Loading…
AtlSecCon 2020 has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Tuesday, April 28
 

TBA

2019 – The Year Of “Big Game Hunting”
Over the last year we have seen an increase in the number of ransomware attacks against large organizations, such as schools and municipalities. In these events, the attackers spend a significant period of time in the network and are able to gain control of a large portion of the network. Once this control is achieved, the attacker can exfiltrate data, steal credentials or even execute ransomware on a large scale. During this talk I will walk through this entire process, which usually involves an initial dropper such as Emotet or Trickbot that is targeted toward an individual user. This leads to using multiple techniques to further penetrate across the network through lateral movement. At this point, sensitive data can be exfiltrated from the network or the attackers can encrypt the data on the network with ransomware like Ryuk, demanding a large ransom. Simply examining a few of the bitcoin addresses show that these attacks have generated Millions of dollars in attacker revenue. Understanding how these attacks operate is key to making sure that your network has the tools and visibility to prevent your network from becoming the latest Big Game trophy.

Speakers
avatar for Earl Carter

Earl Carter

Threat Researcher, Cisco Systems
Earl Carter has always had a passion for solving puzzles and understanding how things operate. Mr Carter quickly learned that identifying security weaknesses is just like solving puzzles. Almost 20 years ago, he was introduced to network security when he accepted a position at the... Read More →


Tuesday April 28, 2020 TBA

TBA

AMITT - Let's Talk About Adversary Misinformation
Adversarial Misinformation Influence Tactics and Techniques (AMITT) framework is a common language for describing organized communication attacks. Misinformation is getting more attention as the public and private sector struggle to contain foreign influence operations.

Using well-established information-sharing standards and tooling appropriated from the InfoSec community, we will explore the use of the AMITT for the detection and disruption of influence operations.

The focus of this talk is left-of-boom operational playbooks and strategies for working with disinformation at scale.

Speakers
avatar for Roger Johnston

Roger Johnston

Security Analyst, Ubisoft
Roger Johnston is a security analyst at Ubisoft's Montreal studio where he primarily works on cyber threat intelligence and adversary emulation.  He is part of the Credibility Coalition's MisinfoSec working group and a contributor to the AMITT framework.


Tuesday April 28, 2020 TBA

TBA

Attacking and Defending the AWS Cloud
Cloud adoption continues to grow at an exponential rate.  The rate of change of the AWS cloud environment also continues at a rapid pace.  Having security aligned with this pace and new operating paradigm is needed to drive business growth in today’s economy.  

This presentation focuses on the AWS Cloud and explores the most common attacks against the cloud while sharing effective defenses and risk mitigation strategies. We will provide attendees with tools and techniques to understand their cloud attack surface and how to secure their infrastructure. We will cover:
1. Commonly designed AWS environments
2. Attacks against the vulnerabilities in these AWS environments
3. Methods to detect attack activity
4. Techniques to secure your AWS cloud infrastructure

Speakers
avatar for Elyse Valerie Nielsen

Elyse Valerie Nielsen

Principal Consultant, Webgistixs
Elyse Nielsen is the principal consultant with Webgistixs, a security consulting firm. Webgistixs advises companies how to improve management of their security portfolio achieving project delivery while improving financial and operational performance. Elyse has over a decade of experience... Read More →


Tuesday April 28, 2020 TBA

TBA

Bear Trap: The Disruption of a GRU Close Access Cyber Operation
This presentation describes an unclassified, yet little known, Russian GRU close access cyber operation against an international organization. The presentation follows the actors as they arrive in theatre, conduct reconnaissance, prepare their attack, and most importantly, get busted. The presentation also covers the motives of the foiled attack, the equipment used, and opsec mistakes made by the actors.

Speakers
RS

Ryan S

Cyber Intelligence Officer
Ryan is a Cyber Intelligence Officer who investigates state-sponsored cyber activities and the actors who conduct them. Ryan's duties include collecting threat and human intelligence, incident response, threat hunting, and talking about cyber security to anyone who will listen.


Tuesday April 28, 2020 TBA

TBA

Gamified Tabletop Workshop
A workshop in which I talk about gamifing the traditional tabletop exercise, and then bring up some volunteers from the audience to showcase how a gamified tabletop exercise works.  The idea is to have participants "roll" dice for each decision, and depending on the roll, different outcomes are faced.  

