BSides Toronto 2020

Adam Winnington

Over the last 20 years, I have been integrating technology solutions into customer environments solving business problems. I have worked with many customers from small to national to international; from coding shops to healthcare to manufacturing.

  • Getting people out your automation
Ali Abdollahi

Ali Abdollahi a cyber security expert with over 8 years of experience working in a variety of security fields. Ali is a full-time consultant helping clients with product security testing, reverse engineering, penetration testing, exploit developing, red-teaming, secure coding, and more, giving him ample opportunity to use his skills in a diversity of ways. In addition, He is an instructor, author and board of review at Hakin9 company. Ali is a self-confessed bug hunter, publisher of many vulnerabilities and CVEs. He is a regular speaker and trainer at industry conferences like: BSides Budapest, BSides Dublin (Cancelled due to Covid-19), c0c0nXII, TyphoonCon (SSD), Cyber Junegle, Confidence, ISACA Euro CACS 2020, OWASP Appsecdays, DefCon

  • New Era in Telecom Hacking
Anitha A

Anitha A is a Senior Information Security Analyst with the Cyber Security and Incident Response Team (CSIRT) at Target. Before joining Target Corporation, she worked with Cognizant SOC, she has over 5 years of work experience, primarily in Incident Response and SOC environments. Her strong suit includes Windows host-based analysis with a special interest in Bad USB Forensics.

  • Profiling Bad USB Attacks
Apurv Singh Gautam

Apurv Singh Gautam is pursuing his Master's in Cybersecurity from Georgia Tech. He commenced work in Threat Intel/Hunting 2 years ago. Throughout his professional career, he worked on hunting threats from both clear web and dark web and is also involved in performing HUMINT on the d2web. He is very passionate about giving back to the community and has already conducted several talks and seminars in local security meetups, schools, and colleges. He loves volunteering with Cybrary and Station X to help students make their way in Cybersecurity. He looks forward to the end of the day to play and stream one of the AAA games Rainbow Six Siege.

  • Automating Threat Hunting on the Dark Web and other nitty-gritty things
Ben Herzberg

Ben is an experienced hacker & developer, with years of experience in endpoint security, behavioral analytics, application security and data security. Ben filled roles such as the CTO of Cynet, as well as leading the threat research group at Imperva. Ben is now leading research in building secure data access for data warehouses and data lakes as part of Satori.

  • Securing your Snowflake Cloud Data Warehouse
Catalin Curelaru

Catalin is a security generalist specialized into Infrastructure and Product Security areas with a strong knowledge of Security Operations.
He works at Visma as a Product Security Engineer, enjoying his time into the Product Security Operations team providing technical leadership in various security services through the Visma Application Security Program.
Catalin is the OWASP Timisoara Chapter Leader where he aims to create a strong local security community focused on improving the application security world. Has also several recognized certifications in the security field like: MCSA, MCSE, Security+, CASP, CEH.

  • Connecting the Dots: How Threat Intelligence Protects the Applications
Chad Duffey

Chad is currently an Infrastructure Security Engineer at Palantir.

Prior to Palantir he worked on Active Directory and Security at Microsoft & was lucky enough to be in the right place at the right time to become a Microsoft Certified Master (MCM) for Directory Services (Active Directory) as part of the gig. He also spent some time in the Windows Engineering team working on Kernel Security & the Registry.

During the work day, most of his time is spent helping to build secure systems and infrastructure. Any free nerd hours outside of the office are spent on offensive security and exploit development.

  • Windows Defender Exploit Guard v Unpatched Software and Zero Day exploits
Christopher Lopez

I am a father and a SOC analyst. The investigative process and how analysts ask and answer questions are some of my greatest passions in the field. I began as a SOC analyst over 4 years ago and early in my career I learned how important questions are to an effective investigation. I hope to share tips that could helps others become awesome investigators and writers.

  • Asking Questions and Writing Effectively
Dolev Farhi

Dolev Farhi is the Principal Security Engineer at Wealthsimple. Previously, he was the security engineering lead at Paytm, the world’s fastest-growing mobile payment and commerce ecosystem.

Dolev has worked for several security firms, such as CyberArk and F5 Networks, and provided training for official Linux certification tracks. He specializes in Linux/UNIX security, web application security, and offensive security automation. He is the founder of DEFCON Toronto, a popular Toronto-based hacker group and enjoys researching weird IoT devices.

  • Breaking the Habit with Continuous Security
Etizaz Mohsin

Etizaz Mohsin is an information security researcher and enthusiast. His core interest lies in low level software exploitation both in user and kernel mode, vulnerability research, reverse engineering. He holds a Bachelors in Software Engineering and started his career in Penetration Testing. He is an active speaker at international security conferences. He has achieved industry certifications, the prominent of which are OSCP, OSCE, OSWP, OSWE, OSEE, CREST CRT, CPSA, EWPTX, CEH.

  • The Great Hotel Hack: Adventures in attacking hospitality industry
Felix Kurmish

Cyber Threat Hunter & Researcher with a proven history of working in the Cyber Security, Information Technology, Financial industry and Military industry.

