Past Events



Sesssions


- Schedule Not Yet Finalized '

Extend Falco with Plugins, Detect and React to Security Incidents from Any Stream of Events

CNCF provides great solutions for managing security of Kubernetes Environment, like OPA and Kyverno for Policies, but what about threats or strange behaviours that may happen inside running containers? In your Cloud account? In the SaaS you use? Falco, the runtime security engine provides a way to detect all these patterns by analysing syscalls with […]

Tools
Thomas Labarussias
Michele Zuccala
- Schedule Not Yet Finalized '

Java Crypto: Don’t Just Get it Working, Use it Securely

JavaCrypto is easy-to-use, light-weight, modern library for all core cryptographic operations needed to build higher-level cryptographic tools. It’s a drop-and-hook bundle of APIs responsible for performing various cryptographic primitives, such as encryption, decryption, digital signatures, password storage etc in the most secure way possible while using Java Cryptography Architecture (JCA). Why do we need this […]

Tools
Mansi Sheth
- Schedule Not Yet Finalized '

The Power of the Pico: Replacing Expensive Toys with the Raspberry Pi Pico

At SecTor 2021, as part of the IoT Hack Lab, I demoed a new toy I was working on – a Raspberry Pi Pico that would emulate an HID when plugged into a device and issue commands. I called it my poor person’s USB Rubber Ducky. The demo was a hit and numerous people were […]

Tools
Tyler Reguly
- Schedule Not Yet Finalized '

New Minimum Cybersecurity Requirements for Cyber Insurance

The COVID-19 pandemic helped the cyber insurance industry make record-breaking revenue growth in 2020. But it also saw record profit loss. This decline led insurance companies to alter their client coverage requirements, placing stricter cybersecurity conditions for eligibility. This session will dive into what organizations need to do in order to meet these requirements. The […]

Tech
Danny Pehar
- Schedule Not Yet Finalized '

The COW (Container On Windows) Who Escaped the Silo

Virtualization and containers are the foundations of cloud services. Containers should be isolated from the real host’s settings to ensure the security of the host. In this talk we’ll answer these questions: “Are Windows process-isolated containers really isolated?” and “What can an attacker achieve by breaking the isolation?” Before we jump into the vulnerabilities, we’ll […]

Tech
Eran Segal
- Schedule Not Yet Finalized '

The Development of a Completely Unsupervised Machine Learning Pipeline for Security Analytics – from Ingestion to Analytics

Since the proliferation of data science applications in cyber security, there has been a complimentary division in the approaches to threat detection: Traditional and Machine Learning (ML). The traditional approach remains the predominate method in cyber security and is primarily based on identifying indicators-of-compromise via known signatures. On the other hand, ML applications are focused […]

Tech
Jeff Schwartzentruber
- Schedule Not Yet Finalized '

AI in a Minefield: Learning from Poisoned Data

Data poisoning is one of the main threats on AI systems. When malicious actors have even limited control over the data used for training a model, they can try to fail the training process, prevent it from convergence, skewing the model or install so-called ML backdoors – areas where this model makes incorrect decisions, usually […]

SECurity FUNdamentals
Johnathan Azaria
- Schedule Not Yet Finalized '

GitHub Actions: Vulnerabilities, Attacks, and Counter-measures

More organizations are applying a DevOps methodology to optimize software development. One of the main tools used in this process is a continuous integration (CI) tool that automates code changes from multiple developers working on the same project. In 2019, GitHub released its own CI tool called GitHub Actions. According to GitHub, GitHub Actions help […]

Tech
Magno Logan
- Schedule Not Yet Finalized '

Food Production is Critical Infrastructure

Security researchers love talking about critical infrastructure. Power grids and pipelines! Transportation systems and communication networks! IoT and ICS! Medical devices and smart cities! Why aren’t people talking about food production? You all like to eat, right? Agriculture 4.0 is a few years old at this point. Smart farms and precision agriculture are becoming much […]

Tech
Seth Hardy
- Schedule Not Yet Finalized '

Purple RDP: Red and Blue Tradecraft Around Remote Desktop Protocol

Remote Desktop Protocol (RDP) is the de facto standard for remoting in Windows environments. It grew in popularity over the last couple of years due to the pandemic. In addition to system administrators, many remote workers are now relying on it to perform duties on remote systems. RDP is secure when well deployed but, unfortunately, […]

