Loading…

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Wednesday, April 24
 

08:00

Registration
Wednesday April 24, 2019 08:00 - 08:15
AtlSecCon
  AtlSecCon

09:30

Opening Keynote - Day 1 - Cliff Stoll
Speakers
avatar for Clifford Stoll

Clifford Stoll

Chief Bottle Washer, Acme Klein Bottle
Clifford Stoll gained worldwide attention as a cyberspace sleuth when he wrote his bestselling book, The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage, the page-turning true story of how he caught a ring of hackers who stole secrets from military computer systems... Read More →

Wednesday April 24, 2019 09:30 - 10:45
Track 1 Ballroom
  Ballroom

10:45

Networking Break
Wednesday April 24, 2019 10:45 - 11:00
AtlSecCon
  AtlSecCon

11:00

Defending Democracy: Confronting Cyber-Threats to Canadian Elections
The use of new technologies in elections has emerged as a key issue in recent years, with concerns
about database hacking, media manipulation, and foreign technological interference leading to public concern and debate around the world. Recent examples make the relevance of this issue clear. The U.S. Senate Intelligence Committee found evidence of Russian interference and media manipulation in the 2016 American presidential election. Estonia’s widely respected identity card system, which is used for i- voting in elections and access to government services, was recently found to be susceptible to identity theft. Meanwhile, social media has opened up a new domain of political interactions, as illustrated by claims of Russian bots trying to influence the 2016 Brexit referendum.

While technology has been used in elections for decades, in the form of electronic voting machines and digital registration databases, the explosion of new technologies and increased access to these
technologies by citizens and election administrators, demands further academic consideration. This
presentation responds to two major questions, regarding the use of technology in elections around the world:

1) How is technology used in each stage of the electoral cycle? How prevalent is their usage?
and 2) What are the major security concerns that should be considered? Where is Canada most
vulnerable to security issues?

Speakers
avatar for Holly-Ann Garnett

Holly-Ann Garnett

Assistant Professor, Royal Military College of Canada
Assistant Professor, Department of Political Science, Royal Military College of Canada

Wednesday April 24, 2019 11:00 - 11:45
Track 6 202
  201

11:00

The Skills Gap: Thoughts on Hiring and Retention
The industry is doing a pretty good job of getting the word out to primary, secondary, and post-secondary students about career opportunities in cyber security. This will likely help fill the skills gap in the next 5-15 years, but what about today?

In this presentation, I'm going to discuss the skills gap as it exists today, and how both retention strategies and outreach efforts to other industries may help address that gap.
Speakers
avatar for Matthew Middleton

Matthew Middleton

QA/QC Analyst, Radient360
Matt is a QA/QC Analyst for Radient360, and has been a black box software tester for a decade, helping developers catch their bugs before they get out into the wild. He’s primarily been influenced by James Bach, Michael Bolton, and Cem Kaner, and subscribes to the Context-Driven... Read More →

Wednesday April 24, 2019 11:00 - 11:45
Track 5 201
  202

11:00

People-Centric Security: 2019 Cyber Threat Landscape
Despite tens of billions of dollars spent on security technology globally each year, attacks continue to get through. Canadian organizations continue to lose money, data, and the trust of customers and partners.  That’s because today’s cyberattacks target people, not technology.  Chris Montgomery of Proofpoint will share real-world stories of people-centric threats, including phishing, credential phishing, email fraud, brute-force attacks, and cloud account takeover.
 
We’ll look ahead at the trends and events likely to shape the threat landscape in 2019. A shakeout in the cryptocurrency market will change the way threat actors move - and steal - money, while email fraud moves from spoofing identities to using stolen identities, making it more effective and harder to detect. At the same time, attackers will double down on abuse of legitimate infrastructure and state-sponsored actors will increasingly act with impunity as laws and defenses attempt to keep up with new capabilities and targets. Social media threats will overlap with increased compliance concerns while threat actors will continue to refine filtering and targeting capabilities, keeping their attacks under the radar and improving returns on investment. We’ll discuss key actions you can take to prepare your organization with a people-centric approach.
Speakers
avatar for Luigi Avino

Luigi Avino

Sr. Sales Engineer, Proofpoint, Inc.
Luigi Avino is a Sr. Sales Engineer at Proofpoint, Inc. He is responsible for helping customers implement smarter strategies for their corporate security. Luigi specializes in people-centric security, focused on email, social, brand protection, mobility, and SaaS security. Luigi has... Read More →

Wednesday April 24, 2019 11:00 - 11:45
Track 2 A1
  Argyle A1

11:00

Don't let backup data, administrators or storage be your IT security back door
When it comes to data protection, the risks are high. Too many times companies take adequate protections for live workloads; but are the same standards are applied to the durability of the data protection scheme? Different backup technologies offer different opportunities and risks for security the backup data. Additionally, how can backup technology be resilient for ransomware? Backup expert Rick Vanover shares tips for security professionals:

• Storage security strategies for backups
• Backup resiliency for ransomware strategies
• Identifying backdoors from data protection solutions
• Implementing controls for each step of the data protection process
Speakers
avatar for Rick Vanover

Rick Vanover

Director of Product Strategy, Veeam
Rick Vanover (Cisco Champion, VMware vExpert) is the Director of Product Strategy for Veeam Software based in Columbus, Ohio. Rick’s experience includes system administration and IT management; with virtualization, cloud and storage technologies being the central theme of his career... Read More →

Wednesday April 24, 2019 11:00 - 11:45
Track 3 A2
  Argyle A2

11:00

Avoiding Defeat - Building a Playbook to Survive a Ransomware Attack
Many have succumbed to the various forms on ransom-based malware. Whether it is Cryptolocker, Wannacry, Crysis or the many other forms on ransomware, numerous organizations assume they are not at risk and end up having to respond to a ransomware attack without proper preparation. Full of firsthand case studies and lessons learned during my time handling numerous ransomware-related incidents over the past year to help attendees better prepare for a potential ransomware attack.

During this session we will discuss:
- How does ransomware work, what are some of the more well-known variants (i.e. Petya, Dharma, etc.)?
- How to I prepare my organization in the event that I get hit with ransomware?
- How do I develop a playbook around responding to a ransomware related incident?
- What indicators of compromise should I look out for?
- What do I do if my systems are infected with ransomware? Do I pay the ransom? How do I recover?

Speakers
avatar for Peter Morin

Peter Morin

Director, Cybersecurity and Privacy, PwC
Peter is a Director in PwC's Cybersecurity and Privacy consulting practice. He is a senior cyber security professional with over 20 years of experience focusing on information security risk management, cyber threat incident response, threat hunting, malware analysis, and computer... Read More →

Wednesday April 24, 2019 11:00 - 11:45
Track 4 A3
  Argyle A3

11:00

Build it Once, Build it Right: Architecting for Detection
Defensible networks are designed to prevent and detect computer attacks, and are hardened at every layer. Per Richard Bejtlich, defensible networks "can be watched" and "limit an intruder’s freedom to maneuver." For example: modern malware often attempts to steal credentials and move laterally via tools such as WMIC, PSExec, and PowerShell. Most host-based firewalls can block (and log) based on applications such as PSExec. Prudent organizations use host-based firewalls to block and log network connections initiated by these tools from "regular" user desktops, and only allow authorized use from system administration drop boxes.

