The Human Firewall is on Fire – What Do You Do When the Smoke Clears?

Many enterprises are focused on prevention and are too busy with day-to-day firefights to look beyond the flames and think about how to recover. Beyond preventing attacks, organizations need to focus on detection and response. It’s no longer a matter of if you’re going to be attacked, but when. Join this session to: Learn the […]

Read more

Integrating Privacy Engineering into Your Security Practices

Privacy Engineering is an emerging discipline and this presentation will talk about privacy engineering in the context of emerging standards and best practices for consent, consent management, and permissioned data. The Kantara Initiative released a standard for User Managed Access (based on OATH 2), Consent Receipts, and has a working group on Consent Management practices. […]

Read more

Don’t @ Me Hunting Twitter Bots at Scale

Automated Twitter accounts have been making headlines for their ability to spread spam and malware as well as significantly influence online discussion and sentiment. In this talk, we explore the economy around Twitter bots, as well as demonstrate how attendees can track down bots through a three-step methodology: building a dataset, identifying common attributes of […]

Read more

Reinventing PC & Printer Security

It’s no longer a matter of “if”, but “when”. As the world becomes more mobile and connected, cyberattacks continue to rapidly grow in frequency and sophistication, placing your company’s data and personal information at risk. Are you protected? While organizations are aware of the growing threat, most are overly focused on security software and data […]

Read more

Collaborating for a Secure Canada

Building a resilient cyber security ecosystem is crucial for levelling the playing field against adversaries. The newly established Canadian Centre for Cyber Security, as part of the Communications Security Establishment (CSE), sees the increasing need for widespread innovation and collaboration to secure our country’s future. Collaboration is a point of pride and necessity from a […]

Read more

The Future of Cyber Security – From a Friendly Hacker’s Perspective

Cyber security is no longer about protecting secrets. It’s about our way of life: from autonomous cars, to webcams medical devices, to the manipulation of political campaigns and global markets. But are you thinking about what’s next? This talk will aim to inspire the audience of security professionals to take action about the things that require our […]

Read more

Fail Panel: Revenge of the Sixth

The Fails just keep on failing. We’re back for the 6th examination of the wide range of failures that our industry is not simply capable of but also EXCELS at. All the blinkie lights and all the shiny things that directly provide for day-to-day Fail. We know that this is sounding repetitive, but that’s kind […]

Read more

Extending Your Incident Response Capabilities with Sysmon

This presentation will introduce attendees to the free Sysinternals tool, Sysmon. Are you an incident responder? SOC analyst? Does your job require you to work with Windows event logs? Do you need to reconstruct attacker timelines? We will look at the Sysmon tool and compare its outputs to standard EVT logs Look at how Sysmon […]

Read more

Securing Robots at Scale

The International Federation of Robotics estimate that 2.6 million industrial robots will be installed in factories worldwide by 2019. Robots are not only in industrial environments, they also exist in homes and around us as toys, companions, assistants and serve various roles in our daily lives. In this session we will talk about our journey […]

Read more

ATT&CKing the Command Line and Hunting for More

The MITRE ATT&CK framework has emerged as the most complete and detailed body of knowledge of adversary techniques and tools ever compiled. As such, anyone in threat detection and response should be studying it. In this talk we will provide a brief overview of MITRE ATT&CK and how it can be used to help organize and focus […]

Read more

Threat Hunting: From Platitudes to Practical Application

Since its inception, the security industry has been inundated with trendy defense techniques, topics, terms, and products that once implemented will solve all of our security woes. For the last several years one of those terms, threat hunting, has become the darling of defenders and vendors worldwide. But just what is threat hunting? Is it […]

Read more

Heimdall: Vulnerable Host Discovery and Lifecycle Monitoring Toolkit

Heimdall assumes that when a new vulnerability is disclosed, and an exploit goes public, criminals build scanners in order to detect the machines reachable on the internet which are affected by the new vulnerability. If these machines are found and compromised, they are often used by criminals for other activities (C&C panel, redirect to cloned […]

Read more

Security is an Illusion: How I Rob Banks

A light-hearted trip through security failures both physical and electronic that have enabled me over the years to circumvent security of most of the world’s largest banks. Through the use of tales from the front line and useful illustrative slides, I will attempt to take you through the lessons to be learned from an ethical […]

