Visualizing Your Security Posture from Link, to Gateway, and Beyond

The intersections between IT, OT, and (I)IOT has continued to fuse multiple domains within the organization. And in a world where we need to fully understand our security posture and react to the world around us, visualization is key. During this presentation we will dive deep on the toolsets, tradecraft and methodologies to render (visualize) […]

Read more

The Tools of a Web App Pentester

During a web application penetration test, a tester often encounters different technology stacks and security controls implementations that requires the use of different tools and testing approaches. While commercial tools are often available for these specific scenarios – these can be hard to get in a short time frame (and can be very costly if […]

Read more

Step by step AWS Cloud Hacking

This talk focuses on real-life exploitation techniques in AWS cloud and the tools used to perform them. We will focus on these steps: Identify a server-side request forgery Gain access to instance meta-data credentials Enumerate IAM permissions Privilege escalation Connecting to internal VPC services via VPN Multiple tools, such as nimbostratus, enumerate-iam, Pacu and vpc-vpn-pivot […]

Read more

Car Hacking on Simulation

Cars are no longer simply mechanical. While they may be getting more advanced that doesn’t mean they are immune to hacks. One particularly sensitive entry point for hacking a car is the legally required OBD II port, which is basically “the Ethernet jack for your car”. This port works on a signaling protocol called CAN […]

Read more

Using Static and Runtime Analysis to Understand Third-Party Applications

Modern software applications are complex, highly integrated collections of components, authored by dozens or even hundreds of individuals, and the rise of open source has taken this complexity to the next level. As an end-user, how well do you understand what a piece of software is *actually* doing, under the hood? Is your favorite string […]

Read more

OWASP Find Security Bugs: The community static code analyzer

The Web application development lifecycle has numerous security activities. For developers, code review is a familiar recurring activity. To support Java developers, a project was started in 2012 called, “Find Security Bugs” (FSB). It is an extension of the SpotBugs project, formerly known as FindBugs. FSB is a community static analysis tool which targets specific vulnerabilities. Over the years FSB has evolved from a limited tool to a solid coverage of bug […]

Read more

Use the Tools You Have: Threat Detection and Hunting in Azure

As organizations continue their love affair with cloud services, critical components are increasingly exposed to threats in ways that can be easy to miss with traditional on-premises tools and technology.  On the other hand, major cloud-services providers have been stepping up their game and are (for a price!) providing the blue team with new ways […]

Read more

How much Cyber Insurance Do You Need, or Do You Need it at All?

Executives and the board face difficult decisions to determine whether cyber insurance is worth the spend and what limit to buy. Quantifying the financial costs of potential cyber incidents provides objective grounding for decision-making and reduces reliance on gut feeling, fear or intuition. However, cyber risk assessments usually don’t quantify the financial cost to the […]

Read more

Keyspace Reduction in Mechanical Locks

This quick-moving talk will cover techniques for reducing the range of combinations or keys you need to attack to successfully open a lock. There will be some math…but I’m not particularly good at math so it definitely won’t get complicated. We will cover a number of fun topics like decoding combination locks, figuring out how […]

Read more

Weapons of a Pentester – 2018 Edition

In this session Nick will demonstrate and review a list of physical and digital tools used by professional pentesters and red teams in the industry.

Read more

Extending Your Incident Response Capabilities with Sysmon

This presentation will introduce attendees to the free Sysinternals tool, Sysmon. Are you an incident responder? SOC analyst? Does your job require you to work with Windows event logs? Do you need to reconstruct attacker timelines? We will look at the Sysmon tool and compare its outputs to standard EVT logs Look at how Sysmon […]

Read more

Heimdall: Vulnerable Host Discovery and Lifecycle Monitoring Toolkit

Heimdall assumes that when a new vulnerability is disclosed, and an exploit goes public, criminals build scanners in order to detect the machines reachable on the internet which are affected by the new vulnerability. If these machines are found and compromised, they are often used by criminals for other activities (C&C panel, redirect to cloned […]

Read more

Angad: A Malware Detection Framework Using Multi-Dimensional Visualization

Angad is a framework to automate classification of an unlabeled malware dataset using multi-dimensional modelling. The input dataset is analyzed to collect various attributes which are then arranged in several feature vectors. These vectors are individually visualized, indexed and then queried for each new input file. Matching vectors are labelled as per their AV detection […]

Read more

Malboxes: Make Malware Analysis More Accessible

Malware is everywhere. Every organization has been infected by malware to some extent. Yet, most don’t have the expertise on staff to know if they are being targeted or if they are hit with mass-spreading malware. Knowing the difference is vital for a proper response plan. This is where Malboxes comes in. It is a […]

Read more

Elytron: Next-Generation Security for Java Servers

Elytron is a set of Java APIs and SPIs for application server security. Although it was developed to unify security across the WildFly application server, Elytron is an open-source, standalone library that can theoretically be used in other Java server environments. Within WildFly, Elytron has replaced the combination of PicketBox and the Java Authentication and […]

Read more

Metasploit Community: Tips, Tricks and What’s New

Let’s talk Metasploit! Come learn how the community is building tools that work not just for the single user, but for the whole team. Jeffrey will begin the presentation by discussing basic usage and capabilities, and then explore the roads less traveled as well as some new paths currently being explored in Metasploit Framework. Audience members will […]

Read more

TLS Tools for Blue Teams

TLS can cause problems for security teams, breaking TLS or ignoring TLS are common modus operandi, both are flawed and expose organizations to weaknesses. This session focusses on the management of TLS from a blue team perspective, without either ignoring or breaking TLS implementations. We will discuss specific tooling, FingerPrinTLS and TLSProxy will be the […]

Read more

Weapons of a Pentester

In this session Nick will demonstrate and review a list of physical and digital tools used by professional pentesters and red teams in the industry. Tools that will be demonstrated and showcased include: Metasploit (Exploit Framework) BeEF (Browser Exploitation Framework) Physical lock testing (Lock pick set – Snap gun, and lock pick card) Hak5 – […]

Read more

Security Training in a (Virtual) Box

We have designed a virtual training environment that allows the user to step through the quintessential phases of an attack: reconnaissance, scanning and enumeration, gaining access, maintaining access, and covering tracks. Licensed for reuse under Creative Commons, the materials can immediately be used for education and training purposes by attendees. We focus on what can be expected from […]

Read more

NOAH: Uncover the Evil Within! Respond Immediately by Collecting All the Artifacts Agentlessly

Imagine the moment when you realize that a malicious threat actor has compromised your network and is currently going through your confidential information. Faced with this dreadful scenario, you initiate an Incident Response. We have built an open source Incident Response framework based on PowerShell to help security investigation responders gather a vast number of […]

Read more

Extending BloodHound for Red Teamers

BloodHound has changed how red and blue teams approach risk in Active Directory environments. The interface is slick, the install is painless enough considering the dependencies, and the pre-built analytics deliver actionable intelligence. BloodHound provides the foundational elements – a reliable backend, a means for ingesting, querying, and displaying data – for users to extend […]

Read more

Chkrootkit: Eating APTs at Breakfast Since 1997

Chkrootkit will be 20 years old in 2017! The first Chkrootkit release was in 1997 and was written by my friend Klaus (CERT.br team) and I. Chkrootkit is a suite of posix shell scripts and tools written in ansi C, intended to run smoothly in virtually all Unix environments without dependencies. It is able to detect several rootkits, […]

Read more
Subscribe to the Sector Blog
Enter your contact information below to have future blog posts delivered directly to your inbox!
Fields marked with an * are required