This talk focuses on designing a defensible security architecture that limits an intruder's ability to maneuver, and creates logs when it is successful in doing so. Specific examples will be provided that prevent recent malware such as Petya, NotPetya, SamSam, and others. We will provide an actionable list of techniques that prevent and detect the deadliest events that occur during virtually every successful breach.
Speakers
avatar for Eric Conrad

Eric Conrad

CTO, Backshore Communications
SANS Faculty Fellow Eric Conrad is the lead author of SANS MGT414: SANS Training Program for CISSP® Certification, and coauthor of both SANS SEC511: Continuous Monitoring and Security Operations and SANS SEC542: Web App Penetration Testing and Ethical Hacking. He is also the lead... Read More →

Wednesday April 24, 2019 11:00 - 11:45
Track 1 Ballroom
  Ballroom

11:45

Lunch
Wednesday April 24, 2019 11:45 - 13:00
AtlSecCon
  AtlSecCon, addnew

13:00

Cyber Security Research at Dalhousie: Bots, Compromised Users and Insider Threats
Advances in AI/ML technologies are not only the fastest growing areas but also provide endless possibilities in many different science and engineering disciplines including communication networks and cybersecurity. These technologies are used by billions of people. Any person who has a smartphone can tangibly experience advances in AI/ML via their social media apps, cameras and digital assistants. Nur Zincir-Heywood, who is an expert in cybersecurity and communication networks will provide an overview of cybersecurity research using AI/ML from malware to botnets to insider threats in the era of highly connected devices.
Speakers
avatar for Dr. Nur Zincir-Heywood

Dr. Nur Zincir-Heywood

Professor, Dalhousie University
Dr. Nur Zincir-Heywood is a Full Professor of Computer Science at Dalhousie University. She is on the editorial board of the IEEE Transactions on Network and Service Management and is the Technical Program Co-chair of IFIP/IEEE Conference on Network and Service Management (CNSM) 2019... Read More →

Wednesday April 24, 2019 13:00 - 13:45
Track 6 202
  201

13:00

Securing credentials for in-depth scans and conditional access
Securing credentials for in-depth scans and conditional access. This presentation will focus on how Tenable and CyberArk work together to provide a comprehensive authenticated scanning solution that gives security team’s better vulnerability insight while protecting privileged accounts. You'll learn how crucial Privileged Account Security is and how it play a role in day to day IT and Security activities, such as vulnerability management and remote access.
Speakers
avatar for Anthony Myer

Anthony Myer

Solution Engineer Canada, CyberArk
Anthony Meyer has been in the IT industry for more than 8 years and currently hold a position as Solution Engineer at CyberArk. With strong knowledge in Network and Security, Anthony has been responsible for designing and implementing security solution and network infrastructure for... Read More →

Wednesday April 24, 2019 13:00 - 13:45
Track 5 201
  201

13:00

Avoiding Common Mistakes in Breach Detection and Response
Organizations of all sizes are under attack today, and one common challenge is how ill-prepared we all tend to be while responding. This presentation will address lessons learned and how to most effectively combine people, processes, and technologies in the midst of a breach response.
Speakers
avatar for Ben Smith

Ben Smith

Principal Sales Engineer + Field CTO (US), RSA
Ben Smith is Field Chief Technology Officer (Field CTO - US) with RSA, a Dell Technologies business. With 25 years’ experience in the information security, networking and telecommunications industries, he regularly consults on RSA’s security and risk management solutions. His... Read More →

Wednesday April 24, 2019 13:00 - 13:45
Track 2 A1
  Argyle A1

13:00

Improving Cloud Security through Automation
This presentation will provide attendees with tools and techniques to reduce their cloud environment's attack surface.  Attendees will learn:

1. A threat modeling approach to identify common cloud security threats.
2. Five common AWS security issues.
3. Techniques to constantly monitor and resolve common security issues.

Speakers
avatar for Elyse Nielsen

Elyse Nielsen

Principal Consultant, Webgistixs
Elyse Nielsen is the principal consultant with Webgistixs, a security consulting firm. Webgistixs advises companies how to improve management of their security portfolio achieving project delivery while improving financial and operational performance. Elyse has over a decade of experience... Read More →

Wednesday April 24, 2019 13:00 - 13:45
Track 3 A2
  Argyle A2

13:00

Leveraging AI and Data Analytics to win the Cyber time race
A reoccurring challenge that all clients are facing is not enough resources and alert fatigue.

This session is being put on by two of the leading organizations in the cybersecurity space CrowdStrike and Splunk!

CrowdStrike is a leader in the Endpoint Detect and Response space who heavily leverages a massive datastore and artificial intelligence. Splunk is the leader in data analytics and helps clients quickly find that needle in the haystack.


Speakers
avatar for Sebastien Ferreira

Sebastien Ferreira

Regional Director, Splunk
 Sebastien spent over 10 years at CheckPoint before moving over to Splunk.
avatar for John Pilon

John Pilon

Regional Director – Federal Government/Eastern Canada, Crowdstrike
John has worked for organizations such as Microsoft and HPE prior to joining Crowdstrike.

Wednesday April 24, 2019 13:00 - 13:45
Track 4 A3
  Argyle A3

13:00

Tracing Ransomware Payments in the Bitcoin Ecosystem
Ransomware can prevent a user from accessing a device and its files until a ransom is paid to the attacker, most frequently in bitcoin. With over 500 known ransomware families, it has become an important online threat for law enforcement, security professionals and the public.

We present a data-driven method for identifying and gathering information on bitcoin transactions related to illicit activity based on footprints left on the public bitcoin blockchain. We implement the method on-top-of the GraphSense open-source platform and apply it to empirically analyze transactions related to 35 ransomware families.

The analyses allow us to estimate the lower bound direct financial impact of each ransomware family and the minimum worth of the market for these 35 families, from 2013 to mid-2017. Security analysts, policy-makers and law enforcement agencies can replicate the method and use the statistics provided in this presentation to understand the size of the illicit market and make informed decisions on how best to address the threat.

