Time | Event |
---|---|
11:00 – 11:30 | Registration |
11:30 – 12:20 |
Rad Omens: The Good and Evil Uses of WMI, CIM
Katherine Scrupa |
12:30 – 12:50 |
Capturing WPA2 Enterprise credentials with a Pi
Richard Frovarp |
13:00 – 14:00 | Lunch Break - Catered |
14:00 – 14:50 |
Defense on a budget: Free Tips & Tricks for Improving Security
Robert Wagner |
15:00 – 15:50 |
Assumed Breach: A Better Model for Penetration Testing
Mike Saunders |
16:00 – 16:30 | Coffee Break |
16:30 – 16:50 |
An Overview of Active Directory Active and Defence
William Kempan |
17:00 – 17:50 |
Reconfigurable computing on Open-source ISAs: Research and Applications
Robert Keizer / Troy Denton |
Time | Event |
---|---|
11:00 – 11:50 |
Web hacking 101: burping for fun and maybe some profit
Magno (Logan) Rodrigues |
12:00 – 12:20 |
Lessons in Purple Teaming with ATT&CK
Matthew Southworth |
12:30 – 13:10 |
Evading commercial anti-virus, Or How I Learned to Stop Worrying And Love Windows Defender.
Travis Friesen |
13:10 – 14:10 | Lunch Break - Catered |
14:10 – 14:50 |
Taking Back the Home: Reverse engineering proprietary home automation
Mike Himbeault |
15:00 – 15:20 |
Securely converting accessible text to speech input using emacspeak
Chris Johnson |
15:30 – 15:50 |
Do I Need To Be Worrying About Security Updates For My Car????
Sarah LaCroix |
16:00 – 16:30 | Coffee Break |
16:30 – 17:20 |
REST in peace. Exploiting GraphQL
Saulo Hachem |
17:30 – 17:50 |
A New Age of NFS Mining
Tim Jensen |
Curious about Windows Management Instrumentation (WMI)? Katherine will explain what WMI is, and show you a variety of tools to navigate and query Windows’ implementation of WBEM and CIM. Become enlightened on how WMI can be used… and abused.
Katherine is a LAN Administrator whose (current) favourite past time is digging into Windows Internals and playing with PowerShell. She is Manitoba UNIX User Group board member (2010-current), has a Network Technology, CCNA (Hons.) from RRC, and holds a GIAC Certified Windows Security Administrator (GCWN) Certification.
WPA2 Enterprise is a very common method of wireless authentication used at large organizations. These credentials can be harvested using a Raspberry Pi in many cases. I will cover how to setup the Pi using hostapd-wpe, and how various clients respond to the attacking Pi. I will also go over the most common SSID in use for higher education and the challenges that presents.
Richard Frovarp is a principal software engineer at North Dakota State University. There he focuses on identity and access management, federated authentication, and integrating a wide variety of systems together.
There is never enough budget or time to solve every security problem an organization faces. However, there are a lot of free or inexpensive tactics and techniques that every organization can leverage to make it harder for attackers to enter your environment. This presentation is a collection of basic tips and tricks learned from security professionals around the world These are tactics that either stop attackers in their tracks, or make it more difficult for them to succeed. You’ll walk away with actionable tips to fill your security gaps and help reduce your attack surface.
Robert Wagner is a security professional with 15+ years of InfoSec experience. He is a co-founder of the “Hak4Kidz” charity and a co-founder of BurbSecCon in Chicago, and is on the Board of Directors of the ISSA Chicago Chapter.
The current model for penetration testing is broken. The typical scan and exploit model doesn’t reflect how real attackers operate after establishing a foothold. At the same time, most organizations aren’t mature enough to need a proper red team assessment. It’s time to start adopting the assumed breach model. In this talk, I’ll discuss techniques for assumed breach assessments that provide a better model for emulating the techniques attackers use once they’re they’ve established a foothold inside a typical network.
