Saturday, November 2nd, 2024

Sunday, November 3rd, 2024

Is your software secure? Every single day companies ship new code, features, and products that people entrust their data with. Yet so many of those applications remain live for years without ever being professionally tested by penetration testers. As hackers, it's our job to uncover these flaws. Learn about some of the real-world (anonymized) vulnerabilities we've seen, how we exploited them, and the impact they would have had if malicious hackers had found them first.

Bio: "GlitchWitch is a highly skilled and passionate hacker with a deep technical background. With a demonstrated passion for fortifying the digital realm, they are constantly pushing the boundaries to improve web security and develop cutting-edge security automation solutions. GlitchWitch currently works as the Founder & CEO of GlitchSecure, a growing Winnipeg based cybersecurity company developing continuous security testing software."

Slides

Ever since ChatGPT burst onto the scene, LLMs and generative AI have been all anyone can talk about. Today, more companies are putting generative AI into their products, regardless of whether or not it makes sense to do so. After which, your poor cybersecurity teams are left with the responsibility of both testing and defending this new technology without the training or experience in how to do such a task. In this talk, we'll provide a detailed look at the new threat landscape of generative AI applications and how to defend them. We'll review bug bounty submissions and cutting-edge techniques used against real companies over the past year. From there, we'll talk about how to mitigate these vulnerabilities to prevent them from slipping into your organization. By the end of the talk, you will walk away with a better understanding of generative AI security and what to look out for moving forward.

Bio: "Gavin Klondike is a senior consultant and AI expert specializing in utilizing AI/ML to enhance individuals' abilities within their roles. He is a core contributor and lead author of two of the OWASP Top 10 for LLM Applications and part of the leadership board for the AI Village, a community of hackers and data scientists working to educate the world on the use and security of emerging AI technologies. He is also the founder of NetSec Explained, a blog and YouTube channel, where he shares intermediate to advanced level network security topics in an easy-to-understand way. With a track record of successful presentations at major technical conferences, Gavin is known for his engaging and entertaining take on complex topics. He has a knack for breaking down intricate concepts into easily understandable terms, ensuring that everyone can grasp the fundamental ideas. His dynamic style ensures an inspiring session that will motivate and encourage teams as they begin to leverage AI tools in solving client needs."

Slides

IBM’s data security mission is centred on helping organizations safeguard their most critical asset: data. By focusing on data security posture management, data governance, and data detection and response, IBM enables businesses to navigate today’s complex cybersecurity landscape. At the heart of this mission is IBM’s Guardium suite, a leading data security platform designed to protect sensitive data across environments, including on-premises, cloud, and hybrid infrastructures. Guardium offers solutions for data discovery, real-time activity monitoring, vulnerability assessment, and encryption to prevent unauthorized access and data breaches. With features like automated compliance reporting, user behaviour analytics, and AI-driven insights, Guardium empowers organizations to not only secure their data but also streamline regulatory compliance, reduce operational risk, and maintain the integrity of their information systems.

Bio: "Melissa Gabriele is a seasoned cybersecurity expert with extensive experience in threat management, vulnerability assessment, and data security. She is a Technical Specialist for IBM Canada, overseeing security software services and solutions for Canada’s West Coast region. With a background in teaching cybersecurity intelligence and extensive expertise in threat hunting, forensic investigation, and risk management, Melissa is dedicated to helping organizations protect against digital threats through effective and innovative security strategies."

Slides

In an era where cyber threats are becoming increasingly sophisticated, proactive threat hunting has emerged as a critical strategy for organizations seeking to stay ahead of adversaries. Let's explore some of the methodologies and practices essential for effective cyber threat hunting and identifying and mitigating potential threats before they can cause harm. The session will emphasize the importance of telemetry in the threat hunting process, detailing the various types of data—such as logs, network traffic, and endpoint activity—that are crucial for uncovering hidden threats. Practical examples and case studies will illustrate how telemetry can be leveraged to track adversaries' movements, behaviors, and tactics. The goal being how to integrate effective threat hunting methodologies with comprehensive telemetry to enhance their organization's security posture and resilience against cyber threats.

Bio: "Cybersecurity professional with expertise in technical sales, consulting and professional services. My career has been primarily focused on building and managing IT infrastructure, specializing in mission critical network and security systems for large enterprises. Apart from my technical experience, I have extensive experience in managing technical teams and large complex projects."

Slides

Far too often, security policies deal with networking incorrectly, inefficiently, expensively, and even hazardously due to a lack of either knowledge or understanding. No-one can fix all of that in one talk, but I CAN provide a baseline of how it's supposed to work, cover common ways things can be broken, and where to apply Hanlon's Razor.

