Threat Hunting Intelligently

Although times are unprecedented, for threat actors, it is business as usual. Even as times change, good threat intelligence will always be a bedrock of cybersecurity. Join Senior Security Research Consultant and Secureworks’ Threat Hunting lead Ryan Cobb, as he shares what’s on the threat horizon and how the Secureworks team is there to keep […]

Read more

A Savvy Approach to Leveraging MITRE ATT&CK

MITRE ATT&CK has shifted the balance of power from attackers to defenders. For the past few years, defenders have been increasing their security tooling and are detecting more adversarial techniques than ever before. Detecting events in your environment is only the first step. Going forward the focus isn’t going to be on if you detect […]

Read more

Identifying and Defending the Perimeter With Attack Surface Management

The need to operate online has driven businesses toward a digital transformation with cloud adoption at its core. The pace of this transformation sped up drastically as COVID-19 dispersed entire workforces and business operations around the world. In a matter of days, operating a business with an entirely “at home” workforce became the norm. And […]

Read more

Using Threat Metrics for Better Information Security Program Efficacy – Leveraging MITRE ATT&CK

Information Security leaders face a problem: to prove the value equation of their security investments. Security efficacy is often brought up as a key challenge – not just how to leverage technology, but how to measure what results it delivers. Enumerating how many detections were surfaced by a malware defense platform or if a perimeter […]

Read more

Security Transformed

Preceding the outbreak of COVID-19 was a trend across industries to transform the traditional IT stack into a new form of computing, one that was focused on enabling agility and innovation while also delivering cost reduction. This shift sought to leverage public cloud and cloud-like development methods as well as infrastructure design. The effort to […]

Read more

How to Automate Security Validation and Reduce Enterprise Security Risk

Cybersecurity software has evolved by leaps and bounds in the past decade. However, one domain was neglected and has fallen behind – security validation. Today, the measurement of a network’s cyber posture is done in a manual, non-scalable way, through costly 3rd-party pentesting service providers. As a result, a huge gap has been created between […]

Read more

Intelligent Network Security: A Paradigm Shift in Cybersecurity!

Cyberattacks are ever-evolving, increasingly using automation to morph and elude detection. Add to this an ever-expanding attack surface, the rapid growth of both cloud adoption and remote users, and a flood of new, hard-to-secure IoT devices. Clearly, the enterprise threat landscape has never been more challenging. Traditional manual and reactive security approaches are simply over-matched. […]

Read more

Level Up Your SOC: Meet CyBot, Our Open Source Threat Intel Chat Bot

Threat intelligence chat bots are useful friends. They perform research for you and can even be note takers or central aggregators of information. However, it seems like most organizations want to design their own bot in isolation and keep it internal. To counter this trend, our goal was to create a repeatable process using an […]

Read more

A Decade After Stuxnet’s Printer Vulnerability: Printing Is Still the Stairway to Heaven

In 2010, Stuxnet, the most powerful malware in the world revealed itself, causing physical damage to Iranian nuclear enrichment centrifuges. To reach Iran’s centrifuges, it exploited a vulnerability in the Windows Print Spooler service to gain code execution as NT AUTHORITY\SYSTEM. Due to the hype around this critical vulnerability, we (and probably everyone else) were […]

Read more

Mitigate Organizational Risk With Integrated Cyber Resilience

Threats have changed over the years and so have the targets. It’s not just your perimeter that is at risk, it’s your customers, your supply chain, your employees and your business reputation that could be easily tarnished with just one breach. In this session, we’ll discuss how and why you should consider an integrated approach […]

Read more

From Security Operations to COVID-19: Security AI State of the Nation, 2020

Many businesses are at a disadvantage when it comes to combating the bad guys. In cybersecurity today, there are too many threats, complex tools, and false positives– not to mention the lack of experienced security professionals – to defend your whole enterprise properly. Fortunately, technologies such as AI and analytics are here to help. However, […]

Read more

Dissecting Pandemic-Themed Malware and Threat Tactics

Threat actors have always played the game of emotions. Fear is the emotion they are using right now to lure users to click on an email or manipulate them to install an application. In the last four months, cyber criminals have used fear as their main weapon to compromise users by using pandemic-related themes to […]

