Wednesday 28-February-2018 // 6:00 – 9:00 PM
Meeting Location: 88 Queens Quay West, Toronto
Room: 29th Floor
This month we welcome Julian Pileggi as he shares insights into the more creative campaigns and techniques used in recent attackers, and Evgeniy Kharam discussing browsing security in the era of the mobile workspace.
Don’t forget our new meeting location is at Cisco on the 29th Floor, 88 Queens Quay West, Toronto.
As always, TASK is free, registration is not required to attend, and we invite you to bring your friends and colleagues.
Any questions email firstname.lastname@example.org. We look forward to seeing you there!
Speaker: Julian Pileggi
Subject: Compendium of Creative Campaigns
Responding to incidents around the world gives a unique view into some of the more creative techniques used by attackers. We’ve selected a set of recent and interesting TTPs to share with the group. Come to this talk to hear about:
- AV Server Gone Bad: Attackers leveraging corporate AV solution (ePO) to deploy backdoors
- Crossing The Air Gap: The way attackers were able to gain information from an air-gapped network
- DNS Backdoor: A look at a unique piece of malware using DNS for it’s covert channels
- Webshell OTP: A webshell that used a rudimentary form of multi-factor authentication to allow the attacker to ensure only they could access it
- Beyond Autoruns: A backdoor used by APT32 leveraging a persistence technique which didn’t appear to get seen by AutoRuns
Speaker: Evgeniy Kharam
Subject: Securing outbound browsing traffic in the era of mobile workspace and SaaS applications
A modern user can conduct business from multiple locations and with many devices, whether in the office, on the go, or while not even using a company device. With the increase of cloud SaaS applications, it becomes harder and harder to achieve comprehensive security controls.
When designing security controls, there is a need to consider how to limit what users can do while they access the internet (ie: DLP URL/Application filtering, data bandwidth limitations, quality of service, etc.). There is also need to provide secure connectivity (ie: providing authorized and auditable secure access to the internet, preventing malware coming into the organization and providing intrusion prevention filtering to the traffic flows exiting and entering an organization, etc).
This session will provide a walkthrough of different practical security uses of technologies such as CASB and Cloud Security Gateways. Examples will incorporate security controls such as User Identification, SSL Inspection, URL/App Filtering, IPS, DLP, Sandboxing, ATP, and Logging.
Meeting Location: 29th Floor – 88 Queens Quay West, Toronto.