Loading…

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Thursday, April 26
 

08:00

Registration
Thursday April 26, 2018 08:00 - 09:15
Front Desk

09:00

Opening Remarks
Thursday April 26, 2018 09:00 - 09:15
Track 1 - Ballroom B1/B2

09:30

Keynote: Ted Demopoulos - Infosec Rock Star
Infosec Rock Star: How to Accelerate Your Career Because Geek Will Only Get You So Far

Some of us are so effective, and well known, that the term "Rock Stars" is entirely accurate. What kind of skills do Rock Stars have and wannabe Rock Stars need to develop? Although we personally may never be swamped by groupies, we can learn the skills to be more effective, well respected, and well paid.

Obviously it's not just about technology; in fact most of us are very good at the technology part. And although the myth of the Geek with zero social skills is just that, a myth, the fact is that increasing our skills more on the social and business side will make most of us more effective at what we do than learning how to read hex better while standing on our heads, becoming "One with Metasploit," or understanding the latest hot technologies.

Topics, with input from real Rock Stars of Infosec, include:

The 5 Levels to Rock Star
Positioning - why "they" don't like us or security and what we can do about it.
The Science of Influence - ruthless social engineering or effective professional skills?
Getting Things Done - Brutal Time Management and The Art of Saying "No" without upsetting too many people.
How to let people know you rock. You might be the best in the world, but if no one knows it you're not going to do much good.

Speakers
avatar for Ted Demopoulos

Ted Demopoulos

Author, Instructor, Consultant, Infosec RockStar, SANS Institute
Ted Demopoulos' first significant exposure to computers was in 1977 when he had unlimited access to his high school's PDP-11 and hacked at it incessantly. He consequently almost flunked out but learned he liked playing with computers a lot. His business pursuits began in college and... Read More →


Thursday April 26, 2018 09:30 - 10:45
Track 1 - Ballroom B1/B2

10:45

Break
Thursday April 26, 2018 10:45 - 11:00
Ballroom Salon

11:00

DECEPTICON: Deceptive Techniques to Derail OSINT attempts
When we think of the process for attacking an organization, OSINT comes to the front and center of our minds. This presentation takes a presenter with experience in applying OSINT to effective penetration testing and social engineering and reverse engineers the process to determine what steps can be taken to further complicate their efforts. This is a presentation that talks about online deception, decoy accounts, canary data, encryption, maintaining one’s social media in a secure manner, and protecting one’s identity as much as possible. While nothing is absolute, this is a presentation that will leave attendees more aware of techniques to make it harder for attackers to collect accurate OSINT, either by removal or deception.

Speakers
avatar for Joe Gray

Joe Gray

Senior Security Architect, IBM
Joe Gray joined the U.S. Navy directly out of High School and served for 7 years as a Submarine Navigation Electronics Technician. Joe is currently a Senior Security Architect and maintains his own blog and podcast called Advanced Persistent Security. In his spare time, Joe enjoys... Read More →


Thursday April 26, 2018 11:00 - 11:45
Track 1 - Ballroom B1/B2

11:00

Static-Analysis Tools: Now you’re playing with power
You are performing penetration testing on Web applications. Do you systematically perform code reviews when you have source code access? Code review is an exercise that can prove to be an important ally. However, code review can be difficult. Thousands or even millions of lines of code will be targeted. How to prioritize and perform an effective assessment? With tools and automation of course! In this presentation, an overview of the static analysis tools will be made. The presentation of a basic methodology will also be presented. Demonstrations with FindSecBugs (Java/JVM), Brakeman (Ruby) and Bandit (Python) tools are to be expected.

Speakers
avatar for Philippe Arteau

Philippe Arteau

Security Researcher, GoSecure
Philippe is a security researcher working for GoSecure. His research is focused on Web application security. His past work experience includes pentesting, secure code review and software development. He is the author of the widely-used Java static analysis tool Find Security Bugs... Read More →


Thursday April 26, 2018 11:00 - 11:45
Track 2 - Room A1

11:00

The Increasingly Sophisticated Threat Landscape
The security threat landscape is constantly in flux as attackers evolve their skills and tactics. Cisco Talos Intelligence Group is one of the largest commercial threat intelligence teams in the world. Using our visibility into the threat landscape we are constantly analyzing new attacks against our customer’s networks. During this talk I will examine various threats that Talos has examined over the last year to show how attackers are continually becoming more sophisticated. Understanding how these actors are evolving and how they are targeting networks is vital to protecting your network. For example, many people do not consider DNS worth monitoring yet we discovered the DnsMessenger attack that solely utilized DNS messages for its C&C and data exfiltration. Other attacks have been very destructive such as the Nyetya supply chain attack that crippled the Ukraine causing 100’s of millions in damage. Wormable malware has become commonplace as seen in WannaCry, Nyetya, Bad Rabbit, Olympic Destroyer. Only by understanding the evolving threat landscape an the attack vectors that threat actors are using can people begin to harden their networks against these increasingly sophisticated attacks.

Speakers
avatar for Earl Carter

Earl Carter

Threat Researcher, Cisco Talos
Earl Carter has always had a passion for solving puzzles andunderstanding how things operate. Mr Carter quickly learned thatidentifying security weaknesses is just like solving puzzles. Over 20years ago, he was introduced to network security when he accepted aposition at the Airforce... Read More →


Thursday April 26, 2018 11:00 - 11:45
Track 3 - Room A2

11:00

360º of Analytics-Driven Active Cyber Protection and Secure Access
Discover how Aruba 360 Secure Fabric provides an integrated security framework for IT and security teams to gain back visibility and control of their network, centered around analytics.

Speakers
avatar for Matt Kagan

Matt Kagan

Northeast Security Sales, Aruba
A proven sales leader with more than 20 years of experience building high-performing teams, implementing and transforming sales cultures.Specialized knowledge of complex technology sales, including software, virtualization, cloud computing, network infrastructure, security, and managed... Read More →


Thursday April 26, 2018 11:00 - 11:45
Track 4 - Room A3

11:00

tbd
Thursday April 26, 2018 11:00 - 11:45
Track 5 - Room 201

11:45

Lunch
Thursday April 26, 2018 11:45 - 13:00
Ballroom B3

13:00

You're Going to Need a Bigger Privacy Plan: Here Comes the GDPR
It's extensive, expensive and coming in for the kill: meet the General Data Protection Regulation, the massive new set of privacy provisions for all who do business within European Union shores. With strict safeguards, increased governance expectations and massive fines for failure to comply, the GDPR breaks new ground for personal privacy and individual data rights.  Officially in force starting May 2018, if your business is handling the personally identifiable information of E.U citizens and you're not in compliance, you'll want to get caught up, fast.

For Canadian businesses, the question is cropping up from European partners: what makes the GDPR so different from existing privacy agreements, and why do they need to comply? What are the implications for technology development, data controls, and why is it so revolutionary? Privacy Technologist Victoria McIntosh unravels the driving forces behind the world's largest privacy protection regulation, and what makes it unique against past provisions.

Speakers
avatar for Victoria McIntosh

Victoria McIntosh

Freelance Information & Privacy Professional, Information in Bloom Management Services
Victoria McIntosh is an information and privacy professional in Halifax, Nova Scotia. Holding a Masters in Library and Information Science, she puts the pieces together. Bringing privacy expertise to projects, Victoria is a certified IAPP Information Privacy Technologist. In her blogs... Read More →


Thursday April 26, 2018 13:00 - 13:45
Track 1 - Ballroom B1/B2

13:00

Hijacking the Boot Process - Ransomware Style
Have you ever wondered how a boot process works? How a computer detects which operating system it needs to load? Or what is the impact if that single sector in your harddisk is compromised?

In this presentation, we are going to look into how Petya, a ransomware, can overwrite an MBR (Master Boot Record), both in MBR- and GPT-style disk, with its malicious code. Then, we are going to follow the code in the MBR and show how a simple malicious kernel code can take control of the boot process until you pay the ransom. I will show a demo on how to debug the MBR to see how the actual native code executes without any API.  

We are also going to see how we can use a combination of different tools to figure out how a ransomware can infect the very first sector of a harddisk. Tools, such as, Disk Management, DISKPART, WinObj, Process Monitor, and HDHacker. And of course, x64dbg and ollydbg for debugging the ransomware in application-level. And finally, we are going to see how to use Bochs debugger to analyze the malware while it runs its own kernel code.

