From Zero to Full Domain Admin: The Real-World Story of a Ransomware Attack
Following in the footsteps of a cyber-criminal and uncovering their digital footprint. This is a journey inside the mind of an ethical hacker’s response to a ransomware incident that brought a business to a full stop, and discovering the evidence left behind to uncover their attack path and the techniques used. In this session I will cover a real-world incident response to the CryLock ransomware showing the techniques used by the attackers. The footprints left behind and uncovering the techniques used.
Joe Carson, Chief Security Scientist & Advisory CISO at Delinea, who will take you through the mind of a hacker and follow the footsteps that led to a damaging Crylock ransomware attack. Joe will look at tools and techniques cyber criminals use to hack endpoints, such as the WannaCry vulnerability, RDP Brute Force, Mimikatz, and Responder, and the paths they can take toward your enterprise infrastructure and data. Joe will walk through the attack, step-by-step, showing:
● How attackers gained access to the system
● Established staging
● What tools were used
● What commands were executed
● How the ransomware was delivered
● How AD elevation was achieved
Joe will then cover some of the needed incident response steps, utilizing the same use case but from the viewpoint of defender, including:
● Detection, what triggered alert
● Finding what Cryptor was used
● Cleaning up systems
● Finding patient zero
Responsable scientifique de la sécurité et conseiller CISO chez Delinea
* À l’aube du Metavers: L’admissibilité de la preuve issue des médias sociaux
Comme plusieurs d’entre nous passent une partie importante de leur vie sur les réseaux sociaux, ces outils constituent une manne potentielle d’éléments de preuve en cas de poursuite, tant en matière civile que pénale. Or, s’il peut être tentant de consulter le profil Facebook ou le compte Instagram d’un tiers dans le cadre d’une enquête, les tribunaux ont, au fil des ans, établi certaines balises quant aux méthodes pouvant être employées pour ce faire. En effet, selon les caractéristiques du profil, les modes d’accès, de collecte et de mise en preuve de contenus autorisés par les tribunaux pourront différer. La présentation fera ainsi état des enseignements pouvant être tirés de la jurisprudence canadienne quant à l’admissibilité en preuve de contenus issus des médias sociaux afin de mieux vous guider dans le cadre de vos enquêtes. * Presented in French Only
Directeur du Centre de recherche en droit public, directeur adjoint du Laboratoire de Cyberjustice et professeur à la Faculté de droit de l'Université de Montréal.
* Comment Prévenir des Attaques de Type Ransomware Avec Une Bonne Gestion de Vulnérabilités
Voyez comment Contileak a permis de mieux comprendre le modus Operandi des groupes criminels tel que Conti.
Les fuites de conversations internes entre les membres du groupe Conti offrent un aperçu unique de ses méthodes de travail internes et fournissent des informations précieuses, notamment des détails sur plus de 30 vulnérabilités utilisées par le groupe et ses affiliés, ainsi que des détails sur ses processus après avoir infiltré un réseau, comme la façon dont il cible Active Directory.
* Presented in French Only
Ingénieur commercial senior chez Tenable
Analysis of password creation strategies: Where do GoSecure’s clients stand?
Using authentication to secure data and accounts has grown to be a natural part of using computers. Even if several authentication methods are in existence, using passwords remains the most common type of authentication. People usually have a multitude of different passwords and when they create their passwords, they often use a strategy to make the password easy to remember (Pfleeger, et al., 2015; Stobert & Biddle, 2014; Ur, et al., 2015). This study aims to outlines password creation strategies according to their performance – good versus bad password. Password creation strategy refers to active approaches that can be used by a password creator to create memorable passwords (Zviran & Haga, 1990; Ur, et al., 2015). Using databases with actual passwords that have been leaked to the internet, a comparison is done with the list of passwords of GoSecure clients that have been obtain through cybersecurity tests. Both were compared to observe the differences and the analysis helps reveal different types of passwords strategies and the similarity between actors. Results show that GoSecure clients offers a better performance in term of password strategies. Those results can be used to deepen the understanding of password types and password behavior and to understand better the networks of internet users.
Chercheuse en cybersécurité chez GoSecure
API Secrets are weak proxies for Machine Identity
Today most API communication between machines is secured through API Secrets – static keys, tokens or PKI certificates that act like system passwords in order to authenticate machines and broker communication between machines. These machines could be cloud workloads, pods, containers, servers, VMs, microservices, and of course physical machines like servers or IoT devices. Perfect security hygiene would mean each API secret is uniquely assigned to only one machine, never shared, and routinely rotated, AND securely distributed through development and deployment systems to the machine that needs it without worry of being leaked along the way.