Speakers
avatar for Masarah Paquet-Clouston

Masarah Paquet-Clouston

Security Researcher, GoSecure
Masarah Paquet-Clouston is a security researcher at GoSecure, a PhD student at Simon Fraser University in criminology and one of Canada’s decorated 150 scientific innovators. With her background in economics and criminology, she specializes in the study of markets behind illicit... Read More →

Wednesday April 24, 2019 13:00 - 13:45
Track 1 Ballroom
  Ballroom

13:45

Networking Break
Wednesday April 24, 2019 13:45 - 14:00
AtlSecCon
  AtlSecCon

14:00

AP-ocalypse: Release the KRACKen
This talk is part two to "An Introduction to Wireless Hacking" from AtlSecCon 2018. I will very briefly recap Aircrack-ng before diving into breaking WPS and looking at the KRACK attack. Finally, I will demonstrate a bash script that will make Wi-Fi cracking a cinch and I will show how to build a software-based Wi-Fi jammer.
Speakers
avatar for Grant Boudreau

Grant Boudreau

Cyber Security Consultant, MNP
Grant Boudreau is a Cyber Security Consultant for MNP LLP. He holds a Bachelor degree in Information Technology – Network Management from Cape Breton University, is an OSCP and OSWP graduate from Offensive Security, and has several other industry certifications. Grant has a passion... Read More →

Wednesday April 24, 2019 14:00 - 14:45
Track 5 201
  202

14:00

Supply Chain Risk Management and Early Stage Start-ups
As companies adopt tech from innovative start-ups, traditional risk management becomes obsolete. Serial entrepreneur and infosec practitioner Darren Gallop reveals how far founders will go to meet their venture backed sales targets. This may include being untruthful on security questionnaires! This presentation will provides actionable methods to address the security concerns introduced by working with early stage tech companies. The presentation will provide perspectives on how to address the following concerns while taking advantage of the cutting edge technologies that many startups provide: - The real risk that start-ups face is running out of money before achieving commercial success. Statistically, a start-up is more likely to fail from commercial failure than from breach fallout. This means most start-ups will do the minimal required in order to close deals - Start-ups primarily work from shared workspaces or remote offices and operate entirely in the cloud - They will do whatever it takes to not fail, even if that means exaggerating the truth about their security posture

Speakers
avatar for Darren Gallop

Darren Gallop

CEO, Securicy
Darren Gallop is a serial entrepreneur, musician and information security professional. He started his career in the music industry, then migrated to  founding marcatofestival.com a festival management software solution that became the back end of the biggest and most prestigious... Read More →

Wednesday April 24, 2019 14:00 - 14:45
Track 2 A1
  Argyle A1

14:00

The Modern State of Insecurity
Online security is in a constant state of flux; we face threats today that are entirely new to those we dealt with only a year or two ago. Yet at the same time, we’re still dealing with the same fundamental threats we were decades ago with the likes of SQL injection and ransomware dating as far back as the 80’s. This dichotomy also plays out in the sophistication of attacks we’re seeing today with news headlines announcing nation state backed espionage with equal regularity to Amazon S3 buckets exposing everything to the public due to simple configuration errors.

In this talk, you’ll see how these threats are evolving and which are the ones we need to be especially conscious of in the modern era. It looks at real world examples of both current and emerging threats and talks about actionable steps we need to take as an industry to stem the flow of data breaches and other malicious activity. The Modern State of Insecurity is a scary yet necessary lesson on how we’re still getting security wrong today.

Speakers
avatar for Daniel Cybulskie

Daniel Cybulskie

Manager of Sales Engineering, Varonis
Daniel has been at Varonis for 4 and a half years specializing in unstructured data protection and threat detection. He also has over a decade of experience in the field of information security. During his career, he has been sought after as a dynamic, and highly educated, speaker... Read More →

Wednesday April 24, 2019 14:00 - 14:45
Track 3 A2
  Argyle A2

14:00

To become a Cyber Security Leader, Canada must invest in the Next Generation of Workers
An international shortage of cybersecurity talent is expected to grow over the next few years, according to the Information and Communications Technology Council. There's an expected need for more than 1.5 million people to work in cybersecurity globally by 2020.  In Canada, cybersecurity job growth averaged 9.2% in 2014-15, compared with 0.7% for all other occupations. 1-in-4 ICT professionals in Canada require cybersecurity skills. As tomorrow’s leaders and innovators, youth are a vital talent pool to meet cyber security skill demands. Under ICTC’s Canadian Youth Cyber Education Initiative, the CyberTitan program (affiliated with the (US) Air Force Association's CyberPatriot Program which is presented by the Northrop Grumman Foundation) focuses on preparing middle and secondary school students with skills for the digital economy by creating learning opportunities for students to engage in hands-on simulated environments that develop skills necessary to pursue post-secondary education programs, to learn skills essential to work in many STEM fields, and to identify roles students can play help to secure our systems.
Speakers
avatar for Sandra Saric

Sandra Saric

Vice President, Information and Communications Technology Council
Sandra leads initiatives that promote diversity, inclusion, and collaboration with industry, government and education on strategies and actions to leverage talent and build capacity in Canada’s digital economy. As an inclusion advocate in Canada and globally, Sandra has particularly... Read More →

Wednesday April 24, 2019 14:00 - 14:45
Track 4 A3
  Argyle A3

14:00

What Are We Doing Here? Rethinking Security
Have you ever noticed that much of the mission of cyber- and information security professionals seems to be focused on vulnerabilities? Have you ever heard of the risk equation? Perhaps you are familiar with one or more versions that help you derive the risk to your organization (sometimes referred to as residual risk). I have been wondering for a while how to suggest to our industry that there is perhaps TOO much focus on vulnerabilities and not enough attention or focus on the other elements that derive the standard risk equation. Remember how the disclosure of Meltdown/Spectre introduced a "perfect storm" scenario where the vulnerability wasn't easy to patch or fix, and the solution seemed to be break things? This created a situation where the "security solution" wasn't simply to apply the patch - and that left many organizations scrambling to figure out how to deal with this example of a persistent vulnerability. This is a great example of what I've wanted to discuss for a while - what else should we focus on in terms of security if/when the vulnerabilities still remain.  Interested? Intrigued? Come join the discussion!
Speakers
avatar for Jeff Man

Jeff Man

Sr. Information Security Consultant, Online Business Systems
Respected Information Security expert, advisor, evangelist, co-host on Paul's Security Weekly, and recently returned to a Consulting/Advisory role at Online Business Systems. Over 35 years of experience working in all aspects of computer, network, and information security, including... Read More →

Wednesday April 24, 2019 14:00 - 14:45
Track 1 Ballroom
  Ballroom

14:45

Networking Break
Wednesday April 24, 2019 14:45 - 15:00
AtlSecCon
  AtlSecCon

15:00

Network Visibility and Anomaly Detection in Zero Trust Networks
While defence in depth is important in every network. The growth of Zero trust networks in many companies now, make it mostly impossible for your network and security teams to know on their own what should be there.  We'll talk about how you have to look past tradition security methods to help you keep your data secure.
Speakers
avatar for Jim Deleskie

Jim Deleskie

Founder, Mimir Networks
Jim DeLeskie has 25 years of experience designing, building and securing global networks. Understanding how network traffic moves based on packet flow data overlaid with routing information has always been key. As Director of Global Network Security for TATA Communications, Mr. DeLeskie... Read More →

Wednesday April 24, 2019 15:00 - 15:45
Track 5 201
  202

15:00

The New Privacy and Cybersecurity Legal Risk Landscape
New developments in Canada and around the world have dramatically altered the legal risk associated with cybersecurity. Mandatory data breach notification is here and class action lawsuits are springing up all over the place. Security professionals will increasingly be interacting with lawyers to reduce risk on the front end and in working to respond to incidents that have true legal consequences. This presenation will provide an overview of the new developments and will provide practical advice for security pros in working for their clients and working with lawyers.
Speakers
avatar for David Fraser

David Fraser

Partner, McInnes Cooper
David Fraser is a partner with McInnes Cooper and privacy and internet law counsel to some of the world’s best known brands. He regularly advises a range of clients – from start-ups to Fortune 100 companies – on all aspects of technology and privacy laws.A significant portion... Read More →

Wednesday April 24, 2019 15:00 - 15:45
Track 2 A1
  Argyle A1

15:00

Malicious PowerShell and WMI
Living of the land comprises of using system tools by attackers for malicious purposes. System tools not only provide stability but zero risk of being flagged as malware. This talk is focused on the use of PowerShell and WMI by attackers for malicious purpose. PowerShell and WMI are powerful technologies designed by Microsoft for streamlining administrative workloads, however attackers are abusing this technology for malicious purposes.