Bio: "Engineering drop-out, Programmer, LAN Admin, DBA, Tech Support Manager, Software Architect, Product Manager, Network Operator, Network Architect, Conference Organizer, Amateur Musician, Autistic + ADHD. Having done so many things means knowledge from other domains informs the domain I'm working in at any time; I also speak multiple tech dialects and can translate between groups."

Slides

Zeroconf is a set of protocols and standards meant to create a sort of "plug n play" experience for networked devices and network services. This can be achieved through a combination of many different protocols, though primarily three. Namely, mDNS (RFC6762), DNS-SD (RFC6763), and Link-Local Addressing (RFC3927) make up the bulk of Zeroconf implementations. In this talk, we'll have fun together imagining some potential abuses of these protocols, look at some proofs of concept, and notice some interesting things about specific implementations along the way. Expect no zero-days -- In fact, I expect all of these have been thought of before -- but instead a casual meandering through some obvious abuses, complete with screenshots you'll have to squint to read.

Bio: "Hi, I'm David Dyck! Professionally I run the vulnerability management and penetration testing services at Security Resource Group (SRG), and I've been interested in the security field since I was a young teenager. I have a major degree in Linguistics and in Computer Science, and a minor in German (but don't try to speak German to me, I'll just embarrass myself!) Personally, I avoid computers and enjoy punishing myself with manual labour and farm work, reading a good book, or reading about Linguistics."

Slides

In this short talk, I'll tell a story about how a small ISP (MTS) found a massive exploit in a residential gateway already in use by Verizon. I'll also provide some tips on how you might find similar exploits.

Bio: "Adam is a senior embedded developer with 20+ years of experience with microcontrollers. He has a passion for writing testable, re-usable, safe, and secure code. He's been obsessed with state machines for about 8 years and is the author of StateSmith on github."

Slides

An exploration of techniques, tactics and psychological models used in the infiltration of emerging threat actor groups. Our personas are fabrications and constructions of our inner self that we project outwards. We do this through various means and influences such as race, gender, sex, ability, age, culture, religion, norms, class, and status. For the “real world” aka “irl” we do all this by expression in our clothing, makeup, hairstyling, our hobbies, our network of friends, colleagues, and acquaintances. We leverage all of these facets and we create masks, personas, that we think will best interact with the world around us. The same concepts apply when creating personas for infiltrating online communities. What makes a good persona and what makes a bad persona? Persona’s can vary wildly in quality, many factors contribute to the quality of a persona, for example how tailor is it to the mission, how good is the operational security of the account, how good are you at managing it and leveraging it to establish yourself in a community. Understanding what you can construct and where limitations lie. If you know nothing about the community you are trying to infiltrate you will have a hard time establishing a foothold even more so any significant persistence in the community. We will also look at the concept of Timeshifting persona’s so they appear online. What is your Mission? Know your target: Identify, Probing, Gathering, Verifying, Analyzing, and Distribution of Intelligence obtained by your personas. Executing your Mission Real Example of Infiltration of a RaaS operation. Exfiltration / Means of Exiting

Bio: "Tammy is a Senior Threat Intelligence Researcher and Certified Dark Web Investigator at Flare. She currently is an admin and volunteer researcher for the open source project RansomLook. When she is not working, Tammy is spending time with her two handsome cats, listening to techno and ambient music and enjoying a delicious matcha latte. Her other hobbies include street and nature photography, reading, and astronomy."

WIP: What is threat modelling, why you need it, highlights and common pitfalls, with examples!

Bio: "A recent new-dad-for-the-second-time, Travis works as a Cloud Security and Infrastructure engineer for Neo Financial. Previous roles include consulting for InfoSec at MERLIN, particularly in education, and writing autopilot software for UAVs."

Slides

With the proliferation of Living Off the Land Binaries (LOLBIN) attacks, I thought it would be interesting to explore how hard/easy it would be to detect a very low level C2 that leverage commonly used websites in order to send commands and receive the output. In this talk we'll see some ways to use Git servers as covert communications channel.

Bio: "Mathieu Saulnier is a security enthusiast and Core Mentor for Defcon’s Blue Team Village. He leads world class teams and focuses on research, hunting & detecting adversaries. With 2 decades now in the security space, he’s had the opportunity to work for amazing organizations and make an impact in cyber defense. He shared his passion at Derbycon, SANS Summits and RSAC, amongst others."

Slides

It doesn’t matter how advanced your shellcode loader is, if you don’t protect your shellcode from prying AV & EDR sensors, you’re going to have a bad time. From simple encryption schemes like the Caesar cipher to more complex schemes like AES, reversing arrays, steganography, encoding shellcode as other data types, and other techniques, this talk will cover a variety of ways to hide shellcode in your loader. I’ll demonstrate how these techniques score against many engines using VirusTotal. In some cases, AV engines will detect the decoding routine. I’ll also discuss techniques you can use to break this detection. I will also be sharing a repository demonstrating the different evasion techniques discussed in this talk. Note – this talk will not cover behavioral evasion techniques like unhooking, direct and indirect syscalls, or other evasion techniques. Whether you’re new to obfuscating shellcode or an experienced pro, there’s something in this talk for you!