The reality is API secrets are often shared across dozens or hundreds of machines and workloads. They are rarely if ever rotated, and secrets distribution and management across different applications and environments is a very arduous task. More recently, the static nature of API secrets has made them ripe targets for adversaries. Secrets are getting leaked in code repositories, CI systems like Jenkins or Travis, orchestration tools like Kubernetes, cloud hosting environments like AWS, GCP and Azure, as well as logging tools like Splunk and Elastic, even collaboration environments like Slack.
In this presentation, Corsha’s Co-founder and CTO Anusha Iyer will walk through why the API secrets are often easy prey for bad actors and weak proxies for machine identity and how to better secure API communication between machines.
Directeur technique et cofondateur de Corsha
Bill 64 is modernizing Québec privacy law – What it involves, why it matters, and what you can do to reduce the risk of non-compliance financial and administrative penalties
The stringent new privacy regulations introduced in Bill 64 will require significant changes for organizations operating in Québec or engaging with Québec residents. Policies and procedure will only take you so far to avoid the serious consequences of non-compliance.
DataStealth is a proven solution that helps organizations discover, classify, and protect sensitive data governed by Bill 64, including obligations regarding data residency and the right to be forgotten. Meet the challenge of compliance head on, without the need for any code changes, API integrations, agent installations, or other changes to your applications or IT environment.
Join us to learn about a simple way to take Bill 64 compliance from paper to an actionable plan that will improve your security and mitigate your risk.
CEO chez Datex
Change Your Perspective: View Your Network Like a Hacker
We all spend a lot of time and a lot of money trying to manage risk, while deploying new IOT devices with little more than wishful optimism. We buy firewalls and NDR and EDR and maybe even XDR, and we buy a SIEM to pull all the logs together into one place we can’t keep up with. We run Vulnerability Assessments and get thousand-page reports on things we probably don’t have time to fix. We pay penetration testing companies a small fortune to find the holes in our network we really thought we’d closed. We hire as many SecOps staff and security analysts as we can afford, and we try to keep them long enough to get something done before they move on. Then we sit back and look at the logs of all the stuff we’re blocking, and we wonder…
● How are those connected devices expanding my attack surface?
● What are we missing?
● What aren’t we seeing?
● Hackers can be in the network for weeks or months without detection – are they here now?
● All these headline breaches – they all deployed similar security technology and staff. If they got hacked, why won’t I?
● At the end of the day, am I safer than I was yesterday? Last month? Last year?
Well, now there’s a better way. What if you could see your network the way an attacker sees it? And what if you could do that every day, and find and prioritize every security gap in your network in real time? By thinking like a hacker and attacking your own devices and networks, you can put that power in your hands. Join us for this presentation and learn now.
Vice-président, Solutions de sécurité chez Keysight Technologies
Cybersecurity as a Business Opportunity – a Success Story Through Pain and Failure
Cybersecurity is often seen as a necessary evil or pain. Engaging into a cyber security program requires money, highly specialized workforce, technology and support from many stakeholders. The overall total cost just keeps growing and growing every year to reduce this critical risk. New security solutions and processes tend to slow down productivity and impact business velocity.
However, when seen under the lens of “opportunity”, it can also uncover new sources of income, improve marketing reach, enable stronger competitive advantage, enrich business culture and more. Great returns can be realized if approached with a different eye.
This talk aims at tackling the bright side of cyber security investment by exploring the good and the bad we experienced as an SMB. We hope that in the light of this talk, refreshing new discussions might fire up in your own organization and will, perhaps, result in fresh, new, innovative and “profitable” cyber security initiatives.
Chef de la sécurité chez Devolutions Inc.
Cybersecurity on a budget: Securing your code and infrastructure for free
In many organizations, securing a budget to fund cybersecurity is still a problem. Even now, executives are reluctant to fund cybersecurity, seeing it as an expense rather than an investment, despite the fact that cyber attacks increase by 50% year over year and while the media is plagued with reports of newly discovered vulnerabilities and new data breaches. Developers are struggling to ensure that the software that they produce is secure and vulnerability free. What if one of my software dependencies has a vulnerability that I’m unaware of? What if a mistake was made in my infrastructure as code and now I’m exposing a resource publicly on my cloud provider? What if someone has accidentally leaked a secret and a disgruntled employee decides to sell it to malicious actors?