Speakers
avatar for Raul Alvarez

Raul Alvarez

Senior Security Researcher/Team Lead, Fortinet
I am a Senior Security Researcher/Team Lead at Fortinet. I am a Lead Trainer responsible for training the junior AV/IPS analysts in malware analysis and reverse engineering. I have presented in different conferences like BSidesVancouver, BSidesCapeBreton, OAS-First, BSidesOttawa... Read More →


Thursday April 26, 2018 13:00 - 13:45
Track 2 - Room A1

13:00

Canaries in a Coal Mine - Using Honeypots to Detect Lateral Movement
The same way canaries have been used to detect toxic gases in mines, the cyber-canaries are invaluable in detecting lateral movement on enterprise networks. With the constant barrage of breaches occurring today, organizations must focus on early detection beyond the walls of their network perimeter if they are to stave off attacks and further data loss.

This presentation will discuss the following:
- Provide information on the use of honeypots, specifically Canaries to detect lateral movement on networks following a breach.
- Difference between traditional honeypots such as honeyd and canaries
- Use-cases using OpenCanary with demonstrations and examples of attack scenarios including some well known breaches such as Target orHome Depot.

Speakers
avatar for Peter Morin

Peter Morin

Director, Cybersecurity and Privacy, PwC
Peter is a Director in PwC's Cybersecurity and Privacy consulting practice. He is a senior cyber security professional with over 20 years of experience focusing on information security risk management, cyber threat incident response, threat hunting, malware analysis, and computer... Read More →


Thursday April 26, 2018 13:00 - 13:45
Track 3 - Room A2

13:00

Lies, Damn Lies, and Ponemon Reports
Have you ever used the Ponemon report on the Cost of Data Breaches to fuel a cybersecurity decision?

Are you aware of the many pitfalls of that course of action? This session explores the disadvantages of
Ponemon reports. We will also consider alternative approaches to shore up the disadvantages and
maximize the value of Ponemon reports.

Speakers
avatar for Isaiah McGowan

Isaiah McGowan

Cyber Risk Scientist, RiskLens
Isaiah is one of the foremost domain specialists in FAIR (Factor Analysis of Information Risk). He isworking to make cybersecurity more scientific by focusing on FAIR-based mechanisms for prioritizingcyber risk. As a Cyber Risk Scientist at RiskLens he hugs CTI data, builds models... Read More →


Thursday April 26, 2018 13:00 - 13:45
Track 4 - Room A3

13:00

Real risk of significant what?
The new privacy breach notification law is coming into effect shortly and information security professionals are going to be on the front lines of breach investigation. David Fraser, recognized as one of the world’s top 30 data, privacy, cybersecurity lawyers, will provide a practical overview of what these rules will require and how to protect your client’s legal interests in response to a privacy breach.

Speakers
avatar for David Fraser

David Fraser

Privacy and technology lawyer, McInnes Cooper
David is well-known as one of Canada’s leading internet, technology and privacy lawyers. He regularly advises a range of clients – from start-ups to Fortune 100 companies – on all aspects of technology and privacy laws. He regularly provides opinions on privacy laws for both... Read More →


Thursday April 26, 2018 13:00 - 13:45
Track 5 - Room 201

13:00

Workshop: Botnet Tracking and Data Analysis Using Open-Source Tools
Limited Capacity seats available

Fully understanding a botnet often requires a researcher to go beyond standard reverse-engineering practice and explore the malware’s network traffic. The latter can provide meaningful information on the evolution of a malware’s activity. However, it is often disregarded in malware research due to time constraints and publication pressures.
 
The workshop is about overcoming such constraints by providing a powerful workflow to conduct quick analysis of malicious traffic. The data science approach presented capitalizes on open-source tools (Wireshark/Tshark, Bash) and valuable python libraries (ipython, mitmproxy, pandas, matplotlib). During the workshop, participants will do practical technical labs with datasets from our recent botnet investigation. They will learn how to quickly find patterns, plot graphs and interpret data in a meaningful way. Although the exercises will focus on botnet’s data, the tools and skills learned will be useful to all sorts of context. Moreover, to ensure that participants take the most out of the workshop, it will be built in a way to allow them to easily replicate the data-analysis environment at home and reproduce similar analysis with their own traffic data.
 
Workshop Outline
The workshop will be divided in three sections. The first section will present the contextual information needed for participants to start the practical technical labs afterwards. The second section will focus on analyzing the botnet’s C&C traffic in Pcaps. The third section will emphasize on graphs and the use of the mitmproxy library to analyze decrypted traffic.
Introduction 
Lab 1 – Extract SOCKS Traffic with Wireshark
Lab 2 – Extract SOCKS Traffic with Tshark
Introduction to Jupyter Notebook and it’s shell integration
Lab 3 – Search in mitmproxy logs
Lab 4 – Manipulate Dataframes with Pandas
Lab 5 – Graph the Data using Plotly
 
Tools
Due to the short time allotted, we ask participants to download and install Wireshark locally on their computer (https://www.wireshark.org/download.html) during the introduction. For the other tools (tshark, bash, the anaconda package, mitmproxy, pandas, numby, plotly), we will provide a hosted environment in which the tools will be installed and the scripts, the data and the exercises will be available.

Speakers
avatar for Masarah Paquet-Clouston

Masarah Paquet-Clouston

Security Researcher, GoSecure
Masarah Paquet-Clouston is a security researcher at GoSecure, a PhD student at Simon Fraser University in criminology and one of Canada’s decorated 150 scientific innovators. With her background in economics and criminology, she specializes in the study of markets behind illicit... Read More →


Thursday April 26, 2018 13:00 - 17:00
Track 6 - Room 202

14:00

Terrorist Lunch Money: The Law Responds to the Rise of Cryptocurrencies
Whether it’s a bubble or the new world order, the recent rise in the value of Bitcoin has forced governments to grapple with the reality of cryptocurrencies and their implications for the economy and society. What is Bitcoin, legally?Is it cash?Is it a commodity?Can I take it across the border?Is it terrorist lunch money?I’ll explore the current legal status of cryptocurrencies in Canada, and abroad, and discuss where the law is headed in cryptocurrency regulation in an age of techno-panic and uncertainty.

Speakers
avatar for Anna Manley

Anna Manley

Principal, Manley Law Inc.
Anna Manley is an internet and privacy lawyer based in Sydney, NS. She is the principal of Manley Law Inc. and founder of Advocate Cognitive Technologies Inc. Anna advises companies and individuals on all things law and tech related.


Thursday April 26, 2018 14:00 - 14:45
Track 1 - Ballroom B1/B2

14:00

Enlisting Users in the Fight Against Phishing Attacks
Nearly every cyberattack starts with a phish and attackers are getting better and better at disguising these emails. Whether they’re a form of CEO fraud, ransomware, or spearphishing with targeted malware, phishing attacks continue to be very successful. There are technology approaches you can take to combat phishing attacks, yet they are only part of the solution. Educating and testing your users on phishes has become a common way to help your employees spot attacks. While these simulated phishes are great for testing your users, the ultimate test comes when a real phish lands in their email box. In order to help the users through this, we recommend having your users report suspicious emails to your IT team. What can you do with those messages? How can you use this channel to make your organization more secure? What ways can you reinforce the users’ positive behavior?

This hands-on tech lab will help you better understand the ways common phishing attacks work, the best ways to conduct an analysis of these attacks and the steps to take to get your people, processes and technologies working together to protect your organization.

What attendees will learn:
- How CEO fraud, ransomware and spearphishing with targeted malware phishing attacks work
- Analysis of the attacker and the phishing attacks to know who it’s from, who the victims are and the extent of the damage
- How to drill down on the technology indicators within the attack – what these indicators look like and what to do with them
- Actions to take based on your analysis, including policy changes, response plans and user education
- The best ways to enlist users in your phishing defense to help limit the damage

Speakers
avatar for Todd O'Boyle

Todd O'Boyle

CTO, Strongarm
Todd O’Boyle is CTO and a co-founder at Strongarm. Prior to Strongarm, Todd spent 15 years at The MITRE Corporation, providing technical support to the Department of Defense and the Intelligence Community. He also served as principal investigator for a project developing methods... Read More →


Thursday April 26, 2018 14:00 - 14:45
Track 2 - Room A1

14:00

Educating the Next Generation of Canada’s Cybersecurity Leaders
Best known for its innovative Blue Kit, which provides a low-cost Internet of Things (IoT) educational starter kit helping students understand the fundamentals of IoT, Blue Spurs is one of the leading IT consulting firms in Canada.  

