Cybercrime, CVEs, OVAL, CME and why you must care!

95% of downtime and successful criminal hacker attacks are because of your known vulnerabilities – find out what they are, current standards and new trends from the international standards body at MITRE, funded by the US Department of Homeland Security. Miliefsky is a Board member of this organization and will provide insights and free resources […]

Read more

DNSSEC: Theory and Worldwide Operational Experiences

The Domain Name System (DNS) has been up for an overhaul for many years, as the last “core internet” protocol left without any security. Attacks abusing the DNS to hijack domains, spoof websites and bypass spam filters are on the rise. July 2007 saw a major DNS hijacking attack. Gartner prominently added DNS attacks to […]

Read more

How Close is the Enemy

Hackers, terrorists, insiders, nation states and others all pose threats, but who really is capable of damaging our critical systems infrastructure. Not too long ago we were only concerned about hackers breaking into our systems. Today, we face a number of threats in cyber space. Trusted insiders now account for more that fifty percent of […]

Read more

Hacking Hollywood

Hacking stuff is for the birds. I’m taking a new path in life. I’ve decided to become a technical consultant for Hollywood. (No, not really, but work with me here). In my new role, I’ve decided it’s time to take up the torch for all my fellow consultants who have been abused by you people […]

Read more

Data on Threat Evolution – What 47 Leading Security Vendors Are Seeing

Forty-seven of the world’s leading security vendors collaborate with a single centralized, private source of threat intelligence for the data and technical analysis that drives their daily product updates and helps focus their longer-term technology innovations. This presentation draws directly on that same key data source to derive hard data regarding the evolution of threats […]

Read more

Wireless Security – What Were They Thinking

Wireless technology was supposed to mean freedom from wires and desks. It has instead become one of the biggest security nightmares for IT. How did we get here, what are the threats (existing and emerging), and where do we go from there. With wireless available on every new laptop and even Ipods now, it’s with […]

Read more

Hacking Bluetooth for Fun, Fame and Profit

Enhancements in cellular technology and mobile computing in recent years has lead to the availability of affordable and powerful mobile devices. Where before cellular phones where relegated only to the business class and other members of the upper-echelon of society, today they are deemed a necessity and have become so cheap in comparison to phones […]

Read more

Black Ops 2007: DNS Rebinding Attacks

The web has grown beyond anyone’s wildest expectations — but it’s still based on Internet protocols that go back thirty years. In this talk, I explore an interesting fault in the fundamental design of the web, which exposes every corporate network to the Internet and makes click fraud, SPAM, and worse distressingly trivial. Interestingly, the […]

Read more

Securing Commodity Systems using Virtual Machines

In this talk, I will summarizing advances in academic research for mechanisms that use Virtual Machine Monitors (VMMs) to increase the security of commodity systems. Commodity systems are often required to support functionality required by legacy applications that is often at odds with security. For example, commodity systems feature dynamic extensibility, and many commodity applications […]

Read more

TCP/IP Perversion

The evolution of rogue code has somewhat ignored the opportunities offered by kernel network drivers. In this paper we will analyze such opportunities and demonstrate several methods of data theft and system commandeering while evading perimeter/host based security systems and operating undetected in the long term. End node TCP/IP perversion relies on a kernel module […]

Read more

SQL Server Database Forensics

Databases are the single most valuable asset a business owns. Databases store and process critical financial, healthcare and HR data, yet businesses place very little focus on securing and logging the underlying database transactions. As well, in an effort to trim costs, many organizations are consolidating several databases on to single mission critical systems which […]

Read more

Human Factor vs. Technology

This lecture will present current challenges in operating systems security – from both a human as well as a technical perspective – and views on possible ways of addressing those issues. The main message will be that the so-called “human factor” is not, in contrast to common belief, the weakest link in IT security, as […]

Read more

State of the Hack

During the last ten years, Kevin Mandia has been on the front lines assisting organizations in responding to international computer intrusions, theft of customer credentials, and widespread compromise of sensitive data. During his efforts to resolve these incidents, many similar challenges and issues confronted each organization. During this presentation, Mr. Mandia will provide case studies […]

Read more

NAC@ack

The last two years have seen a big new marketing-buzz named “Admission Control” or “Endpoint Compliance Enforcement” and most major network and security players have developed a product-suite to secure their share of the cake. While the market is still evolving one framework has been getting a lot of market-attention: “Cisco Network Admission Control”. NAC […]

Read more

You’re Just Not Pretty Enough to Do Investigations

You’re not attractive enough to be on CSI: Miami, but who cares…this is real life. Join Kai Axford and members of Canadian law enforcement best cybercrime teams, for a fun and engaging session, as we demonstrate tools and techniques that will prove useful in your own computer investigations. Got questions on how RCMP and TPS […]

Read more

Exploit-Me Series – Free Firefox Application Penetration Testing Suite Launch

Security Compass is pleased to announce the release of the free Exploit-Me series of application penetration testing tools at SecTor. The toolset is made specifically for security consultants, developers and QA staff to facilitate testing of applications. The Exploit-Me series of tools are plug-ins to Firefox that allow for easy “right-click” style parameter fuzzing for […]

Read more

Modern Trends in Network Fingerprinting

Both a WhiteHat Audit and a BlackHat Compromise begin with scoping out the network. Using OS and Application fingerprinting techniques have been staples of Network Reconnaissance for close to a decade. Today’s techniques include passive, active, blind and invasive fingerprinting. A brief review of current and past strategies explains the strengths and pitfalls of each […]

Read more

Process Control and SCADA: Protecting Industrial Systems from Cyber Attack

With the recent advancements in national security initiatives, as well as parallel efforts in research by both the public and the private community, there is an immediate requirement for the strategic development of plans to protect Critical Information and Key Resources (CI/KR) from cyber attack. As such, Process Control and SCADA systems are beginning to […]

Read more

Security Challenges in Virtualized Environments

This presentation tries to show different security problems that might arise in virtualized environments. It first talks about virtualization based rootkits (AKA “blue pills”) — what so special about them, clarifies some misunderstandings and also discusses how real this threat is today. It also touches on the subject of virtual machine isolation and why we […]

Read more
Subscribe to the Sector Blog
Enter your contact information below to have future blog posts delivered directly to your inbox!