This talk will explore solutions to these topics. More specifically, this talk will cover secret management, code vulnerability scanning, dependency scanning, infrastructure as code scanning and fuzzing from a prevention and developer’s point of view. The solutions proposed will use free (gratis) software and can easily be adapted to almost any developer’s workflow.
Étudiant en génie logiciel à l'École de Technologie Supérieure
Do We Need to Remediate Them All?
Do CVSS scores, news headlines, proprietary vendor ratings and intelligence feeds have you feeling analysis paralysis when it comes to vulnerability remediation? In this talk, we’ll look at the factors to take into consideration when weighing enterprise risk and we’ll talk about how to realize effective risk reduction with efficient remediation efforts.
Spécialiste des solutions techniques de sécurité
Ensuring Developer Intent Matches Reality
Developers have the control. They write the code, they write the infrastructure-as-code, they deploy it all continuously. Ensuring what’s running is supposed to be running can be difficult, but the cloud provides extreme transparency through APIs to see exactly what exists in your environment.
Responsable de la gestion des produits chez Trend Micro
Executive Security Amidst Professionalization of Cyber Criminal Underground
In this talk, ZeroFox will discuss several real-world use cases from the field to highlight the evolution of this criminal ecosystem, focusing on some of its most effective operators and the risks they pose to C-Suite executives. ZeroFox will also offer recommendations to best protect your “Very Attacked People” against various forms of malicious exploitation from the cybercriminal underground.
Cyber criminals have added additional complexity to executive security programs. These criminals are well funded, highly organized, and can pivot quickly within a dynamic ever-changing cyber threat landscape. Security teams no longer need only to have a competitive edge over their peers but are going toe-to-toe with cyber criminals who continuously innovate, cooperate, and adapt. “Very Attacked People,” like enterprise leadership and high-profile employees, are frequent targets of these criminal actors who aim to exfiltrate data, commit fraud, take over accounts, disseminate false information, or impersonate high-profile employees. By understanding common threat actor behavior and staying abreast of trends in the cybercriminal underground, organizations can develop a proactive response by anticipating threat actors’ next move, help educate the C-Suite, and improve their overall cyber safety posture.
Directeur principal, Opérations de renseignement tactique chez Zerofox
How Eating Your Own Dog Food Helps Secure the Planet
Dogfooding (a common term in software companies for internally using your own products before they launch) is an important part of Google’s culture, and its practice has driven the creation of advanced security technologies, in some cases years before the broader need for them outside of Google was fully understood. For us, dogfooding is more than using our own products. It represents a comprehensive program of using, testing, and rapidly refining the products in the rigorous operating environment of Google. In this session, we’ll explore how Google structures its dogfooding culture and share examples and experience of how this practice might be the most important criteria security leaders should evaluate when selecting a technology provider.
Directeur, Bureau du CISO, Google Cloud
Implementing an Effective Data Protection Program (DPP)
Do you have any idea how much time it will take to scan, identify, and secure every organization file containing sensitive information? Me neither, data is everywhere!
Fortunately, you don’t need this information to implement an effective enterprise program. In this session, we’ll focus on the scope, processes, and roles & responsibilities. Join Benoit for a pragmatic conversation based on lessons learned and emerging practices.
Benoît H. Dicaire
CTO Canada chez Forcepoint
Improving the Blue Team with Adversary Emulation and Purple Teaming
On a regular basis, modern enterprises confront cyber-attacks. Black hat hackers provide no sign that they want to quit. New tactics, techniques, and Procedures (TTP) emerge every day. Thus, organizations must make sure they are ready for a targeted attack. The presentation, through a balanced mix of theory and lab demonstrations, will start by providing a fair understanding of Threat Informed Defense. Later, attendees will explore how to leverage Purple Teaming and Adversary emulation exercises to enhance the effectiveness and maturity level of the defense teams of their organizations in addition to showing how to gain better visibility and monitoring coverage (The coverage is based on the MITRE ATT&CK framework). This talk will present how to plan and execute effective Adversary Emulations and Purple teaming assessments utilizing Open-source and publicly available tools and utilities. From the defensive side, the focus will be on Microsoft Sentinel SIEM/SOAR.
Consultant en Cybersécurité chez Intellisec Solutions
Prepare and Secure Critical Infrastructure for the Future of Digitalization
Digitalization is here to stay, and critical infrastructures are not an exception. Even before the pandemic, we have seen an increased number of connected OT systems to the Internet. It leads to no separation of IT & OT networks due to the increase in data, connectivity, complexity and costs.
