Breaking the Laws of Robotics: Attacking Automated Manufacturing Systems

Automated manufacturing systems (particularly within the paradigm of so-called Industry 4.0) are complex and critical cyber-physical systems. They use robots (highly sophisticated systems themselves, with multiple complex embedded controllers), several types of industrial controllers, and are often interconnected with other computers in the factory network, safety systems, and to the Internet for remote monitoring and […]

Read more

Hacking & Securing Clinical Technology

This talk highlights the security challenges of securing the clinical and IT infrastructure of healthcare delivery organizations. We’ll dive into two examples of FDA approved devices that connect to clinical equipment common in hospitals today and walk the audience through the development of full device compromise and the discovery of multiple CVEs.

Read more

Automating Threat Detection and Response with Azure Sentinel

As more businesses move to Azure for their cloud computing, there is a growing gap in visibility of the security of cloud resources. Azure Sentinel is the cloud native SIEM solution from Microsoft. Turning it on potentially means another location for piles of logs and noise. Attend this session to learn how to get the […]

Read more

Common NGINX Misconfigurations That Leave Your Web Server Open to Attack

NGINX is the web server powering one-third of all websites in the world. Detectify’s Security Research team analyzed almost 50,000 unique NGINX configuration files downloaded from GitHub with Google BigQuery and discovered common misconfigurations that, if left unchecked, leave your web site vulnerable to attack. This training will walk through the most common issues, including […]

Read more

Broken Brokers in Boxes: Fuzzing Breaks Everything, Even Erlang

Behind the scenes of a trio of recently disclosed vulnerabilities are two innovations. First, putting fuzzing targets in containers makes memory exhaustion much easier to observe. Second, widening our definition of failure makes it possible to locate vulnerabilities even in “safe” environments like Erlang. This presentation begins with a brief review of fuzzing, focusing on […]

Read more

Harder, Better, Faster, Stronger – Privacy Laws and the Anatomy of a Breach Response

In late 2020, the Canadian government proposed the Digital Charter Implementation Act, intending to modernize the framework for the protection of personal information in the private sector. Stemming from this Act, the Privacy Commissioner of Canada is set to receive more power to investigate privacy infractions and issue orders and fines. Simultaneously, Ontario is developing […]

Read more

Moving Upstream, Securing the GitOps Workflow

A recent study suggests that cloud misconfiguration is the number one risk to cloud environments in 2021. As more developers deploy infrastructure across clouds using infrastructure-as-code, the security risk is only going to grow. To quote Albert Einstein: “Intellectuals solve problems, geniuses prevent them.” With IaC, we have an opportunity to scalably prevent security risks […]

Read more

Introducing a New Construct for Advanced Interactive Volatile Memory Analysis

Malware continues to advance in sophistication and prevalence. Well-engineered malware can obfuscate itself from the user, network, and even the operating system running host-based security applications. One place malware cannot easily hide itself is within volatile computer memory (RAM). Although an essential part of detection engineering and exploit development, memory analysis is not trivial to […]

Read more

Speeding Up AWS IAM Least Privileges with CloudSplaining & Elastic Stack

In talking about Cloud Security, I believe that there are 3 main points to take care of: IAM Permissions, Control Plane Configuration (AWS API), and Cloudtrail for Control Plane Monitoring. When we are talking about Cloud Misconfiguration, Permissions, and Monitoring, we are mostly talking about second stage attacks (unless some configurations that make information public) […]

Read more

Explore Adventures in the Underland: Forensic Techniques Against Hackers

Cybercrime is a very lucrative business not just because of the potential financial return, but because it is quite easy to get away with it. Sometimes hackers get caught, but most of the time they still run free. When it comes to the operating system and after-attack traces, it is not that bad as all […]

Read more

Adventures in Underland: What Your System Stores on the Disk Without Telling You

Even though you are the only person using a computer, you are not the only one writing to your disk drive! Surprisingly, your disk drive contains a lot of juicy information that can reveal a lot of secrets and history about what you did in the past. There are also places where data can be […]

Read more

Attacker Techniques: Data Exfiltration

Data exfiltration, or data theft, is a common event that occurs during a breach. This talk will go into detail on specific tools and techniques that attackers have used to exfiltrate data from victim organizations and the ways that we can identify evidence of data access, data staging or data theft. By understanding how attackers […]

