Atlantic Security Conference

The security threat landscape is constantly in flux as attackers evolve their skills and tactics. Cisco Talos Intelligence Group is one of the largest commercial threat intelligence teams in the world. Using our visibility into the threat landscape we are constantly analyzing new attacks against our customer’s networks. During this talk I will examine various threats that Talos has examined over the last year to show how attackers are continually becoming more sophisticated. Understanding how these actors are evolving and how they are targeting networks is vital to protecting your network. For example, many people do not consider DNS worth monitoring yet we discovered the DnsMessenger attack that solely utilized DNS messages for its C&C and data exfiltration. Other attacks have been very destructive such as the Nyetya supply chain attack that crippled the Ukraine causing 100’s of millions in damage. Wormable malware has become commonplace as seen in WannaCry, Nyetya, Bad Rabbit, Olympic Destroyer. Only by understanding the evolving threat landscape an the attack vectors that threat actors are using can people begin to harden their networks against these increasingly sophisticated attacks.

The same way canaries have been used to detect toxic gases in mines, the cyber-canaries are invaluable in detecting lateral movement on enterprise networks. With the constant barrage of breaches occurring today, organizations must focus on early detection beyond the walls of their network perimeter if they are to stave off attacks and further data loss.

This presentation will discuss the following:
- Provide information on the use of honeypots, specifically Canaries to detect lateral movement on networks following a breach.
- Difference between traditional honeypots such as honeyd and canaries
- Use-cases using OpenCanary with demonstrations and examples of attack scenarios including some well known breaches such as Target orHome Depot.

Best known for its innovative Blue Kit, which provides a low-cost Internet of Things (IoT) educational starter kit helping students understand the fundamentals of IoT, Blue Spurs is one of the leading IT consulting firms in Canada.  

According to Cybersecurity Ventures, by 2021 there will be 3.5 million cybersecurity jobs unfilled around the world. After a couple years of success with the Blue Kit, the company is now expanding cloud education to the topic of cybersecurity. Through its partnership with CyberNB, Blue Spurs just launched a new cybersecurity educational module. Located in Canada’s cybersecurity headquarters - New Brunswick, which was the first province to develop a comprehensive cybersecurity strategy, Dawson, Head of Technology at Blue Spurs, will share best practices for educating K-12 and post-secondary students in two major technology focus areas that will shape the future of Canada’s reputation as a leader in cloud technology.
Session key takeaways include:
·         Fundamentals of building a cybersecurity education program for students and young professionals.
·         Why now is the optimal time to educate the next generation of technology leaders.
·         Major national cybersecurity trends that are being shared with students that will impact the future of Canadian IT.

Advanced attackers are always looking for ways to stay hidden. The growing use of traffic encryption — over 50% of Web traffic today is encrypted — provides a simple trick for attackers to hide their threats and communications channels. Exploit kits, malware, adware, callbacks, as well as command & control channels leverage encrypted communications to infiltrate organizations and exfiltrate information. 
Look into encrypted traffic, without the need for a proxy or additional agents and ensure full coverage of threats hiding within covert channels. SentinelOne extends EPP capabilities to provide an integrated workflow from visibility & detection to response & remediation. The single agent, single console architecture provides deployment simplicity and operational agility to improve productivity and minimize business impact of threats.
In this session:
- Explore and expose threats hiding inside encrypted traffic at the endpoint
- Discover Autonomous Detection and Response to formerly “unseeable” threats
- Live Attack Demonstration, Investigation and Remediation

It has been said that in the coming years, being able to run tools will not be enough, and that penetration testers will need to learn/know how to code. There's lots of Python and Ruby code out there, but there's one thing that it doesn't do that well: scale. This talk covers how Golang can scale out to cover discovery quickly, using native features.

This talk will go into the basics of hardware and software suites needed to capture, analyze, and crack WEP and WPA/WPA2 WiFi passwords.

This talk will introduce the concept of internal red teams and the unique value and insight that can be gleamed from the formation such internal teams. We will delve in to methods organizations can employ to leverage red team skillsets beyond traditional exercises, in order to provide more value. The talk will also discuss general operating models and integration considerations between offensive and defensive teams within enterprise environments.

Crusade into the wild world of malicious browser extensions. You will learn how to do keylogging, cookie stealing, credential harvesting and building a C&C server allowing you to execute arbitrary JavaScript remotely of your choosing. We will also be talking about CORS (Cross-Site Resource Sharing) and some interesting quirks with the browser extension environment. If you are a front-end developer and you want to dive into malicious code this would be the best way to start learning.

Securing sensitive, protected data has never been more challenging. Email remains the leading attack vector due to evolving techniques combined with sophisticated social engineering skills. CISOs, CIOs and their security teams struggle to prevent attackers from breaching their organizations and targeting employees. Proofpoint and Palo Alto Networks developed API integrations to combine their super powers for defeating cyber criminals with a perfect balance of protection, detection, threat visibility and orchestration. Join us the learn how the two best-of-breed and leading security companies united their platform offerings, resulting in comprehensive protection without complexity.
 

The State of Louisiana, which serves more than 4 million citizens, took a challenge around an outdated system and created the opportunity to establish a foundation for citizen services. The need to improve and transform a dated Medicare and Medicaid enrollment system turned into an opportunity to change the way software was developed. Instead of creating a monolithic application, the team decided to embrace the application economy and design a new service-oriented system that could accommodate a broad range of citizen services. The team quickly realized a fragmented customer experience is not acceptable in the application economy. The State of Louisiana did not want citizens to have to remember separate passwords for every service provided by the state, so they created a central platform that all agencies could share. Each citizen will use a single identity and password to access services.

Like the State of Louisiana, many governments are taking services online to provide 24-7 access and better service at lower cost—while also optimizing the experience for the end user. And to inspire others, the IT team in Louisiana published the architecture. This type of digital transformation is reshaping the image of government as a model for bureaucracy to government as a center for innovation. The State of Louisiana is breaking stereotypes around government agencies and outdated technology as they transform their IT systems to provide customers with the digital experience they expect.

The team at the State of Louisiana understands that interacting with government systems should be intuitive, informative and easy. That’s why the State of Louisiana created an IT architecture that will anticipate the technologies of tomorrow while addressing constituents’ needs today.

Key advantages include:
- Fraud Prevention  
- Citizen submits a Permit Request and Securely Routes Request for Approval
- Permits filtered with security intelligence