What makes the protection for the digitalization of critical infrastructure complex is the convergence between IT & OT. Threats that commonly impact IT can move between cyber and physical environments. Therefore, cyber security is a key factor for the success of digitalized critical infrastructure. Successful long-term protection includes understanding stakeholder expectations, establishing a core cross-functional engagement model, building a roadmap of strategic initiatives and staying relevant with the latest security threats.
The presentation will share key principles and guidelines that I developed and refined over the years working in several industries. The application of the principles has helped prepare and secure critical infrastructure for the future of digitalization holistically and consistently.
● How to set the foundations for the future of digitalized critical infrastructure
● What the key initiatives are, and how to effectively identify and execute them
● How to ensure long-term protection of digitalized critical infrastructure
Dr. Tim Nedyalkov
Responsable de la sécurité de l'information technologique à la Commonwealth Bank of Australia et membre exécutif de la communauté mondiale CyberEdBoard
Ransomware Recovery in 2022
We know that having a reliable backup can be the difference between downtime, data loss and paying a costly ransom. Unfortunately, when it comes to ransomware, most organizations data security strategies aren’t evolving to meet the threat.
During this session we will discuss how you can improve your defenses and reduce the risk of data loss through the lens of Veeam’s ransomware research.
Among the topics we will cover are:
● How you can prepare for a ransomware attack
● Why immutability and air gapping are key to data security
● Best practices for rapid reliable recovery
● And more!
Ingénieur système chez Veeam
Stop Playing Whack-A-Mole with Your Security Strategy: How to Prioritize Risks for Your Organization
You’ve invested in retooling to fit your cloud environment, you’ve increased your headcount, and you are sprinting all the way through a marathon to secure “All the Things.” But your company was still breached. Why?
Security teams everywhere are struggling to keep up with a fast changing threat landscape. According to the FBI, financial losses from business email compromise accounted for $2.4B in losses in 2021. Supply chain compromise attacks, including invoice fraud and billing account updates, are rampant—with large organizations having a 97% chance of receiving at least one vendor attack each week.
Join us for this session, where Brynna Nery, Cloud Security Architect at Abnormal Security, will discuss how to prioritize the first lines of defense for users. We will dive into:
• Specialized content for security awareness training… after all, it’s more useful than a compliance checkbox
• Supply chain risks and effective mitigation tactics
• Data security, not just storage encryption
• And which core capabilities you actually need to be effective
This presentation will also include a demo of an environment where all the common cloud controls were implemented and still breached, followed by a scenario where we are saved by an alliance of security controls and security heros.
Architecte amicale de la sécurité dans le nuage chez Abnormal Security
Stopping Ransomware with Cyberstorage
Ransomware has become the top concern among security and IT professionals, however solving for that challenge remains elusive as ever. With over $40B in damage caused in the last two years alone, legacy approaches are falling short of mitigating the risk. Edge and endpoint solutions have limited visibility into enterprise data operations, and data protection and backup providers promoting recovery mechanisms like immutable backups typically fall short of complete and timely service restoration. And with new, more destructive strains on the rise, what little impact observer and recovery-based solutions have will quickly soon be neutralized.
Cyberstorage is a new approach to solving data centric security problems through active security mechanisms embedded in the Enterprise data plane. This talk introduces the concept of an active security Enterprise file storage system, and how this type of solution can be a simple and effective answer to the Ransomware problem, both today and for the future.
Cofondateur et PDG de RackTop Systems
Visibility, Control, and Change Tracking for Public Cloud Policies
See topology mapping, network analysis, and troubleshooting N/S and E/W traffic for Azure firewall and AWS security controls support.
Ingénieur commercial cloud chez Tufin
What to Look for in Your Identity Cloud Provider
Identity cloud providers may seem to offer similar services, but they are not the same. And in today’s environment of escalating threats and growing regulatory requirements, it’s important to know the difference so that you can make an informed choice. You must consider security architecture, privacy controls, performance, and resilience — all essential ingredients of an identity cloud, and key to achieving your goal of stronger security and a great user experience.
Join ForgeRock to unpack the essentials of a modern identity cloud. We will explore various architecture models and their impact on cloud resources. We’ll address data residency and data sovereignty through the privacy lens, and we’ll discuss architectural solutions for better breach protection. You’ll leave this session with a better understanding of the differences in architectural approaches, and you’ll learn what questions to ask identity cloud providers to ensure you get the solution you need.
Directeur des solutions produits chez ForgeRock