Read more

The Chrome Crusader

Crusade into the wild world of malicious browser extensions. You will learn how to do keylogging, cookie stealing, credential harvesting and building a C&C server allowing you to execute arbitrary JavaScript remotely of your choosing. We will also be talking about CORS (Cross-Site Resource Sharing) and some interesting quirks with the browser extension environment. If […]

Read more

5G: Security Status and Opportunities

The next evolution of the global mobile communications network is on the horizon and the technology standards are being developed to support it…but how secure will it be? This talk will present an overview of the 5G security evolution and current status at the half-way point before official 5G release. The new network will not […]

Read more

Smart Contract Vulnerabilities: The Most Interesting Transactions on the Ethereum Blockchain

Smart contract security is a brave, new, and sometimes terrible field. This presentation will take you through a storytelling history of some of the most famous vulnerabilities of these first few years (from the Dao hack, to the Parity wallet vulnerabilities and including less-well-known but very interesting events like the DDOS attacks from late 2016). […]

Read more

Serverless Infections – Malware Just Found a New Home

With Lambda by Amazon, Cloud function by Google, and Azure functions by Microsoft, we will definitely be seeing more and more organizations leveraging the advantages introduced by serverless computing. But what does serverless computing entail when it comes to security? With no dedicated server, is the risk higher or lower? Maybe it’s just different. Can […]

Read more

Alexa, what did I do Last Summer?

Smart things are a big trend nowadays. In more than 47 million households, Alexa is always listening and sometimes recording. What exactly does Alexa know about its master? What information does it collect, where is it stored, and what Amazon does to all that data aside of the “learning and quality assurance” routine? In this […]

Read more

Who’s Watching the Watchers? Keeping Your Security Provider Honest

The 2017 M.E. Docs cyber-attack that crippled hundreds of companies crafted the blueprints for hijacking a vendor to attack clients through their trusted vendors. These attacks herald a new generation of supply-chain based attacks that pit vendor and client against each other as they struggle to navigate co-managed risk mitigation and the resulting consumer, regulatory […]

Read more

Ashley Madison: Cybersecurity in a World of Discretion

What does a targeted attack really look like? How can you effectively defend your organization? What does it take to recover from a headline-grabbing breach and rebuild trust with your customers? Join Matthew Maglieri, CISO of Ashley Madison’s parent company Ruby Life Inc. and ex-Mandiant consultant, as he presents this unique look at what is […]

Read more

Turning Your Cybersecurity Toddlers into Warriors!

Simple lessons to teach you how you can fill the knowledge gap within your staff…today! Few industries are expanding faster or evolving more rapidly than IT security. There is no shortage of bad actors trying to outsmart you and get to your data. The bad guys are relentless in their never-ending pursuit to find a […]

Read more

PCI for Pen Testers, Now with 100% More Cloud!

The Payment Card Industry Data Security Standard has a bad rap with the security community and for good reason. We’re doing it wrong. Penetration Testers in particular can play a key role in the effectiveness of PCI, but most have never read the Standard and even fewer really understand it. In this talk we’ll cover […]

Read more

Make Your Own Cloud Security Monitoring Solution

Established methodologies for monitoring cloud-based environments are less than ideal. They come with significant downsides, including the ability for attackers and mischievous users to avoid detection and bypass security controls. I would like to explore how we can use existing technologies like log management systems, SIEMs and the auditing features that cloud platforms already provide […]

Read more

Angad: A Malware Detection Framework Using Multi-Dimensional Visualization

Angad is a framework to automate classification of an unlabeled malware dataset using multi-dimensional modelling. The input dataset is analyzed to collect various attributes which are then arranged in several feature vectors. These vectors are individually visualized, indexed and then queried for each new input file. Matching vectors are labelled as per their AV detection […]

Read more

Cybersecurity Evolution/Cost Reduction Paradox

The shift from legacy data collection and storage models to cloud has resulted in new paradigms in data management. Add to this more sophisticated and motivated adversaries, along with innovation in the manner in which they attack, and it yields a perfect storm of a complex attack surface, combined with multi-phased and multi-vector attacks. Today’s […]