Read more

Building Security Champions

With security teams being vastly outnumbered many organizations have responded to this challenge with different program scaling methods, including building security champions programs. Which leads us to questions: How does a security champions program work? How do you select your champions? And once you have them, what do you DO with them?  This session will […]

Read more

Tools for InfoSec, but Not the Ones You Think

Ask anyone about “infosec tools” and the list will depend on red/blue perspective and experience but will usually include the likes of BloodHound, Metasploit, Burp, Mimikatz, Cobalt Strike, Nmap, and Netcat. These are all great but, too often we ignore that there is a separate side to infosec: there is a “non-technical” dimension we all […]

Read more

hAFL1: Our Journey of Fuzzing Hyper-V and Discovering a 0-Day

In this session, we present hAFL1 and provide the implementation bits required to write a Hyper-V fuzzer. We uncover a critical 0-day in Hyper-V vmswitch which was found using our fuzzer – an arbitrary read vulnerability. Finally, we show a live demo of exploiting this vulnerability, which until only a few weeks ago could take […]

Read more

Full Circle Detection: From Hunting to Actionable Detection

How do you create new efficient, accurate, and resilient detection rules? There are a lot of steps to follow. This talk will take you through what I call Full Circle Detection. I’ll start with where to get hunting ideas and then to giving a turnkey alert for your Security Analysts using a real-world step by […]

Read more

FAIL – Notorious* Number 9

Lessons learned over the course of a protracted global emergency that has fundamentally altered society and how we do business are not being well learned and are not yet reflected in how we manage and assess our work. Time to talk through the 9th round of fails with our panel of distinguished guest speakers!

Read more

Large-Scale Security Analysis of IoT Firmware

Today, the number of IoT devices in both the private and corporate sectors are steadily increasing. IoT devices like IP cameras, routers, printers, and IP phones have become ubiquitous in our modern homes and enterprises. To evaluate the security of these devices, a security analysis must be performed for every single device. Since manual analysis […]

Read more

Ghost Misdetection Attacks Against Tesla Model X & Mobileye 630 PRO

Many studies have discussed the implications of using a training process to develop artificial intelligence: the significant computing capabilities required, the energy wasted, the high cost, the time required for training, the size of the dataset needed. However, the fact that automated driving is considered safer than manual driving proves that the training process is […]

Read more

Detecting Illicit Drone Filming

In an “open skies” era in which drones fly among us, a new question arises: how can we tell whether a passing drone is being used by its operator for a legitimate purpose (e.g., delivering pizza) or an illegitimate purpose (e.g., peeking at a person showering in his/her own house)? In this talk, I present […]

Read more

Drinking Coffee, Unicorns & Demystifying Zero Trust

So exactly what is zero trust? Buzzword, unicorn technology or a framework with meat on the bone? Well, yes on two counts. Zero trust is the realization that everything is on fire. In this talk I will endeavor to strip the idea of a zero trust program back to the bare metal. We will have […]

Read more

Compliant Yet Vulnerable: Critical Risks of Measuring Instruments in Production Line

In this talk, we are going to review the LAN eXtensions for Instrumentation (LXI), a common protocol among testing and measuring devices. Most legacy wired protocols function on the assumption that they are interconnected in a closed, trusted, secure network. However, once connected to the internet this assumption is no longer true. LXI is one […]

Read more

Threat Hunting Intelligently

Although times are unprecedented, for threat actors, it is business as usual. Even as times change, good threat intelligence will always be a bedrock of cybersecurity. Join Senior Security Research Consultant and Secureworks’ Threat Hunting lead Ryan Cobb, as he shares what’s on the threat horizon and how the Secureworks team is there to keep […]

Read more

A Savvy Approach to Leveraging MITRE ATT&CK

MITRE ATT&CK has shifted the balance of power from attackers to defenders. For the past few years, defenders have been increasing their security tooling and are detecting more adversarial techniques than ever before. Detecting events in your environment is only the first step. Going forward the focus isn’t going to be on if you detect […]

Read more

PKI Well Revised: Common Mistakes Which Lead to Huge Compromise of Identity

All technologies and systems currently use cryptography and most use certificates at some point. Since their boom, internal PKI systems have not changed a lot nor have the problems that we observe during almost all pentests. It’s time to revise your knowledge about one of the cornerstones of enterprise security and learn a few tricks […]