According to Cybersecurity Ventures, by 2021 there will be 3.5 million cybersecurity jobs unfilled around the world. After a couple years of success with the Blue Kit, the company is now expanding cloud education to the topic of cybersecurity. Through its partnership with CyberNB, Blue Spurs just launched a new cybersecurity educational module. Located in Canada’s cybersecurity headquarters - New Brunswick, which was the first province to develop a comprehensive cybersecurity strategy, Dawson, Head of Technology at Blue Spurs, will share best practices for educating K-12 and post-secondary students in two major technology focus areas that will shape the future of Canada’s reputation as a leader in cloud technology.
Session key takeaways include:
·         Fundamentals of building a cybersecurity education program for students and young professionals.
·         Why now is the optimal time to educate the next generation of technology leaders.
·         Major national cybersecurity trends that are being shared with students that will impact the future of Canadian IT.

Speakers
avatar for Dawson Mossman

Dawson Mossman

Head of Technology, Blue Spurs
Dawson has more than 15 years in technical leadership. His expertise led to senior development positions at Bulletproof Solutions and PQA. Prior to his current role, Dawson acted as the Head of Development for Lashpoint Consulting. During this time, he led the development of many... Read More →


Thursday April 26, 2018 14:00 - 14:45
Track 3 - Room A2

14:00

Let’s build an OSS vulnerability management program!
Does your company use Open Source Software (OSS) libraries in the products that it builds? Do you worry that your customers and company will be exploited by these vulnerabilities because no one in your product development team is maintaining those libraries with vulnerability fixes? Well let’s do something about that.  During this presentation, we will start from nothing and take steps to identify the OSS libraries that your company uses in order to build a bill of materials (BOM), we will then give examples of how to source threat intel on those libraries, and finally we will discuss strategies to remediate the vulnerabilities in our code repository so that we can keep our customers and company safe from malice.  This presentation will be delivered from the perspective of a Product Security Response team protecting customers who deploy their company’s products. However, this presentation is also useful to those building and defending internally deployed applications.

Speakers
avatar for Tyler Townes

Tyler Townes

Security Program Manager, BlackBerry
Tyler works at BlackBerry Product Security as a Security Program Manager and is the lead incident manager during emergency response events. His focus areas include SDLC, sustained engineering, vulnerability management, and risk management across multiple operating systems. He is currently... Read More →


Thursday April 26, 2018 14:00 - 14:45
Track 4 - Room A3

14:00

Software Defined Networking and Network Security
Software Defined Network (SDN) is a new approach of designing networks. In SDN architecture network control function is decoupled from hardware like routers and switches. This decoupled control function is executed in a logically centralized controller with a global network view. Furthermore, SDN brings network programmability. The decoupled control plane, global network view and network programmability bring efficiency and flexibility in network management and configuration. This talk will introduce Software Defined Networking. The controller is considered as a cornerstone in SDN based design. Thus, there will be a performance comparison of two important SDN controllers ONOS and OpenDaylight. Finally, the talk will provide an overview on the benefits and weaknesses of SDN based design in the context of network security.



Speakers
avatar for Dr. Israat Haque

Dr. Israat Haque

Assistant Professor, Dalhousie University
Dr. Israat Haque is an Assistant Professor in the Faculty of Computer Science at Dalhousie University. She received her PhD degree in Computing Science from the University of Alberta. Her research interest includes network design and optimization in the area of Software Defined Networking... Read More →


Thursday April 26, 2018 14:00 - 14:45
Track 5 - Room 201

14:45

Break
Thursday April 26, 2018 14:45 - 15:00
Ballroom Salon

15:00

The Paradox of Cybersecurity in Operational Technologies
IoT has moved beyond kettles, thermostats, and doorbells. Operational technologies (otherwise known as IIoT) like tractors, factories, healthcare devices, and even robots are helping to enable the fourth industrial revolution.

Companies that embrace these changes will lead the charge. Those that don’t will fall behind. These technologies lead to exciting new designs, leveraging the latest and greatest buzzword-laden offerings. Build on a clean slate, and you can drive strong security concepts into every layer of the system.

Unfortunately, these designs don’t get implemented in the real world. The real world of operational technology is messy. It’s dealing with years and years of technology decisions made with wildly different threat models. It’s trying to match technologies built with 20-year lifespans with defences that need to be updated minute-by-minute.

In this talk, we’ll examine the reality of operational technology deployments. How do we match modern cybersecurity practices with decades-old technologies and regulations? Can we?  You’ll come away with a better appreciation of the challenges involved in securing operational technologies.

Speakers
avatar for Mark Nunnikhoven

Mark Nunnikhoven

Vice President, Cloud Research, Trend Micro
Mark Nunnikhoven explores the impact of technology on individuals, organizations, and communities through the lens of privacy and security. Asking the question, "How can we better protect our information?", Mark studies the world of cybercrime to better understand the risks and threats... Read More →


Thursday April 26, 2018 15:00 - 15:45
Track 1 - Ballroom B1/B2

15:00

Supply Chain Attack Through CCleaner - Evidence Aurora Operation Still Active
Last September, hackers broke into as many as 2.27 million accounts of a computer cleaning program while targeting telecom equipment companies in the United States, Japan, South Korea and Taiwan.

When Avast, which owns the program, looked at the computer logs, it found just 23 compromised computers at eight different companies. The hackers' program was specifically looking for companies on a list of telecom equipment manufacturers and a few telecommunication companies, attacking many but only infecting a portion.

Avast’s CCleaner software had a backdoor encoded into it by someone who had access to the supply chain, the main executable in v5.33.6162 had been modified.

The attack's analysis we did, showed a strong code connection between a unique implementation of base64 only previously seen in APT17 making a strong case about attribution to the same threat actor. APT17, also known as Operation Aurora, is one of the most sophisticated cyber attacks ever conducted specializing in supply chain attacks.

Our investigation got us to the conclusion that the complexity and quality of the CCleaner attack was most likely state-sponsored most probably to the Axiom group due to both the nature of the attack itself and the specific code reuse throughout.In this talk we will demonstrate techniques used to analyze the code that led to those interesting findings. We will describe the attack process and technical flow in details.

The findings and methods we will discuss, have been previously published in two different blogpost and got extensive coverage in the media as well as the DFIR and infosec community.

http://www.intezer.com/evidence-aurora-operation-still-active-supply-chain-attack-through-ccleaner/

http://www.intezer.com/evidence-aurora-operation-still-active-part-2-more-ties-uncovered-between-ccleaner-hack-chinese-hackers/

Speakers
avatar for Itai Tevet

Itai Tevet

CEO, Intezer
Itai possesses a combination of in-depth technical expertise and leadership experience in mitigating state-level cyber threats. He previously served as the head of IDF CERT, the Israeli Defense Force’s Cyber Incident Response team, where he led an elite group of cyber security professionals... Read More →


Thursday April 26, 2018 15:00 - 15:45
Track 2 - Room A1

15:00

Advanced Attackers Hiding Inside Encrypted Traffic at the Endpoint
Advanced attackers are always looking for ways to stay hidden. The growing use of traffic encryption — over 50% of Web traffic today is encrypted — provides a simple trick for attackers to hide their threats and communications channels. Exploit kits, malware, adware, callbacks, as well as command & control channels leverage encrypted communications to infiltrate organizations and exfiltrate information. 
Look into encrypted traffic, without the need for a proxy or additional agents and ensure full coverage of threats hiding within covert channels. SentinelOne extends EPP capabilities to provide an integrated workflow from visibility & detection to response & remediation. The single agent, single console architecture provides deployment simplicity and operational agility to improve productivity and minimize business impact of threats.
In this session:
- Explore and expose threats hiding inside encrypted traffic at the endpoint
- Discover Autonomous Detection and Response to formerly “unseeable” threats
- Live Attack Demonstration, Investigation and Remediation

Speakers
avatar for Jared Phipps

Jared Phipps

Vice President of Worldwide Sales Engineering, SentinelOne
Jared Phipps has been involved in cybersecurity professionally since 2001, and is passionate not only about technology, but also with effective use of technology to solve real problems. Jared is the Vice President of Worldwide Sales Engineering at SentinelOne, where he gets to use... Read More →


Thursday April 26, 2018 15:00 - 15:45
Track 3 - Room A2

15:00

Lessons Learned from the Black Hat NOC and RSAC SOC
RSA Conference and the Black Hat Security Briefings are two of the most well-known information security conferences in the world. From the stages of these conferences the world’s best and brightest security minds share the latest attack and defense techniques to audiences from all over the globe. But what’s happening behind the scenes? When a new attack is taught from the stage, how long does it take before someone attempts it in the wild? Are the attendees putting into practice the defenses they’re supposed to know better than anyone else? In this session we’ll answer these questions and more as we discuss what it’s like to be responsible for the stability, and sometimes security, of some of the most active, and hostile, networks ever seen. We’ll discuss some of the frightening, and just plain funny things we’ve seen over the years, and what it means about security on public networks, and our industry as a whole.

