Monitoring events will always be a big challenge for defensive teams. Now, with the increasing adoption of cloud by enterprises, new data sources are needed to monitor these services and detect security incidents. In the AWS Cloud ecosystem, the primary source of visibility of the control plane activities is called CloudTrail. Leveraging CloudTrail allows you […]
No, this is not a talk about the Beverly Hills Police Department. It is about a new tool that I built based on a methodology I developed for Destroying Active Directory Attack Paths found by BloodHound. This talk will cover the methodology and the various options that the script provides. All the features are aimed […]
Remote Desktop Protocol (RDP) is the de facto protocol to remotely access Windows systems. Two years ago, we released PyRDP, a free and open-source RDP Monster-In-The-Middle (MITM) tool to tangibly demonstrate some of RDP’s common misconfigurations and associated risks. Since then, more RDP servers are exposed online and Microsoft’s RDP implementation has been the target […]
Statistics are speaking loudly! There is a disconnection between defenders’ perceptions of the value of the security controls they implement, and the most common attack vectors leveraged by penetration testers acting as potential attackers. This presentation highlights the key results of a two-year-long research study aimed at understanding this disconnection. The perceptions and practices of […]
Intuition, acquired through years of experience, is what sets experts apart from novices. Intuition is the ability to look at a large amount of information, quickly spot interesting items, and dismiss the rest. In the case of security audits, intrusion testers typically face hundreds, or even thousands, of assets early in an engagement. Their ability […]
Whether you do Pentesting or Bug Bounty Hunting, Recon is an important phase for expanding your scope. However, not everyone does that as they are busy filling forms with random payloads. Effective Recon can often give you access to assets/boxes that are less commonly found by regular Pentesters or Bug Hunters. More assets mean more […]
Abuse Operations, theft of services, and violation of acceptable usage does not get the spotlight it deserves because ultimately, the systems in question are “working as designed”. It is within these “cracks” that the abusers, the malicious users, and outright criminals operate their tools, campaigns, and other questionable interests. We will highlight how they are […]
Most security experts would agree that password-based authentication is dead. The FIDO2 standard aims to replace passwords entirely and there is a good deal of chance that it will succeed. It has gained significant momentum in the past year, as key players like Microsoft, Apple, Google, and Mozilla started to jump on board. This talk […]
When we see the terms Natural Language Processing (NLP) or Machine Learning (ML), often, our guts are correct, and it is vendor marketing material, frequently containing FUD. After tinkering with various libraries in Python and R with the use of some OSINT and SOCMINT techniques, I have found a use for NLP and ML that […]
How are passwords stored in Microsoft’s Active Directory and how can they be audited? What could an adversary do if they gained access to either a physical or a virtual hard drive of a domain controller? In what ways could one directly modify an Active Directory database file and how can such unauthorized changes be […]
Ransomware attacks are prevalent. The actions taken by a company immediately after a ransomware attack can have major implications on their ability to restore operations. This talk will clearly explain which actions should be taken, and which actions might unintentionally cause an organization much more trouble. This talk will go through a series of Do’s […]
One of the core purposes of cybersecurity is to protect data gathered by an organization. Numerous countries around the world have enacted statutes to force organizations to protect their users’ data. Although organizations are making efforts to comply with regulations and implementing revolutionary cybersecurity products into their operations, we continue to see breaches of businesses […]
This talk showcases lessons learned from firsthand experience implementing everything from power transmission systems, smart meters, first responder radio systems, voting and election software to building automation (doors, HVAC, etc). We are increasingly asked to believe “that’s not IT” for a variety of reasons. This talk covers all the reasons, lies and how to deescalate […]
Felipe "Pr0teus" Espósito graduated in Information Technology at UNICAMP and has a master's degree in Systems and Computing Engineering by COPPE-UFRJ, both among the top technology universities in Brazil. He has over ten years of experience in information security and IT, with an emphasis on security monitoring, networking, data visualization, and threat hunting. He is a founder of the HackerMakerSpace in Rio de Janeiro and has presented at respected conferences such as Hackers 2 Hackers Conference, BHACK, BSides (Las Vegas and São Paulo), FISL, Latinoware, and SANS SIEM Summit.
Rodrigo Montoro has over eighteen years of experience in the information security and technology markets. Currently he is Senior Security Research at Tenchi Security. Most of his work has been focused on endpoint security monitoring and hardening, network security monitoring and threat detection. He is the inventor of two patents related to techniques for the detection of malicious documents and traffic. He co-founded and coordinated the rules writing activities of the Brazilian community for Snort, a widely used open-source tool for networking intrusion detection. Montoro is also an accomplished international [...]
Adversary Detection Team Lead, Bell Canada
Mathieu Saulnier is a “Security Enthusiast” ©@h3xstream. He has held numerous positions as a consultant within several of Quebec’s largest institutions. For the last 6 years he has been focused on setting up SOC and has specialized in detection (Blue Team), content creation and mentorship. He currently holds the title of Senior Security Architect and acts as Adversary Detection Team Lead and Threat Hunting Team Lead for Bell Canada, one of Canada’s largest carriers. He loves to give talks and has had the honour of doing so at GoSec, BSidesCharm, [...]