Tuesday April 28, 2020 TBA

TBA

Highlights into Cybersecurity Quandaries
There is a disconnection between defenders’ perceptions and practices and the current cybersecurity landscape -or more precisely- the most common attack vectors leveraged by penetration testers acting as potential attackers. To understand this disconnection, we conducted a research that confronted attackers’ and defenders’ minds, surveying the perceptions and practices of over 100 cybersecurity professionals and comparing them with 100 penetration tests conducted across all North America. This presentation highlights the research’s key results. We linked the defenders’ perception with their reported actions, cross-referencing the results with statistics on penetration testing. We uncovered potential biases in the defenders’ mindset. At the end of the presentation, attendees may recognize themselves in the dissonant/overwhelming state discussed or -even better- may use the findings to consider new defense techniques.

Speakers
avatar for Masarah Paquet-Clouston

Masarah Paquet-Clouston

Security Researcher, GoSecure
Masarah Paquet-Clouston is a security researcher at GoSecure and a PhD candidate in criminology. She is also part of the NorthSec organization. With her background in economics, criminology, and now cybersecurity, she specializes in the study of crime and technology. She presented... Read More →
avatar for Laurent Desaulniers

Laurent Desaulniers

Director of Pentesting Services, GoSecure
Laurent is a team lead for GoSecure, based in Montreal. He has conducted over 200 pentesting and red team engagements over the span of 10 years and is still enthusiastic about it. Laurent is also a challenge designer for Northsec and has given talks to CQSI, NCFTA, HackFest, RSI... Read More →


Tuesday April 28, 2020 TBA

TBA

Is Security The New Green?
In this talk we will consider (in)security as a negative economic externality. We will compare and contrast the rise of pollution during the industrial age with the rise of digital insecurity during the information age. We will follow this comparison through major historic turning points in both public perception and policy; recent data breaches and academic research across disciplines in order to question how we think about security in a connected world. Why is digital insecurity the new pollution? What incentives do organizations and individuals have today to care about digital security? What is the real social cost of insecurity? As we seek to answer these questions, we begin to see that digital security is not only a means to manage immediate risk to ourselves and our organisations, but a necessity to sustain the global digital environment we depend on.

Speakers
avatar for Ryan Mattinson

Ryan Mattinson

Information Security Practice Lead, Nagarro
Ryan has more than 10 years of experience in information security consulting in Canada, Norway and the U.S. in roles ranging from penetration tester to CISO. He currently leads the global information security consulting practice at Nagarro--a growing team of talented consultants... Read More →


Tuesday April 28, 2020 TBA

TBA

IT Community Building Strats: How D&D Taught Me Team Work
Building community and engaging with a team requires knowledge of the strengths and weakness of each member. Weakness are not to be belittled but to be compensated for by the strengths of others. This talk will endeavour to demonstrate the need for good community building skills and techniques in every team. No matter what your team builds or creates they do so relying on the abilities of the members of that team. Recognizing the capabilities and limitations of each member and unleashing their inherent potential will lead to more secure development. Through a process of education and team building exercises this session will strive to express how you can work in or create a team to accomplish your goals - a team that recognizes the inherent weaknesses of each participant and yet capitalizes on their strengths.

Speakers
avatar for Fr. Elliott Siteman

Fr. Elliott Siteman

Rector, Diocese of Nova Scotia and Prince Edward Island
Pastor. Priest. Teacher. Questioner. I strive to break away from stereotypes and encourage people to see the clergy in new ways - that show them how connected we can really be to all people no matter who they are or what they believe. I am not in the business of conversion but I am... Read More →


Tuesday April 28, 2020 TBA

TBA

Leveraging HSTM and SBTM in CTFs
The Heuristic Test Strategy Model (HSTM) has been used by software testers since its original development 1996, to help them discover information about the product under test. Session-Based Test Management (SBTM) was similarly developed as a way to standardize the documentation of tests, while still allowing the tester enough freedom to explore. In this talk, I will be reviewing the results of my attempt to adapt HSTM and SBTM to the execution and documentation of Capture The Flag games.

Tuesday April 28, 2020 TBA

TBA

Mobile Barcoded Boarding Passes – Can I hack my way to free travel?
An explanation of how the mobile boarding pass on your phone is encoded and secured by airlines and airports around the world using an asymmetric key digital signature system.  

The talk will first cover details of the barcode encoding and how the data is used around the airport. It will then explore the mechanism used for the digital signature and how this is produced and verified.

Finally, the talk will look at some failures in the UK where rail tickets were reverse engineered through poor asymmetric key management and talk about the best practices for securing this information in a mobile barcode ticketing system.

