SOC Automation: Faster Decision Making and Response

Security analysts spend two-thirds of their time on triage and investigation. Why then do most security operations teams only automate response? In this presentation, Andy Skrei will share his experience automating the end-to-end security workflow while leading security investigations at one of the world’s largest online retailers and through working with many of the world’s […]

Read more

CryCryptor, the Fake COVID-19 Tracing App That Targeted Canadians

Cybercriminals regularly use major newsworthy events as an opportunity to lure targets into their trap. The COVID-19 pandemic probably constitutes one of the most prolific and advantageous settings for the bad actors to launch their attacks: an anxious population, a digital transformation movement that pushed everyone online, high demand for goods that are no longer […]

Read more

A Brave New World – Attacks in the Age of COVID

The COVID pandemic has allowed attackers to exploit users with phishing attacks, ransomware, and other scams. FortiGuard Labs has recorded over 600 unique campaigns related to COVID cyberattacks per day. We will examine some of the top attacks, understand how attackers are creating the attacks, and the platforms they are targeting. Learn how attackers have […]

Read more

Detection Mastery – War Stories from the Hunters Side!

Threat Hunting is a rapidly evolving topic in cyber security. Armed with more than 20 years of enterprise and military experience, being on both red and blue sides – we plan to determine the approach to next generation detection.  The defending industry is shifting from Reactive to Proactive mode by deploying both Red Teams and Threat Hunters to constantly challenge […]

Read more

The fast and the FAIL 8

When it’s 2020 and all you can think about is how fricken awesome 2019 was, what better way to fill your time at a virtual conference than the 8th instalment of “oh, they’re talking about FAIL again” with the added special je ne sais quoi of 2020’s litany of FAIL. Join the yet to be […]

Read more

Submarines in Pirate Waters: Cloud Attack Strategies

For several years now, our application deployment and infrastructure constructs have changed. What have we done to help model and simulate what the attackers are doing on the internet? In this talk we will be discussing features found commonly in cloud environments, and specifically, Kubernetes based attack strategies that a group can simulate. The talk […]

Read more

Crown Jewels Lifecycle Management

Typically, business leaders find it challenging to provide oversight, guidance and act upon their organization’s Cyber strategy. To be able to make risk-informed decisions and invest judiciously in Cyber risk posture improvement, it is crucial to identify and effectively govern the protection of the organization’s Crown Jewels. I will provide a clear understanding of what […]

Read more

Solving Security’s People Problem by Expanding the Talent Pool

Cybersecurity issues are plaguing organizations large and small today, and not only due to technical issues. With the wide variety of tools available to cybercriminals, there is a significant need to introduce more qualified defenders to level the playing field. However, this is far from reality due to a well-documented skills gap – a problem […]

Read more

How to Store Sensitive Information in 2020

It goes without saying never ever store personal/sensitive information in clear text. It is also a well-known fact salting, hashing, or stretching your information can provide little protection against contemporary computer architectures and modern brute force attack constructs. Those abreast with this subject would have come across countless advocatory material suggesting using key derivation functions […]

Read more

Tech for Good, Maybe

Cambridge Analytica paid a data scientist 800k to develop an app called ‘This is Your Digital Life’. Facebook gave it a platform, and soon Analytica had the data necessary to influence the 2016 US election. So with it died any notion that technology is neutral; compute power just like any other kind is available to […]

Read more

DevSecOps: The Right Solution to The Wrong Problem

DevOps philosophies reduces the barriers between development and operations teams. Therefore, DevSecOps is when all three teams are working together in perfect harmony. DevSecOps is vying for the buzzword of the year and little else. In a PowerPoint slide, it’s a solid solution. But when put into practice, years of security team, communications challenges, and […]