Speakers
avatar for Percy Tucker

Percy Tucker

Senior Manager, RSA
Percy Tucker is an RSA Senior Manager supporting the RSA NetWitness Platform for the South-West region of the United States.  Percy first started with RSA in 2000 and has had responsibilities across product lines.  Percy leads the RSA NOC/SOC teams worldwide.  RSA has partnered... Read More →
avatar for Neil Wyler

Neil Wyler

Threat Hunting and Incident Response Specialist, RSA
Neil R. Wyler is currently a Threat Hunting and Incident Response Specialist with RSA. He has spent over 18 years as a security professional, focusing on vulnerability assessment, penetration testing, physical security, and incident response. He has been a staff member of the Black... Read More →


Thursday April 26, 2018 15:00 - 15:45
Track 4 - Room A3

15:00

Questioning the "Loneliness" of Lone-Wolves: A Social Network Analysis of the Ideological, Signaling, and Support Networks of Lone-Wolf Terrorists
In this presentation, Dr. Hofmann will discuss his recently completed funded research (TSAS / Public Safety Canada) into the three different types of social networks formed by lone-wolves during the 24 months prior to the commission of their first act of terrorist violence. Dr. Hofmann and his research team gathered relational data to reconstruct the ideological, signaling, and support networks of two prominent lone-wolf terrorists (Timothy McVeigh and Michael Zehaf-Bibeau) in order to explore the extent to which lone-wolves may be influenced and supported by their larger social environments, and how lone-wolves communicate their intent to plan and commit acts of terrorist violence. This study is the first in the known literature to use social network analysis to better understand the relational dynamics of lone-wolf terrorists, and adds to the growing consensus among terrorism scholars that lone-wolves do not radicalize towards violence and plan their attacks in socio-political vacuums. After discussing the methodology and findings of the study, this presentation will conclude with some preliminary policy suggestions, and how future research of a similar nature can contribute to understanding important behavioural and social aspects of lone-wolf terrorism.

Speakers
avatar for Dr. David Hofmann

Dr. David Hofmann

Assistant Professor of Sociology, University of New Brunswick
Dr. David Hofmann is an Assistant Professor of Sociology at the University of New Brunswick, a Research Fellow with the Gregg Centre for the Study of War and Society, and a Senior Research Affiliate with the Canadian Network for Research on Terrorism, Security, and Society (TSAS... Read More →


Thursday April 26, 2018 15:00 - 15:45
Track 5 - Room 201

16:00

Data Breaches: Barbarians in the Throne Room
Often defenders worry about the intangible security problems. Defenders need to concentrate their efforts defending the enterprise by focusing on the fundamentals. Too often issues such as patching or system configuration failures lead to system compromise. These along with issues such as SQL injection are preventable problems. Defenders can best protect their digital assets by first understanding the sheer magnitude that a data breach can have on an enterprise.

In this talk I review my findings after analyzing hundreds of data breach disclosures as it pertains to what went wrong. I had previously done this for 2016 and I plan to have the 2017 review ready by the time of this talk.

Speakers
avatar for Dave Lewis

Dave Lewis

Global Advisory CISO, Duo Security
Dave Lewis has twenty five years of industry experience. He has extensive experience in IT security operations and management including a decade dealing with critical infrastructure. Lewis is a Global Advisory CISO for Duo Security (now Cisco). He is the founder of the security site... Read More →


Thursday April 26, 2018 16:00 - 16:45
Track 1 - Ballroom B1/B2

16:00

AI, Deep Learning, Cognitive Security, Machine Learning: The Value Beneath the Hype
You’ve heard all the buzz words - AI, Deep Learning, Cognitive Security, Machine Learning – and you have been inundated with the security companies spewing marketing claims that these technologies will solve all your security problems; however, how do you effectively test the efficacy of these technologies? How can you be sure that they are helping reduce risk in your environment and what is the cost of using these types of technologies within your defense strategy?

Join Michael A. Davis, CTO of CounterTack, and author of Hacking Exposed: Malware and Rootkits, to learn how to setup your vendor technology evaluations, properly identify and run real-world malware and attack scenarios, learn how to fool “Artificial Intelligence” and “Machine Learning” technologies using adversarial techniques, and ultimately walk away with a better understand of the real value beneath the hype.

Speakers
avatar for Michael A. Davis

Michael A. Davis

Chief Technology Officer, CounterTack
Michael A. Davis serves as CTO of CounterTack. He chose CounterTack because he recognized that the battle is moving to the endpoint, and that conventional IT security technologies can’t protect enterprises. Rather, he saw a need to deliver to the community continuous attack monitoring... Read More →


Thursday April 26, 2018 16:00 - 16:45
Track 2 - Room A1

16:00

Turbo Charging Discovery: An Introduction to Offensive Golang
It has been said that in the coming years, being able to run tools will not be enough, and that penetration testers will need to learn/know how to code. There's lots of Python and Ruby code out there, but there's one thing that it doesn't do that well: scale. This talk covers how Golang can scale out to cover discovery quickly, using native features.

Speakers
avatar for Scott Walsh

Scott Walsh

Senior Threat Intelligence Researcher, SecurityScorecard
An ill tempered, mostly recovered, former systems administrator who now does threat intelligence work for SecurityScorecard. His goal is to help make the Internet a better place by empowering others to break things at scale.


Thursday April 26, 2018 16:00 - 16:45
Track 3 - Room A2

16:00

Datacenter Attacks, an Interactive Adventure
In this fun “choose your own adventure” style video adventure, you will take on the role of a hospital CISO trying to prevent a ransomware outbreak which would put hundreds of lives in jeopardy.  This will be a highly interactive presentation with group participation.
 

Speakers
avatar for Ariel Buk

Ariel Buk

Systems Engineer, Trend Micro
Ariel has over 20 years of IT experience working with leading software and hardware vendors, from data center architecture to DRP and security, he assisted large and small organizations achieve their IT goals. Ariel also brings an extensive education background having taught at multiple... Read More →


Thursday April 26, 2018 16:00 - 16:45
Track 4 - Room A3

16:00

Oblivious sandboxing: developments in transparent sandboxing with Capsicum
Application compartmentalization (a.k.a., sandboxing) can be used to protect applications from themselves and protect users from misbehaving applications. However, the current state of the art requires applications to be willing participants: invasive modifications are required, and it's up to the application whether or not it will voluntarily sandbox itself. We would like to move towards a world in which applications can be started from within compartments (created with technologies like Capsicum) and have their access to global namespace like filesystems transparently mediated. This approach may never scale to applications with complex event models like web browsers, but we believe that there is a great deal of mileage to get out of it with more straightforward (though still sophisticated) applications like compilers.

This talk will describe recent work in FreeBSD that is driving at the goal of transparent, oblivious sandboxing. We will discuss changes in the ELF image activator and run-time linker to support transparent sandboxing as well as a support library for managing pre-opened directory descriptors and a simple shell application to start applications from within sandboxes. Together, these techniques allow us to take a few more steps towards our goal of usefully confining applications whether they like it or not.

Speakers
avatar for Jonathon Anderson

Jonathon Anderson

Assistant Professor, Memorial University of Newfoundland - Department of Electrical and Computer Engineering
Jonathan Anderson is an Assistant Professor in Memorial University of Newfoundland's Department of Electrical and Computer Engineering, where he works at the intersection of operating systems, security and software tools such as compilers. He is a contributor to open-source software... Read More →


Thursday April 26, 2018 16:00 - 16:45
Track 5 - Room 201

17:00

Social
Thursday April 26, 2018 17:00 - 18:00
Ballroom Salon

19:00

Speakers Dinner (Ticket Required)
Tickets must be purchased in advance. No exceptions!