Read more

Measuring Risk in 2020 – The Enterprise of Things Security Report

While cybersecurity teams work to address operational and functional gaps, cybercriminals develop attacks targeting the top areas of risk for a company. Using the Forescout Device Cloud, the world’s largest repository of connected device data, Forescout Research Labs analyzed the risk posture of more than 8 million devices to uncover detailed information about the greatest […]

Read more

Trends in IOT/OT/mIOT

Non-traditional operating systems are driving even more complexity to the security landscape. Whether it’s an IPCamera at a parking lot, a sensor on a conveyer belt or a control system kickstarting a nuclear reactor, these facilities need to be recognized by security. Defining and discovering these assets sets a new perimeter…utilizing their data safely is […]

Read more

Cloud First It for Dynamic Work

Okta has been supporting a remote workforce for years, but like many organizations we were not expecting a rapid shift to 100% remote work. Fortunately, our IT leaders had the secret sauce for a relatively seamless transition: a 100% cloud-based architecture. This session, featuring Okta’s IT leadership, will cover how Okta’s cloud-first IT strategy and […]

Read more

Evolving Your Security Culture

2020 has seen a significant shift in how businesses abruptly implemented remote working. With the massive surge of “Work From Anywhere” (WFA) and the information security challenges that came with it, there is a strong push to improve and modernize the security culture of organizations of all sizes, without compromising on collaboration and productivity. Join […]

Read more

How an XDR Approach Helps Speed Response & Improve MITRE ATT&CK Coverage

XDR is an emerging industry approach that extends EDR’s insight to a broad range of sources (endpoint, servers, network, email, and more). Join Trend Micro Sales Engineer, Peter Cresswell, to learn how the XDR approach takes advantage of detailed activity telemetry (not just alerts) from its sources, enabling more meaningful correlation and enabling rapid detection […]

Read more

SASE Success Behind-The-Scenes

SASE converges network, web, data, and cloud app connectivity and security, but implementing a true SASE architecture is a daunting task and there is no one-size-fits-all approach. Join Forcepoint Global CTO Nicolas Fischbach for insights on Forcepoint’s approach to delivering the industry’s first true data-centric SASE as well as providing steps for a practical approach […]

Read more

The Impact of Digital Transformation in the Face of Today’s Threats

Digital Transformation and the rapid need for supporting remote workers for digital business processes took every industry by storm. This change has presented new risks, unlike what companies have seen before, and has created the greatest loss of visibility for security, auditing, and quality control professionals since the emergence of the Internet. As companies continue […]

Read more

The Hunt is On!

“I do have are a very particular set of skills, skills I have acquired over a very long career. Skills that make me a nightmare for people like you.” – Bryan Mills (Taken) Wouldn’t it be nice if we all had the skills required to send that message to cybercrime actors? Wouldn’t it be nice […]

Read more

Building a Threat Intelligence Team From Scratch on a Budget

Budgets are tighter than ever during the COVID-19 pandemic and threat actors have only increased their malicious activity. This makes it difficult to start a new threat intelligence program, but it doesn’t have to be this way. In this talk we will teach you how to start a threat intelligence team from scratch using repurposed […]

Read more

Using Automation to Secure Your Remote Workforce

COVID-19 has already profoundly changed the way many of us work in security operations—including the necessary acceptance of BYOD (Bring Your Own Device). These devices make a tempting target for cybercriminals, and organizations are scrambling to beef up their perimeters. Learn the various solutions CIOs and CISOs are adopting to help address securing their remote […]

Read more

The Need for Speed: Collaborative Strategies for Accelerating Security Outcomes

While advances continue to be made in InfoSec practices and tools, attackers still seem to outpace defenders. Why? There is a plethora of industry knowledge about what should go into a mature security program, yet organizations still seem to struggle with how to go about building and evolving theirs in ways that provide real, tangible […]

Read more

Sophistication Advancements in Ransomware

Cyber attacks and specifically Ransomware continue to evolve and change the way the world does business. Over the last several years, actors performing ransomware attacks have increased their capabilities and sophistication which has resulted in more refined targeting, but also additional revenue generation. Josh will share some the most recent Canadian and Global attacks, as […]

Read more

Priority Intelligence Requirements (PIR) Are Not Just for Threat Intel Analysts

The Intelligence discipline has defined processes, analytical techniques, and procedures, but they are not only for Intel teams. The analytical techniques that have been cultivated, refined, and tested within the Intelligence cycle have been used for operational use to make teams more successful since they are adaptable. For example, Priority Intelligence Requirements (PIRs), are long […]