Tech
Olivier Bilodeau
Lisandro Ubiedo
- Schedule Not Yet Finalized '

Tokenizing the Dark Web: Applying NLP in the Context of Cyber Threat Intelligence

Training a model using Natural Language Processing (NLP) is challenging. Training one adapted to the unique vocabulary of malicious actors becomes even more difficult. This complex process highlights the need of having a continuously adaptive lexical able to follow new trends in illicit communities. To overcome the challenge of the distinct vocabulary used by malicious […]

Tech
Olivier Michaud
Francois Masson
- Schedule Not Yet Finalized '

Adventures in the Underland: Uncommon Hacker’s Persistency Methods and Countermeasures

Persistence is one of the main aspects that hackers pay special attention to during the malware development and during the attack phase. The goal is very simple: to be as stealth as possible. Usually, attackers aim to maintain the presence in the target’s network by installing malware on various workstations and servers. However, the main […]

Tech
Paula Januszkiewicz
- Schedule Not Yet Finalized '

Advanced Bot Landscape

Bots are software’s that automate web requests for various tasks without human intervention. Some are beneficial for the Internet but many of them represent a plague for ecommerce websites. Bad bots traffic represents around a quarter of the whole Internet traffic today and is predicted to increase. This traffic includes website content scanning, stolen credit […]

SECurity FUNdamentals
Yohann Sillam
- Schedule Not Yet Finalized '

Build More Secure Apps by Harnessing the Power of OWASP SKF & ASVS on Kubernetes

Did you know OWASP Application Security Verification Standard (ASVS) can be used as a set of application security requirements? Do you know what the Security Knowledge Framework (SKF) is, and how you can use it to manage your application security requirements and train developers? Are you curious what it takes to deploy a containerized application […]

SECurity FUNdamentals
Farshad Abasi-Jahromi
Kurt Hundeck
- Schedule Not Yet Finalized '

Bypassing Anti-Cheats & Hacking Competitive Games

With the increasing popularity of games having a competitive element, cheats have become a common method for hackers to gain an advantage. These cheats could range from a sniper bullet that felt just a little too accurate to a player teleporting across the map, and chances are that you must have been outsmarted by some […]

SECurity FUNdamentals
Rohan Aggarwal
- Schedule Not Yet Finalized '

Evasive Manoeuvres: Analysing the Past to Predict the Future of Malware Evasion Techniques

Malware is one of the prevalent security threats. Sandboxes and, more generally, instrumented environments play a crucial role in dynamically analysing malware samples, providing key threat intelligence results and critical information to update detection mechanisms. In this talk, we will analyse the evasive behaviours employed by malware authors to hide the malicious activity of samples […]

SECurity FUNdamentals
Stefano Zanero
- Schedule Not Yet Finalized '

Trust or Dare: Supply Chain Risks in Aviation

The Civil Aviation sector is transforming itself to the next generation of digital technologies that will thrust it to the next stage of autonomous systems onboard aircrafts, including 5G service in the cabin, preventive maintenance, etc. Now that we are here, it’s time to perform not only the safety of the flight but security of […]

Management
Manon Gaudet
- Schedule Not Yet Finalized '

A Transformation Blueprint for Developer-First Security

The traditional approach to quality assurance (QA) was disrupted when the Agile movement caused most development teams to start taking at least partial ownership of the quality of their products. The cloud-native and DevOps movements similarly disrupted traditional IT Ops. These were not mere shifts to the left, they all involved fundamental changes to mindset, […]

Management
Larry Maccherone
- Schedule Not Yet Finalized '

Innovation and Evolution – How Medical Device and IoT Profiles Have Evolved – But So is Your Attack Surface

In recent years, with the wake of numerous attacks, there has been a push to understand the risks posed by smart devices. While helping revolutionize the way the world operates, the innovation and convenience has often overshadowed – and sometimes completely – their security implications. This talk discusses the evolution of the ‘traditional’ device profiles […]

Management
Mohammad Waqas

Sponsors


Check Point

Diamond

Qualys

Diamond Networking Reception

GoSecure

Platinum

SentinelOne

Platinum

CrowdStrike

Lounge

Bell

Gold

Checkmarx

Gold

Cisco

Gold

Fortinet

Gold

Imperva

Gold

Optiv

Gold

Rapid7

Gold Networking Reception

Securonix

Gold

Sophos

Gold

Thales

Gold

Trend Micro

Gold

Zscaler

Gold

Arctic Wolf

Silver

BeyondTrust

Silver

BlackBerry

Silver

Calian

Silver

Darktrace

Silver

Elastic

Silver

Entrust

Silver

ESET

Silver

exabeam

Silver

ExtraHop Networks, Inc.