Purchase your ticket here:

https://atlseccon.com/registration


Thursday April 26, 2018 19:00 - 23:30
Lot Six Bar and Restaurant 1685 Argyle St., Halifax
 
Friday, April 27
 

09:00

09:15

Color Wars: Examining Models for Blue and Red Team Collaboration
It is pretty standard to to view an organization's cyber security defenders as its blue team, with red teamers performing pen tests or otherwise simulated attacks.  Recently, purple teaming has been integrated, which is a more collaborative effort between the two.  But many factors go into determining the outcome of the engagement, and many end with mixed results.  Many questions are not properly addressed, such as, who should be "in the know" about the red team exercise?  Should the attackers start inside or outside the network?  How should it be scoped?  How do we ensure that the results accurately reflect the security of the organization and the capabilities of the blue team?  Are we even ready for a pen test?

In this talk, we will evaluate multiple scenarios and models that will help organizations and defenders determine the best red, blue, purple, green, or yellow architecture to ensure continuous 360 insight into security gaps.  We will cover how to evaluate if a model is working, where tweaks can be made, and starting small, but getting big results.

Speakers
avatar for Justin Silbert

Justin Silbert

CISO, LEO Cyber Security
Justin Silbert has worked as CISO for Walter Reed National Military Medical Center, and Security Manager of NHLBI at National Institutes of Health.   His expertise focuses on applying sound security practices across a spectrum of systems and environments, from certified medical devices... Read More →


Friday April 27, 2018 09:15 - 10:00
Track 1 - Ballroom B1/B2

09:15

My Adventures In Pentesting Self-Education, On A Shoestring Budget
It started with a simple self-challenge: At least 30 minutes a day working on computer security and/or pentesting for the entire month of October….
Join me on a dive into the challenges and opportunities encountered while learning pentesting skills, including overviews of useful toolsets and interesting resources, wrapping up with suggestions for fellow self-starters.

Speakers
avatar for Matthew Middleton

Matthew Middleton

QA/QC Analyst, Radient360
Matt is a QA/QC Analyst for Radient360, and has been a black box software tester for a decade, helping developers catch their bugs before they get out into the wild. He’s primarily been influenced by James Bach, Michael Bolton, and Cem Kaner, and subscribes to the Context-Driven... Read More →


Friday April 27, 2018 09:15 - 10:00
Track 2 - Room A1

09:15

An Introduction to Wireless Hacking
This talk will go into the basics of hardware and software suites needed to capture, analyze, and crack WEP and WPA/WPA2 WiFi passwords.

Speakers
avatar for Grant Boudreau

Grant Boudreau

Cyber Security Consultant, MNP
Grant Boudreau is a Cyber Security Consultant for MNP LLP. He holds a Bachelor degree in Information Technology – Network Management from Cape Breton University, is an OSCP and OSWP graduate from Offensive Security, and has several other industry certifications. Grant has a passion... Read More →


Friday April 27, 2018 09:15 - 10:00
Track 3 - Room A2

09:15

Outmaneuvering Cyber Adversaries Using Commercial Technologies
Whether you are the CEO of a Fortune 500 company in Manhattan, the chief administrator of an Ottawa trauma center, or the parents of web savvy teenagers in the heartland, your important information needs to be protected.  When it comes to safeguarding highly sensitive government information, the National Security Agency protects the United States' most critical information and systems against cyber-attacks through hardening and defending the cyber infrastructure.NSA has a proud history of designing and fielding secure information assurance solutions - and in the 21st Century this means Cyber Dominance.  Commercial Solutions for Classified (CSfC) is an extremely important component in NSA’s commercial cyber security and assurance strategy.  US national security customers need secure access to data anytime and anywhere.  CSfC solutions leverage current commercial technology in accordance with NSA-approved architectures to design solutions for these sensitive missions.The last few years have seen tremendous increases in commercial industry's adoption of CSfC's tenets - both from commercial component manufacturing as well as from system integration perspectives. This presentation will highlight various CSfC activities while also serving as a foundational introduction for those who are not familiar with the strategy.

Speakers
avatar for Jeff Watkins

Jeff Watkins

Commercial Solutions for Classified (CSfC) Communications Manager, U.S. Department of Defense
Jeff Watkins has worked at the National Security Agency (NSA) for 34 years, where he currently is serving as the Commercial Solutions for Classified (CSfC) Communications Manager.  He graduated Summa Cum Laude with a Bachelor of Science in Information Systems Management (University... Read More →


Friday April 27, 2018 09:15 - 10:00
Track 4 - Room A3

09:15

Rise Against the Machines
Security vendors, InfoSec specialists, and cyber security professionals claim to use artificial intelligence
and machine learning for defending customers against the most advanced threats.
If you ask for details, however, the information provided as to how these technologies actually work can
be vague or even completely lacking. This makes you wonder “Is this real or just another marketing
myth?”
This talk will examine the mechanics of artificial intelligence and machine learning.
We will:
 Explore how different techniques are being used to detect malware, malicious domains,
phishing emails, and other threats.
 Examine how these types of intelligent systems are created, trained, and implemented.
 Expose potential or inherent weaknesses within these systems.
 Closely examine how these technologies actually work and how they can potentially fail.

Speakers
avatar for Douglas Santos

Douglas Santos

Senior Researcher, Fortinet
Douglas Santos is a Senior Researcher for Fortinet’s FortiGuard Labs. Mr. Santos specializes in advancedthreat research, machine learning and malware swarm intelligent botnets. Recently Douglas has beeninvolved in advanced research that focuses on Blockchain related threats, malware... Read More →


Friday April 27, 2018 09:15 - 10:00
Track 5 - Room 201

09:15

6 Steps for Firewall Assessment for Compliance and Security
The security risk of misconfigured firewalls is enough, but when you add compliance to the mix, you can get into trouble even if your firewall is perfectly secure due to missing documentation. Not to mention the hours burned up while you sit with an auditor collecting “evidence.”  In this presentation, we’ll show you how to perform a 6-step self-assessment of your firewalls to reveal security risks before the auditor comes around, and to ensure that you are compliant 24/7 – because secure and compliant only overlap to a degree.

Speakers
avatar for Thomas Laugle

Thomas Laugle

Sales Engineer, Firemon
Experienced sales engineer specializing in cyber security and risk management.


Friday April 27, 2018 09:15 - 10:00
Track 6 - Room 202

09:15

tbd
Friday April 27, 2018 09:15 - 10:00
Track 6 - Room 202

10:00

Break
Friday April 27, 2018 10:00 - 10:15
Ballroom Salon

10:15

Are You Ready for the Worst? Application Security Incident Response
No matter how small your Dev shop is, if the first time you think about the security of the software is during a major incident, it’s not going to go well.  I will teach developers and security teams to prepare for, manage, and hopefully prevent, application security incidents.  Starting with preparation; do you have a proper application inventory? How do you manage your technology stack?  Disaster Recover?  Backup strategy?  Do you have a WAF?  Monitoring? Tools that are at the ready when the s* hits the fan?  During an incident; who’s managing the incident? Do you know? What is triage? Who does the investigation? Do you have a “safe” place to do potentially destructive testing?  This talk ends with an immediate plan for the audience to get started, with a list of open source tools the security team and/or developers will use to ensure that they are ready for the worst.

Speakers
avatar for Tanya Janca

Tanya Janca

Senior Cloud Advocate, Microsoft
Tanya Janca is a senior cloud advocate for Microsoft, specializing in application and cloud security; evangelizing software security and advocating for developers and operations folks alike through public speaking, her open source project OWASP DevSlop, and various forms of teaching... Read More →


Friday April 27, 2018 10:15 - 11:00
Track 1 - Ballroom B1/B2

10:15

New Crypto AEAD!
Cryptography science is growing fast, and new ‘stronger’ algorithms are competing their way up for standardization. More specifically, the Competition for Authenticated Encryption: Security, Applicability, and Robustness (CAESAR) is currently sorting out the next true candidates for symmetric encryption. In this talk, a first quick look at common AES implementation failures that highlight the gap between “Encryption” and the need of “Authenticated Encryption”. Then, a deep dive into one of the most popular AEAD algorithm in use today will raise some legitimate questions about its longevity. Finally, a selection of new algorithms submitted to the CAESAR competition will be presented in detail. At the light of this talk, the participant should understand the need of AEAD, what it has to offer and what are the next-generation candidates.