Read more

How to Talk to the Board About Cybersecurity

With the sudden shift of the global workforce from in-office to remote, IT teams quickly transformed their operations to accommodate the new realities of business — including large-scale adoption of work-from-home technologies, heightened activity on customer-facing networks, and greater use of online services. While these examples of agility allowed business to continue, they also greatly […]

Read more

A New Security Reality: Data IS the Perimeter

We all know that the operating paradigm in which business is conducted changes on almost a daily basis, yet the way we defend the sensitive data within our business has remained static for nearly 3 decades. Perimeter security is not sufficient, and that’s why we have embraced the concept of Securing the Breach by protecting […]

Read more

Understanding the Threat Landscape

Today’s attackers have abandoned the equivalent of sledgehammers for a quiver of custom arrows as they increasingly conduct extensive reconnaissance and choose weapons specifically tailored to exploit the defensive weaknesses they discover. Even worse, they have an ever-growing range of new or increasingly used vectors from which to choose. During this session, you will learn […]

Read more

Could Your Business Survive a Ransomware Attack?

Ransomware has been in the wild since 1983 but saw a steep rise with the advent of WannaCry in 2017 and is showing no signs of slowing down. In fact, we are seeing more breaches than ever before using this attack. It is important for everyone to understand how it works and how to avoid […]

Read more

Knowing Is Half the battle: Shared Responsibility and Secure Configuration in the Cloud

In this session, we will dive into the shared responsibility model that exists within the world of cloud service providers (CSPs). While the service providers take over much of the responsibility traditionally owned by IT teams, they also introduce new responsibilities that may create blind spots. We’ll look at how the CIS Benchmarks for CSPs […]

Read more

A Hackers Dream: Unmanaged Privileges

In times of crisis, good security practices are often the first thing to go. Organizations are being forced to revisit their “temporary” remote working policies and tools. An expanding remote workforce can increase your security risk, especially if your IT and Support employees use non-secure remote access tools as temporary measures. Are temporary remote access […]

Read more

Cyber Threat Intelligence and Today’s Complicated Cyber Security Environments

Threats to your organization can be overwhelming. Your Threat Intelligence shouldn’t be. Today, there is a huge and growing need for the simplification of threat intelligence. Security environments are already over-complicated and getting worse. In this session, you’ll learn how up-to-the-minute, relevant data can help you manage the risks associated with IT security threats, within […]

Read more

Don’t Be Afraid to Upgrade: Lessons of Speed and Security From High Performance Open Source Development

For the past six years, I’ve studied behaviors of 15,000 commercial development teams, 24,000 open source projects, and the community of adversaries attacking open source software supply chains. One thing is certain: when it comes to security, speed is king. In 2017, it took three days for adversaries to exploit new vulnerabilities discovered in open […]

Read more

AD Security vs Modern Attacks

Active Directory has been providing critical services and infrastructure to nearly every company, organization and even government agencies since Y2k. AD has grown with us, both in functionality and security but so have the attackers. Since AD contains information about all of our users – both standard and admins, touches and controls access to most […]

Read more

Zero Trust Security Starts With Identity

Some organizations have been embracing the “Zero Trust” security model, and others are still trying to decide what it means and whether it makes sense for them to try it. With the sudden need for more flexibility, scalability, and remote access, many of these enterprises have found themselves in unfamiliar territory without a map. In […]

Read more

SOC Automation: Faster Decision Making and Response

Security analysts spend two-thirds of their time on triage and investigation. Why then do most security operations teams only automate response? In this presentation, Andy Skrei will share his experience automating the end-to-end security workflow while leading security investigations at one of the world’s largest online retailers and through working with many of the world’s […]

Read more

CryCryptor, the Fake COVID-19 Tracing App That Targeted Canadians

Cybercriminals regularly use major newsworthy events as an opportunity to lure targets into their trap. The COVID-19 pandemic probably constitutes one of the most prolific and advantageous settings for the bad actors to launch their attacks: an anxious population, a digital transformation movement that pushed everyone online, high demand for goods that are no longer […]

Read more

A Brave New World – Attacks in the Age of COVID

The COVID pandemic has allowed attackers to exploit users with phishing attacks, ransomware, and other scams. FortiGuard Labs has recorded over 600 unique campaigns related to COVID cyberattacks per day. We will examine some of the top attacks, understand how attackers are creating the attacks, and the platforms they are targeting. Learn how attackers have […]

