BSides Toronto 2020

Opening remarks and house keeping to kick off the day

IoT devices are changing the world in both good and bad ways. It is exciting and fascinating to see how technology keeps improving our lives, but it is also worth considering the security impact and the vulnerabilities being introduced in our lives by such connected devices.

This talk is all about the investigative method and how it aligns with the scientific method to drive our investigations as analysts. Each important question is emphasized and examples are given to help with the framing of these questions from an analytical perspective. At the end an example is given showing how to put your answers together into an effective report.

Growth is often a positive indication a business is thriving, which often leads to security complications: increased attack surface, growth in assets, aggressive time to market objectives and new opportunities for security to go wrong.

This talk will provide you with a deep technical insight into how we built a continuous security platform to reduce our attack surface, while keeping the signal to noise ratio as the prime objective, the lessons we learnt, and how you can do it too.

Before we break to talk about sponsorship

Attendees will learn about the prevalence of identity based attacks, the history and current state of Zero Trust and how they can protect their users by applying modern security principles around their identities and data. Topics covered in this session are especially important as more organizations have shifted to a work from home model due to the recent Covid-19 pandemic

Today we can see that the digital technologies are the core of every business. The automation and the connections achieved with these technologies have revolutionized the world’s economic and cultural institutions but they have brought additional risk in the form of cyber attacks.
What is Cyber Threat Intelligence and how you can implement it properly to protect your business?
In this presentation you will find how to integrate it into you Application Security Program but also solutions that automate data collection and processing, integrate with other solutions or services, take in unstructured data from disparate sources, and then connect the dots by providing context on indicators of compromise (IoCs) and the tactics, techniques, and procedures (TTPs) of threat actors. To put it short, Threat intelligence is knowledge that allows you to prevent or mitigate those attacks

What's the hype with the dark web? Why are security researchers focusing more on the dark web? How to perform threat hunting on the dark web? Can it be automated? If you are curious about the answers to these questions, then this talk is for you.

Automation Cannot Think, help it.
CAB meetings think too much, avoid them.
Check (Audit) your work
Keep “everything in its place” automatically.

In today’s agile environment, it’s important to know maturity of your software assurance program. In this talk, we will introduce OWASP SAMMv2 - an effective and measurable way to analyze and improve software assurance posture in 3 levels of maturity - thus creating a step-by-step navigation plan.

In this session I will go through the security controls in snowflake as well as some of their limitations, along with hands-on walk-throughs of the permission structure of snowflake and how to set up column and row based access controls from within Snowflake. I will also discuss setting up monitoring of authentication and authorization for snowflake with a few useful tips.

End of day closing remarks

Opening remarks and house keeping to kick off the day

As of April 2020, 59 percent of the global population uses the Internet and a very small fraction of these people know that BadUSBs aren't restricted to mass storage devices with infected files on them. Today, there are normal-looking USBs that are capable of running malicious programs to exfiltrate most critical data on a computer without a single mouse click. All that needs to be done in order to achieve this is, be connected to a USB port. In this paper we will talk about the capability of a device called WHID (Wi-Fi injector) and what can be done to detect and investigate it.

Ever wondered your presence exposed to an unknown entity even when you are promised for full security and discretion in a hotel? Well, it would be scary to know that the hospitality industry is a prime board nowadays for cyber threats as hotels offer many opportunities for hackers and other cybercriminals to target them and therefore resulting in data breaches. Not just important credit card details are a prime reason, but also an overload of guest data, including emails, passport details, home addresses and more. Marriot International where 500 million guests' private information was compromised sets for one of the best examples. Besides data compromise, surgical strikes have been conducted by threat actors against targeted guests at luxury hotels in Asia and the United States. The advanced persistent threat campaign called Darkhotel infected wifi-networks at luxury hotels, prompted the victim to download the malware and thus, succeeded in specifically targeting traveling business executives in a variety of industries and all its prevalence seems to have no end yet.

For a broader look, this time a popular internet gateway device for visitor based networks commonly installed in hotels, malls and other places that provides guests temporary access to Wi-Fi was examined. To see, how the guests and the hotels both have a serious stake in this, we will discourse about the working of guest Wi-Fi systems, different use cases and their attack surfaces: device exploitation, network traffic hi-jacking, accessing guest's details and more. Common attacks and their corresponding defenses will be discussed. This talk will contain demos of attacks to reveal how the remote exploitation of such a device puts millions of guests at risk.

Did you know that taking over a subdomain is a pretty easy thing to do if you know what you're looking for?
Did you know that these types of attacks have caused millions of dollars in damage?
How do they happen, and how can we prevent them?

Sunday lunch break

Film is a cultural asset, but a new blockbuster, sitting "in the can" the day before release, is a business asset. How do big league studios, and the theatres that screen their nine-figure budget "tent-pole" features, protect digital content? Follow the (encrypted) path of modern film in this talk, right from the post house to the tamper-resistant boards inside the laser projectors lighting today's silver screens.

We'll use a a handful of demonstrations to show how Windows Defender Exploit Guard can be can be quickly configured to protect otherwise vulnerable applications against exploits and common adversary techniques. We'll talk about how to set things up quickly in an enterprise environment and discuss the mistakes we made in our exploit guard journey so that you can avoid them for your company.

Emulate.Go - A tool released at DEF CON Red Team Village 2020 to help abstract the complexity away from running adversary emulation exercises through focusing on command line execution for initial access.

This talk will
- demonstrate how to use the tool within a lab environment
- dive deep into how to use the tool and lab 2 environments to build skills that are valuable in the industry

Threat Hunting is a rapidly evolving topic in cyber security. Armed with more than 20 years of enterprise and military experience, being on both red and blue sides - we plan to determine the approach to next generation detection.

his talk focus on the implementation of new security hardening in mobile networks as well as detecting techniques and bypassing methods. The scope of the illustration include both radio and signaling core network.
One of the most complicated network is mobile telecom network. There are some segments
include signaling, charging, packet data, Radio etc. Still there are many security holes that
allow attackers to compromise the network and however telecom companies enable
security mechanisms and put some security devices. In this talk, I will cover common
high-tech security solutions used by telecom operators and and all ways to detect and after that bypass it as well as security recommendations to prevent theses activities.

Conference closing remarks