Kelly Lum Java isn’t the only managed language with bugs. This talk will cover the current state of .NET reverse engineering and exploitation, including practical examples of both application-level and framework vulnerabilities. We’ll cover the various strengths and weaknesses of .NET security features, including
AbdulAziz Hariri Over the last couple of years we’ve seen a rise of use-after-free zero day vulnerabilities being exploited in Microsoft Internet Explorer. Internet Explorer has a rich attack surface that allows attackers to maximize their return-on-investment. This talk focuses on the exploitation techniques that have been used in the past by
Eric Jacksch As the popularity of VoIP continues to increase, individuals and businesses continue to suffer financial losses. Popular VoIP servers provide minimal security features and many compromises go completely undetected until fraud occurs. Using data from custom tools and live PBXs, this session will examine real-world attacks on
Scott Wright In the reconnaissance phase of an attack, the attackers will use tools to gather information about a target organization. We often worry about what architectural vulnerabilities they can discover with scanning tools. But Open Source Intelligence (OSINT) is just as valuable to attackers, since it can be used to launch successful
Justin Seitz With the widespread adoption of social media, in particular Twitter, by extremists around the globe there is increasing interest in how to identify and monitor them. Traditional approaches include keyword monitoring, text analytics or sentiment analysis, but in many cases these techniques are really only useful once the target
Adam Allred and Paul Royal The detection of virtualized malware analysis environments has become increasingly popular and commoditized. Sophisticated virtualization detection techniques are now available to any novice cyber criminal. As a result, multiple analysis environments have been crafted that attempt to address
François Marinier As an IT security analyst, I have spent most of the past two years applying key processes and activities of ITSG-33 to real-life IT projects. From new infrastructure services to mission-critical business applications to changes to existing information systems, I had many opportunities to put ITSG-33 guidance to the test and
Paul Davis Many CISOs/CSO and Directors of Security Operations are facing the challenge of increased expectations, misplaced assumptions of responsibility and limited resources to deliver success. This leads to increased frustration within the security teams who are striving to protect their organizations. The
John Weigelt While security guidelines, frameworks, certifications, evaluations and other documentation often provides comprehensive direction of safeguards and controls, getting the guidance implemented by organizations at a national scale is difficult. Despite the availability of security guidance since the 80s, even large technology
Ben Fung The retail payment landscape in Canada and elsewhere is changing rapidly as new technology and new business models are changing the way people pay for their purchases. In particular, people are substituting from cheques and cash to electronic means of payment as well as e-money and even cryptocurrencies. This presentation will discuss