Speakers
avatar for Richard Townsend

Richard Townsend

Manager, Lixar IT
Richard Townsend is a Manager at Lixar IT and moved to Canada from the UK six years ago.He started his career as a Software Developer in 2008 making mobile barcodes long before the iPhone or barcoded boarding passes were commonly used. As well as mobile boarding pass solutions he... Read More →


Tuesday April 28, 2020 TBA

TBA

Password-less! Can It Be Done?
As industries start to move to password-less environments, the benefits are clear but the path to get there is not. Several large enterprises have started their password-less journey and you can too. Learn from their experiences in order to avoid pitfalls and accelerate deployment to enhance your security state. This presentation will provide you with some quick wins and next steps for the short term and a clear strategy for the long term.

Speakers
avatar for Mark Morowczynski

Mark Morowczynski

Principal Program Manager, Microsoft
Mark Morowczynski (@markmorow) is a Principal Program Manager on the customer success team in the Microsoft Identity division. He spends most of his time working with customers on their deployments of Azure Active Directory. Previously he was Premier Field Engineer supporting Active... Read More →


Tuesday April 28, 2020 TBA

TBA

The Hacker Hippocampus: Meet your brain on games
Always on the edge of your seat when it comes to new exploits and tricks. From bug bounties, CTFs, live hacking events, simulations, and interactive educational modules, they have been proven to stimulate and enforce new tools and knowledge to become stronger red teamers, blue teamers, and purple teamers.

But how did gamification come into play and in infosec? And how does our brain process gamification and threats as hackers?

This gamified/interactive talk shares the history of gamification in infosec, how our brains are stimulated by them, and how it’s transforming lives.

Speakers
avatar for Chloe Messdaghi

Chloe Messdaghi

VP of Strategy, Point3 Security
Chloé Messdaghi is the VP of Strategy at Point3 Security. She is an ethical hacker advocate who strongly believes that information security is a humanitarian issue. Besides her passion to keep people safe and empowered online & offline, she is driven to fight for hacker rights. She... Read More →


Tuesday April 28, 2020 TBA

TBA

Threat Hunting via DNS
DNS logs are one of the most powerful threat hunting resources, but encryption is rapidly changing that equation.

Key DNS threat hunting techniques include detecting DNS tunneling and Domain Generation Algorithms (DGAs). It used to be simple(r): log DNS requests and responses on DNS forwarders, or sniff and analyze via tools like Zeek.

DNS over TLS (DoT) and DNS over HTTPS (DoH) are disrupting the status quo: where does that leave network defenders? This talk will analyze the current state of DNS monitoring, and provide actionable steps for detecting malice on your network via DNS.

Speakers
avatar for Eric Conrad

Eric Conrad

CTO, Backshore Communications
SANS Faculty Fellow Eric Conrad is the lead author of SANS MGT414: SANS Training Program for CISSP® Certification, and coauthor of both SANS SEC511: Continuous Monitoring and Security Operations and SANS SEC542: Web App Penetration Testing and Ethical Hacking. He is also the lead... Read More →


Tuesday April 28, 2020 TBA

TBA

Virtual Private Network Hacks Against Main Stream Firewall Technologies: Not as Secure as Everyone Expects
When Cyemptive detected hackers breaking into their VPNs, it was a very disturbing scenario to realize we were experiencing one of the most advanced back doors hacks which would apply to practically all corporate networks.  

Most companies leverage VPN technology to securely join multiple office locations or enable remote users to connect into corporate offices, not realizing the risks they have now enabled against their own corporate network. Cyemptive Technologies warned the Department of Homeland Security (DHS) of VPN security hacks taking place against VPN technologies, based on attempted attacks it was seeing among its customers. As a result of the information provided by Cyemptive, DHS initiated their own research, culminating in the announcement by DHS that there are specific vulnerabilities with VPN technology and publication of an article based on that information from Cyemptive.

Although the market has responded quickly to the DHS announcement and has patched the VPNs, many more security issues relating to VPNs continue to arise that organizations should be aware of.

The purpose of the presentation is to outline the risks and solutions associated with one of the most advanced back door hacks existing in the world today, impacting practically all existing corporate networks.


