Past Events



Sesssions


- Expo Theatre (Hall G) '

Finding Cryptography in Object Code

Finding and identifying cryptography is a growing concern in the malware analysis community. The current state of the art is to locate it manually and identify it based on various constants used by the algorithms. By examining the operations used by cryptographic functions, it is possible to locate it based on heuristics. The types and […]

Tech
Jason Wright
- Keynote Hall '

Security in the Real World

Security in the Real World – Panel of Experts

Keynote
- Expo Theatre (Hall G) '

Advanced Spear Phishing Attack Framework

This talk will introduce spear phishing and how successful these attacks are in the real-world. It will then introduce a newly developed OWASP open source tool called LUNKER. This tool and research is designed to first educate and illustrate how criminals are using these attacks to gain access to real networks. And how to mitigate […]

Tech
Joshua Perrymon
- Keynote Hall '

Opening Keynote

Opening Keynote” – David Black, Manager, Cyber Infrastructure Protection Section RCMP, Technical Security Branch

Keynote
Dave Black
- Expo Theatre (Hall G) '

The Four Horsemen Of the Virtualization Security Apocalypse: My Little Pwnie Edition

Despite shiny new stickers on the boxes of our favorite security vendors’ products that advertise “virtualization ready!” or the hordes of new startups emerging from stealth decrying the second coming of security, there exists the gritty failed reality of attempting to replicate complex network and security topologies in virtualized environments. This talk will clearly demonstrate […]

Tech
Christofer Hoff
- Expo Theatre (Hall G) '

Network Security Stripped: From layered technologies to the bare essentials

2009 will be a big year for network security, with the rejuvenation of NAC technologies, endpoint security and the new 802.1X-REV. In addition to the more complex security systems, organizations will be leveraging features already integrated in their current infrastructure devices, such as DHCP snooping, dynamic ARP protection, port filtering and dynamic IP lockdown. We’ll […]

Tech
Jennifer Jabbusch
- Expo Theatre (Hall G) '

The New New Thieves and Contemporary Security Analysis

An informative look into the modern security industry, the role security testers play, what we should be doing, and how we can address it. This presentation gives a global view from the combined research of recent ISECOM project work in the OSSTMM, Hacker Profiling Project, Trust rules in the OpenTC project, the SCARE (Source Code […]

Tech
Pete Herzog
- Expo Theatre (Hall G) '

Under the iHood

The market share for Apple devices has grown considerably over the past few years, but most reverse engineering topics still focus on Microsoft platforms. This talk will outline what is necessary to begin reversing software on OS X. This will include a rundown of the tools available to an apple based researcher, how Objective-C works […]

Tech
Cameron Hotchkies
- Expo Theatre (Hall G) '

Owning the Users with The Middler

This talk introduces a new open source, plugin-extensible attack tool for exploiting web applications that use cleartext HTTP, if only to redirect the user to the HTTPS site. We’ll demonstrate attacks on online banking as well as Gmail, LinkedIn, LiveJournal and Facebook. We’ll also compromise computers and an iPhone by subverting their software installation and […]

Jay Beale
- Expo Theatre (Hall G) '

More SCADA/ICS Security: Findings from the field

The last several years has seen a rapid growth in critical infrastructure cyber security. Within this domain, the issue related to SCADA and process control have received much attention. As a follow on to last years session that was an introduction to cyber security and industrial control systems, this briefing will extend the material to […]

Tech
Mark Fabro
- Expo Theatre (Hall G) '

Security Heretic: We’re Doing It Wrong

Information and Computer Security is a multi-million dollar business. I am part of that business. And it’s wrong. An industry that was started with the highest of ideals, the most pure of motives has deteriorated into a crass, commercial race-to-the-bottom. Or at least it feels that way most of the time. In this presentation, a […]

Tech
James Arlen
- Expo Theatre (Hall G) '

Exploit-Me for Fun and Profit

The Exploit-Me suite of tools provide a powerful platform for testing websites for application vulnerabilities. Jamie Gamble and Tom Aratyn of Security Compass will demonstrate how the Exploit-Me tools could have been used to catch common vulnerabilities in real world applications, and how they could have saved time and embarrassment. We’ll start with a demonstration […]

Tech
Jamie Gamble
Tom Aratyn
- Expo Theatre (Hall G) '

Security and Robustness in Backbone Design

This session will explore current issues in backbone design, from large-scale outages and disaster recovery to the logistics and ethics of application layer filtering on backbone networks. The talk will cover the trends and technology advances which have recently evolved in ISP engineering, from inline Layer 7 proxies cleaning up protocols real-time to increasingly challenging […]

Tech
Raven Alder
- Expo Theatre (Hall G) '

Tracking Current and Future Botnets

Since 2004 when the outbreak of the MyDoom virus installed botnet spamware software on the victim’s PCs, we have been identifying and tracking various forms of spamming botnets. The most recent large scale example of this is the Srizbi botnet, which numbers in the hundreds of thousands of actively spamming IP addresses, potentially indicating millions […]

