Paul Davis As everyone is discovering, no single solution or security model that can defend against all attacks. The attackers are still getting in. How do you know how well you’re doing in terms of maturity? This presentation applies a model based on a white paper titled “The Role of Community Resilience in Advancing
Bobby Kuzma Join the presenter as he recounts the process of reverse engineering a common access control system to hunt for vulnerabilities both on the hardware itself, the communications protocol, and the client software. He’ll go into the methodology, both hardware and software, the techniques, and the design of the device and its
Malcolm Townsend Personal Information Leaks on the Internet unfortunately remain headline news. What can be done ? Recent cases dealt with by the Office of the Privacy Commissioner of Canada, including the Ashley Madison breach, will be discussed and hopefully shed some light on preventative steps organisations can take.
Chris Eng You’ve heard it all before: “The security industry has failed.” “Developers just don’t care.” “They deserved to be breached.” These and many other overused themes are promulgated by security practitioners at conferences, in social media, and worst of all, in their day jobs.
Sergei Frankoff & Sean Wilson Whether you are in the enterprise using malware triage as a gate to your incident response process, or a researcher using triage as a way to identify interesting malware samples, building and maintaining robust Indicators of Compromise (IOCs) will be an integral part of your triage process. Traditionally IOCs
Scott Wright As a result of the steady increase in spear-phishing attacks aimed at compromising corporate networks, many businesses are starting to run employee phishing assessment initiatives. Automated measurement of employee responses to simulated phishing attacks can help organizations in determining their team’s level of
Dave Lewis The 19th century German philosopher Friedrich Nietzsche gave us his doctrine of the “eternal return”. This was the concept that everything in the universe is recurring and will continue to do so in perpetuity. But, what if we could step off that return? While Nietzsche was dealing with the meaning of existence,
Richard Johnson Fuzzflow is a distributed fuzzing management framework from Cisco Talos that offers virtual machine management, fuzzing job configuration, pluggable mutation engines, pre/post mutation scripting, and crash collection, and pluggable crash analysis. We have recently ported the code from crusty 90s era DHTML to a modern web
Randy Purse We can patch operating systems and software, segregate networks, and implement security policies. However, various cyber threat and intelligence reports indicate that approximately 95% of all cyber incidents investigated had human error as a contributing factor. From taking short-cuts in system design or software development to
Greg Hills Hacking is cheap, easy, and difficult to prevent. Every day new vulnerabilities are found, new exploits are developed, malware is created. Trying to keep up is like plugging holes on a sinking ship. Taking a holistic view of security, however, can help us build-in cyber security from the start of a project. Join