Read more

Only After Disaster Can We Be Resurrected: Field Lessons in Cyber Incidents

Only after disaster can we be resurrected. While you’d think it’s wisdom from Gandhi or perhaps Buddha, it’s the insightful musings of fictitious character, Tyler Durden from the 1999 movie, Fight Club. This alter ego has it right. We can learn more from mistakes, errors or even disaster than we can from what went right. […]

Read more

The Great Hotel Hack: Adventures in Attacking the Hospitality Industry

Ever wondered if your presence has been exposed to an unknown entity even when you are promised full security and discretion at a hotel? The hospitality industry is a target nowadays for cyber threats. Hotels present many opportunities for hackers and other cybercriminals to target them resulting in data breaches accessing not only credit card […]

Read more

Common Flaws in Public and Private ICS Network Protocols

Industrial Control Systems / Supervisory Control and Data Acquisition (ICS/SCADA) are both the lifeblood of any critical infrastructure, and play an important role in any operation’s ability to communicate between various ICS components, relay sensitive data, or manage critical sensors and equipment. Due to the specific and unique needs of the industrial control industry, ICS […]

Read more

One Malicious Message to Rule Them All

As the world quickly transitioned to remote work due to COVID-19, companies were forced to make dramatic changes in how they operated. To keep employees safe and productive, companies adopted communication platforms like Teams, Zoom, Slack en masse. And while those tools fundamentally changed the way many of us work, they have also created new […]

Read more

Differential Privacy for Mobile Apps Busted!

In this session we bust Apple on their differential privacy claims for iOS devices by reverse-engineering telemetry data. We’ll illustrate how the privacy-preserving algorithm systemically suffers from implementation issues, how it leads to re-identification risk, how advertising IDs and hardware IDs are being misused to fingerprint users, and what needs to be done to preserve […]

Read more

PE Tree: How Covid19 Spurred a New Malware Reverse Engineering Tool

PE Tree is a new open-source tool developed by the BlackBerry Research and Intelligence team for viewing Portable Executable (PE) files in a tree-view using pefile and PyQt5. Aimed at the reverse engineering community, PE Tree also integrates with HexRays’ IDA Pro decompiler to allow for easy navigation of PE structures, as well as dumping […]

Read more

What’s in Your Pipeline? Ups and Downs of Container Image Scanners

BlackBerry, like many other companies, is on the move to containerized production environments. As containers become more ubiquitous, container security becomes crucial as well. Scanning container images for known vulnerabilities caused by vulnerable software is a critical security activity of the CI/CD process. Both commercial and open-source tools exist for container image scanning, however, not […]

Read more

Security Metrics That Matter

We measure so that we can improve and report. Reporting is for our bosses and job security. Improvement is for us. As an outnumbered security professional, you will never, ever have enough time, money and resources to add every layer of defence you wish you could, which means we need to work smarter. Learn about […]

Read more

A Hacker’s Perspective on Your Infrastructure and How to Keep Them Out of Your Life

We have a smart new generation who understands how to get around computer systems — some are doing it just for fun, while others are doing it with a slightly more sinister intent! Let’s stop here and let that sink in for a moment. Cybercrime is a very lucrative business not just because of the […]

Read more

Detecting AWS Control Plane Abuse in an Actionable Way Using Det{R}ails

Monitoring events will always be a big challenge for defensive teams. Now, with the increasing adoption of cloud by enterprises, new data sources are needed to monitor these services and detect security incidents. In the AWS Cloud ecosystem, the primary source of visibility of the control plane activities is called CloudTrail. Leveraging CloudTrail allows you […]

Read more

BHPD: BlueHound Path Destroyer

No, this is not a talk about the Beverly Hills Police Department. It is about a new tool that I built based on a methodology I developed for Destroying Active Directory Attack Paths found by BloodHound. This talk will cover the methodology and the various options that the script provides. All the features are aimed […]