Tech
Matt Sergeant
- Expo Theatre (Hall G) '

Pwning the proxy

Compromising an internal proxy is easy. If you know what to do. And we’ll show you. Brute force, traffic sniffing, internal network scanning, reverse HTTP, social engineering, phishing – there are many methodologies to choose from. This talk will not only cover various ways of using these processes to compromise an internal proxy, but we’ll […]

Tech
Dino Covotsos
- Expo Theatre (Hall G) '

Ten Things Everyone Should Know About Lockpicking & Physical Security

Physical security is an oft-overlooked component of data and system security in the technology world. While frequently forgotten, it is no less critical than timely patches, appropriate password policies, and proper user permissions. You can have the most hardened servers and network but that doesn’t make the slightest difference if someone can gain direct access […]

Tech
Deviant Ollam
- Expo Theatre (Hall G) '

The Future of Snort: Why it must change for network security to live.

With over 3,000,000 downloads, Snort is the most widely deployed and trusted intrusion detection and prevention technology worldwide. How will Snort evolve over the next couple of years to keep up with the ever-changing network security landscape? Join Mr. Young as he shares his vision of future Snort features and why they are needed. This […]

Tech
William Young
- Expo Theatre (Hall G) '

New Research on Canadian Privacy Breaches

Canadian organizations must contend with 5 pieces of privacy legislation governing different sectors and industries and the expectations of personal information management. Preliminary results indicate that certain industries have a higher occurrence of different types of privacy incidents. Types of privacy breaches, in particular, tend to be clustered into unauthorized collection, use and / or […]

Tech
Tracy Ann Kosa
- Expo Theatre (Hall G) '

MetaSploit Prime

This talk dives into the upcoming features of Metasploit 3.2, including IPv6 support, wireless client exploitation, hardware integration, METASM based payloads, and much, much more. The 3.2 release will be offered under a true open source license by a brand new development team.

Tech
HD Moore
- Expo Theatre (Hall G) '

Googless

The October 2008 Update of the OWASP “Google Hacking” Project will demonstrate the “Spiders/Robots/Crawlers” and “Search Engine Reconnaissance” sections of the OWASP Testing Guide v3, the “Speak English” Google Translate Workaround and a demonstration of two Proof of Concept (PoC) that implement the Google SOAP Search API: “Download Indexed Cache” which retrieves content indexed within […]

Tech
Christian Heinrich
- Expo Theatre (Hall G) '

WiFi Clinic – Running all day in Hall G

Physical security is far too often an overlooked aspect of modern security. ‘Its fine, the server room is locked’ you say? Come spend some time in the lockpick village. Learn how lock picking, bump keys and other lock bypass techniques work, what makes a lock secure, and what makes it weak. Attendees will get the […]

- Expo Theatre (Hall G) '

Novel Malware Detection

The last few years represent a large change in the threats against our systems. The attacks that are hitting enterprises today are much more targeted and malicious than at previous times. Where once we had script kiddies and general purpose attacks aimed at the entire Internet, now we face highly skilled software engineers who are […]

Tech
Bruce Potter
- Expo Theatre (Hall G) '

Lockpick Village – Running all day in Hall G

Physical security is far too often an overlooked aspect of modern security. ‘Its fine, the server room is locked’ you say? Come spend some time in the lockpick village. Learn how lock picking, bump keys and other lock bypass techniques work, what makes a lock secure, and what makes it weak. Attendees will get the […]

- Expo Theatre (Hall G) '

RFID Unplugged

RFID system usage is increasing in the transit, access control, and payment sectors, with little to no foresight into effective security. This presentation will cover potential threat and attack models from the business, integrator, and consumer perspective. Beginning with an overview of the systems in place today, we will review specific vulnerabilities – many with […]

Tech
3ric Johanson
- Keynote Hall '

What I took with me when I ‘left’ Computer Security

Known by most by his email name, ‘Stepto’, Stephen Toulouse was involved in some of the most fundamental security incidents and decisions made at Microsoft over the past several years. In 2007 Stepto moved from Microsoft’s Trustworthy Computing division to pursue his lifelong dream of being paid to play video games and work for the […]

Keynote
Stephen Toulouse
- Expo Theatre (Hall G) '

Double Trouble: SQL Rootkits and Encryption

This is a joint session covering two critical SQL Server risks; SQL Server rootkits and common SQL Server encryption implementation mistakes that result in data exposure. SQL Server Rootkits: To date there has been no database rootkit research that focused directly on SQL Server, that is until now. Attendees will see first-hand how rootkits can […]

Tech
Kevvie Fowler
- Keynote Hall '

No-Tech Hacking

Based on the book No-Tech Hacking, this presentation shows life through the eyes of today’s hacker. I’ll show what kinds of tactics a hacker will employ and the perspective they have that allows them to stay one step ahead of the good guys. I’ll focus on the hacker mind, showing in a compelling way the […]

Keynote
Johnny Long

Sponsors


No Sponsor found.

Speakers