Silver

Hackerone

Conference Bag Silver

HelpSystems

Silver

ManageEngine

Silver

Microsoft

Silver

Mimecast

Silver

Netskope

Silver

Okta

Silver

Packetlabs

Silver

Pentera

Silver

Recorded Future

Silver

ServiceNow

Silver

Telus

Silver

ThreatConnect

Silver

Veracode

Silver

Abnormal Security

Bronze

Accedian

Bronze

Aiven

Bronze

AppViewX

Bronze

BitSight

Bronze

BlueVoyant

Bronze

BSI Group Canada

Bronze

CDW Canada

Bronze

Cloudflare

Bronze

Speakers


Thomas Labarussias

Thomas Labarussias


Thomas is OSS/Ecosystem Advocate at Sysdig, the company which created and open-sourced Falco, the Security Runtime Engine for Kubernetes and Cloud-Native technologies. Thomas worked for Qonto, a modern banking for SMEs and freelancers, where he managed their Kubernetes clusters and the enthusiastic tools around, like ArgoCD, Traefik, Prometheus. He also assisted for many years pure-players and e-business companies for a large managed service provider, as an AWS expert and FinOps. He's one of the longest tenured members of the Falco community, and creator of Falcosidekick and Falcosidekick-UI, two major components [...]

Michele Zuccala

Michele Zuccala

Director of Open Source Engineering


Michele is currently Director of Open Source Engineering at Sysdig, the company which created and open-sourced Falco, the Security Runtime Engine for Kubernetes and Cloud-Native technologies. Before joining Sysdig, his most relevant journey consisted of 5 years as CTO of a scale-up in Milan, Italy. Former soccer referee, currently a sailor and a scuba diver; also a Falcosecurity maintainer and active part of the Falco community.

Mansi Sheth

Mansi Sheth

Security Researcher


Mansi Sheth is a Sr. Principal Security Researcher at Veracode Inc. In her career, she has been involved with breaking, defending and building secure applications. Mansi researches various languages and technologies, finds insecure usage in customer code and suggests automation measures in finding vulnerabilities for Veracode's Binary Static Analysis service. She is an avid traveller with the motto "If not now, then when?"

Tyler Reguly

Tyler Reguly


Tyler Reguly is the Senior Manager, Security R&D with Tripwire. Tyler has spoken at conferences such as SecTor and RSA and developed curriculum for and taught at Fanshawe College. Tyler's research over the years has focused on Web Application Security and binary protocols such as SSH and DNS. He has acted as a technical editor on books covering topics such as PHP security, Nmap, and Wireshark and frequently writes for the Tripwire State of Security and other publications. Tyler has contributed to numerous industry initiatives over the years and is [...]

Danny Pehar

Danny Pehar


With more than 20 years’ experience in the cybersecurity industry, Danny Pehar has become one of its foremost experts. As a member of the Forbes Technology Council, Danny is also a monthly cybersecurity content contributor to the renowned business magazine. His media portfolio also includes regular television appearances that have built him an engaged broadcast audience and social media following. As the architect of the Cybercrime Equation, Danny works closely with the Toronto Police Cyber task force as well as the FBI cyber task force. He also sits on the [...]

Eran Segal

Eran Segal

Security Researcher


Eran Segal is a research team leader, with more than seven years' experience in cyber security research. Over the last three years, he has been researching security projects in SafeBreach Labs, after serving in various security positions in the IDF. He specializes in research on Windows and embedded devices.