PowerShell is installed by default on Microsoft Windows operating system, since windows 7 and windows 2008 r2. WMI is part of windows operating system long before the author bought his first computer, to be precise since Windows NT days. Since WMI and PowerShell are inbuilt system technology It is nearly impossible for traditional security tools to distinguish between legitimate and malicious use of these two technologies. Moreover, while WMI remains elusive, PowerShell has recently gained momentum among system administrators to automate their workloads making it even harder to detect malicious activity. PowerShell is a command line utility build on top of .NET framework. PowerShell contains number of cmdlets to carry out various tasks, new cmdlets are added with each new version of PowerShell. System administrators can simply automate workloads using PowerShell. PowerShell remoting can be used by administrators to execute commands on multiple computers without having to log into each system and running the commands on individual systems. WMI is Microsoft representation of system information which follows the Web Based Enterprise Management (WBEM) built on the Common Information Model (CIM). In layman's terms WMI is a database which contain information about the system. A powerful feature of WMI is WMI eventing. WMI eventing provides the capability to generate alerts on every major or minor change to the system, in turn response triggers can be configured for an alert. A response can be anything from simply generating a log entry to execution of a command or script. An attacker can leverage this to execute a command or a script based on an event. PowerShell and WMI are legitimate system tools making it impossible for defenders to block them. Logging is not enabled by default for both PowerShell and WMI, however once logging is enabled PowerShell and in particular WMI can generate infinitude logs and overloading the log management solution and SOC team. Behavioural analysis can help decipher between legitimate and malicious behaviour.

The purpose of this talk is to educate the audience, including defenders, about PowerShell and WMI. We hope that this would help them to think like an attacker and be creative in implementing controls to flag malicious use of PowerShell and WMI.


Speakers
avatar for Sunny Jamwal

Sunny Jamwal

Senior Security Consultant, MNP
Sunny Jamwal is a Senior Security Consultant for MNP’s Cyber Security team. With over 10 years of experience, Sunny has extensive knowledge of information security, networking, and related information technologies allowing him to quickly and knowledgeably inspect system architectures... Read More →

Wednesday April 24, 2019 15:00 - 15:45
Track 3 A2
  Argyle A2

15:00

One Man Army - Playbook on how to be the first Security Engineer at a company
How often have you heard that 'Early stage startups don't care much about Security because if there is no product, there is nothing to secure?' Although there is merit in the argument that startups need to build product so as to sustain and grow, it often puts the person in charge of securing them in a tricky position. For most startups, this person is the first Security Engineer who can be somewhere between the 10th to 300th employee. By the time the first Security Engineer is on-boarded the attack surface has usually become quite large and he or she faces an uphill battle to go about securing the organization. In such cases, the Security Engineer needs to perform as a 'one-man army' keeping the attackers at bay. In this talk, i will present a playbook on how to perform as one.
Speakers
avatar for Kashish Mittal

Kashish Mittal

Head of Security, MileIQ
Kashish Mittal is a Security Researcher and Engineer. He currently is the Head of Security at MileIQ, a Microsoft startup. He has worked for companies such as Elevate Security, Duo Security, Bank of America, Deutsche Bank etc. By choice, he is an ethical hacker and an addicted CTF... Read More →

Wednesday April 24, 2019 15:00 - 15:45
Track 4 A3
  Argyle A3

15:00

MINimum Failure: Breaking a Bitcoin Wallet with Fault Injection
The Trezor is one of the most popular bitcoin wallets. But the entire security relies on the result of a single call to MIN(), and if we can corrupt that comparison that MIN() performs the recovery seed can be dumped. This talk demonstrates how such an attack is possible without removing the enclosure of the wallet, leaving no sign of tampering. A successful attack would allow someone to effectively "clone" the wallet, such that the attacker leaves no trace of the attack, but could later withdraw bitcoins once the balance was sufficiently high to be interesting to the attacker. Countermeasures (which have since been implemented before this public talk) will also be discussed.
Speakers
avatar for Colin O'Flynn

Colin O'Flynn

CTO, NewAE Technology Inc.
Colin O'Flynn is a huge nerd.

Wednesday April 24, 2019 15:00 - 15:45
Track 1 Ballroom
  Ballroom

15:45

Networking Break
Wednesday April 24, 2019 15:45 - 16:00
AtlSecCon
  AtlSecCon

16:00

Closing Keynote - Day 1 - Cory Doctorow
Speakers
avatar for Cory Doctorow

Cory Doctorow

Writer, Boing Boing
Cory Doctorow (craphound.com) is a science fiction novelist, blogger and technology activist. He is the co-editor of the popular weblog Boing Boing (boingboing.net), and a contributor to many magazines, websites and newspapers. He is a special consultant to the Electronic Frontier... Read More →

Wednesday April 24, 2019 16:00 - 17:00
Track 1 Ballroom
  Ballroom

17:00

Social Networking Event
Wednesday April 24, 2019 17:00 - 19:00
AtlSecCon
  AtlSecCon

19:00

Speakers Dinner
Dinner ticket must be purchased in advance.

Speakers must bring their AtlSecCon badge.

Dinner starts at 7:00. Please take your seat(s) by 6:45. 
Wednesday April 24, 2019 19:00 - 22:00
AtlSecCon
  AtlSecCon
 
Thursday, April 25
 

08:00

Registration
Thursday April 25, 2019 08:00 - 09:15
AtlSecCon
  AtlSecCon

09:15

Opening Keynote - Day 2 - Jean-Michel (JM) Blais
Speakers
avatar for Jean-Michel (JM) Blais

Jean-Michel (JM) Blais

Principal, Empiric Consultancy Solutions
Jean-Michel (JM) Blais has over thirty-one years of policing experience, having served withthe Royal Canadian Mounted Police (RCMP), the United Nations and Halifax RegionalPolice (HRP) as chief of police where he is to retire in March 2019. He began his policingcareer in 1987 in the... Read More →

Thursday April 25, 2019 09:15 - 10:00
Track 1 Ballroom
  Ballroom

10:00

Networking Break
Thursday April 25, 2019 10:00 - 10:15
AtlSecCon
  AtlSecCon

10:15

Threat Decluttering: Baselining to Spark Joy in your Threat Hunting
Does your Threat Hunting Spark Joy? Oftentimes security teams are hindered by having a cluttered environment full of legacy and rogue endpoints. This can make threat hunting frustrating and inefficient.

Marie Kondo put it perfectly: "To threat hunt accurately means to put your enterprise assets in order. It’s like settling your accounts so that you can take the next step forward."

This presentation will focus on building a better understanding of your environment and how to hunt for unknown threats that lie within.
Speakers
avatar for Brian Baskin

Brian Baskin

Senior Threat Researcher, Carbon Black
Brian is a Senior Threat Researcher with Carbon Black’s Threat Analysis Unit with a specialty in digital forensics, incident response and malware analysis. Baskin was previously an intrusions analyst for the US Defense Cyber Crime Center focusing on malware and reverse engineering... Read More →
avatar for John Holowczak

John Holowczak

Senior Threat Analyst, Carbon Black
John is a Senior Threat Analyst on Carbon Black's Threat Analysis Unit focusing on automation of threat detection and building out infrastructure for large scale malware analysis. Within the field of threat detection and analysis, John focuses on binary classification, dynamic analysis... Read More →

Thursday April 25, 2019 10:15 - 11:00
Track 5 201
  202

10:15

Your People Your Digital
Whilst technical solutions to cyber security are of real value, much of the disorder, chaos, loss and risk rests with the humans in your business, suppliers or customers. Merely implementing technological solutions, new software, tools and firewalls is not enough and will not protect you from user negligence, disinterest or abuse. Human orientated learning needs to engage and involve users with actions that make sense and are designed to change behavior.

Through a series of examples users can quickly and easily identify what to do in many situations. An immersive approach that is designed to embed effective choices will help to add value to the technology deployed in any organisation. This approach includes top and middle management who should be prepared to take command, learn about new risks, threats and harm and be able to act promptly.

This talk will demonstrate some simple case studies, using a variety of methods to help engage users in identifying what to do. Most importantly it will help leaders to appreciate the impact of decisions and the need to react, but also to plan and prepare for the next cyber-attack, or at least for the current cyber-attack to become visible.

Speakers
avatar for Stuart Hyde QPM

Stuart Hyde QPM

Consultant, Stuart Hyde Associates Ltd.
Stuart is an experienced executive level police leader with 30 years of city, urban and rural policing which culminated in the presentation of the Queens Police Medal and a certificate of exemplary service. As well as creating the blueprint for the UK Online Child Protection organization... Read More →

Thursday April 25, 2019 10:15 - 11:00
Track 2 A1
  Argyle A1

10:15

Insight into the attack techniques used in recent cyberattacks
To keep its customers safe online, ESET has no choice but to hunt and track cyberattackers, and to perform in-depth analysis of the techniques and tools used to carry their deeds. In this technical presentation, you will learn how some of the very active attackers carried their latest attacks against their targets, located throughout the world. This presentation will not focus on malware reverse-engineering, but rather on the new techniques used by the attackers to perform their attacks, from the initial compromise to establishing deep persistence, and of course without forgetting these stealthy communication protocols develop to control the infected systems and exfiltrate data.
Speakers
avatar for Alexis Dorais-Joncas

Alexis Dorais-Joncas

Security Intelligence Team Lead, ESET
Alexis Dorais-Joncas started his career in cybersecurity in 2010, when he was hired by ESET as a malware researcher. In 2015, Alexis was appointed head of ESET’s R&D branch office located in Montreal, where he and his team focus on cutting edge malware research, network security... Read More →

Thursday April 25, 2019 10:15 - 11:00
Track 3 A2
  Argyle A2

10:15

The Payments Ecosystem: Security Challenges in the 21st Century
Despite annual security spending increases, data breaches continue, especially payment cards. These instruments are established features of commerce, built on various networks and high-performance back-end systems.

How does this ecosystem work? What are its vulnerabilities and security gaps, and how can we defend ourselves? Simply keeping physical cards secure is not sufficient—and neither is protecting the perimeters of card processing systems. Breaches occur despite best efforts, and despite PCI DSS compliance.

Come learn about how the payments ecosystem works, how the threat landscape is evolving, what the attackers are doing, and how merchants and processors are reacting.

Speakers
avatar for Phil Smith III

Phil Smith III

Senior Product Manager and Architect, Mainframe and Enterprise, Micro Focus International
Phil is Senior Product Manager and Architect, Mainframe and Enterprise, at Micro Focus International. He has spent the last 40 years doing and managing software support/development. Phil also creates technical reference books, contributes to trade journals, speaks at national and... Read More →

Thursday April 25, 2019 10:15 - 11:00
Track 4 A3
  Argyle A3

10:15

Curiosity Killed the Cat: Legal Implications of Off and On–Duty Vulnerability Exposure
The natural curiosity of infosec professionals is what makes them so good at their jobs. Problem-solving requires creative thinking, creative thinking is fuelled by that curiosity. But what happens when that curiosity results in you getting fired? Sued? Arrested?

I’ll explore the legal implications of vulnerability discovery and disclosure when you’re a curious, off the clock volunteer or an on-duty professional.
Speakers
avatar for Anna Manley

Anna Manley

Principal, Manley Law Inc.
Anna Manley is an internet and privacy lawyer based in Sydney, NS. She is the principal of Manley Law Inc. and founder of Advocate Cognitive Technologies Inc. Anna advises companies and individuals on all things law and tech related.

Thursday April 25, 2019 10:15 - 11:00
Track 1 Ballroom
  Ballroom

11:00

Networking Break
Thursday April 25, 2019 11:00 - 11:15
AtlSecCon
  AtlSecCon

11:15

Deserialization: RCE for the modern web applications
Deserialization is the process of converting a data stream to an object instance. At the end of 2015, the Java community was taken by storm by deserialization vulnerabilities using a weakness from the library Commons-Collection. The event highlighted how many applications used unsafe deserialization. At the time, Jenkins, WebLogic, WebSphere and JBoss used the same vulnerable code pattern. Two years later, researchers turned to the .NET ecosystem and discovered that many serialization libraries were vulnerable to similar attacks. In 2018, vulnerabilities were found notably in SharePoint and PHP-BB. Hundreds of CVEs were recorded for the same year proving that deserialization is still an active threat for modern web applications. Developers and pentesters can't ignore this risk because, in most cases, it leads to remote code execution.

In this talk, a survey of the main attack vector will be presented with their current state. Many exploitation tools have been developed. Several libraries and frameworks were adapted to mitigate the issue. However, there remains a good number of libraries who remain highly susceptible to the vulnerabilities of deserialization.
Speakers
avatar for Philippe Arteau

Philippe Arteau

Security Researcher, GoSecure
Philippe is a security researcher working for GoSecure. His research is focused on Web application security. His past work experience includes pentesting, secure code review and software development. He is the author of the widely-used Java static analysis tool Find Security Bugs... Read More →

Thursday April 25, 2019 11:15 - 12:00
Track 5 201
  202

11:15

Data Access Rights Exploits under New Privacy Laws
New privacy laws such as the GDPR and CCPA have been great advances for personal data rights, although the ability to request access to all the personal information a company has on an individual has created new attack vectors for OSINT. These personal data access requests are usually managed by legal or compliance teams with minimal security review, increasing the potential for phishing, social engineering, and “legal DDoS.” This talk will discuss the personal data access options required in different regions, how most companies respond to data access requests, and the most effective exploits for privacy vulnerabilities. We’ll explore the psychology driving corporate responses to requests and ways these emotions can be exploited, as well as the most likely targets for a weak privacy program.

For the blue teamers, phishing detection and defense strategies will be presented. Rather than ignoring or fighting against the regulations, we’ll look at ways to use these laws to discourage, detect, and disrupt data access attacks. We’ll consider strategies for working with legal teams, getting security involved in the review process, and conducting red team reviews on the data access mechanism. Best practices for identifying data subjects, minimizing the data released, and legally denying abusive requests will be covered. Key sections of the laws you need to know for exploits and defense will be highlighted.
Speakers
avatar for Amber Welch

Amber Welch

Privacy Technical Lead, Schellman & Company, LLC
Until she’s accepted for a Mars mission, Amber’s goal is to advance data protection and personal information privacy as a Privacy Technical Lead for Schellman & Company. Amber been assessing corporate privacy compliance programs for the past year and prior to that, managed security... Read More →

Thursday April 25, 2019 11:15 - 12:00
Track 2 A1
  Argyle A1

11:15

Advanced Persistent Protection
Sadly, APT has become all too common an acronym in our technology dialect. What is an APT really? By military definition it is quantifiable: Advanced in that they use techniques that are defense aware and have a high probability of circumventing detection, Persistent in that the attack survives reboot, quarantine, and even system restoration, and Threat in that there is an active actor pursuing the attack. Advanced Persistent Threats are no longer a nation state or war games concept. Even more alarming is the reality that the most recent targets of this type of cyber-attack are organizations of all sizes and that the public sector is prime target.

Our cyber security strategy has for too long been focused on reactively defending each point of attack and ignoring the bigger picture. Hackers target, attack patiently, attack broadly, attack dynamically, attack repeatedly, and attack strategically. Cyber evolution is a reality, the perimeter is non-existent, IoCs are useless, backups are vulnerable, data and compute have sprawled, signature-based detection is a waste of time, AI can be used against AI, who teaching my machine if it’s learning, Ransomware, Extortionware, Destructionware, and we are under-staffed and have no budget!!!! How will we ever win? Persistent protection for persistent attacks… Let’s discuss.
Speakers
avatar for Matthew Balcer

Matthew Balcer

Senior Solution Engineer, Sentinel One
Matthew Balcer is the Senior Solution Engineer for SentinelOne in Canada. Matthew has spent over a decade consulting customers on building networks, communication platforms, and cyber security. Prior to joining SentinelOne to support their innovative endpoint protection he worked... Read More →

Thursday April 25, 2019 11:15 - 12:00
Track 3 A2
  Argyle A2

11:15

Automation Without Exposure - Securing Your DevOps Pipeline
The more dependent we become on automation, and the faster our release cycles become the harder it is to even think about security, let alone properly implement it. This talk will introduce the tools to secure your pipeline, how to automate them, and what to do with all those new reports.
Speakers
avatar for Jeff Hann

Jeff Hann

Security Engineer, ResMed
I have been involved in the software industry for over a decade now, having spent the majority of time as a web and software developer I have worked additionally in DevOps and now my career has taken me into security, specifically as a security engineer for a medical device manufacturer... Read More →

Thursday April 25, 2019 11:15 - 12:00
Track 4 A3
  Argyle A3

11:15

Zero Trust and the Flaming Sword of Justice
Security breaches pervade the headlines. What was seen as a rare instance just 5 years ago now seems to occupy the daily news cycle. A lot of these data breaches are made possible due to missteps and misconfigurations. There are many security issues that are introduced into website authentication mechanisms that further compound the security issues in addition to enforcing bad behavior by the end users. Security debt is a real problem for the vast majority of organizations in the world today and the attackers will utilize this to their advantage. In addition to keeping system hygiene at front of mind defenders need to focus on proper network zone segmentation or, as it more popular term these days, zero trust networks. The old conceptual style of a castle wall and moat to defend a network was deprecated several years ago. As a result of the dissolution of the traditional perimeter a stronger focus has to be placed on the strength of authentication, authorization and trust models for the users.

The antiquated notion of an information security practitioner running through the office brandishing their flaming sword of justice above their heads screaming “thou shall not pass” has at long last reached the denouement. Whether you are responsible for the security in a financial organization or one that makes teddy bears it is necessary to adapt and learn to trust but, verify.

Speakers
avatar for Dave Lewis

Dave Lewis

Global Advisory CISO, Duo Security
Dave Lewis has twenty five years of industry experience. He has extensive experience in IT security operations and management including a decade dealing with critical infrastructure. Lewis is a Global Advisory CISO for Duo Security (now Cisco). He is the founder of the security site... Read More →

Thursday April 25, 2019 11:15 - 12:00
Track 1 Ballroom
  Ballroom

12:00

Lunch
Thursday April 25, 2019 12:00 - 13:00
AtlSecCon
  AtlSecCon

13:00

Pentesting War Stories
The panel will focus on interesting stories Telus has experienced during security assessments like penetration testing, how the assessments were performed and the outcome.  Additionally, we will devote some time to a Q&A where the audience can ask us things like:  what’s your favorite tool, how did you get into pentesting, how can I defend myself, etc.
Speakers
avatar for Nev Kent

Nev Kent

Manager of Consulting Services, Telus
avatar for Gray Kent

Gray Kent

Penetration Tester, Telus
avatar for Mitch Dollin

Mitch Dollin

Managing Director, Qualys

Thursday April 25, 2019 13:00 - 13:45
Track 5 201
  202

13:00

Mirror Mirror on the Wall, Is Facial Recognition the Right Authenticator for All?
Biometric technology is continuing to increase in a big way. Now that we can open personal devices with a smile, the possibilities look like magic. Unfortunately, it’s not all fairy tales and happy endings. If you have customers using biometrics in security, you'll need to show them the dark reality. Is your team aware of the challenges, including inherent limitations and legal roadblocks? Do you have a toolkit ready, including foundational questions and auditing standards? Information and Privacy Professional Victoria McIntosh steps though the feature-extraction looking glass, with the good, the bad and the ugly of biological identification technology.
Speakers
avatar for Victoria McIntosh

Victoria McIntosh

Freelance Information & Privacy Professional, Information in Bloom Management Services
Victoria McIntosh is an information and privacy professional in Halifax, Nova Scotia. Holding a Masters in Library and Information Science, she puts the pieces together. Bringing privacy expertise to projects, Victoria is a certified IAPP Information Privacy Technologist. In her blogs... Read More →

Thursday April 25, 2019 13:00 - 13:45
Track 2 A1
  Argyle A1

13:00

The Art of Cybersecurity: Protecting Physical, Virtual, Cloud and Containers
IT infrastructure has advanced a long way from the days of the client-server model to incorporate virtualization, hybrid cloud and now containers and serverless architectures. Combined with high-speed, reliable connectivity, the effect has been to unleash innovation-fueled growth, agile, customer-centric development, but also, IT complexity. Finding an elegant solution to all this chaos and IT complexity may seem like an impossible task. Only when you evolve outside the boundaries of traditional approaches can cybersecurity be truly beautiful.
Speakers
avatar for Albert Kramer

