Alex Illiadis MedSec The focus of this presentation is on the security of medical devices. Anything from enterprise hospital equipment to embedded gadgets that are available for patients. We will walk through all the layers of security starting from the hardware, firmware and RF. This talk is a story of our experiences and struggles
Ryan Kazanciyan Tanium Amidst all of the furor and noise about NSA exploits and failed patching efforts, this year’s NotPetya ransomware campaign also revived awareness of a potent and often underestimated means of compromise: software supply chain attacks. In truth, you don’t need to look far to find a surprising number of similar incidents
John O’ Connor and Mark Hearn Organizations today rely on connectivity. However, while organizations recognize the importance of this connectivity to meet consumer demand and maintain a competitive edge, today’s connected world also assists in how malware, ransomware and other threats spread. As connected devices proliferate, this
Mayra Rosario Fuentes Trend Micro The healthcare sector has been the industry with the highest number of data breaches, followed by the government and retail sectors. Hackers can invade hospital networks through insecure medical equipment in the ER and patient treatment rooms by gaining the same level of access as a member of hospital
Robert Sell Robert discusses his third place experience at the Defcon 2017 SE CTF and how his efforts clearly show how easy it is to get sensitive information from any organization. The 2017 Verizon report clearly shows the dramatic growth rate of social engineering attacks and Robert demonstrates how he collected hundreds of data
Kevin Stear RSA The concept of capitalism thrives on the open market forces of supply and demand, and these same forces are driving the evolution of today’s Crimeware microcosm, where a close-knit ecosystem of independent actors offers goods and services based on demand from ongoing malicious campaigns. In this discussion, RSA FirstWatch will
John O’Brien and Steve Garon Abstract The Communications Security Establishment (CSE), Canada’s national cryptologic agency and a leading expert in cyber security, believes in fostering collaboration and innovation. For the first time ever, CSE is releasing one of its own tools to the public as an open source platform. Developed
Olivier Bilodeau Permeating the entire spectrum of computing devices, malware can be found anywhere code is executed. Embedded devices, of which many are a part of the Internet of Things (IoT), are no exception. With their proliferation, a new strain of malware and tactics have emerged. This presentation will discuss our lessons learned from
Yvette d’Entremont SciBabe Can you spot fake news when it pops up in your Twitter feed? Are you sure? Even the most ardent skeptics and trained scientists can have trouble separating landmark discoveries from hyperbolic writing or dry satire when reported in popular media. The new media landscape of sponsored content and fake news
Shannon Sabens For more than ten years, the Zero Day Initiative (ZDI) has been investing in security research by providing sustaining incoming to the security research community by purchasing quality vulnerability reports. That said, the ZDI collection of vulnerability research and exploits is a curated collection. While ZDI does not accept