Speakers
avatar for Martin Lemay

Martin Lemay

Information Security Analyst - Penetration Tester, GoSecure
Martin Lemay is a certified penetration tester for GoSecure Inc. and has performed engagements in all industry sectors from banking, financial and insurance to energy, healthcare, airlines and telcos. He contributes to various open source projects including the most advanced password... Read More →


Friday April 27, 2018 10:15 - 11:00
Track 2 - Room A1

10:15

Red Meets Blue: Strengthening Defense through Offense
This talk will introduce the concept of internal red teams and the unique value and insight that can be gleamed from the formation such internal teams. We will delve in to methods organizations can employ to leverage red team skillsets beyond traditional exercises, in order to provide more value. The talk will also discuss general operating models and integration considerations between offensive and defensive teams within enterprise environments.

Speakers
avatar for Milos Stojadinovic

Milos Stojadinovic

Director of Cyber Security Assessments, Royal Bank of Canada
Milos Stojadinovic is Director of Cyber Security Assessments at the Royal Bank of Canada. His primary focuses are on red teaming, penetration testing, and other offense geared services. He holds a bachelors degree in information sciences (specializing in information security) and... Read More →


Friday April 27, 2018 10:15 - 11:00
Track 3 - Room A2

10:15

A Social Engineering Course Project Case Study
This talk shares an educator’s attempt to involve undergraduate students across multiple disciplines in experiential learning (EL) class projects on social engineering. Specifically, it focuses on three sub-projects that were implemented in the Fall 2017 semester: (i) shoulder surfing where student teams competed against each other, (ii) laptop distraction, where student teams attempted to convince Temple University Computer Services employees to leave their laptops (designed for the class exercise) so that the students could remove a bogus ‘intellectual property’ file and place a fake ‘malware’ program on the employees’ machines, and (iii) convince individuals on Temple University campus to take a selfie with team members and a ‘rubber chicken’. Through each of these activities, students learn about social engineering tactics and self awareness.
The talk uses the cyclical EL model and its five stages: Experience; Share; Process; Generalize; and Apply to illustrate how students engage in these projects. It highlights several benefits, such as fostering multidisciplinary dialog, developing qualitative research skills, understanding adversarial mindsets, and appreciating the non-technical aspects of cyberattacks. This talk uses students’ and the educator’s reflections as a narrative to discuss ongoing efforts, struggles, challenges, and lessons learned.

Speakers
avatar for Aunshul Rege

Aunshul Rege

Criminology Professor, Temple University
Aunshul Rege is a criminology professor at Temple University. Her National Science Foundation sponsored research projects examine cyberattacks/security from a human behavioral perspective, focusing on adversarial decision-making, adaptation to disruptions, and group dynamics. She... Read More →


Friday April 27, 2018 10:15 - 11:00
Track 4 - Room A3

10:15

Software Defined Networking and Network Security
Software Defined Network (SDN) is a new approach of designing networks. In SDN architecture network control function is decoupled from hardware like routers and switches. This decoupled control function is executed in a logically centralized controller with a global network view. Furthermore, SDN brings network programmability. The decoupled control plane, global network view and network programmability bring efficiency and flexibility in network management and configuration. This talk will introduce Software Defined Networking. The controller is considered as a cornerstone in SDN based design. Thus, there will be a performance comparison of two important SDN controllers ONOS and OpenDaylight. Finally, the talk will provide an overview on the benefits and weaknesses of SDN based design in the context of network security.

Speakers
avatar for Dr. Israat Haque

Dr. Israat Haque

Assistant Professor, Dalhousie University
Dr. Israat Haque is an Assistant Professor in the Faculty of Computer Science at Dalhousie University. She received her PhD degree in Computing Science from the University of Alberta. Her research interest includes network design and optimization in the area of Software Defined Networking... Read More →


Friday April 27, 2018 10:15 - 11:00
Track 5 - Room 201

10:15

tbd
Friday April 27, 2018 10:15 - 11:00
Track 6 - Room 202

11:15

Introducing CSE’s open source AssemblyLine: High-volume malware triaging and analysis
The Communications Security Establishment (CSE), Canada’s national cryptologic agency and a leading expert in cyber security, believes in fostering collaboration and innovation. For the first time ever, CSE is releasing one of its own tools to the public as an open source platform. Developed internally, AssemblyLine is a cyber defence framework designed to perform distributed analytics at scale, focusing primarily on detecting and analyzing malicious files. Learn how AssemblyLine can not only minimize the number of innocuous files that cyber security professionals are required to inspect every day, but how you can collaborate with others to customize and improve the platform.

Speakers
avatar for Tyler Parrott

Tyler Parrott

Senior IT Security Analyst, CSE
Tyler Parrott is a Senior IT Security Analyst with the Communications Security Establishment, currently working for the organization's Cyber Defence program. Tyler has 10 years of experience at CSE, spending 4 years in Vulnerability Research, 3 years with Infrastructure Management... Read More →


Friday April 27, 2018 11:15 - 12:00
Track 1 - Ballroom B1/B2

11:15

The Story of Escape Sequence Vulnerabilities
Escape sequences (or control sequences) are sets of characters that change the behavior of the terminal and allow interacting with it. Basic escape sequences are frequently used for formatting output, e.g. for changing text color. Some sequences served purposes in physical terminals but remained in use with modern terminal emulators.

Historically, there were many dangerous and easy ways to exploit popular terminals by abusing escape sequences. Some of these techniques relied on sequences that are now obsolete. Weaknesses relating to escape sequences are still being found to this day in modern terminals.

In my talk I will explore related past vulnerabilities and recent ones. I will examine vulnerabilities where terminal programs failed to sanitize bad content, and bring examples for how they may have been exploited.

I plan to discuss my own research in finding such vulnerabilities, including the details of my work on Busybox that led to CVE-2017-16544. Finally, I'll do a short demonstration on how attackers can hide malicious code from developers using git, with only a simple escape sequence.
--
Busybox research details:
https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/
https://nvd.nist.gov/vuln/detail/CVE-2017-16544

Hiding content from git:
https://www.twistlock.com/2017/12/13/hiding-content-git-escape-sequence-twistlock-labs-experiment/

Speakers
avatar for Ariel Zelivansky

Ariel Zelivansky

Security Research Lead, Twistlock
Ariel Zelivansky is a security researcher and the head of Twistlock's research team, dealing with hacking and securing anything related to containers.


Friday April 27, 2018 11:15 - 12:00
Track 2 - Room A1

11:15

The Chrome Crusader – Browser Extension Malware Development
Crusade into the wild world of malicious browser extensions. You will learn how to do keylogging, cookie stealing, credential harvesting and building a C&C server allowing you to execute arbitrary JavaScript remotely of your choosing. We will also be talking about CORS (Cross-Site Resource Sharing) and some interesting quirks with the browser extension environment. If you are a front-end developer and you want to dive into malicious code this would be the best way to start learning.

Speakers
avatar for Lilly Chalupowski

Lilly Chalupowski

Cyber Security Analyst, GoSecure
Lilly works with GoSecure on Threat Intelligence and started her journey being mostly self-taught making hacking tools in her spare time. Chameleon (custom base64 steganography), Badger (DLL Security Enumeration including ASLR Entropy), Dirty-Needle (DLL Injection Tool) and more... Read More →


Friday April 27, 2018 11:15 - 12:00
Track 3 - Room A2

11:15

Be Hacker Aware
Learn new attack techniques that have been uncovered by CrowdStrike’s threat hunting and incident response teams including: initial attack vectors, persistence, lateral movement and data exfiltration techniques. See new techniques for dealing with malware, ransomware, spear phishing, exploits and malware-free intrusions. Leave knowing how to identify and stop advanced threat activity in your environment.

Speakers
avatar for Ruben Eduardo

Ruben Eduardo

Sales Engineer, Crowdstrike
Ruben Eduardo is a sales engineer currently working at CrowdStrike. Having previously practiced his trade as a network security specialist with Palo Alto Networks and Herjavec Group, his main focus today is to help customers find a smarter strategy to endpoint security. Ruben has... Read More →


Friday April 27, 2018 11:15 - 12:00
Track 4 - Room A3

11:15

Network Information Management and Cyber-Security/ Know your enemy: malware authorship attribution
Organizations are increasingly relying on networks for the seamless integration of distributed information systems. This has provided many advantages but it has also increased the capacity for the disruption of mission critical services. Some of these problems can be addressed by augmenting existing network management techniques while others require totally new approaches for cyber-security. This talk will discuss some of the machine learning based innovative and holistic approaches that can assist organizations in protecting the security and privacy of their data and systems.

