Cloud Access Security Brokers. Extending Your Perimeter

Michael Ball

More and more of your corporate data is being moved outside of your perimeter to cloud services, at an alarming rate. Your employees are spending more of their day working from devices outside that perimeter, and transacting I with those cloud services as well. So? What good is that perimeter doing if it's blind to that traffic? How can you get in front of that?

Red and Blue Ping Pong

Lee Kagan, Anton Ovrutsky

This talk will demonstrate, live and in real-time, a defender and attacker playing a game of whack-a-mole using “living off the land” approaches both defensively and offensively. The talk will demonstrate how free Microsoft tools can be used to build a robust defense framework capable of detecting new and stealthy attacks.

Mobile Spyware - From Nosy Ads to Nation-state Espionage

Adam Bauer, Christoph T. Hebeisen

Mobile devices hold a plethora of sensitive personal and corporate data. While most of us have accepted some limitations on our privacy in exchange for free services, we tend to consider contents and metadata of communications off limits. Frequently though, the treasure trove of data on our devices proves too tempting to advertisers, personal connections or governments. We discuss the spectrum of mobile spying by examining the motivations, selection of exfiltrated data, and target groups of 3 malware families including a demonstration of the Chrysaor surveillanceware used by state actors.

Assessing Node.js Web Application Security

Vince Marcovecchio

This talk covers a number of techniques and tools for performing white-box security assessments of Node.js web applications. We'll review Javascript language gotchas, dangerous APIs in Node.js and risky modules in npm to watch out for, and how to use linters to automate some of these checks. We'll cover npm dependency management, and the different tools that are available for scanning dependencies for known issues.

Reduce Your Active Directory Attack Surface: Securing the Forest Through The Trees

Joe Bate, Cheryl Biswas

Most information security breaches start with the compromise of small pieces of an organization's infrastructure - often one or two systems at a time. These initial events, or entry points into the network, exploit vulnerabilities that could have been fixed, but weren't. AD has a wide attack surface, and is ideal as an attacker's hunting ground. We'll help you understand how to prioritize and see where to secure your AD forest through all those trees.

From Good To Excellent: An Overview On the Upcoming Release of libModSecurity

Victor Hora, Felipe Costa

This is an exciting release for the whole opensource WAF community with over 900 commits ahead of ModSecurity v2 branch. There are significant improvements with this new version of ModSecurity and some of them are outlined on this blogpost when development was full speed: https://www.trustwave.com/Resources/SpiderLabs-Blog/An-Overview-of-the-Upcoming-libModSecurity/

You're Testing it Wrong - Adventures In IPS and Firewall Testing Methodologies

Chuck Mcauley

Firewall vendors all claim the same thing. They block 100% of malicious attacks, never false positive, and go really really fast. Their datasheets never lie and are direct comparisons of their peers. In this talk I systemically destroy the datasheet, the myths surrounding performance and security testing, and show that there is truly is no silver bullet when it comes to securing your network. Attendees will walk away understanding how to read the tea leaves of datasheets and have the confidence to make better, more informed decisions when purchasing security devices.

Risk-Based Security Incident Response (SIR); and an introduction to SICON

Keith Jonah, Kevin Pietersma

An alternative method to design and implement a kick-ass Security Incident Management life cycle (distilled from NASA) and RACI. Now introduce the concept of "non-linear starts", then add an innovative, risk-based decisioning approach which introduces parameters related to: • potential business impact; • current impact (in situ assessment); and • the Security Incident Condition (SICON), the degree of compromise. The arrived at Security Incident Severity Level allows SOC and SIRT members to immediately direct tasks, notifications and responses in tune with owners' business prerogatives.

Practical Statistics for Threat Intelligence

Nir Yosha

Threat Intelligence providers share millions of IOCs (indicator of compromise) to help security teams identify attack vectors and new malware families. Basic statistics can help reduce the noise and verify the threat information credibility. Cross correlation, Bayesian model and Margin of Error are some of the techniques put into place for Threat Intel analysis. I'll provide real life examples. You don't need to be a mathematician to attend this one :-) Just have fun with security threats and basic stats :-)

Frugal Web Application Testing - Can in-house penetration testing achieve industry standard results while saving you money?

Harshal Chandorkar, Natalia Wadden

We live in a time where web applications play crucial roles in our society. To deploy a web app into production without properly securing the code & conducting a penetration test to identify the vulnerabilities for remediation, is to welcome an adversary to negatively impact business function, bypass access controls and steal data. While third party vendors offer automated and manual web app penetration tests, these can be very costly and out of reach for many corporations. We will demonstrate how you can successfully build an in-house pentesting team while achieving industry standard results

Hacking CERN: A Panel Discussion

The HackCERN Team

On Sept. 1st, a group of hackers got together in a room, and had 10 days to try and gain full control of CERN's domain (with their permission of course). This is a discussion about how it came to be, what happened and what lessons were learned. Also, we will show you how to form your own team, get your permissions in place, and you too can try your luck Hacking CERN.

The Best Offense is a Good Defense

A CTF event by Security Innovation

Please join Security Innovation at BSides Toronto for an opportunity to grow your security knowledge via a fun and interactive “find the vulnerabilities” game called CMD+CTRL. Players will take the reins in an expert-guided training session leveraging cheat sheets, attack tables, min-labs, and breakout sessions to learn how hackers break into websites using common vulnerabilities, insecure practices and more!

CMD+CTRL, a capture the flag-style event is open to participants at all levels, from those simply curious about a career in IT security to seasoned professionals looking to expand their technical skills. All you need to bring is your laptop and your inner evil-doer.

This event will run in parallel with the talks.