Registration\Networking – Coffee and Muffins Served
Opening Remarks
Name: Zach Mullaly
Talk: Censorship? No thank you!
Name: Robert Masse
Talk: Hunting Down Enemy Nation States Within Your Organization
Name: Dave Lane (Lightning Talk)
Talk: Municipal e-Voting – Could it be a Thing in St. John’s?
Name: Scott Stevenson (Lightning Talk)
Talk: Listen Carefully: Acoustic Keylogging Techniques
Name: Dale O’Grady
Talk: Stop Cyber Attacks in Real Time: Modern Defense in Depth
Lunch/Networking
Name: Kevin Burgess
Talk: Security in a Virtually Cloudy World
Name: Alexandre Argeris
Talk: Honeypot for Fun
Networking Break
Name: Jared Perry
Talk: How File Uploads Can Go Horribly Wrong
Name: Gus Burneau
Talk: Battling against the Threat Landscape
Grand Prize Giveaway and Networking
Name: Robert Masse, Deloitte
Title: Hunting Down Enemy Nation States Within Your Organization
Abstract:For the last 10 years, we have seen major growth of attacks from Advanced Persistent Threats. In our experience, the majority of these groups are well funded government agencies & organized crime syndicates who have been wreaking havoc across important institutions around the world. As FBI director James Comey said in 2014, “there are two big types of companies in the US – those who’ve been hacked by the Chinese and those who don’t know they have been hacked by the Chinese”.
Just two years ago, I wouldn’t have believed this myself.
With the recent uptick of attacks against organizations with massive databases containing personal information, more companies than ever are at risk from being compromised. This presentation will cover real-life experiences of several investigations we have done around the world and provide valuable lessons learned on how to detect and protect yourself from these advanced threat actors.
Name: Dave Lane, City of St. John’s
Title: Municipal E-Voting – Could it be a thing in St. John’s?
Abstract: Councillor Dave Lane has been exploring the possibility of St. John’s adopting e-voting for its municipal elections. There are proponents and opponents to the idea in many areas, and Dave will discuss what he’s learned to date.
Name: Scott Stevenson, NOCLAND
Title: Listen Carefully: Acoustic Keylogging Techniques
Abstract: Keylogging is the action of recording (or logging) the keys struck on a keyboard, typically with the purpose of snooping on sensitive information such as passwords and credit card numbers. Attackers have many keylogging tools at their disposal, from covert malware to hardware that is connected between a keyboard and a computer.
This talk will demonstrate a more rarely-considered vector for keylogging: Deciphering typed text by recording and processing the sound of keys being struck. One group of researchers demonstrated their ability to recover 96% of typed text from a 10 minute audio recording using machine learning and statistical analysis techniques – similar to those which will be demonstrated.
Name:Dale O’Grady, Vectra Networks
Title: Stop Cyber Attacks in Real Time: Modern Defense in Depth
Abstract: Over the past year, cyber attacks have gone from being a worst-case scenario for security teams to a real-world certainty. Yet for all the recent investment and focus on cyber security, attackers continue to succeed at stealing or destroying our most valued assets. In this discussion, we will analyze recent cyber attacks to see what they have in common, and propose new models of defense-in-depth that can apply generically to detecting today’s most sophisticated attacks.
This session will cover:
Name: Kevin Burgess, Fortinet
Title: Security in a Virtually Cloudy World
Abstract: This presentation will discuss:
Name: Alexandre Argeris, Cisco
Title: Honeypot for Fun
Abstract: What is a Honeypot ? This presentation will show you the different types of honeypot and deployment scenarios. You will also learn how to create, in a few clicks, one or more honeypots across the web using the cloud infrastructure providers for just a few dollars per year. Also the presentation will show you the different information you can gather from this type of solution.
Name: Jared Perry, Stratum Security
Title: How File Uploads Can Go Horribly Wrong
Abstract: File upload functionality is a common feature in web applications and is one that is often used by attackers to compromise an application or server. This talk will provide application security testers with a variety of techniques and examples to effectively test file uploads in an application. After showing how file uploads can go horribly wrong, recommendations will be provided to help application developers design useful functionality while effectively mitigating the risks associated with file uploads.
Name: Gus Bruneau, Dell SecureWorks
Title: Battling against the Threat Landscape
Abstract: Threat actors know midsize businesses are vulnerable to cyber-attacks. Board members and clients are concerned, and asking organizations to show them how they are securing, and validating the security of critical data. From spearfishing, to ransomware to Trojans, attacks against midsize organizations increase each year. Core information security technologies and practices need to be solidly in place to help detect and deflect attacks. Before you act you should have an understanding of the threat landscape and what’s at stake if threat actors get to your critical data and wreak havoc on your organization. During this session attendees will hear about: