Видео

IBM’s data security mission is centred on helping organizations safeguard their most critical asset: data. By focusing on data security posture management, data governance, and data detection and response, IBM enables businesses to navigate today’s complex cybersecurity landscape. At the heart of this mission is IBM’s Guardium suite, a leading data security platform designed to protect sensitiv...

Today’s workplace presents a very demanding environment, in which we are routinely asked to do more with less. This often means more hours worked, more stress, less time for relaxation and unfortunately that is a recipe for burnout. Believe it or not, this pattern can be avoided! By leaning into our natural strengths, we can be more efficient and resilient. So let’s talk about what burnout is, ...

Ever since ChatGPT burst onto the scene, LLMs and generative AI have been all anyone can talk about. Today, more companies are putting generative AI into their products, regardless of whether or not it makes sense to do so. After which, your poor cybersecurity teams are left with the responsibility of both testing and defending this new technology without the training or experience in how to do...

Is your software secure? Every single day companies ship new code, features, and products that people entrust their data with. Yet so many of those applications remain live for years without ever being professionally tested by penetration testers. As hackers, it's our job to uncover these flaws. Learn about some of the real-world (anonymized) vulnerabilities we've seen, how we exploited them, a...

In this short talk, I'll tell a story about how a small ISP (MTS) found a massive exploit in a residential gateway already in use by Verizon. I'll also provide some tips on how you might find similar exploits. Bio: "Adam is a senior embedded developer with 20 years of experience with microcontrollers. He has a passion for writing testable, re-usable, safe, and secure code. He's been obsessed wi...

First we will look at how OAuth 2.0 works as a protocol, and its uses in protecting APIs. Then we will see how OIDC is built on top of OAuth 2.0 to provide federated authentication. Finally we will look at Verifiable Credentials, also known as Self Sovereign Identity. This is the standard driving digital wallets. We will see how it operates, and some of the challenges behind trust in such a sys...

The number of cool devices with Bluetooth in them is insane: usb current meters, batteries, charge controllers, LED lights, sous vide devices, and other things. But they all need the weirdest apps that you download from MediaFire, are never in your own language, require every permission under the sun to run, require an account to use for some reason, and drain your battery because they're proba...

Zeroconf is a set of protocols and standards meant to create a sort of "plug n play" experience for networked devices and network services. This can be achieved through a combination of many different protocols, though primarily three. Namely, mDNS (RFC6762), DNS-SD (RFC6763), and Link-Local Addressing (RFC3927) make up the bulk of Zeroconf implementations. In this talk, we'll have fun together...

In an era where cyber threats are becoming increasingly sophisticated, proactive threat hunting has emerged as a critical strategy for organizations seeking to stay ahead of adversaries. Let's explore some of the methodologies and practices essential for effective cyber threat hunting and identifying and mitigating potential threats before they can cause harm. The session will emphasize the imp...

Far too often, security policies deal with networking incorrectly, inefficiently, expensively, and even hazardously due to a lack of either knowledge or understanding. No-one can fix all of that in one talk, but I CAN provide a baseline of how it's supposed to work, cover common ways things can be broken, and where to apply Hanlon's Razor. Bio: "Engineering drop-out, Programmer, LAN Admin, DBA,...

High quality, actionable, alerting is a dream for many incident response teams. Who doesn’t love wading through noisy events, false positive alerts, or being paged on Friday night because Bob hand-bombed a change in production? By building enrichment into your detection and alert pipelines, you too can just shake your fist at Bob and worry about it later. Bio: "Paul leads Security Operations wi...

This talk goes over using OpenBSD as the basis for a highly available globally distributed public anycast network. This talk is meant as an introduction to the subject of an anycasted network, and goes over some of the benefits of using OpenBSD. Bio: "Rob lives on a forested property outside of Winnipeg MB Canada with his wife, his dog, and many musical instruments. He has a background in compu...

How nations are using AI to conduct large-scale manipulation

It doesn’t matter how advanced your shellcode loader is, if you don’t protect your shellcode from prying AV & EDR sensors, you’re going to have a bad time. From simple encryption schemes like the Caesar cipher to more complex schemes like AES, reversing arrays, steganography, encoding shellcode as other data types, and other techniques, this talk will cover a variety of ways to hide shellcode i...

Mat - LOWC2 - Living Off the Web C2

Matir - Badgelife Creator 101: Making Your First Electronic Badge

Oleksiy Vasylyuk - Unlocking a Secure Future via Test-Driven Delivery

Jared Bater - Adventures in Agricultural IoT

Richard Frovarp - How SSO Works

Paul Harrison - Transparency in Security

GlitchWitch - SaaS Security Basics on a Shoestring Budget

Mike Saunders - Roll for Stealth: Intro to AV & EDR Evasion

Travis Friesen - Logging: you're not doing it enough

Raph - SYSMON ATT&CK to feed your SIEM

William Franzin - Reverse-Engineering & Re-Purposing Smart Devices

Mike Himbeault - The Ancestry of Kubernetes

Rob Keizer - pledge, and why you should use it

Mark Jenkins - The Security Implications of Ansible Scared Me

Sarah LaCroix - Do I Need To Be Worrying About Security Updates For My Car????