Experienced in Malware/APT Research, Threat Hunting, Red/Blue Team, Cyber Threat Intelligence, Digital Forensics, Malware Analysis and Reverse Engineering.

Been on both Offensive and Defensive sides, bringing a Holistic point of view and mainly love to solve complex technological problems.

  • Detection Mastery - War Stories From The Hunters Side!
Hardik Parekh

Hardik Parekh is recognized thought leader and executive in security/privacy domain with hands-on contributions to SANS CWE Top 25, OWASP SAMM, BSIMM 1.0 to BSIMM 9; and SAFECode. Hardik is part of the core team which developed OWASP SAMM 2.0.

Hardik has 16+ years of hands-on security experience with a track record of developing and maturing security programs in consumer and enterprise companies RSA/EMC, Intuit, Amazon, and Splunk. Hardik has built security programs in dynamic, fast-paced environments while partnering effectively across the company. Hardik has transformed DevOps organization to DevSecOps by integrating security engineering tools in CICD pipeline and delivered security at scale and speed in the Cloud.

Hardik also serves on several advisory boards including non-profit Security and IT Certification leader CompTIA.

  • Navigating DevOps security journey at scale with OWASP SAMM 2.0
Haydn Johnson

Haydn lives local to Toronto and contributes to the community via blogging and talks. Haydn has over 7 years of information security experience, including network/web penetration testing, vulnerability assessments and Cyber Threat Intelligence. He was on the 2019 SANS Purple Team CFP review board and currently holds the OSCP, GXPN and eCIR certifications. @haydnjohnson has gained both red and blue team experience.

  • Emulate.Go
Ilya kolmanovich

Ilya Kolmanovich -
Ilya is a security researcher who specializes in malware analysis and threat intelligence combining a decade of experience from both Israeli and Canadian InfoSec communities. Recently, he has been working on building Digital & Cyber Threat Hunting Programs for RBC. In his previous life, Ilya lead threat and malware research for top security vendors like RSA, Trusteer & IBM Security, detecting and eliminating threats for millions of customers and their private networks.
Passionate about hunting and automation.

Felix Kurmish -
Cyber Threat Hunter & Researcher with a proven history of working in the Cyber Security, Information Technology, Financial industry and Military industry. Experienced in Malware/APT Research, Threat Hunting, Red/Blue Team, Cyber Threat Intelligence, Digital Forensics, Malware Analysis and Reverse Engineering. Been on both Offensive and Defensive sides, bringing a Holistic point of view and mainly love to solve complex technological problems.

  • Detection Mastery - War Stories From The Hunters Side!
Jon Rohrich

Jon Rohrich is a Security & Compliance Technical Specialist at Microsoft Canada with a focus primarily on Identity, Device, Threat, and Information Management. Jon has 8 years’ experience advising IT & Information Security executives from a strategic capacity, at customers across a breadth of industries such as financial services, healthcare, legal, government and more. Jon helps businesses keep pace with the rapidly changing security and threat landscape. Jon holds an array of technical and Security certifications including the Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker (CEH). Jon is a Canadian Forces Veteran having served 5 years as an Infantry Soldier and LAV III Gunner in the 1st Battalion, Royal Canadian Regiment prior to pursuing a career in Information Security.

  • Redefining the Security Perimeter for the remote workforce
Matthew Marji

Matthew Marji is a Senior Product Security engineer for Auth0, an identity platform for application builders. He possesses the natural ability to simplify difficult security concepts; empowering the engineering teams he works with to build secure applications. In his free time, he lifts weights, enjoys espresso, and reads the OAuth2 RFC.

  • Subdomain takeovers and how to prevent them
Max Cizauskas

BSides Staff

  • Opening Remarks
  • Sunday Lunch break
  • Saturday Closing Remarks
  • Opening Remarks
  • Sunday Closing Remarks
  • Saturday Lunch break
Payal R K

Payal R K is a Lead Information Security Analyst in Target's Cyber Security Incident Response Team (CSIRT). She joined Target Corporation in 2018 and currently leads the CSIRT India team as an Incident Handler. Payal has a strong skill set which includes conducting host-based and network-based analysis. Before joining Target, she was a Security Analyst at VMware India. During her time at VMware she had an opportunity to speak at Grace Hopper Conference India, 2016 on the topic "Sniffing using Dsniff”.

  • Profiling Bad USB Attacks
Pietro Oliva

Pietro Oliva is a security researcher holding a degree in IT security from Università degli Studi di Milano.
He has several years of professional experience in the security field, where he has worked with many global leading companies in a variety of service offerings which mainly include penetration testing, red teaming, and security/vulnerability research.
His main areas of interests involve vulnerability research, reverse engineering, and exploit development. Some of his personal research has been made public through responsible vulnerability disclosures.

  • From hardware to zero-day
Tim Dafoe

Tim has more than 20 years of experience in information security, with his duties ranging from C-suite briefings to red team engagements abroad. As a member of Canada's mirror committee to ISO/IEC JTC 1/SC 27 and the Cloud Security Alliance OCF WG, Tim also works to advance security standards for industry and the public sector. He has previously spoken at events including InnovationTO, GovSym, the MISA Ontario Security Conference, and the Chief Security Officer Summit.

  • Digital Cinema Security