Jeff Schwartzentruber

Jeff Schwartzentruber

Sr. Machine Learning Scientist


Dr. Jeff Schwartzentruber holds the position of Sr. Machine Learning Scientist at eSentire – a Canadian cyber-security company specializing in Managed Detection and Response (MDR). Dr. Schwartzentruber holds a PhD in Mechanical Engineering from Ryerson University with a focus on analytical process modelling. Since his PhD, Dr. Schwartzentruber's primary academic and industry research has been concentrated in solving problems at the intersection of cyber-security and machine learning. Over his 10-year career, Dr. Schwartzentruber has been involved in apply machine learning models for threat detection and security analytics for several large [...]

Johnathan Azaria

Johnathan Azaria

Data Sceintist


Experienced Data Scientist and Tech Lead at Imperva's threat research group where I work on creating machine learning algorithms to help protect our customers against web app and DDoS attacks. Before joining Imperva, I obtained a B.Sc and M.Sc in Bioinformatics from Bar Ilan University.

Magno Logan

Magno Logan

Information Security Specialist


Magno Logan works as an Information Security Specialist for Trend Micro. He specializes in Cloud, Container, and Application Security Research, Threat Modelling, and Red Teaming. In addition, he has been tapped as a resource speaker for numerous security conferences around the globe. He is the JampaSec Security Conference and the OWASP Paraiba Chapter founder, a Snyk Ambassador, and a member of the CNCF Security TAG team.

Seth Hardy

Seth Hardy


Apparently, I've moved to the woods to become a bug farmer. Kind of.

Olivier Bilodeau

Olivier Bilodeau

Cybersecurity Research Lead


Olivier Bilodeau is leading the Cybersecurity Research team at GoSecure. With more than 12 years of infosec experience, Olivier runs honeypots, reverse-engineers binaries, and develops malware analysis tools. He authored several important AV industry reports like Dissecting Linux/Moose, Operation Windigo (about the Ebury malware) and Ego-Market: When Greed for Fame Benefits Large-Scale Botnets. Passionate communicator, Olivier has spoken at several conferences like RSAC USA, BlackHat USA/Europe, DefCon, 44CON, NorthSec, Botconf, SecTor, Derbycon, AtlSecCon and more. Invested in his community, he co-organizes MontréHack — a monthly workshop focused on applied information [...]

Lisandro Ubiedo

Lisandro Ubiedo

Cybersecurity Researcher


Lisandro Ubiedo is part of the Cybersecurity Research team at GoSecure. Passionate about all things malware – from reverse-engineering to catching them on-the-go – and doing DevOps to keep attackers entertained. Lisandro also works on programming tools to aid malware analysis and cybersecurity research. He was part of the Aposemat team at Stratosphere Labs doing IoT malware research and as a DevSecOps engineer in multiple companies, while also enjoying CTF challenge solving.

Olivier Michaud

Olivier Michaud

AI/Data Specialist


Olivier is a graduate master's student in software engineering with a concentration in artificial intelligence at the École de technologie supérieure (ETS). His achievements allowed him to start this master's degree in his last year of a bachelor's degree in software engineering at the same school. Proud representative of Quebec at the Canadian Competition of Engineering in 2020, Olivier distinguished himself by winning the excellence scholarship from the École de technologie supérieure in order to continue his studies at the graduate level. His interest for artificial intelligence has led him [...]

Francois Masson

Francois Masson

AI/Data Specialist


Francois is a Data and AI practitioner with a master degree in engineering obtained in the 'Université Libre de Bruxelles' (ULB) and a postgraduate degree in business administration from Laval University. Before joining Flare System as a Data/AI Team Lead, François has always been involved in the start-up community. Starting as an AI research scientist in autonomous vehicles using multiple sensors, he also led data teams using non-privacy data from users' mobile interactions. Francois has developed an AI algorithm to quantify bioprosthesis valve calcification used now in the medical sector [...]

Paula Januszkiewicz

Paula Januszkiewicz

Founder and CEO of CQURE


Paula Januszkiewicz is the Founder and CEO of CQURE Inc. and CQURE Academy. She is also Enterprise Security MVP, honorable Microsoft Regional Director for CEE and a world class cybersecurity expert, consulting Customers all around the world. In 2017, Paula graduated from Harvard Business School. She is a top speaker at conferences including Microsoft Ignite (she was rated No. 1 among 1,100 speakers at a conference with 26000 attendees), RSA (in 2017 in USA her two sessions were amongst the five hottest sessions), Black Hat 2018 USA or Gartner Security [...]