Read more

An Introduction to Automotive Security in 2020

As cars continue to become more connected and autonomous, the security of these systems grows in importance. We’re now a decade away from the first public research on automotive security, and since then the challenges of securing these vehicles has increased due to new features. connectivity, and automation. In this talk, we’ll provide an introduction […]

Read more

Escaping Virtualized Containers

Containers offer speed, performance, and portability, but do they actually contain? While they try their best, the shared kernel is a disturbing attack surface: a mere kernel vulnerability may allow containerized processes to escape and compromise the host. This issue prompted a new wave of sandboxing tools that use either unikernels, lightweight VMs or userspace-kernels […]

Read more

Practical Defenses Against Adversarial Machine Learning

Adversarial machine learning has hit the spotlight as a topic relevant to practically-minded security teams, but noise and hype have diluted the discourse to gradient-based comparisons of blueberry muffins and chihuahuas. This fails to reflect the attack landscape, making it difficult to adequately assess the risks. More concerning still, recommendations for mitigations are similarly lacking […]

Read more

Identifying and Defending the Perimeter With Attack Surface Management

The need to operate online has driven businesses toward a digital transformation with cloud adoption at its core. The pace of this transformation sped up drastically as COVID-19 dispersed entire workforces and business operations around the world. In a matter of days, operating a business with an entirely “at home” workforce became the norm. And […]

Read more

Using Threat Metrics for Better Information Security Program Efficacy – Leveraging MITRE ATT&CK

Information Security leaders face a problem: to prove the value equation of their security investments. Security efficacy is often brought up as a key challenge – not just how to leverage technology, but how to measure what results it delivers. Enumerating how many detections were surfaced by a malware defense platform or if a perimeter […]

Read more

Security Transformed

Preceding the outbreak of COVID-19 was a trend across industries to transform the traditional IT stack into a new form of computing, one that was focused on enabling agility and innovation while also delivering cost reduction. This shift sought to leverage public cloud and cloud-like development methods as well as infrastructure design. The effort to […]

Read more

How to Automate Security Validation and Reduce Enterprise Security Risk

Cybersecurity software has evolved by leaps and bounds in the past decade. However, one domain was neglected and has fallen behind – security validation. Today, the measurement of a network’s cyber posture is done in a manual, non-scalable way, through costly 3rd-party pentesting service providers. As a result, a huge gap has been created between […]

Read more

Lateral Movement and Privilege Escalation in GCP; Compromise any Organization without Dropping an Implant

Google Cloud’s security model in many ways is quite different from AWS. Spark jobs, Cloud Functions, Jupyter Notebooks, and more default to having administrative capabilities over cloud API’s. Instead of defaulting to no capabilities, permissions are granted to default identities. One default permission these identities have is called actAs, which allows a service by default […]

Read more

Demystifying Modern Windows Rootkits

This talk will demystify the process of writing a rootkit, moving past theory and instead walking the audience through the process of going from a driver that says “”Hello World”” to a driver that abuses never-before-seen hooking methods to control the user-mode network stack. Analysis includes common patterns seen in malware and the drawbacks that […]

Read more

Defending Containers Like a Ninja: A Walk through the Advanced Security Features of Docker & Kubernetes

Today, with a few commands anyone can have containers running on their machine; at this point, they seem to be neither complex nor complicated to secure. However, the story dramatically changes when the ecosystem grows exponentially and now we have thousands of nodes that fulfill different roles, with different resources, running different applications, in different […]

Read more

Policy Implications of Faulty Cyber Risk Models and How to Fix Them

Bad security data leads to bad security policies; better data enables better policies. That, in a nutshell, is the thesis of this talk. To back that up, we’ll share a FUD-free and data-driven analysis of the frequency and economic costs of tens of thousands of historical cyber incidents, with a special focus on events that […]

Read more

The Paramedic’s Guide to Surviving Cybersecurity

The security world is fraught with cases of mental health issues, burnout, substance abuse, and even suicide. We live in a world of threats and responses that trigger the deepest parts of our psyche; with the barriers between “”online”” and the physical world constantly crumbling. While some deal in theory, many of us deal with […]

Read more

My Cloud is APT’s Cloud: Investigating and Defending Office 365

As organizations increase their adoption of cloud services, we see attackers following them to the cloud. Microsoft Office 365 is becoming the most common email platform in enterprises across the world and it is also becoming an increasingly interesting target for threat actors. Office 365 encompasses not only Exchange, but also Teams, SharePoint, OneDrive, and […]