Read more

Minority Report: A Predictive “Pre-crime” Approach Requires a Human Focus

In Philip K. Dick’s 1956 “The Minority Report,” murder ceased to occur due to the work of the “Pre-Crime Division,” which anticipated and prevented violent killings before they happened. Today, we are only beginning to see the impact of predictive analytics upon cybersecurity—especially for insider threat detection and prevention. Based on user interaction with data, […]

Read more

Achieving Secure Digital Transformation: Turning the Dream into Reality

As we’ve talked with more and more of our clients about their digital transformations, it has become clear that security is a key facilitator for successful transformation. For example, if an organization churns out a series of new cloud-hosted mobile applications that permit users to more effectively interact with the company, the initiative can backfire […]

Read more

Orchestrate. Automate. Accelerate.

As today’s digitally connected ecosystem continues to evolve, adapt and innovate, there has been a consistent, underlying theme across the landscape – teams are struggling to balance their increasing workloads with the limited resources at their disposal. As a result, it is becoming more difficult for Security, IT and DevOps teams to accomplish their goals, […]

Read more

Standing Up to Cryptojacking – Best Practices for Fighting Back

Cryptojacking has recently erupted onto the cybercrime scene, thanks to the surge in value in 2017 of cryptocurrencies such as Bitcoin, Monero, and Ethereum. Crooks are aggressively targeting laptops, desktops, servers, and even mobile devices. From a single device to entire networks, they infect as many devices as they can to mine for cryptocurrency on, […]

Read more

Internet of Things: Is Winter Coming?

The concept of the Internet of Things (IoT) truly represents a radical shift in how companies will operate, governments will govern, and individuals will live their lives. Microcomputetechnologies and autonomous systems will permeate our day-to-day activities. They will introduce opportunities for simplification, optimization and accuracy, and they will threaten to distribute cyber threats into the deepest […]

Read more

Streamlining Compliance Programs for Operational Security

Enterprises today face pressure to improve security posture while also satisfying growing compliance requirements. These organizations are looking for ways to both unify their controls to measure and achieve multiple compliance requirements, and ways to assess them on a continuous basis for effective reporting and risk-based decisions. Mark will offer insights on how companies can focus their efforts, […]

Read more

The Real Deal About AI

Artificial Intelligence(AI) is impacting our world in previously unimaginable ways. But how does it really work? If you are looking for the real deal about this industry buzzword, this is the talk for you. We will cover the history of this incredibly innovative technology, what it is and what it is not, the steps required […]

Read more

Security Powered by Big Data

As the extraction of value from data becomes more critical to a company’s success, organizations are trying to stay ahead of the data deluge. Unfortunately, data technologies often have security bolted on, not baked into the DNA, leaving far too many doors open to compromise. This session will cover the challenges of big data and […]

Read more

Developing and Implementing an Effective Endpoint Security Strategy

Endpoint security is one of the most important aspects of a defence in depth strategy. It is critical to businesses because code execution on servers and workstations is one of the key ways to obtain an initial foothold within a corporate environment. The ability to prevent, detect, and respond to incidents within your environment in […]

Read more

Encryption is More than a Button

There is no one Golden Rule when it comes to email encryption. Every enterprise is unique. It’s vital to ensure email encryption is tailored for and tightly integrated to your Cybersecurity strategy. Join Echoworx VP of Operations, Alex Loo, to understand: Key components of an email encryption strategy. Benefits of leveraging encryption in the cloud. […]

Read more

Breach Readiness, Mandatory Reporting and You!

For a long time now, it has been widely known that a proactive cybersecurity plan is not good enough, you must have a reactive plan as well. It is not good enough to simply mitigate a cyber breach, you need to be ready to react to one as well. However, in the very near future […]

Read more

Case Studies in Defending Your Digital Enterprise

As more and more organizations undertake digital transformation they become increasingly dependent on their online presence. This exposes their business to cyber-attacks that target the growing number of vulnerabilities in web services software stacks, which require the organizations to evolve their current cyber defense approach and stretch their resources. Navigating digital transformation securely can feel […]

Read more

On the Eve of Quantum Computing: The Definitive Need for Crypto Agility

On the eve of quantum computing, the definitive need for crypto-agility is greater than ever. The ability to locate, manage, and securely update digital certificates on a network or on a device seems like a simple task, yet with the advent of new Enterprise use cases and flourishing IoT device introductions, management at massive scale […]

Read more

From Profit to Destruction: Analyzing Today’s Threat Landscape

The security threat landscape is constantly in flux as attackers evolve their skills and tactics. Cisco’s Talos team specializes in early-warning intelligence and threat analysis necessary to help secure networks in today’s volatile threat landscape. In this talk, Earl will analyze how the threat landscape has evolved over the last year or so by looking […]

Read more

Everything or Nothing: Active Defense in the Corporate World?

