Ben Fung The retail payment landscape in Canada and elsewhere is changing rapidly as new technology and new business models are changing the way people pay for their purchases. In particular, people are substituting from cheques and cash to electronic means of payment as well as e-money and even cryptocurrencies. This presentation will discuss
Erin Kelly There has been a lot of conversation in Canada about how to protect privacy rights in an era of big data. Marketing companies, loyalty card providers and individual businesses are collecting personal information about their clients every day, and sometimes selling that information to third parties. Erin Kelly explores the
Scott Donnelly WEBINT analysis can identify the targeting trends and methodologies of both cyber state actors and hacktivists. Recent Recorded Future analysis identified multiple instances where hacktivist operations have opened the door for state directed attacks. This presentation will discuss how APTs can leverage exposed
Kristen Hill As Information Security professionals, communications often take a back seat when our priorities range from keeping the lights on to delivering cutting-edge security technologies to protect our businesses. Not only is communicating with the non-technical something that many in Information Security and IT in general cringe at the
Nelson Ko and Sherif Koussa Recent zero-days in popular open-source software have led to a lot of controversy, an old debate fueled by the Heartbleed bug. The old question was: Is open-source software really more secure than closed-source? However, with open-source adoption rates on the rise in the enterprise especially in the Government
Ryan Kazanciyan and Matt Hastings Over the past two years, we’ve seen targeted attackers increasingly make use of PowerShell to conduct command-and-control in compromised Windows environments. If your organization is running Windows 7 or Server 2008 R2, you’ve got PowerShell 2.0 installed (and on Server 2012, remoting is enabled by
John Pavelich Malicious cyber activities are growing both in number and in complexity.Many advanced cyber attacks exist and the current trend is one of attackers exploiting ‘low hanging fruit’ cyber vulnerabilities of organizations since many are struggling to effectively implement comprehensive safeguards for their wired cyber
Russ Gideon Penetration testing came about because of real world attacks. The industry quickly realized that we need to behave like the attackers to learn how to defend against them, and thus the penetration testing industry was born. Back then if an exploit was found it was released in raw format, possibly/probably perfected by
Kelly Lum Java isn’t the only managed language with bugs. This talk will cover the current state of .NET reverse engineering and exploitation, including practical examples of both application-level and framework vulnerabilities. We’ll cover the various strengths and weaknesses of .NET security features, including
AbdulAziz Hariri Over the last couple of years we’ve seen a rise of use-after-free zero day vulnerabilities being exploited in Microsoft Internet Explorer. Internet Explorer has a rich attack surface that allows attackers to maximize their return-on-investment. This talk focuses on the exploitation techniques that have been used in the past by