Alexandre is a Security Researcher working for GoSecure. His area of expertise is reverse engineering, binary exploitation, and tool development. His previous experience as a software developer covers a broad spectrum of topics ranging from low-level systems and binary protocols to web applications. Prior to joining the research team, Alexandre spent time as an Ethical Hacker honing his offensive security skills. His areas of interest include binary analysis, compiler theory and systems programming. Alexandre gives back to the Montréal infosec community by volunteering his time, contributing workshops, and designing application [...]
Masarah Paquet-Clouston is a PhD student in criminology, a security researcher at GoSecure and a collaborator of the Stratosphere IPS project. She is also part of the outreach committee for the NorthSec organization. With her background in economics, criminology, and now cybersecurity, she specializes in the study of crime and technology. She has presented at various international conferences including Black Hat USA, DefCon, RSA, Sector, CERT-EU, HackFest, and Virus Bulletin.
Director of Penetration Testing, GoSecure
Laurent is the Director of Penetration Testing for GoSecure. He has conducted over 400 pentesting and red team engagements over the span of 10 years and is still enthusiastic about it. Laurent is also a challenge designer for Northsec and has given talks to RSA, CQSI, NCFTA, HackFest, RSI, Montrehack, Owasp Montreal and Northsec. Besides security, Laurent is interested in Lockpicking, magic and pickpocketing.
Research Lead, Delve
Serge-Olivier Paquette is Lead Researcher in Artificial Intelligence and Cybersecurity at Delve. His research focuses on the ability to infer, through machine learning, the context of security events from incomplete information. He also serves as Executive VP for Northsec, a non-profit organization that hosts a series of world-class technical cyber security events, held annually in Montreal.
Rohan Aggarwal is a full-time Bug Bounty hunter (HackerOne and Synack). He has found security vulnerabilities in big companies like Yahoo, Twitter, Goldman Sachs, Matomo, BrickFTP, and Pixiv. He has attended various live hacking events such as HackerOne h1-2004 and BountyBash. Rohan previously worked as an Offensive Security Analyst at TCS where he did Web/Mobile Pentesting, IOT and Automotive Security. He presented at SecTor 2019 (Car Hacking on Simulation) and at Microsoft’s Azure Bootcamp and has delivered training on IOT, Web Application and Cloud Hacking.
Lead Security Engineer, Heroku
Allan has survived IT for over 25 years. He has worked in nearly every vertical doing many different roles, mostly in the Information Security field. A jack of all trades, he tries to know a little bit about everything, and is a self-proclaimed expert at nothing.
Abuse Operations, Heroku
Spencer has a background in electrical engineering and started his career working in industrial control systems, providing services from support to live plant migrations. He managed to get into Information Security in 2016 and enjoys life as an Internet Mall Cop working on the Abuse Operations team at Heroku.
IT Security Researcher and Trainer
Michael Grafnetter is an expert on Active Directory security who works as a consultant, trainer, and researcher. He is best known as the author of the open-source Directory Services Internals (DSInternals) PowerShell module and Thycotic Weak Password Finder, tools used by security auditors and penetration testers worldwide. He holds a master’s degree in Software Engineering and is a former Microsoft MVP. Michael has spoken at many conferences, including Black Hat Europe, HipConf New York, and BSides Lisbon.
Senior OSINT Specialist
Joe Gray is currently a Senior OSINT Specialist at Qomplx, Inc. He previously maintained his own blog and podcast called Advanced Persistent Security. Joe is currently finishing a social engineering and OSINT book with NoStarch press, due for publication in Fall 2020. Joe is the inaugural winner of the DerbyCon Social Engineering Capture the Flag (SECTF) and was awarded a DerbyCon Black Badge. As a member of the Password Inspection Agency, he placed 2nd in the HackFest Quebec Missing Persons CTF powered by TraceLabs, 2nd in the BSides Atlanta OSINT [...]
Technical Manager, Mandiant
Julian Pileggi is a Technical Manager at Mandiant, based in Toronto, Canada. His areas of expertise include enterprise incident response, digital forensics, threat hunting and security operations centre team development. Prior to his employment at Mandiant, Julian worked at a large financial institution within the security operations and incident response team.
Stas is a civil litigator focusing on insurance-related disputes. He has a broad range of experience including commercial disputes, subrogation, cyber liability, and privacy law. Stas assists companies with their risk management efforts, advises them on their cyber security and privacy policies and procedures, and assists with managing data breaches and subsequent litigation.
VP of IT, Waterloo North Hydro
Mark Dillon is the Vice President of IT for Waterloo North Hydro, a power distribution company in the Waterloo Region with approximately 57k customers. Over the past ten years, Mark has been working with intelligent communities, next generation wireless, such as fibre networks, as well as IoT across utility, critical infrastructure, first responders and municipalities. By playing a role in critical infrastructure (private, public, education and utility sectors), Mark has gained a unique perspective of how communications technology, urban planning and artificial intelligence present an opportunity for substantial change. He [...]