

Read more

Secure and Scalable Development with Microsoft 365 and Azure AD

In this talk we’ll focus on leveraging Azure AD in Platform as a Service projects. We’ll start with Logic Apps as a no-code Web API platform for implementing your privileged code in a zero-trust architecture. Azure AD provides secure authentication between low-trust client-side code and Logic Apps, and Logic Apps should use delegated or service […]

Read more

Cloud Adoption – Trends and Recommendations for Security Teams

Organizations adopting cloud-based delivery are often at a loss as to how to navigate the technological and organizational changes introduced by this movement. Are we ahead? Are we behind? Do we really need to deploy to production hourly? What about security? This presentation provides insights from 451 Research’s view of technology and security trends as […]

Read more

Profiling Fraudsters from the Darknet to ICQ

Anonymity tools such as the tor network and cryptocurrencies are increasingly adopted by fraudsters to hide their tracks. They have enabled a darknet underground economy that centers around online illicit markets which has generated over USD$500 million in sales in the past year. Within online illicit markets, fraudsters create profiles and post ads for their […]

Read more

Poisoned RDP Offense and Defense

It’s safe to assume that many people reading this text have heard of using the Remote Desktop Protocol (RDP) to connect to other machines. But has anyone ever considered that merely using RDP can compromise their own computer? In this talk, we will not be covering a typical RDP vulnerability where a server is attacked […]

Read more

Beyond the Ones and Zeros: Aligning Effective Infosec and People Leadership Principles

It was the best of times, it was the worst of times… that pretty much sums up infosec today. We can’t figure out how to align to our businesses effectively, we love our silos, and constantly hire the wrong people. This presentation will address common issues in information security and people leadership areas, giving you […]

Read more

Hashes, hashes everywhere, but all I see is plaintext

I will recap traditional cracking techniques before utilising combinator attacks to challenge recent password guidance of passphrases over passwords. I will then focus on more advanced methods, leveraging additional tools to launch attacks such as Fingerprint, PRINCE and Purple Rain. Non-deterministic techniques will be shown that are designed for infinite runtime, resulting in candidate generation […]

Read more

Post-Quantum Manifesto

In recent years, the threat to the public key infrastructure posed by quantum computers has gained some attention. Standards agencies such as NIST and ETSI have begun efforts to standardize encryption and signature algorithms that are quantum resistant. This talk will introduce attendees to the threat posed by quantum computing and explain which parts of […]

Read more

Key elements to prioritizing security vulnerabilities and risks

Join Scalar, a CDW Company for a discussion on the key elements to prioritizing your security vulnerabilities and risks. Taking a holistic approach to risk management, we will help you understand how to follow best practices and manage your risk effectively and efficiently. Darren and Benjamin will go through some of the key elements that […]

Read more

FLAIR (Fuzzy simiLArIty fRamework)

FLAIR (Fuzzy simiLArIty fRamework): A comprehensive study on APT analysis using Fuzzy hash similarity algorithms by providing a framework comprises of more than 25 Fuzzy hashing algorithms Finding similar files has been a long recognized and ever-increasing need in malware research and forensic investigation. Cryptographic hash functions such as MD5, SHA1 and SHA256 are the […]

Read more

One-Person Army – A playbook on how to be the first Security Engineer at a company

How often have you heard that ‘Early stage startups don’t care much about Security because if there is no product, there is nothing to secure?’ Although there is merit in the argument that startups need to build product to sustain and grow, it often puts the person in charge of securing them in a tricky […]

Read more

Conquering Complexity: Addressing Security Challenges of the Connected Vehicle

As vehicles around the world become more and more automated, ongoing security threats become an even greater risk. But for the automotive industry, addressing end-to-end security poses significant challenges. Building a car isn’t done in isolation – components, manufacturers and global supply chains must be synchronistic to make the connected vehicle completely secure. In this […]

Read more

Twisted Haystack: Protecting Industrial Systems with Dynamic Deception

Deception techniques for cybersecurity are not new – honeypots have been used for many years. However, new types of deception techniques are being developed to supplement the classic honeypot approach. Deception can be used in several ways and for various end results. In this presentation, we will cover two main areas related to deception-based cybersecurity. […]

Read more

Fail Panel: Revenge of the Sixth

The Fails just keep on failing. We’re back for the 6th examination of the wide range of failures that our industry is not simply capable of but also EXCELS at. All the blinkie lights and all the shiny things that directly provide for day-to-day Fail. We know that this is sounding repetitive, but that’s kind […]

Read more

ATT&CKing the Command Line and Hunting for More

The MITRE ATT&CK framework has emerged as the most complete and detailed body of knowledge of adversary techniques and tools ever compiled. As such, anyone in threat detection and response should be studying it. In this talk we will provide a brief overview of MITRE ATT&CK and how it can be used to help organize and focus […]

Read more

The Chrome Crusader

Crusade into the wild world of malicious browser extensions. You will learn how to do keylogging, cookie stealing, credential harvesting and building a C&C server allowing you to execute arbitrary JavaScript remotely of your choosing. We will also be talking about CORS (Cross-Site Resource Sharing) and some interesting quirks with the browser extension environment. If […]

Read more

Serverless Infections – Malware Just Found a New Home

With Lambda by Amazon, Cloud function by Google, and Azure functions by Microsoft, we will definitely be seeing more and more organizations leveraging the advantages introduced by serverless computing. But what does serverless computing entail when it comes to security? With no dedicated server, is the risk higher or lower? Maybe it’s just different. Can […]

Read more

Breach Readiness, Mandatory Reporting and You!