Bio: "Mike Saunders is Red Siege Information Security’s Principal Consultant. Mike has over 25 years of IT and security expertise, having worked in the ISP, banking, insurance, and agriculture businesses. Mike gained knowledge in a range of roles throughout his career, including system and network administration, development, and security architecture. Mike is a highly regarded and experienced international speaker with notable cybersecurity talks at conferences such as DerbyCon, Circle City Con, WWHF, and NorthSec, in addition to having more than a decade of experience as a penetration tester. You can find Mike’s in-depth technical blogs and tool releases online and learn from his several offensive and defensive-focused SiegeCasts. He has been a member of the NCCCDC Red Team on several occasions and is the Lead Red Team Operator for Red Siege Information Security."

Slides

How nations are using AI to conduct large-scale manipulation

Bio: "Tbd"

Slides

This talk goes over using OpenBSD as the basis for a highly available globally distributed public anycast network. This talk is meant as an introduction to the subject of an anycasted network, and goes over some of the benefits of using OpenBSD.

Bio: "Rob lives on a forested property outside of Winnipeg MB Canada with his wife, his dog, and many musical instruments. He has a background in computer science, and runs a small public network (AS62752) using OpenBSD."

Slides

First we will look at how OAuth 2.0 works as a protocol, and its uses in protecting APIs. Then we will see how OIDC is built on top of OAuth 2.0 to provide federated authentication. Finally we will look at Verifiable Credentials, also known as Self Sovereign Identity. This is the standard driving digital wallets. We will see how it operates, and some of the challenges behind trust in such a system.

Bio: "Richard is a principal software engineer in higher education in the USA. He specializes in IAM. He is active in the national higher education space on committees involving IAM, security, and trust."

Slides

High quality, actionable, alerting is a dream for many incident response teams. Who doesn’t love wading through noisy events, false positive alerts, or being paged on Friday night because Bob hand-bombed a change in production? By building enrichment into your detection and alert pipelines, you too can just shake your fist at Bob and worry about it later.

Bio: "Paul leads Security Operations with Mattermost. Prior to this, he ran SecOps with GitLab and other emerging tech companies. Paul has specialized in building operational security programs in early stage startups, enabling companies to have a secure footing as they grow. (how's that for a pun?)"

Slides

Today’s workplace presents a very demanding environment, in which we are routinely asked to do more with less. This often means more hours worked, more stress, less time for relaxation and unfortunately that is a recipe for burnout. Believe it or not, this pattern can be avoided! By leaning into our natural strengths, we can be more efficient and resilient. So let’s talk about what burnout is, how to spot it and how to prevent it. After all, it truly IS possible to achieve more by doing less!

Bio: "Matias Wengiel currently works as a Full Stack Web Developer at Neo Financial. Before that, he was a post-secondary instructor in the Health Sciences. Before that he was a physician. He also went on fossil digs and found fossils! That’s not really relevant to our con, just wanted to share. He likes to combine all three of his careers into an instructional discussion about how to avoid burnout (which is not great for your health) with a focus on the tech sector. Maybe it’s because he keeps choosing high-burnout careers and wants to help others in his same situation. Or maybe it’s because he’s trying to find a way to balance work with his endless list of hobbies and interests such as tabletop gaming, gardening, camping, cooking anything over (and sometimes under) charcoal and more!"

Slides

This will be a quick presentation covering some examples of Internet of Things devices that contain terrible design or security flaws. Let's talk about those devices and what we can all do to contain that threat. As we all know this is the real state of IoT.

Bio: "William has been a tech enthusiast his entire life and started working with desktop computers in his childhood. Since he grew up using computers before the internet existed, I guess that makes him really old."

The number of cool devices with Bluetooth in them is insane: usb current meters, batteries, charge controllers, LED lights, sous vide devices, and other things. But they all need the weirdest apps that you download from MediaFire, are never in your own language, require every permission under the sun to run, require an account to use for some reason, and drain your battery because they're probably mining Bitcoin in the background. This talk is a brief dig into how you would rebuild a client app for one of these devices on a more open platform, like a Bluetooth enabled microcontroller. We'll talk through how you would snoop Bluetooth traffic from an Android device, pull apart protocols, and start building your own client.

Bio: "Mike like to think of himself as a mathematician that does computers to pay the bills but really he's most just three sarcastic racoons in a trenchcoat... with a math degree and a Master's he definitely would do again. He likes to learn about new things and has worked a lot of different jobs including an AI startup, and most recently leading a security team at a fintech. He's recently gotten into 3D printing, and that was probably a poor choice, but ask him about it anyway!"