Tactics and Evolution of an Advanced Threat Actor

Artturi Lehtiö The tools used by advanced threat actors – so-called “APT groups” – are common fodder for whitepapers from information security companies. But what about the tactics of these threat actors? How do they actually use their tools? How do they proceed from the initial compromise of a targeted

Read more

BurpKit – Using WebKit to Own the Web!

Nadeem Douba Today’s web apps are developed using a mashup of client- and server-side technologies. Everything from sophisticated Javascript libraries to third-party web services are thrown into the mix. Over the years, we’ve been asked to test these web apps with security tools that haven’t evolved at the same pace. A common

Read more

DevOps for the Home

Kellman Meghu This is the story of one man’s personal trip to the cloud (and back) as he rebuilds his home network in a devops model, supported by virtual private cloud service. This presentation takes a micro look at cloud services, and the benefits and risks that come along with it for the average home 

Read more

Data Loss Prevention: Reversing + Exploitation

Zach Lanier and Kelly Lum Despite a plethora of data security and protection standards and certifications, companies and their systems are still leaking information like a sieve. Data Loss Prevention (DLP) solutions have often been touted as the “silver bullet” that will keep corporations from becoming the next headline. With

Read more

Cloud Computing – Risks and Reality

Sandra Liepkalns Tight budgets and few staff cause many IT teams to be lured by the promises of low cost services and less to support. With the proliferation of services with 24/7 support and the ability to decrease your data centre footprint and power draw who wouldn’t feel the business case is there? Is your 

Read more

APT Threat to Canadian Businesses

Eric Lauzier APT: Advanced Persistent Threats (APTs) actors, once solely engaged in intelligence gathering activities against government institutions for strategic purposes, are now targeting legitimate businesses to gather sensitive information for financial, intellectual, reputational and intelligence objectives. These same state-sponsored

Read more

A Data-Centric Approach to Security

Sol Cates As we make our way into 2016, data security on a federal level will continue to be a concern. Government must be up to the task to amplify efforts to protect our nation’s data from both insider threats and nation-state attacks. For too long the focus has been on defending network boundaries and 

Read more