Albert Kramer

Technical Director, Trend Micro
As Technical Director, Albert is responsible for managing the technical field for Trend Micro Canada. With experience in a wide area of security and network related technologies for Medium and Large Enterprises, he is passionate about targeting today’s cybersecurity challenges and... Read More →

Thursday April 25, 2019 13:00 - 13:45
Track 3 A2
  Argyle A2, addnew

13:00

I've Looked At Cloud From Both Sides Now
It seems that all organizations these days are either migrating critical computing capabilities to the Cloud, or have already done so.  The benefits can be significant from financial, administrative and elasticity perspectives, but what about the drawbacks - such as the loss of hands-on control, the over-reliance on service level agreements and third-party audit reports, and the potential lock-in with Cloud providers?  This tongue-in-cheek presentation will present the pros and cons of running critical computing services in the Cloud, highlight Cloud-related business risks, and expose the potential pitfalls when organizations don’t sufficiently staff up to perform adequate assessment, oversight and control on these external infrastructures and services.
Speakers
avatar for Algis Kibirkstis

Algis Kibirkstis

Principal Security Consultant, Ethisecure
Algis Kibirkstis is the principal security consultant, auditor and instructor at EthiSecure. A former security architect for Ericsson and Nuance, and with over 30 years of experience in assessment, implementation, design, auditing, strategic planning and policy development, he brings... Read More →

Thursday April 25, 2019 13:00 - 13:45
Track 4 A3
  Argyle A3

13:00

Lessons learned from over a decade of bug hunting and disclosure
This talk covers several lessons learned from being a bug hunter over the course of many years. By looking at a some of the vulnerabilities I have disclosed in the past and the experience of finding the bug, writing the exploit, and dealing with the affected parties I believe there are lessons that can benefit others without having to go through the same process. I will also talk about some of the famous bugs of the past and discuss some of the key points in their disclosure. The examples picked will illustrate different aspects of bug hunting and the disclosure process.
Speakers
avatar for Eldar Marcussen

Eldar Marcussen

Lead Security Researcher, DarkMatter LLC
Eldar is a lead security researcher with DarkMatter. A highly skilled bug hunter and exploit developer, Eldar was a recipient of the first CVE 10k candidate numbers. He has also developed and delivered training courses on the art of bug hunting. In addition to finding vulnerabilities... Read More →

Thursday April 25, 2019 13:00 - 13:45
Track 1 Ballroom
  Ballroom

13:45

Networking Break
Thursday April 25, 2019 13:45 - 14:00
AtlSecCon
  AtlSecCon

14:00

Intro to Software Defined Radio (SDR) and why you might care.
This is not an InfoSec Talk.

Software defined radio (SDR) is a radio comm system where components that are implemented in hardware are now done in software (Winmodems!). What could this mean for you? SDR's are now consumer affordable and through the use of open source software, correct antennas, and some python you can configure a SDR device to receive transmissions from the ISS, download weather images from NOAA, hack a crane (RFQuack), turn on a light bulb, control an RC car, be a cell phone tower and run your own mobile site, or build an IMSI catcher. Fun stuff!
Speakers
avatar for Gurjeet Clair

Gurjeet Clair

Performance Test Engineer, Sigmast Communications
Gurjeet is a performance QA testing human who doesn't work in infosec at all, neat! A human who likes to to do various things in multiple fields, a fan and hobbyist of all things related to hacking and phreaking since discovering Phrack and other 'zines via BBS's while in high school... Read More →

Thursday April 25, 2019 14:00 - 14:45
Track 5 201
  202

14:00

What Did You Do So Wrong (you think you need a firewall in the cloud)?
Tales from a reformed firewall administrator.
Speakers
avatar for Kellman Meghu

Kellman Meghu

Global Security Manager, Sycomp
Kellman Meghu is Global Security Manager at Sycomp, with a focus on infrastructure as code for public and private cloud. As part of his role he curates research, testing and development of public cloud infrastructure for Securing Labs. Past responsibilities have included day-to-day... Read More →

Thursday April 25, 2019 14:00 - 14:45
Track 2 A1
  Argyle A1

14:00

Context Is King: Creating Security Awareness Content that Matters
Far too often if an organization has a cybersecurity awareness campaign, it’s a check-the-box, compliance driven effort using generic out-of-the-box context talking about the same security highlights that employees have heard countless times. But a truly effective awareness campaign is one that ultimately results in behaviour change at the individual and organizational level. Done well, an effective campaign provides insight into relevant current cybersecurity threats and issues, organization specific policies, plans and approaches for mitigating risk and tangible steps that individuals can take to detect, report and assist in recovering from cyber attacks. During this presentation, Moussa Noun, CASP| Senior Manager Awareness & Education, Global Cyber Security for the Royal Bank of Canada and David Shipley, CISM, CEO and co-founder of Beauceron Security will talk about how to create truly compelling and engaging educational experiences for users and provide practical examples for a number of firms and industries. During the talk, Noun and Shipley will demonstrate an evolving framework for planning, executing and measuring awareness campaign impact and success. They will provide tangible examples of how quality, not quantity of content is critical for the educational experience and maximizing return on investment for time spent on awareness campaigns.
Speakers
avatar for David Shipley

David Shipley

CEO, Beauceron Security
David is a recognized Canadian leader in cybersecurity, frequently appearing in local, regional and national media and speaking at public and private events across North America. David is a Certified Information Security Manager (CISM) and holds a Bachelor of Arts in Information and Communications Studies as well as a Master of Business Administration from the University of New Brunswick.  Betw... Read More →
avatar for Moussa Noun

Moussa Noun

Senior Manager Awareness & Education, Global Cyber Security, RBC Royal Bank
Moussa has worked for Rogers, TELUS, Bell, Apple and IBM before joining RBC in 2015. Having started a career assembling and repairing PCs in the early 2000s he moved to specialize in computer security and penetration testing where he found his true passion. He has accumulated experience... Read More →

Thursday April 25, 2019 14:00 - 14:45
Track 3 A2
  Argyle A2

14:00

4 Steps to a Secure Data Center
Micro-segmentation, zero trust, workload protection, application dependency mapping; how are you protecting your data center applications? Is your NGFW your data center security policy? Is it anti-virus software? Are you leveraging infrastructure-centric solutions? Come find out how Cisco Tetration protects all workloads, anywhere they might reside, in an infrastructure-agnostic manner.
Speakers
avatar for Steve Como

Steve Como

Cyber Security Specialist, Cisco
Steve Como, double CCIE #36574, brings 10 years industry experience to the table. Starting off his career in consulting and managed services, he has a rich background in networking, data center, and security technologies. Steve is now a product specialist at Cisco, where he positions... Read More →

Thursday April 25, 2019 14:00 - 14:45
Track 4 A3
  Argyle A3

14:00

Don't Bring Me Down: Weaponized Botnets
Routers and cameras and fridges – oh my! The ongoing deluge of devices that connect to the Internet is an IoT nightmare, and an attacker’s dream. Default credentials and weak passwords are only the beginning.  Especially with a bevy of unpatched, vulnerable systems on which to unleash some substantial exploits.  

Over the past year we have seen an evolution in botnets from instruments of mass disruption to exploit-enhanced armies used for mining and control. The release of the Mirai code has raised a new army of botnets that are capable of more than just DDOS on basic systems. Attackers have realized the wealth of resources in enterprise environments, locating cryptominers where they can profit most. But once inside those enterprise networks there are other opportunities to be mined for by both criminals and nationstate attackers.

As we move past outages to destructive payloads what should we expect when weaponization meets automation? In this talk, we’ll explore the outcome as threat actors and nation states "level-up" a tactic wielded by script kiddies, the risks to unsuspecting organizations, and what's available for those inclined to "build-a-bot".
Speakers
avatar for Cheryl Biswas

Cheryl Biswas

Strategic Threat Intel Analyst
Cheryl Biswas is a Strategic Threat Intel Analyst with a major bank whose name she cannot share in Toronto, Canada, where she monitors and assesses international relations, threat actors, vulnerabilities and exploits. In her previous role with KPMG Canada, she was a Cyber Security... Read More →

Thursday April 25, 2019 14:00 - 14:45
Track 1 Ballroom
  Ballroom

14:45

Networking Break
Thursday April 25, 2019 14:45 - 15:00
AtlSecCon
  AtlSecCon

15:00

DNS – The Hidden Threat Vector
The Domain Name System (DNS) is an ubiquitous protocol. People use it every time they type a domain in their browser (whether they know it or not). Most companies however, do not consider the DNS protocol as a potential security risk given it basic functionality of converting a domain name to an IP address. Attackers have started to take advantage of this and Talos has examined several attacks which exploit the NDS protocol to their advantage. During this talk. I will walk through several real world attacks which show how attackers are utilizing the DNS protocol to intentionally avoid detection. These DNS attacks began with multiple versions of the DNSMessenger attack. This attack utilized DNS txt records to actually transfer malware to a targeted system. Recently the DNSpionage attack showed how attackers could use normal DNS requests/replies to replace their traditional command and control communication. In a separate campaign, these same attackers also used DNS redirection attacks which were targeted to domain registrars to attempt to gain man-in-the-middle access to sensitive information by redirecting DNS requests to attacker controlled systems. Understanding these attacks is vital to understanding gaps on your network which may not be currently monitored.
Speakers
avatar for Earl Carter

Earl Carter

Threat Researcher, Cisco Talos
Earl Carter has always had a passion for solving puzzles andunderstanding how things operate. Mr Carter quickly learned thatidentifying security weaknesses is just like solving puzzles. Over 20years ago, he was introduced to network security when he accepted aposition at the Airforce... Read More →

Thursday April 25, 2019 15:00 - 15:45
Track 5 201
  202

15:00

Panel Discussion with InfoSec RockStars
Nexgen infosec Cyber blockchain cloud discussion with Travis, Julien, and other infosec rockstars.

Thursday April 25, 2019 15:00 - 15:45
Track 2 A1
  Argyle A1

15:00

Attacks against Lesser Known Nations – Tracking Activity across Central Asia
Central Asia does not often grab headlines worldwide. Despite lacking this widespread recognition, a flurry of activity has been seen happening in Central Asia in 2018 alone. With Chinese APTs, Russian security service involvement and cybercrime all active in the region, the further investment in China’s One Belt One Road (OBOR) Initiative is likely to spur further activity.

Past incidents have ranged from cyber espionage conducted against state entities to domestic surveillance of local opposition groups and financially motivated cybercrime, with a wide array of motives and using a multitude of tools to carry out their operations.

The talk aims to highlight the importance of understanding attacks against countries that are geopolitically important but unknown.

As a region, Central Asia is quite significant to Canada having seen substantial direct investment into multiple sectors, while the countries that make up the region having fallen victim to multiple state-sponsored cyberattacks, cybercrime and digital surveillance. The region holds a great deal of potential and the level of investment reflects this, but as investment comes, so to do the risks.
Speakers
avatar for Ian Litschko

Ian Litschko

Threat Intelligence Lead, EWA-Canada, An Intertek Company
Ian Litschko has studied the politics and security issues of Russia and the post-Soviet space for eight years, holding two Masters Degrees from Carleton University in Ottawa and the Moscow State Institute of International Relations in Russia. He has lived in and traveled extensively... Read More →

Thursday April 25, 2019 15:00 - 15:45
Track 3 A2
  Argyle A2

15:00

Monitoring our Minimum Viable Security on Windows with Osquery
Osquery is frequently used to monitor Mac and Linux endpoints. It is improving rapidly on Windows, and with it and the vast amount of data contained within the registry, it can be leveraged to very easily track the status of the most important security parameters of a Windows workstations.

In this talk, we will look at how we can track our system's preparedness against lateral movement, secure browser configurations, and Microsoft Office hardening.
Speakers
avatar for Guillaume Ross

Guillaume Ross

Security Researcher, Uptycs
Guillaume is a security researcher for Uptycs, a security SaaS leveraging the power of Osquery as a cross-platform agent. He researches the best ways to secure systems, as well as to detect malicious activity occurring on them. He has presented and gotten in trouble at AtlSecCon before... Read More →

Thursday April 25, 2019 15:00 - 15:45
Track 4 A3
  Argyle A3

15:00

Schrodinger's Pentest: Scoping Entanglement
Pentesting has been proclaimed dead on numerous occasions. Yet, the offensive security industry still thrives and pentesting is a hard requirement for compliance and risk management frameworks. What led to such a discrepancy? Could pentesting paradoxically be both alive and dead? In this presentation, Attendees will learn to differentiate between BUZZWORD testing and actual security testing.

Speakers
avatar for Laurent Desaulniers

Laurent Desaulniers

Penetration Testing Team Lead, GoSecure
Laurent is a team lead for GoSecure, based in Montreal. He has conducted over 200 pentesting and red team engagements over the span of 10 years and is still enthusiastic about it. Laurent is also a challenge designer for Northsec and has given talks to CQSI, NCFTA, HackFest, RSI... Read More →

Thursday April 25, 2019 15:00 - 15:45
Track 1 Ballroom
  Ballroom

15:45

Networking Break
Thursday April 25, 2019 15:45 - 16:00
AtlSecCon
  AtlSecCon

16:00

Closing Keynote - Day 2 - Tanya Janca
Speakers
avatar for Tanya Janca

Tanya Janca

Cloud Advocate, Microsoft
Tanya Janca is a senior cloud advocate for Microsoft, specializing in application and cloud security; evangelizing software security and advocating for developers and operations folks alike through public speaking, her open source project OWASP DevSlop, and various forms of teaching... Read More →

Security Learns to Sprint pptx
Thursday April 25, 2019 16:00 - 17:00
Track 1 Ballroom
  Ballroom
 

Twitter Feed