Pulling back the covers on credit card fraud: A detailed look at financial fraudware.

Credit card theft has dominated the information security headlines recently and for good reason. This talk will demonstrate (with both Chip & PIN and magnetic stripe credit cards) how malware is able to steal the most critical details. It will also delve into the underground economy and explore how the stolen data is stolen, used […]

Read more

So, you want to be a pentester?

This presentation is designed to provide practical career advice to aspiring penetration testers, or those who want more insight into what the actual day to day life of a penetration tester is like. This presentation examines social, psychological, and physical issues surrounding a career in one of information security’s most popular fields. October 21, 2014 […]

Read more

Stupid is as Stupid Does – The Good, The Bad and The Idiots

How Hackers get caught Everyone sees the daily stories about hackers stealing personal data and credit cards but the media moves on to the newest breach the next week. What happens to these cases and the criminals behind them? This presentation will cover Law Enforcement (the good), criminals and their motives (the bad) and the […]

Read more

The Things You See (and Application Scanners Won’t)

Application scanners are a very common tool often used by security professionals to identify vulnerabilities and weaknesses in (mostly) web applications. However, due to the “developer factor”, applications often include weakness and vulnerabilities that are simply not “detectable” by scanners, and relying on these results often means ignoring significant security risks that are still presented […]

Read more

Identity in the Age of the Cloud

Organizations have traditionally enforced access to various services, applications, resources by establishing a person’s identity. Identity Management encompasses a number of processes such as authentication, authorization, provisioning, deprovisioning throughout a person’s life-cycle in the context of the organization. As employees bring their own devices and applications move beyond the firewall to the cloud, how should […]

Read more

What’s Behind “Big Data” and “Behavioral Analytics”

“Big Data” and “Behavioral Analytics” are the latest hot terms in threat detection, but what do they mean and how do they work when applied to security? This presentation will uncover the math behind behavioral analytics explaining the principles and mathematics that make accurate threat detection based on anomalous behavior possible.  It will explain why […]

Read more

Covering my IaaS: Security and Extending the Datacenter

It might still be “early days”, but cloud based infrastructure-as-a-service (IaaS) offerings are maturing fast and becoming financially compelling.  If you haven’t started to look at these services, you’ll need to sooner than later.  Of course, extending your datacenter outside of your datacenter has just a couple of security implications (that was sarcasm). This talk […]

Read more

How they get in and how they get caught

This talk will take you through the basics of how to pick, rake, bump, impression and bypass a lock, but be careful, you’re leaving a lot of evidence behind. Using datagram’s work at lockpickingforensics.com as a jumping off point we’ll explore how a picker gets in, and how, with careful observation and some practice, we […]

Read more

Vulnerability analysis of 2013 SCADA issues

This session is result of a yearlong study of the most recent SCADA vulnerabilities and includes root cause analysis, attack vector scrutiny, consequence of successful attack and remediation study. Attendees will get an insight into the factors that resulted in the nature and magnitude of the harmful outcomes in order to identify what actions need […]

Read more

Watching the watchers: hacking wireless IP security cameras

Low cost commodity IP surveillance cameras are becoming increasingly popular among households and small businesses. As of April 2013 Shodan (www.shodanhq.com) shows close to 100000 cameras active all over the world. Despite the fact that there are many models by different vendors, most of them are actually based on the identical hardware and firmware setup. […]

Read more

CRYPTOGEDDON – Sector 2013 Edition: Online Cyber Security War Game

A CSEC cybersecurity analyst has gone rogue. He has taken a large cache of top secret files that include the names and identities of several secret agents working in foreign countries. This rogue analyst has stowed these files on the internet in an encrypted format and he is now threatening to share the location of […]

Read more

Appsec Tl;dr

Have you ever wondered what it takes to get one of those “Elusive” bug bounties that people are always snapping up? In this presentation, Gillis Jones will walk you through the fundamentals of the web, and on to the art of hacking the planet. Complete with examples, secrets that the professionals try and keep quiet, […]

Read more

Threat Modeling 101

Threat modeling allows developers and security professionals to collaborate and catch vulns before they ship – and potentially before the code is even written. In this hands-on workshop, Leigh will teach the basics of threat modeling using a game called Elevation of Privilege.

Read more

Frayed Edges; Monitoring a perimeter that no longer exists

The foundations of traditional network security are crumbling in the public cloud. Old assumptions will leave your cloud deployments vulnerable and exposed. In this talk, we’ll examine the existing models of network security and how you can transition to new cloud-friendly models that take advantage of dynamic cloud environments. With the stage set, we’ll dive […]

Read more
Subscribe to the Sector Blog
Enter your contact information below to have future blog posts delivered directly to your inbox!