Speakers
avatar for Rob Pike

Rob Pike

Founder and CEO, Cyemptive Technologies
As founder and CEO of Cyemptive Technologies, Rob Pike brings a wealth of experience in creating new technologies and bringing them to market for companies both large and small. Pike founded Cyemptive in 2014, with the vision of ushering in a new era of cybersecurity. Working in... Read More →


Tuesday April 28, 2020 TBA

TBA

“Gold Nuggeting”: Machine Learning, Intuition and Cybersecurity
Intuition, acquired through years of experience, is what sets experts apart from novices. Intuition is the ability to look at a large amount of information, quickly spot interesting items, and dismiss the rest. In the case of security assessments, security professionals typically face hundreds - or even thousands - of Web assets early in an engagement. Their ability to focus on priority targets can save dozens of valuable hours. Yet only the most experienced security analyst can do this confidently and effectively: those with intuition developed over years of accumulated experience. Using real world examples and open source tools, this talk demonstrates how to use effective and modern machine learning methods to sift through mountains of simple security assessment data to very quickly narrow down the scope to interesting, valuable and sometimes odd targets: the gold nuggets. In short, a substitution of machine learning for the much scarce expert human intuition!

Batea, an open source, outstanding asset detection tool using unsupervised machine learning techniques is presented. Attendees will gain an intuitive understanding of how Batea works, and how to use it for actionable, day-to-day security and threat modelling improvements. All this without the need for advanced expertise and expensive tools.

Speakers
avatar for Serge-Olivier Paquette

Serge-Olivier Paquette

Lead Researcher, Delve Labs
Serge-Olivier Paquette is Lead Researcher in Artificial Intelligence and Cybersecurity at Delve. His research focuses on the ability to infer, through machine learning, the context of security events from incomplete information. He also serves as Executive VP for Northsec, a non-profit... Read More →


Tuesday April 28, 2020 TBA

08:00 ADT

Registration
Tuesday April 28, 2020 08:00 - 09:00 ADT
AtlSecCon

09:30 ADT

Opening Keynote - Day 1 - David Kennedy
Speakers
avatar for David Kennedy

David Kennedy

Founder, DerbyCom
David is a subject matter expert in cybersecurity with over 19 years of experience, whose career has ranged from a Chief Security Officer for a Fortune 1000 company, to testifying in front of Congress, and guest appearances on hundreds of national news and syndicated TV shows. With... Read More →


Tuesday April 28, 2020 09:30 - 10:45 ADT
Track 1 Ballroom

10:45 ADT

Networking Break
Tuesday April 28, 2020 10:45 - 11:00 ADT
AtlSecCon

11:45 ADT

Lunch
Tuesday April 28, 2020 11:45 - 13:00 ADT
AtlSecCon

13:45 ADT

Networking Break
Tuesday April 28, 2020 13:45 - 14:00 ADT
AtlSecCon

14:45 ADT

Networking Break
Tuesday April 28, 2020 14:45 - 15:00 ADT
AtlSecCon

15:45 ADT

Networking Break
Tuesday April 28, 2020 15:45 - 16:00 ADT
AtlSecCon

16:00 ADT

Closing Keynote - Day 1 - Eric Conrad
Speakers
avatar for Eric Conrad

Eric Conrad

CTO, Backshore Communications
SANS Faculty Fellow Eric Conrad is the lead author of SANS MGT414: SANS Training Program for CISSP® Certification, and coauthor of both SANS SEC511: Continuous Monitoring and Security Operations and SANS SEC542: Web App Penetration Testing and Ethical Hacking. He is also the lead... Read More →


Tuesday April 28, 2020 16:00 - 17:00 ADT
Track 1 Ballroom

17:00 ADT

Social Networking Event
Tuesday April 28, 2020 17:00 - 19:00 ADT
AtlSecCon

19:00 ADT

Speakers Dinner
Dinner ticket must be purchased in advance.

Speakers must bring their AtlSecCon badge.

Dinner starts at 7:00. Please take your seat(s) by 6:45. 

Tuesday April 28, 2020 19:00 - 22:00 ADT
AtlSecCon
 
Wednesday, April 29
 

08:00 ADT

Registration
Wednesday April 29, 2020 08:00 - 09:00 ADT
AtlSecCon

10:00 ADT

Networking Break
Wednesday April 29, 2020 10:00 - 10:15 ADT
AtlSecCon

11:00 ADT

Networking Break
Wednesday April 29, 2020 11:00 - 11:15 ADT
AtlSecCon

12:00 ADT

Lunch
Wednesday April 29, 2020 12:00 - 13:00 ADT
AtlSecCon

13:45 ADT

Networking Break
Wednesday April 29, 2020 13:45 - 14:00 ADT
AtlSecCon

14:45 ADT

Networking Break
Wednesday April 29, 2020 14:45 - 15:00 ADT
AtlSecCon

15:45 ADT

Networking Break
Wednesday April 29, 2020 15:45 - 16:00 ADT
AtlSecCon
 

Twitter Feed