Speakers
avatar for Dr. Natalia Stakhanova

Dr. Natalia Stakhanova

Assistant Professor and the New Brunswick Innovation Research Chair in Cyber Security, University of New Brunswick
Natalia Stakhanova is an Assistant Professor and the New Brunswick Innovation Research Chair in Cyber Security at the University of New Brunswick, Canada. Her work revolves around building secure systems and includes mobile security, IoT security, software obfuscation & reverse engineering... Read More →
avatar for Dr. Nur Zincir-Heywood

Dr. Nur Zincir-Heywood

Professor of Computer Science, Dalhousie University
Dr. Nur Zincir-Heywood is a Full Professor of Computer Science at Dalhousie University. She is on the editorial board of the IEEE Transactions on Network and Service Management and is the Technical Program Co-chair of IFIP/IEEE Traffic Measurement and Analysis Conference 2018. She... Read More →


Friday April 27, 2018 11:15 - 12:00
Track 5 - Room 201

11:15

tbd
Friday April 27, 2018 11:15 - 12:00
Track 6 - Room 202

12:00

Lunch (Vendor Prize Draws)
Friday April 27, 2018 12:00 - 13:00
Ballroom B3

13:00

Medical Records on the Black Market
Medical record breaches have a double impact, since they harm the healthcare institutions, but also disclose private and sensitive information about the patients. Because of this, the value of EHR (Electronic Health Records) has exceeded the value of financial records, not only because it opens the door for liability actions, but also because it can damage (or ruin) the patients life.

In this talk I will cover the different ways in which an owned server could be taken advantage of for profit purposes, and then I will discuss about the sell value of medical and financial information in the black market. I will cover a few specific recent cases (like the last one from Equifax), describe the attack vector, calculate how much it cost to the companies and end users, and talk about how it could have been fixed.

Speakers
avatar for Matias Katz

Matias Katz

CEO, MKIT
Matias Katz is a Web & Infrastructure Security specialist. He has spoken at BlackHat, H2HC, Hack in Paris, Ekoparty, HackMiami, Campus party, OWASP and many other international conferences. He is the CEO of MKIT (www.mkit.com), a company that specializes in Red Team operations, on-demand... Read More →


Friday April 27, 2018 13:00 - 13:45
Track 1 - Ballroom B1/B2

13:00

Who Watches the Watcher? Detecting Hypervisor Introspection from Unprivileged Guests
Over the last decade we have seen a rapid rise in virtualization-based tools in which a hypervisor is used to gain insight into the runtime execution of a system. With these advances in introspection techniques, it is no longer a question of whether a hypervisor can be used to peek inside or even manipulate the VMs it executes. Thus, how can we trust that a hypervisor deployed by a cloud provider will respect the privacy of their customers?

While there are hardware-based protection mechanisms with the goal of guaranteeing data privacy even in the presence of such an "introspecting" hypervisor, there are currently no tools that can check whether the hypervisor is introspecting when it shouldn't.

We have developed a software package that analyzes instructions and memory accesses on an unprivileged guest system which has been deployed onto a hypervisor to determine the potential presence (or lack) of introspection. These techniques are developed to examine properties of modern x86 systems, such as cache-based memory access timing and privileged instruction benchmarking to examine the behavior of the hypervisor. Moreover, we have developed timing methods such as thread racing to determine whether a hypervisor is monitoring regions of memory or hooking instructions.

Speakers
avatar for Tomasz Tuzel

Tomasz Tuzel

Security Researcher, Assured Information Security Inc.
Tomasz has been a security researcher for over six years, having spent the first five at the Department of Defense, followed by Assured Information Security, Inc. He has primarily specialized in low-level security research.


Friday April 27, 2018 13:00 - 13:45
Track 2 - Room A1

13:00

Advancing the Next Disruption in Security through Integration
Securing sensitive, protected data has never been more challenging. Email remains the leading attack vector due to evolving techniques combined with sophisticated social engineering skills. CISOs, CIOs and their security teams struggle to prevent attackers from breaching their organizations and targeting employees. Proofpoint and Palo Alto Networks developed API integrations to combine their super powers for defeating cyber criminals with a perfect balance of protection, detection, threat visibility and orchestration. Join us the learn how the two best-of-breed and leading security companies united their platform offerings, resulting in comprehensive protection without complexity.
 

Speakers
avatar for Luigi Avino

Luigi Avino

Sr. Sales Engineer, Proofpoint
Luigi Avino is a Sr. Sales Engineer at Proofpoint, Inc. He is responsible for helping customers implement smarter strategies for their corporate security.  Luigi specializes in people centric security, focused on email, social, brand protection, mobility, and SaaS security.  Luigi... Read More →
avatar for Victor Tavares

Victor Tavares

Sr. Manager, Systems Engineering, Palo Alto Networks
Victor Tavares leads the Systems Engineering organization for Palo Alto Networks in Canada, where he is responsible for the customer and partner facing SE team. Victor has more than 20 years of experience in the networking and information security industry and he has worked with most... Read More →


Friday April 27, 2018 13:00 - 13:45
Track 3 - Room A2

13:00

Cryptology: It’s a Scalpel, not a Hammer
n this not-too-technical presentation (not much math!), attendees will get a bird’s eye view of why crypto should be left to mathematicians and professionals and not approached lightly. Unfortunately, cryptology blunders are all too common today. Attendees will gain insight into why crypto is not something one can look up and hope to understand overnight. History has shown that implementing weak crypto, or rolling your own crypto, is often fraught with disaster. The slightest mistake often leads to complete scheme, not to mention data, compromise.

Speakers
avatar for Mikhail Sudakov

Mikhail Sudakov

Cyber Security Architect and Analyst, LEO Cyber Security
Mikhail Sudakov is Cyber Security Architect and Analyst for LEO Cyber Security. In addition, he is a professor of cryptology at St. Bonaventure University in NY, USA and had previously served the university as a programmer and information security specialist. Not being afraid to try... Read More →


Friday April 27, 2018 13:00 - 13:45
Track 4 - Room A3

13:00

tbd
Friday April 27, 2018 13:00 - 13:45
Track 5 - Room 201

13:00

Workshop: Orange is the new Hack - Introduction to Machine Learning with Orange
Limited Capacity seats available

Description
Analyzing large number of security alerts can be repetitive and tedious. To help cope with the growing complexity of systems, analysts can use machine learning algorithms and other data analysis concepts. By doing prediction, machine learning algorithm can help prioritize and even reduce the amount of manual work needed. Data analysis can also help gain a better understanding of our data.

The workshop will introduce participants to the world of machine learning using the software Orange. A security-related scenario will be used for the hand-on exercises. For this scenario, a large dataset of vulnerabilities from web applications reported by a static analysis tool will be used. The dataset of vulnerabilities was enriched with key metadata that will help the algorithms. Some metadata will need transformation. Based on issues that were classified, it will be possible to predict which unclassified issues are likely to be actual vulnerabilities.

The attendants will be able to apply the same principles to the dataset in other contexts such as malware classification, system alert classification, vulnerability management, etc.
 
Agenda
This workshop will cover the following topics:
  • Data visualization
  • Classification
  • Making predictions
  • Comparing features and models
  • Text classification
 
Prerequisites
  • Bring your own laptop
  • Operating system compatible for Orange (Windows/Mac/Linux)

Speakers
avatar for Philippe Arteau

Philippe Arteau

Security Researcher, GoSecure
Philippe is a security researcher working for GoSecure. His research is focused on Web application security. His past work experience includes pentesting, secure code review and software development. He is the author of the widely-used Java static analysis tool Find Security Bugs... Read More →


Friday April 27, 2018 13:00 - 16:00
Track 6 - Room 202

14:00

Patching: Show Me Where It Hurts
Patching - it's complicated!  As much as we like to point fingers of blame and malign the processes in place, the fact is that one size does not fit all when security updates get issued.

What's the definition of insanity: doing the same thing over and over. Organizations at every level seem to be struggling with staying on top of patching, but it feels more like a necessary evil rather than a best practice.

Ignorance is not bliss when it comes to uncovering longstanding widespread vulnerabilities and attempting mitigation. As Meltddown and Spectre have painfully demonstrated, we're damned if we do and damned if we don't.

I've done some real life research into the issues to find new approaches to an old problem. We need to go beyond just finding the sweet spot between mitigating business risk with vulnerability exposure. Let's talk about how can we fix this process that seems inherently broken, especially as it now affects IoT, OT and medical devices. Because the cure isn't supposed to be worse than the disease.