Read more

PE Tree: How Covid19 Spurred a New Malware Reverse Engineering Tool

PE Tree is a new open-source tool developed by the BlackBerry Research and Intelligence team for viewing Portable Executable (PE) files in a tree-view using pefile and PyQt5. Aimed at the reverse engineering community, PE Tree also integrates with HexRays’ IDA Pro decompiler to allow for easy navigation of PE structures, as well as dumping […]

Read more

What’s in Your Pipeline? Ups and Downs of Container Image Scanners

BlackBerry, like many other companies, is on the move to containerized production environments. As containers become more ubiquitous, container security becomes crucial as well. Scanning container images for known vulnerabilities caused by vulnerable software is a critical security activity of the CI/CD process. Both commercial and open-source tools exist for container image scanning, however, not […]

Read more

Detecting AWS Control Plane Abuse in an Actionable Way Using Det{R}ails

Monitoring events will always be a big challenge for defensive teams. Now, with the increasing adoption of cloud by enterprises, new data sources are needed to monitor these services and detect security incidents. In the AWS Cloud ecosystem, the primary source of visibility of the control plane activities is called CloudTrail. Leveraging CloudTrail allows you […]

Read more

BHPD: BlueHound Path Destroyer

No, this is not a talk about the Beverly Hills Police Department. It is about a new tool that I built based on a methodology I developed for Destroying Active Directory Attack Paths found by BloodHound. This talk will cover the methodology and the various options that the script provides. All the features are aimed […]

Read more

Achieving PyRDP 1.0 – The Remote Desktop Pwnage MITM and Library

Remote Desktop Protocol (RDP) is the de facto protocol to remotely access Windows systems. Two years ago, we released PyRDP, a free and open-source RDP Monster-In-The-Middle (MITM) tool to tangibly demonstrate some of RDP’s common misconfigurations and associated risks. Since then, more RDP servers are exposed online and Microsoft’s RDP implementation has been the target […]

Read more

Automating Intuition: Digging for Gold in Network Data with Machine Learning

Intuition, acquired through years of experience, is what sets experts apart from novices. Intuition is the ability to look at a large amount of information, quickly spot interesting items, and dismiss the rest. In the case of security audits, intrusion testers typically face hundreds, or even thousands, of assets early in an engagement. Their ability […]

Read more

Recon – The Road Less Traveled

Whether you do Pentesting or Bug Bounty Hunting, Recon is an important phase for expanding your scope. However, not everyone does that as they are busy filling forms with random payloads. Effective Recon can often give you access to assets/boxes that are less commonly found by regular Pentesters or Bug Hunters. More assets mean more […]

Read more

Got DA?

Penetration Tests and/or Red Team Engagements are usually aimed at getting the highest level of privileges in an organization’s Active Directory domain aka Domain Admin. However, what most teams miss or simply ignore is the fact that there are things that can be done even when you have obtained Domain Admin privilege. This talk’s primary […]

Read more

Catching and Cleaning Phish (for O365)

Attackers keep getting cleverer with their phishing attacks and if you’re a high value target or a large enterprise you’re probably also getting many targeted attempts every day. This session will cover the best practices for O365 for detecting, removing and investigating phishing attempts against an O365 tenant.

Read more

Visualizing Your Security Posture from Link, to Gateway, and Beyond

The intersections between IT, OT, and (I)IOT has continued to fuse multiple domains within the organization. And in a world where we need to fully understand our security posture and react to the world around us, visualization is key. During this presentation we will dive deep on the toolsets, tradecraft and methodologies to render (visualize) […]

Read more

Enabling Zero Trust with Artificial Intelligence

The Zero Trust security model assumes a hostile network with relentless external and internal threats. Authenticating and authorizing every device, user and network flow requires real-time algorithmic processing of telemetry from as many sources of data as possible. Applying mature machine learning data science to the Zero Trust problem provides a wholistic solution to multiple […]

Read more

The Tools of a Web App Pentester

During a web application penetration test, a tester often encounters different technology stacks and security controls implementations that requires the use of different tools and testing approaches. While commercial tools are often available for these specific scenarios – these can be hard to get in a short time frame (and can be very costly if […]

Read more
Subscribe to the Sector Blog
Enter your contact information below to have future blog posts delivered directly to your inbox!