For a long time now, it has been widely known that a proactive cybersecurity plan is not good enough, you must have a reactive plan as well. It is not good enough to simply mitigate a cyber breach, you need to be ready to react to one as well. However, in the very near future […]

Read more

Everything or Nothing: Active Defense in the Corporate World?

How can a good offense be a great defense? The concept of Hack-Back is extremely controversial and at first glance seems unsuited to the corporate world. However, in this session we will look at strategies and technologies you can use to actively defend your organization. Learn how create an active defense by using the attacker’s […]

Read more

Exploiting Hardware Wallet’s Secure Element

Hardware wallets, as well as other kinds of secure devices, must be designed to stay secure even when they are running in a hostile environment, including when they are in full control of an attacker. In order to ensure they stay secure in such conditions, physical attack resistant hardware is required but not sufficient for […]

Read more

The Cyberwar Playbook: Financial Services as Critical Infrastructure

How would you hack a bank? In this talk, we discuss how to improve the protection our nation’s critical private-sector cyber infrastructure, using financial services institutions as a case study, and highlight potential exploit chains and vulnerabilities in people, process, and technology. We begin with a thought experiment: if cyberwar were to break out tomorrow, […]

Read more

Lies and Damn Lies: Getting Past the Hype Of Endpoint Security Solutions

The endpoint protection space is a hot market right now. With statistics showing malware creation ranging from 300,000 to 1 million pieces a day, traditional signatures just can’t keep up. Ask any vendor about their solution and you get inundated with the marketing hype, machine learning, artificial intelligence, math models, and lions, tigers and bears! […]

Read more

The Black Art of Wireless Post-Exploitation

Most forms of WPA2-EAP have been broken for nearly a decade. EAP-TTLS and EAP-PEAP have long been susceptible to evil twin attacks, yet most enterprise organizations still rely on these technologies to secure their wireless infrastructure. The reason for this is that the secure alternative, EAP-TLS, is notoriously arduous to implement. To compensate for the […]

Read more

Improving Incident Response for ICS

Defending an ICS (Industrial Control System) requires additional considerations beyond the approach of traditional IT Security. For example, ICS incident responders are tasked with extracting forensic data for threat analysis and implementing indicators of compromise for threat mitigation as quickly as possible. All of this is expected while continuing to maintain the physical safety and […]

Read more

Disrupting the Mirai Botnet

The Mirai botnet has brought public awareness to the danger of poorly secured embedded devices. Its ability to propagate is fast and reliable. Its impact can be devastating and variants of it will be around for a long time. You need to identify it, stop it, and prevent its spread. I had the opportunity to […]

Read more

Rootkits vs Ransomware 2.0. Using evil to fight for good

Your company has been hit by ransomware. What do you do? Well, if you are a regular security system administrator, your next steps are restoring from backups (you have backups, right?), deploying behavior-based IDS/IPS or updated antivirus, and waiting for the next attack. But you’re not a regular security admin, are you? You’re a security […]

Read more

Prioritizing Vulnerability Remediation From an Attacker’s Perspective

While IT departments constantly battle against a tsunami of ever-increasing volumes of annual vulnerability disclosures, lack of visibility into the attacker’s perspective means that they retain an advantage, and still continue to breach organizations, causing massive damages to business. In this presentation, we will discuss a year-long study of vulnerability attributes, exploits and attack trends […]

Read more

Take Best Practices to the Next Level

Despite all of the advances in technology, we still aren’t doing a good enough job in basic house-keeping, The result is avoidable breaches and network compromises, we read about them daily. Leveraging best practices but not actually implementing formal processes and solutions isn’t cutting it any longer, as more and more companies who think they […]

Read more

When Two-Factor Authentication is a Foe: Breaking the iCloud Keychain

Everybody knows about Apple iCloud backups: how to disable this feature, or (if you are on the other side) how to download the data. However, iCloud is not just about backups. There is quite a lot of data that is also being *synced* across all the devices, and as such stored in the iCloud. This […]

Read more

An Effective Approach to Automating Compliance Activities

It seems that every day another company is breached, and a new standard or framework is proposed to help us handle this cybersecurity crisis. What most companies realize, although the regulators don’t seem to, is that we’re already overwhelmed performing our day-to-day tasks; adding these additional compliance activities onto our workload simply doesn’t work, at least […]

Read more

Stopping the Attacker You Know

One of the most challenging threats to mitigate is the “trusted employee”.   They have a position on the inside of your network, they have ownership of a trusted computer and they have basic knowledge of the information assets available. This presentation uses data from our penetration testing team to describe the specific techniques any employee […]

Read more

Hack Microsoft by using Microsoft signed binaries

PowerMemory is a PowerShell post-exploitation tool. It uses Microsoft binaries and as such is able to execute on a machine, even after the Device Guard Policies have been set. In the same way, it will bypass antivirus detection. PowerMemory can retrieve credentials information and manipulate memory. It can execute shellcode and modify process in memory (in userland […]

Read more
Subscribe to the Sector Blog
Enter your contact information below to have future blog posts delivered directly to your inbox!