Yohann Sillam

Yohann Sillam

Security Researcher


Yohann Sillam is a security researcher from Imperva. He continuously monitors cyber-attacks detected in the wild, publishes blog articles about hidden ones and finds innovative ways to tackle them. He has more than four years of experience in cyber security, especially in malware analysis.

Farshad Abasi-Jahromi

Farshad Abasi-Jahromi

Technologist


Farshad Abasi is an innovative technologist with over twenty-four years of experience in software design and development, network and system architecture, cybersecurity, management, and technical instruction. With a keen interest in security from the start, he has become an expert in that aspect of computing and communication over the last twenty years. He started Forward Security in 2018, with a mission to provide world class information security services, particularly in the Application and Cloud security domains. Prior to creating Forward, he was a senior member of HSBC Group's IT Security [...]

Kurt Hundeck

Kurt Hundeck

Cybersecurity Professional


Kurt is a seasoned cybersecurity professional with twenty years of experience developing and securing software systems. He has attended many security conferences (DEFCON, Blackhat, HOPE) and is continuously learning. Kurt is eager to see your code and to help you navigate the complex topic of Application Security (Designations & Certifications: CISSP, GCSA)

Rohan Aggarwal

Rohan Aggarwal

Founder & CEO DefCore Security


Rohan Aggarwal is a Founder & CEO at DefCore Security. He is also a part-time Bug Bounty hunter (Synack). He has found security vulnerabilities in big companies like Apple, Yahoo, Twitter, Goldman Sachs, Matomo, BrickFTP, and Pixiv. He has attended various live hacking events such as Intigriti 1337UP1121(2021), HackerOne h1-2004(2020) and BountyBash(2019). From past few years, he also has been reversing reputed Competetive Gaming AntiCheats like EasyAntiCheat, BattleEye & Vangaurd and was able to bypass them while staying undetected. Rohan previously worked as an Offensive Security Analyst at TCS where [...]

Stefano Zanero

Stefano Zanero

Associate Professor


Stefano Zanero received a PhD in Computer Engineering from Politecnico di Milano, where he is currently an associate professor with the Dipartimento di Elettronica, Informazione e Bioingegneria. His research focuses on malware analysis, cyberphysical security, and cybersecurity in general. Besides teaching "Computer Security" and "Digital Forensics and Cybercrime" at Politecnico, he has an extensive speaking and training experience in Italy and abroad. He co-authored over 90 scientific papers and books. He is a Senior Member of the IEEE and sits in the Board of Governors of the IEEE Computer Society; [...]

Manon Gaudet

Manon Gaudet


Manon Gaudet is Assistant Director Aviation Cyber Security, Operations, Safety and Security division at IATA, headquarters in Montreal. In her role, Manon leads and support IATA's international efforts over Aviation Cyber Security challenges. She is Secretariat of the Cyber Management Working Group with airlines from across the world, and of the IATA-ICCAIA Restricted FORUM where IATA members and OEMs take part in discussions over cyber risks and information exchange. She is also an IATA Aviation Cyber Security instructor. She actively participates in the international regulatory strategy of civil aviation, by [...]

Larry Maccherone

Larry Maccherone


Larry Maccherone is a thought leader on Dev(Sec)Ops, Agile, and Analytics. At Comcast, Larry launched and scaled the DevSecOps Transformation program over five years. In his new role at Contrast, he's now looking to apply what he learned to guide organizations with a framework for safely empowering development teams to take ownership of the security of their products. Larry was a founding Director at Carnegie Mellon's CyLab, researching cybersecurity and software engineering. While there, he co-led the launch of the DHS-funded Build-Security-In initiative. Larry has also served as Principal Investigator [...]

Mohammad Waqas

Mohammad Waqas

Information Security Professional


Mohammad Waqas is an information security professional with over a decade of experience in the cybersecurity industry. Currently the Principal Solutions Architect of Healthcare at Armis, Mohammad helps healthcare organizations across the globe secure unmanaged, IoT and medical devices. Mohammad not only looks at the security threats of cyberattacks on healthcare delivery organizations but also has a passion for protecting patient privacy and the implications of the two on clinical risk management. His passion for securing healthcare environments stems from his previous work at one of Canada's largest hospitals where [...]