Mike Saunders is a principal consultant for Red Siege. He has over 25 years of experience in IT and security and has worked in the ISP, financial, insurance, and agribusiness industries. He has held a variety of roles in his career including system and network administration, development, and security architect. Mike been performing penetration tests for nearly a decade. Mike is an experienced speaker and has spoken at DerbyCon, BSides MSP, BSides Winnipeg / The Long Con, BSides KC, WWHF, and the NDSU Cyber Security Conference. He has participated multiple times as a member of NCCCDC Red Team.
Want to pwn a major corporation? Chances are they are running Microsoft's Active Directory so this presentation might be of interest to you. An overview of the major problems most corporations have with Active Directory and how they enable attacks, plus an overview of defensive strategies.
William has been in the Information Security field for 7 years. William worked as an Information Security Specialist at MTS conducting penetration testing, vulnerability management and risk assessments. He then moved to Great-West Life to specialize in penetration testing and red teaming. Most recently he started as a Security Engineer on Amazon's Red Team out of Seattle, WA.
William has a Bachelor of Computer Science from the University of Manitoba and has obtained his Offensive Security Certified Professional (OSCP) and Offensive Security Certified Expert (OSCE) certifications.
Principles of reconfigurable computing are applied to soft-core CPUs on an open source FPGA framework. Specifically dynamic reconfiguration in runtime of the system, with no visible change to the program is explored. We will provide an overview of novel work, proof of concepts, and an overview of security applications for reconfigurable computing.
Rob Keizer likes coming up with interesting solutions to problems that don’t exist. If he isn’t thinking of how to use something in a way it wasn’t designed, he’s playing piano or helping run a startup company.
Troy Denton is a Computer Engineer that loves open source, making nifty circuits, and playing guitar.
Burp Suite is one of the most well known and well used set of tools for AppSec testing. This talk aims to demonstrate how it can be possible to easily start testing web applications and look for common vulnerabilities such as XSS, SQL Injection, LFI, IDOR, CSRF, and many others. In addition to demonstrate how to use Burp, we'll talk about the basic knowledge involved with AppSec testing that is usually more important than knowing how to use the tool itself. Some of the things we will cover are: HTTP, Requests, Responses, Web Proxy, Burp Suite and Burp tools and features like Target, Proxy, Spider, Intruder and Repeater. If you are either a Pentester, AppSec professional or Bounty Hunter and would like to know about how Burp works and start testing web applications and exploiting them for vulnerabilities this talk is for you. All features will be demonstrated using the Burp Community edition.
Magno (Logan) Rodrigues is an Information Security Specialist focused on Application Security, WAF, DevSecOps and Secure Coding. He was the founder of the OWASP Paraíba Chapter and the JampaSec Security Conference in Brazil. And a speaker at many conferences such as the RoadSecSP, BSidesSP, MindTheSec RJ, OWASP App Sec Latam, BHack and Just4Meeting in Portugal. Studied Security and Computer Forensics at TC3 in New York, US. His current focus is Application Security, WAF, Secure Coding and DevSecOps and how to properly empower the developers to perform secure coding and to add the right security tools into the development pipeline that can bring value to the business and be able to catch vulnerabilities even before they are committed. He has the following certifications: CompTIA CySA+, Security+, Cloud Essentials, EXIN Secure Programming and Ethical Hacking. He is also a CompTIA SME and is pursuing his Pentest+ and OSCP certifications.
For the past year, Praetorian and Priceline have been working together to conduct a series of Purple Team exercises to improve Priceline’s Detection and Response. These exercises utilized tactics, techniques, and procedures (TTPs) from the MITRE ATT&CK framework to baseline Priceline’s telemetry and analysis capabilities. Praetorian leveraged their recently released Metasploit Framework fork to rapidly automate basic TTPs before working cooperatively with Priceline for more advanced tests. Priceline then did the heavy lift of ingesting that data, prioritizing shortcomings, and making strategic and tactical decisions to improve their security program. Through the use of ATT&CK, they were able to trace specific lines of effort back to various TTPs. This traceability helped provide support for various decisions as well as facilitated with prioritization. ATT&CK also provided a common taxonomy when working with vendors when gaps in detection were identified. Finally, ATT&CK helped Priceline track improvements through later rounds of testing to help measure the effectiveness of various improvements.
