Call For Papers: The Call for Papers is now closed!
Call For Sponsors: The Call for Sponsors is closed!
If you can’t attend BSides John’s 2017 in person, we’re pleased to offer a remote attendance option (registration at the “Register Now” link above), thanks to our platinum sponsor, Cisco!
We’re hosting an evening/night social event again this year, featuring GoSecure’s Capture The Flag event!
Even though our last talk finishes up around 6PM, BSides St. John’s 2017 is far from over. During the evening and night of September 21 (6PM – Midnight), we will be hosting a social event and Capture the Flag! Whether you wish to participate in the Capture the Flag event or not, we encourage everyone to stick around after the last talk to chat, network, and enjoy some food and drinks compliments of our platinum sponsor, Cisco!
GoSecure’s Capture the Flag event consists of nine challenges, with difficulties ranging from beginner to advanced, designed around infiltrating a fictional financial organization through a web portal. Individuals and teams will compete by finding and submitting flags from each completed challenge to obtain points. Along with some great prizes, GoSecure’s Capture the Flag event is a fantastic opportunity to learn about network security and hone your hacker skills. The Capture the Flag event is open to teams of up to 2 people.
Random Prize Draws (must be present to win)
– 1 x Tile Mate & Slim Combo Pack
– 2 x Utopia 360 Virtual Reality 3D Headset with Bluetooth Controller
– 2 x $100 Amazon Gift Card
– 2 x Seagate Expansion 4TB USB 3.0 Portable Drive
Grand Prize (must be present to win)
– Samsung Galaxy S2 32GB Tablet
Capture the Flag – Round 1 (awarded to each team member)
1st Place Prize
– Retro Pi (Raspberry Pi 3 Complete Starter Kit + NES case for Raspberry Pi 3 + SNES Retro USB Super Nintendo Controller)
2nd Place Prize
– Seagate Expansion 4TB USB 3.0 Portable Drive
3rd Place Prize
– $50 Amazon Card
Capture the Flag – Round 2 (awarded to each team member)
1st Place Prize
– ASUS Chromebook C202
2nd Place Prize
– Raspberry Pi 3 Complete Starter Kit
3rd Place Prize
– $50 Amazon Card
What is BSides?
BSides is an open platform that gives security experts and industry professionals the opportunity to share ideas, insights, and develop longstanding relationships with others in the community. It is a rare opportunity to directly connect and create trusted relationships with key members of the community.
This will be the seventh BSides conference held in St. John’s.
Where is St. John’s?
St. John’s is located along on the East Coast of Canada, on the northeast of the Avalon Peninsula in southeast Newfoundland. It is the most easterly city in North America.
Name: Jonathan Anderson
Title: Transparent Computing
Advanced Persistent Threats (APTs) are skilled adversaries of great concern to governments and industry alike. This talk will describe what APTs are, why today’s computer security response teams are ill-equipped to handle them and how current research in data provenance is addressing the problem. In particular, the Causal, Adaptive, Distributed Efficient Tracing System (CADETS) is advancing the state of the art in systemic software behaviour tracing, from compiler-assisted in-process reduction through system-wide and network-wide provenance analysis tools. This work, funded by the DARPA Transparent Computing (TC) program, includes both local research and international collaborations and is working towards a future in which APTs are denied the space to operate without detection.
Name: Alex Argeris
Title: How to fight SSL traffic without decrypting it
Decrypting SSL and TLS traffic can be very challenging as it requires deploying a trusted certificate on all devices (servers, laptop, mobile and desktop); this is can’t always be done easily. In addition, some browsers, applications or mobile applications will not work when breaking a SSL/TLS session. Furthermore, decrypting SSL/TLS can impact the performance of a security appliance. Let’s look at technical solution to help reduce a threat of a malicous SSL/TLS communication.
Name: Travis Barlow
Title: Say “Threat Landscape” one more time…
A comical yet somewhat serious review of the last year in the InfoSec industry, findings and observations from the Threat Hunt team, with a sprinkle of common sense perspective.
Name: Algis Kibirkstis
Title: Compliance vs Information Security, why can’t we be friends?
Cyberthreats, malicious insiders, privacy laws, regulatory pressures, contractual obligations. marketplace expectations, and potential threats of legal action. All of these have motivated organizations to continuously improve network, system, data and overall information security. But as security controls get implemented, as security requirements get approved, and as security policies get enforced, checklist scores often garner more interest from upper management than architectural assessments. And many InfoSec professionals feel that today’s focus on audit and compliance is trivializing and systematically eroding their organizational information security posture. This talk presents this evolving landscape, and proposes ways to translate audit findings into meaningful and effective security-related improvements.
Name: Dean Parsons
Title: ICS Incident Response – A Practical Approach
For participants interested in ICS (Industrial Control System), and ICS installations newly taking-on security, Mr. Parsons will outline the nuances of cybersecurity in an ICS environment, where physical safety and the reliability of operations is paramount. Dean will define ICS by illustrating our reliance on them as part of our modern lifestyle before briefing the audience on emerging ICS cyber threats. The talk concludes with highlighting practical defense and incident response techniques for ICS.
Name: Jared Perry
Title: The Five Stages of Security Grief in a DevOps-Driven world
First you deny that you can securely release multiple times a day. Next you lash out in anger when you find secrets stored in a repo. You then try to bargain with your teams over the number of micro services being created. You start to realize it is all hopeless when you find public S3 buckets with client data. Finally you accept that devops is here to stay. This talk will look at how security teams can tackle new challenges and take advantage of a DevOps-driven world using new techniques, tools and processes.
Name: Peter Rawsthorne
Title: Security and Software Engineering; A Shotgun Wedding
Traditionally security has been an afterthought for software engineering. Security becomes important only as the deadline for software going into the production environment approaches. And in many situations only makes it into production due to an executive owning the risk and making it happen. It doesn’t have to be this way, and many practices can be put in place to ensure security isn’t an afterthought and the software solution follows the organizations security policies.
Name: Scott Stevenson
Title: Securing Smart Contracts: Lessons Learned from $100M in Blockchain Heists
Smart contracts are programs that define, execute and enforce the terms of a contract. They fully control financial assets based on computed logic and inputs. Most importantly, the actions of smart contracts are unstoppable and irreversible. This makes smart contracts holding high value assets extremely attractive targets for attackers.
In 2016, a security vulnerability in a decentralized company’s core financial contract enabled the siphoning of $70M in digital assets. This year, another critical security flaw enabled the draining of thousands of digital wallets.
As the world inevitably begins to encode financial and legal agreements directly in software, how can we ensure that the assets they control are protected? This talk will summarize a few of the lessons we’ve learned so far.
Name: Mandy Woodland
Title: Designing for trust
Using examples from case law, we’ll talk about privacy and security by design and it’s importance for business strategy – with updates on anti-spam, biometric IDs, Internet of Things, AI and automated law suits.