How You Actually Get Hacked
If you listen to the media or security vendors, every organisation is being compromised by bespoke "Mad Zero Day" hacks from China and you puny humans have no way of defeating them. In this talk I'll go through a number of methods that are actually used in real life, based on our own red team engagements, as well as breach information from other organisations in similar industries. I'll explain how and why these things were found, what decisions were made and how best to prevent this. No security or incident response experience is required for this talk. The topics will all be relevant to and based on operations and development, but with an eye to security.
Rootkits vs Ransomware. Using evil to fight for good.
This talk is a logical extension of my BSides 2013 talk "Anti-debugging tricks in Antivirus avoidance". Widows Internals and Rootkits are interesting by itself (and rarely presented) but in this talk I'll explore using some rootkit techniques to fix other malicious software (e.g. ransomware) problems.
From setuid to Android: has privilege-management improved?
We compare a legacy approach to privilege-management, setuid, with the more modern approach of Android. We point out issues with both, and pose and answer the question from the title.
Penetration Testing, I dont think it means, what you think it means
This term means many things, or does it? Ask the right company, and it might come with a lolcat.
Penetration Testing is a term misused, abused and exploited to the point where it is taken out back in the rain and given a 12-gauge to the head.
Based on my research I will again give my interpretation of a Vulnerability Assessment and a Penetration Test and have a stab at Pentest puppy mills. But this time I will put the focus squarely on the Penetration Testing Execution Standard, let us dig into what a Penetration IS and what a Penetration IS NOT according to the framework.
Guests N Goblins: Exposing Wi-Fi Exfiltration Risks and Mitigation techniques
Wi-Fi is a pervasive part of everyones everyday life. Whether it be home networks, open hotspots at cafs, corporate networks or corporate guest networks they can be found virtually everywhere. Fortunately, for the security minded, some steps are taken to secure these weak points in ones infrastructure. Usually this is done through some form of registration page which is common in the case of guest networks. But is this enough? And what new threats could be unleashed from even the most isolated of Wi-Fi networks?
In the most paranoid of cases, companies will generally attempt to isolate Wi-Fi networks from their official networks in order to protect their own assets from attacks, while still ensuring that Wi-Fi is convenient for end users. But there is another way to attack a company that could be damaging to the host company and harmful to other targets. This presentation will go over the utilization of various techniques of getting onto and getting out through publicly accessible Wi-Fi networks for nefarious purposes, termed Wi-Fi Exfiltration. Through this technique one is able to obfuscate their identity by using the host of the Wi-Fis identity, thus implicating the host in the attack.
During the presentation we will cover the findings through our tests along with a list of recommendations for what can be done to mitigate this risk. This is a must attend session to all security professionals and high level management.
This presentation will illustrate what information can be gathered automatically when joining any Wi-Fi network with any wireless device and some of the dangers posed from the usage of that collected information. One focus will show the potential for corporate brand damage, along with how this recon can be collected automatically and displayed through visualization such as geo-mapping. At the end of our presentation we will give a list of recommendations and best practices to help mitigate these risks.
Addtionally, this PoC has also evolved since last year, an I would love to share an update as to the new features,improvements, and roadmap. Yes, Wargarble has now evolved to Sotiria.
Hacking Is Easy, Hiring Is Hard: Managing Security People
Michael Murray and Ross Barrett
The common view of management is that it's easier than reverse engineering. This talk will show you some of the challenges of managing security professionals and walk you through some of the more interesting parts of recruiting, managing, leading and retaining rock-star level talent in the hardest, most difficult industry. Once you understand what it means to manage, you may find that you no longer want to manage, but you understand how to make your managers happy, how to succeed when being recruited and how to make yourself successful in your job and your career.
Blue Team Defending against APTs
This talk is an intermediate talk. It will cover various areas from best practices, GPO management, challenges we faces and how to overcome them to how to defend against APTs. It is geared toward the IT professional just getting settled in InfoSec and adapting to the changing landscape we now face.
Tiger Teams for Penetration Testing
Kim Crawley and Sean Rooney
This talk is derived from Sean's Tiger Team whitepapers, starting in 2000. His methods were successfully implemented in the penetration testing of large private and public sector clients, such as Alcatel, the Canadian Forces, and Sears Canada. His Tiger Team technique is as relevant and effective now as it was sixteen years ago.
Adam Greenhill, Christina Kang, Desiree McCarthy, and Peter Chmura
Ransom Wars: Using behavioural analysis, we set an ambitious goal, to detect and mitigate ransomware at an early stage for our capstone project at Sheridan; through hard work, and dedication we achieved this goal. The presentation will detail all our findings, technical details, and results of this journey.
Based on the recent prominence of malicious Ransomware as well as the significant damage it has caused, we hypothesized that this type of malware could be stopped in its tracks, or at least heavily mitigated, using behavioural indicators. A type of driver called a file system minifilter driver was used in order to monitor all transactions between processes and the file system. Based on an analysis of 85 ransomware samples, we compiled a list of common ransomware behaviours based on their interactions with the file system. Through the use of these indicators, in addition to tracking temporal file writes per process, we devised an algorithm and created software to identify and terminate processes deemed likely to be ransomware.
Incident Readiness Struggles
It's not hard to see that many organizations struggle with responding to breaches, just take a look at the news. A common response of organizations has been to sign up for incident response services or retainers which would help with providing emergency breach services at a moments' notcie. This talk will describe how an IR retainer, although a great step towards perparation, is not sufficient alone in helping an organization to prepare for a real incident; that in the absence of other components, adequate response will fail. Case examples will be used to clarify points.
Lighting up the Canadian Darknet Financially
Milind Bhargava, Peter Desfigies, and Philip Shin
As cybercrime has matured, We see the Darknet as an untapped source of threat intelligence. And that is the focus of our presentation Lighting Up the Canadian Darknet Financially the vulnerability and proliferation of personal financial data in the cyber underground.
We will cover shocking, yet revealing, information about breaches to personal financial data. The Darknet has it all; bank accounts, usernames and passwords and security questions and answers. Such listings are prevalent and highlights how vulnerable we all are. And ending the presentation by explaining how cyber thieves cash out and eventually get apprehended. We will showcase how organizations can benefit of using the Darknet as a source for threat intelligence.