How can a good offense be a great defense? The concept of Hack-Back is extremely controversial and at first glance seems unsuited to the corporate world. However, in this session we will look at strategies and technologies you can use to actively defend your organization. Learn how create an active defense by using the attacker’s […]

Read more

Are We Setup to Fail?

Criminals are winning the battle against security practitioners. Need proof? Look no further than the new headlines in any given week. Billions of dollars are being spent on the latest and “greatest” tools, and millions of people hours are being exhausted in the defence of our data. Yet with all this effort, it remains trivially […]

Read more

Unblockable Chains – Is Blockchain the Ultimate Malicious Infrastructure?

In this principal research, we investigate the possibilities blockchain technologies pose as an infrastructure for malicious operations. We will demonstrate a POC of a fully functional C&C infrastructure on top of the Ethereum network – the second largest public blockchain which also acts as a distributed computing platform featuring a smart contract functionality. As Blockchain technologies gain more traction in recent […]

Read more

Why Memory Attacks are on the Rise and How to Stop Them

Memory-based, fileless, or living-off-the-land attacks were one of the most prevalent types of attacks in 2017 and are only growing. But how do they happen and why are they on the rise? The short answer is that they work because they are less detectable by traditional and many next gen antivirus solutions. For example, Word […]

Read more

Deep Learning – Classifying Malicious Websites with Image Recognition Models

I will go over how transfer learning can be used to retrain a convolutional neural network (CNN) to accurately predict and label images of botnet C2 web panels and phishing websites. Image recognition to classify malicious websites can benefit in optimizing incident analysis as well as enhancing threat label data.

Read more

Why Can’t We Build Secure Software?

A lot is expected of software developers these days; they are expected to be experts in everything despite very little training. Throw in the IT security team (often with little-to-no knowledge of how to build software) telling developers what to do and how to do it, and the situation becomes strained. This silo-filled, tension-laced situation, coupled with short deadlines and […]

Read more

How Identity Management is Transforming Modern Business

Identity innovations like zero-trust networks, zero login, and one identity initiatives are transforming today’s most successful organizations from within. Trust boundaries are changing. Find out the technical details behind these innovations and take home a game plan to start transforming your organization today, this week, and in the long run.

Read more

ISO 27001 & The GDPR

ISO 27001 & The GDPR: A Research-Based Approach to Identifying Overlap and Streamlining Efforts Together, security and privacy teams share a common goal: Protect the organization from reputational damage, lawsuits, and regulatory trouble. ISO 27001 focuses on the assessment of risks and protection of the organization while GDPR aims to assess and protect the rights […]

Read more

Exploiting Hardware Wallet’s Secure Element

Hardware wallets, as well as other kinds of secure devices, must be designed to stay secure even when they are running in a hostile environment, including when they are in full control of an attacker. In order to ensure they stay secure in such conditions, physical attack resistant hardware is required but not sufficient for […]

Read more

Crowd Sourced Security – Applying the Wisdom of the Crowd to Cyber Defences

Taking advantage of user provided intelligence improves your organization’s ability to recognize, report and respond to active phishing threats and keeps you ‘Left of Breach’ on the cyber kill chain. Through development of anti-phishing program best practices, the use of active threat intelligence and trend analysis, this presentation will show you how to improve your […]

Read more

Malboxes: Make Malware Analysis More Accessible

Malware is everywhere. Every organization has been infected by malware to some extent. Yet, most don’t have the expertise on staff to know if they are being targeted or if they are hit with mass-spreading malware. Knowing the difference is vital for a proper response plan. This is where Malboxes comes in. It is a […]

Read more
Subscribe to the Sector Blog
Enter your contact information below to have future blog posts delivered directly to your inbox!