Matt Southworth is the VP, Security Engineering at Priceline. He leads the security team to reduce risk, improve customer trust, and fight the bad guys coming after our data. Although he lives outside of New York, he finds himself in Winnipeg several times a year. He loves coffee.
My presentation will go over common methods and tools for evading modern commercial anti-virus, with an eye towards raising awareness of the shortcomings and limitations of commercial anti-virus suites.
Travis misspent 10 years studying computers and network security at the University of Manitoba before being unleashed on an unsuspecting world. After spending some time writing autopilot software for UAVs, he settled into a career in InfoSec, working in the education sector and founding Flying Fortress IT, a firm which specializes in providing small and medium businesses with security and cloud infrastructure expertise.
Home automation systems are split primarily into the two camps of open (and open-source), and proprietary. Proprietary systems have an advantage in that they are typically managed by a third party (for a fee, often paired with an alarm system) and they come with a preselected collection of devices the managing party guarantees work nicely together. This talk will explore how to reverse engineer these systems, and regain the granularity and robustness of control that open systems provide, while retaining the managed nature of the system.
Mike is a local professional that has inexplicably found himself doing non-technical work during the day: working to bring innovation and architecture to the City of Winnipeg. This situation has created a burning need to do something, anything, technology related in his non-work time. To scratch the itch he co-founded Flying Fortress IT with Travis Friesen to bring cloud and security expertise to small and medium businesses, and co-organizes the Winnipeg AWS user group and monthly(-ish) Winnisec security meetup just to get out of the house.
emacspeak is a free and open source speech interface converting audio signals into typed text. This leads to security flaws when in a group setting, or near any device with an audio in port. Does a method of obfuscation exist such that minimal additional effort is required yet my data remains uncompromised?
Chris Johnson is the IT manager of ParIT Worker Co-Op, Security Analyst of KrikIT Software Solutions, and the survivor of a bunch of strokes. He enjoys examining potential security flaws of devices when handled by users outside of the typical sensory scopes. Chris is also a Capricorn who likes long walks in the beach, chess puzzles, and laying around on the couch for longer than anybody ever should
Back in the day, when purchasing a car, all you really had to worry about were safety ratings and cost. Today, vehicles are more complex and as much computer as they are machine. You've likely heard the horror stories of self driving cars getting hacked. Maybe that's made you fearful. But what about cars you have to drive yourself? With today's Bluetooh-equipped, dashcam-set-up, Internet connected vehicles, how much do we need to worry about security updates? Are our vehicles destined for deprecation long before the transmission goes?
Sarah LaCroix is recent graduate working as an information security analyst. She is interested in how technology and security affect those who aren't technical and don't work in the industry. Sarah is eager to learn and level up her skills and knowledge.
GraphQL is a data query language developed internally by Facebook in 2012 before being publicly released in 2015. It provides an alternative to REST and ad-hoc web service architectures. It is a fairly new language, but it is already being used on a lot of companies all over the world. As with every new language it brings pros and cons. The goal of this presentation is to present this language from a security perspective. We will understand how it differs from the current REST architecture and how attackers can exploit it with a few abuse case scenarios. We'll provide real-world examples of how to exploit GraphQL web applications using only free tools at your disposal. If you are a developer, pentester or bounty hunter and would like to know more about the benefits and the risks of using GraphQL on your application, this talk is for you!
Saulo is a BS in Computer Science with +5 years of experience in the information security field. Saulo developed strong business, coding, and infrastructure deployment skills while working on own side projects like Shellter Labs, a project he Co-Founded that is an online platform for practicing and training information security.
He also competed in many coding and security contests, both alone and as a team captain, being 2 times South America's 1ºst place in Global Cyberlympics.
I wrote a tool to discover exports on NFS shares, capture file system data, and scan the drives for sensitive files an content. This talk will go over the tool and provide some recommendations for securing NFS.
Tim Jensen is a Senior Penetration Tester with BSI AppSec with many years of experience in Information Security. He holds OSCP and CISSP certifications and has expertise in many aspects of ethical hacking, penetration testing, and security operations.