Speakers
avatar for Cheryl Biswas

Cheryl Biswas

Strategic Threat Intel Analyst
Cheryl Biswas is a Strategic Threat Intel Analyst with a major bank whose name she cannot share in Toronto, Canada, where she monitors and assesses international relations, threat actors, vulnerabilities and exploits. In her previous role with KPMG Canada, she was a Cyber Security... Read More →


Friday April 27, 2018 14:00 - 14:45
Track 1 - Ballroom B1/B2

14:00

Top 10 ways to secure Microservices
In this session, I will talk about Top 10 ways to design and build secure Microservices to protect your users and your reputation. This top 10 list includes: 
1. Use the latest version of TLS
2. Designing a secure Infrastructure and Network whether on prem or in cloud
3. Best Practices in Authentication to authentication your clients or end users.
4. Authorization of your end users or clients so they get just the right access based on least privilege and need to know.
5. Protecting your APIs against Distributed Denial of Service by using patterns such as Rate Limiting, Throttling, Daily limits etc.
6. Alerting and Monitoring your APIs to detect abnormal patterns and security issues.
7. API resiliency that directly affects Availability of your Microservices.
8. Encrypting & Hashing sensitive data - at rest and/or in transit - in memory, in cache and in db, in transit, in UI
9. Key management security
10. Session Management best practices

Speakers
avatar for Chintan Jain

Chintan Jain

SVP, Security Engineering & Architecture, Security Mantra Corporation
Chintan Jain is an accomplished cyber security visionary, technology and thought leader with more than 15 years of rich full cycle experience in Cyber Security Engineering & Architecture mainly in the areas of Identity & Access Management, Application, Infrastructure and Cloud Security... Read More →


Friday April 27, 2018 14:00 - 14:45
Track 2 - Room A1

14:00

tbd
Friday April 27, 2018 14:00 - 14:45
Track 3 - Room A2

14:00

How to Talk to Your Users (Without Being A Pretentious Jerk)
Talking to your users about security isn't just a job it's a responsibility. Do it right, you can make your work easier and create a better working relationship between the business and IT. Do it wrong, and you can turn off your users and look like a pretentious jerk. Learn to craft your message and help your users understand how security matters to them.

Speakers
avatar for Colin Campbell

Colin Campbell

Sr Systems Architect, CCM LP
Colin has been working in IT for more than 20 years and focused on Security as a primary responsibility for the last 8 years. His role keeps him in close contact with our users, coordinating security and IT changes, and managing the corporate disaster recovery plan.


Friday April 27, 2018 14:00 - 14:45
Track 4 - Room A3

14:00

tbd
Friday April 27, 2018 14:00 - 14:45
Track 5 - Room 201

14:45

Break
Friday April 27, 2018 14:45 - 15:00
Ballroom Salon

15:00

Try Harder?
How we treat people has impact and consequences, especially when it comes to welcoming new professionals to infosec. Telling someone to simply ‘try harder’ without any support is detrimental to progress and motivation.  In order for learners to be successful in developing their skills, we need to accept that learning is a dynamic process that should recognize the individual.  Infosec training should not function like a Fraternity- we should be there to support each other not make it like hazing! Come hear from two experienced teachers on the current paradigm in infosec training and offer clear strategies to make infosec training more inclusive, welcoming, accessible, empathetic - and pain free.

Speakers
avatar for Geoffrey Vaughan

Geoffrey Vaughan

Senior Security Engineer, Security Innovation
Geoffrey is a Sr. Security Engineer with Security Innovation. He spends his time hacking and securing web applications, mobile apps, robots, 3D printers, infrastructure, embedded devices, and anything with a Biometric. He is passionate about security and helping others build secure... Read More →


Friday April 27, 2018 15:00 - 15:45
Track 1 - Ballroom B1/B2

15:00

1, 2, 3, 4: I Declare Cyber War
A recent cyber-security incident in Nova Scotia has made national news.

When can you have a reasonable belief that public data is, in fact, public? A teenager was charged criminally after being accused of stealing confidential documents from a public-facing provincial Freedom of Information server. The problem is, it was only discovered because a provincial staffer made a typo in a URL.

This case is likely to have chilling effects on cyber-security research in the province if the accused is found guilty. Covered will be what happened and how, the governments response, and the nuance of "an open door" on the internet.

Could this have been an act of cyber-terrorism? Was it a simply a misunderstanding? As the incident will be replicated live; you'll be able to come to your own conclusions.


Speakers
avatar for Evan d'Entremont

Evan d'Entremont

Software Engineer
Evan d’Entremont is a Halifax-based software engineer and long-time HASKer who spends his time solving complex problems. His background includes web application development and modernizing legacy applications. He currently specializes in IIoT communications and security.


Friday April 27, 2018 15:00 - 15:45
Track 2 - Room A1

15:00

One Citizen, One Password - How the State of Louisiana streamlined and secured digital services for its residents
The State of Louisiana, which serves more than 4 million citizens, took a challenge around an outdated system and created the opportunity to establish a foundation for citizen services. The need to improve and transform a dated Medicare and Medicaid enrollment system turned into an opportunity to change the way software was developed. Instead of creating a monolithic application, the team decided to embrace the application economy and design a new service-oriented system that could accommodate a broad range of citizen services. The team quickly realized a fragmented customer experience is not acceptable in the application economy. The State of Louisiana did not want citizens to have to remember separate passwords for every service provided by the state, so they created a central platform that all agencies could share. Each citizen will use a single identity and password to access services.

Like the State of Louisiana, many governments are taking services online to provide 24-7 access and better service at lower cost—while also optimizing the experience for the end user. And to inspire others, the IT team in Louisiana published the architecture. This type of digital transformation is reshaping the image of government as a model for bureaucracy to government as a center for innovation. The State of Louisiana is breaking stereotypes around government agencies and outdated technology as they transform their IT systems to provide customers with the digital experience they expect.

The team at the State of Louisiana understands that interacting with government systems should be intuitive, informative and easy. That’s why the State of Louisiana created an IT architecture that will anticipate the technologies of tomorrow while addressing constituents’ needs today.

Key advantages include:
- Fraud Prevention  
- Citizen submits a Permit Request and Securely Routes Request for Approval
- Permits filtered with security intelligence

Speakers
avatar for James Alt

James Alt

Enterprise Application Architect, State of Louisiana
avatar for Dustin Glover

Dustin Glover

Chief Information Security Officer, State of Louisiana
avatar for Matthew Vince

Matthew Vince

Director of Project Management, Louisiana Office of Technology Services


Friday April 27, 2018 15:00 - 15:45
Track 3 - Room A2

15:00

Traditional penetration testing is STILL dead
CISO's must take a different approach to penetration testing and compliance assessments to stay ahead of hackers. The current model includes lengthy sales cycles, risks discussed with a consultant, and a deliverable that is best to be chiseled into a piece stone. CISO's are then battling budgets, limited staff, and sleazy security sales individuals selling bad products.

Speakers
avatar for Andrew Ostashen

Andrew Ostashen

CEO and Founder, Vulsec
Andrew is the CEO and Founder at Vulsec.  He graduated from Rochester Institute of Technology majoring in Information Security and Forensics. Andrew has assessed over 250 companies including hospitals, banks, casinos to quantify their risks. He has seen the devastation caused by... Read More →


Friday April 27, 2018 15:00 - 15:45
Track 4 - Room A3

16:00

Closing Keynote
Speakers
avatar for Brian Brushwood

Brian Brushwood

Brian Allen Brushwood is an American magician, podcaster, author, lecturer and comedian. Brushwood is known for the series Scam School, a show where he teaches the audience entertaining tricks at bars so they can "scam" a free drink. The show also claims to be the only show dedicated... Read More →


Friday April 27, 2018 16:00 - 17:00
Track 1 - Ballroom B1/B2

17:00

Closing Remarks / Grand Prize Draws
In order to claim any prizes, you must attend the closing remarks.

Friday April 27, 2018 17:00 - 17:30
Track 1 - Ballroom B1/B2

20:00

After Party
After Party at the Lower Deck - Tap Room (3rd Floor). 8pm - close. Please bring your conference badge.


Friday April 27, 2018 20:00 - 23:30
Tap Room @ The Lower Deck 1887 Upper Water St, Halifax, NS B3J 1S9