Read more

Achieving PyRDP 1.0 – The Remote Desktop Pwnage MITM and Library

Remote Desktop Protocol (RDP) is the de facto protocol to remotely access Windows systems. Two years ago, we released PyRDP, a free and open-source RDP Monster-In-The-Middle (MITM) tool to tangibly demonstrate some of RDP’s common misconfigurations and associated risks. Since then, more RDP servers are exposed online and Microsoft’s RDP implementation has been the target […]

Read more

Are You Doing It Wrong? Highlights into Cybersecurity Quandaries

Statistics are speaking loudly! There is a disconnection between defenders’ perceptions of the value of the security controls they implement, and the most common attack vectors leveraged by penetration testers acting as potential attackers. This presentation highlights the key results of a two-year-long research study aimed at understanding this disconnection. The perceptions and practices of […]

Read more

Automating Intuition: Digging for Gold in Network Data with Machine Learning

Intuition, acquired through years of experience, is what sets experts apart from novices. Intuition is the ability to look at a large amount of information, quickly spot interesting items, and dismiss the rest. In the case of security audits, intrusion testers typically face hundreds, or even thousands, of assets early in an engagement. Their ability […]

Read more

Recon – The Road Less Traveled

Whether you do Pentesting or Bug Bounty Hunting, Recon is an important phase for expanding your scope. However, not everyone does that as they are busy filling forms with random payloads. Effective Recon can often give you access to assets/boxes that are less commonly found by regular Pentesters or Bug Hunters. More assets mean more […]

Read more

Heroku Abuse Operations: Hunting Wolves in Sheep’s Clothing

Abuse Operations, theft of services, and violation of acceptable usage does not get the spotlight it deserves because ultimately, the systems in question are “working as designed”. It is within these “cracks” that the abusers, the malicious users, and outright criminals operate their tools, campaigns, and other questionable interests. We will highlight how they are […]

Read more

Getting Rid of Passwords with FIDO2 and W3C WebAuthn

Most security experts would agree that password-based authentication is dead. The FIDO2 standard aims to replace passwords entirely and there is a good deal of chance that it will succeed. It has gained significant momentum in the past year, as key players like Microsoft, Apple, Google, and Mozilla started to jump on board. This talk […]

Read more

A DECEPTICON and AUTOBOT Walk into a Bar: Python for Enhanced OPSEC

When we see the terms Natural Language Processing (NLP) or Machine Learning (ML), often, our guts are correct, and it is vendor marketing material, frequently containing FUD. After tinkering with various libraries in Python and R with the use of some OSINT and SOCMINT techniques, I have found a use for NLP and ML that […]

Read more

Active Directory Database Security

How are passwords stored in Microsoft’s Active Directory and how can they be audited? What could an adversary do if they gained access to either a physical or a virtual hard drive of a domain controller? In what ways could one directly modify an Active Directory database file and how can such unauthorized changes be […]

Read more

Ransomware Attacks: Do’s & Don’ts

Ransomware attacks are prevalent. The actions taken by a company immediately after a ransomware attack can have major implications on their ability to restore operations. This talk will clearly explain which actions should be taken, and which actions might unintentionally cause an organization much more trouble. This talk will go through a series of Do’s […]

Read more

Can’t Stop This Train – Top Cases in Privacy Litigation

One of the core purposes of cybersecurity is to protect data gathered by an organization. Numerous countries around the world have enacted statutes to force organizations to protect their users’ data. Although organizations are making efforts to comply with regulations and implementing revolutionary cybersecurity products into their operations, we continue to see breaches of businesses […]

Read more

I Promise It’s Not a Computer: Power Grids, Online Voting, and the Lies We Tell

This talk showcases lessons learned from firsthand experience implementing everything from power transmission systems, smart meters, first responder radio systems, voting and election software to building automation (doors, HVAC, etc). We are increasingly asked to believe “that’s not IT” for a variety of reasons. This talk covers all the reasons, lies and how to deescalate […]

Read more
Subscribe to the Sector Blog
Enter your contact information below to have future blog posts delivered directly to your inbox!