Read more

Detecting Access Token Manipulation

Windows access token manipulation attacks are well known and abused from an offensive perspective, but rely on an extensive body of arcane Windows security internals: logon sessions, access tokens, UAC, and network authentication protocols, such as Kerberos and NTLM, to name a few. Furthermore, some of this information is not easily found and can be […]

Read more

Lamphone: Real-Time Passive Reconstruction of Speech Using Light Emitted from Lamps

Recent studies have suggested various side-channel attacks for eavesdropping sound by analyzing the side effects of sound waves on nearby objects (e.g., a bag of chips and window) and devices (e.g., motion sensors). These methods pose a great threat to privacy, however they are limited in one of the following ways: they (1) cannot be […]

Read more

Intelligent Network Security: A Paradigm Shift in Cybersecurity!

Cyberattacks are ever-evolving, increasingly using automation to morph and elude detection. Add to this an ever-expanding attack surface, the rapid growth of both cloud adoption and remote users, and a flood of new, hard-to-secure IoT devices. Clearly, the enterprise threat landscape has never been more challenging. Traditional manual and reactive security approaches are simply over-matched. […]

Read more

Level Up Your SOC: Meet CyBot, Our Open Source Threat Intel Chat Bot

Threat intelligence chat bots are useful friends. They perform research for you and can even be note takers or central aggregators of information. However, it seems like most organizations want to design their own bot in isolation and keep it internal. To counter this trend, our goal was to create a repeatable process using an […]

Read more

A Decade After Stuxnet’s Printer Vulnerability: Printing Is Still the Stairway to Heaven

In 2010, Stuxnet, the most powerful malware in the world revealed itself, causing physical damage to Iranian nuclear enrichment centrifuges. To reach Iran’s centrifuges, it exploited a vulnerability in the Windows Print Spooler service to gain code execution as NT AUTHORITY\SYSTEM. Due to the hype around this critical vulnerability, we (and probably everyone else) were […]

Read more

Mitigate Organizational Risk With Integrated Cyber Resilience

Threats have changed over the years and so have the targets. It’s not just your perimeter that is at risk, it’s your customers, your supply chain, your employees and your business reputation that could be easily tarnished with just one breach. In this session, we’ll discuss how and why you should consider an integrated approach […]

Read more

From Security Operations to COVID-19: Security AI State of the Nation, 2020

Many businesses are at a disadvantage when it comes to combating the bad guys. In cybersecurity today, there are too many threats, complex tools, and false positives– not to mention the lack of experienced security professionals – to defend your whole enterprise properly. Fortunately, technologies such as AI and analytics are here to help. However, […]

Read more

Dissecting Pandemic-Themed Malware and Threat Tactics

Threat actors have always played the game of emotions. Fear is the emotion they are using right now to lure users to click on an email or manipulate them to install an application. In the last four months, cyber criminals have used fear as their main weapon to compromise users by using pandemic-related themes to […]

Read more

Measuring Risk in 2020 – The Enterprise of Things Security Report

While cybersecurity teams work to address operational and functional gaps, cybercriminals develop attacks targeting the top areas of risk for a company. Using the Forescout Device Cloud, the world’s largest repository of connected device data, Forescout Research Labs analyzed the risk posture of more than 8 million devices to uncover detailed information about the greatest […]

Read more

Trends in IOT/OT/mIOT

Non-traditional operating systems are driving even more complexity to the security landscape. Whether it’s an IPCamera at a parking lot, a sensor on a conveyer belt or a control system kickstarting a nuclear reactor, these facilities need to be recognized by security. Defining and discovering these assets sets a new perimeter…utilizing their data safely is […]

Read more

Cloud First It for Dynamic Work

Okta has been supporting a remote workforce for years, but like many organizations we were not expecting a rapid shift to 100% remote work. Fortunately, our IT leaders had the secret sauce for a relatively seamless transition: a 100% cloud-based architecture. This session, featuring Okta’s IT leadership, will cover how Okta’s cloud-first IT strategy and […]

Read more

Evolving Your Security Culture

2020 has seen a significant shift in how businesses abruptly implemented remote working. With the massive surge of “Work From Anywhere” (WFA) and the information security challenges that came with it, there is a strong push to improve and modernize the security culture of organizations of all sizes, without compromising on collaboration and productivity. Join […]

Read more
Subscribe to the Sector Blog
Enter your contact information below to have future blog posts delivered directly to your inbox!