post view

Meeting Location

TASK meets the last Wednesday of Every Month 6:00 pm to 9:00 pm (with a few exceptions). Our next meeting is located at 55 John Street, Toronto, ON. Meeting room is the Rotunda (On main floor, just past elevators).

August 2019

SundayMondayTuesdayWednesdayThursdayFridaySaturday
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

August TASK: BlackHat, DefCon, BSidesLV Recap

Wednesday 28-August-2019 // 6:15 – 9:00 PM
Meeting Location: Michener Auditorium at UHN, 222 St. Patrick Street, Toronto


August TASK

This month’s TASK is our ever-popular BlackHat, DefCon, BSidesLV recap special!

Listed below are just a few of this month’s Speakers and the Sessions they’ll be covering:

  • Cheryl Biswas
    • Threat Hunting Talk from BSides
    • Diana Initiative
  • Jason Kendall
    • BSides Overview/Wrap Up
  • Alana Staszczyszyn
    • Hackers are Scary: Why the “Stupid User” is Actually just Afraid
    • BioHacking Village
  • Ilya Komanovich
    • MemHunter
    • Bloundhound from Red to Blue
    • Malproxy
    • Monsters in the Middlesboxes
  • Geoffery Heymann
    • Red Team Village
    • Detection Bypass in MacOS
    • Command Injection in Cloud Environments
  • Robin Wilcoxen
    • OWASP Top 10 (AppSec Village)

And many more! Come along to see your fellow TASKers present and hear what they learnt!


This month’s TASK is proudly sponsored by eSentire.

eSentire® is the global leader in Managed Detection and Response (MDR), keeping organizations safe from cyber attacks that technology alone cannot prevent. Our 24×7 Security Operations Center (SOC), staffed by elite security analysts, hunts, investigates, and responds in real-time to known and unknown threats before they become business disrupting events.

We want to cut through the hype and overblown claims surrounding AI and ML to help our customers successfully tackle their biggest challenges utilizing human expertise at machine scale. We value each person’s unique contribution, so if you love to solve difficult problems–together–eSentire is the place for you.

eSentire has been recognized in Deloitte’s Technology Fast 50™  and Fast 500™, Canada’s Top Small and Medium Employers, and Gartner’s Market Guide for Managed Detection and Response. For more information, visit www.eSentire.com and follow @eSentire.


Meeting Location: Michener Auditorium, 222 St. Patrick Street, Toronto.

Posted in Events.

July TASK: Decrypting Canadian Export Controls on Cryptography / Making IT Work in the SCADA World

Wednesday 31-July-2019 // 6:15 – 9:00 PM
Meeting Location: Michener Auditorium at UHN, 222 St. Patrick Street, Toronto


July TASK

Speaker: Mohammed Muraj
Topic: Decrypting Canadian Export Controls on Cryptography

Organizations are increasingly deploying cryptographic technologies to safeguard the exchange and storage of their information. However, developers and users alike often overlook, or are simply unaware of, the complicated regulatory framework applicable to cryptographic technologies. Mohammed Muraj, General Counsel of Canadian Growth Investments and InfoSec Global, will provide an overview of Canadian export controls applicable to cryptographic technologies to raise awareness amongst developers and users.

Mohammed Muraj is a practicing lawyer for the last 10 years focusing on mergers and acquisitions and technology. He currently serves as General Counsel of Canadian Growth Investments (a venture capital investor in early stage cybersecurity companies) and InfoSec Global (a portfolio investment of Canadian Growth Investments that provides innovation and leadership through expertise in cryptographic lifecycle management).

Speaker: Ken Williamson
Topic: From the Trenches – Making IT Work in the SCADA World

Ever gone without power? Ken Williamson will share his experience on trying to combine IT and OT to secure and manage SCADA/Controls environments. Both traditional business IT and OT (Operational Technology) share technology platforms however philosophically have different approaches.


Meeting Location: Michener Auditorium, 222 St. Patrick Street, Toronto.

Posted in Events.

June TASK: Big changes in SIEMs: A comparison of cloud-born and traditional options

Wednesday 26-June-2019 // 6:00 – 9:00 PM
Meeting Location: Michener Auditorium at UHN, 222 St. Patrick Street, Toronto


June TASK

Speaker: Adrian Grigorof
Topic: Big changes in SIEMs: A comparison of cloud-born and traditional options

SIEM solutions have evolved a lot over the last decade – and we’re now in the midst of a cloud revolution for the market. Features and functionality, costs and the range of vendors are rapidly changing. Adrian Grigorof, Senior Security Architect at TELUS, will take us through SIEM comparisons and live demos of options available in the market. You will learn SIEM fundamentals, the difference between cloud and on-prem options, and what some of the costing looks like.

Adrian Grigorof has held senior IT consulting roles since 1993 and had been involved in a wide range of technologies, including operating systems, networking, databases, programming and security. For the last 15 years he has provided security architecture services for large Canadian companies, with a focus on network security design and security analytics. He developed a line of security log analyzers, implementing machine learning algorithms and integration with online knowledge-base sources..


This month’s TASK is sponsored by CIBC.

We’re on a mission to build the relationship-focused bank of the future and we’re looking for the passionate collaborators, innovators, advisors, and leaders who can get us there. Our distinct culture is built on a shared commitment to do what’s right for our clients, our people, and our communities, and we strive for excellence in everything we do. Because life at CIBC is not only what you do, but how you do it.

What CIBC Offers

At CIBC, our people are our greatest asset. You’ll become part of a diverse community that acknowledges everyone’s unique talents, and empowers teams to do what’s right for the client, and to do it well. As part of our team, you will:

  • Thrive: Benefit from an open and approachable culture that provides the flexibility and support you need to integrate your life at work and at home
  • Connect: Work in a place where the right technology and infrastructure fosters innovation, collaboration and creativity
  • Develop: Grow your skills and career through our best-in-class onboarding experience, ongoing learning opportunities, individual development planning and comprehensive product training
  • Prosper: Share in our collective success with a competitive salary, incentive pay, banking benefits, health benefits program, and employee share purchase plan

– Stay connected with your Talent Acquisition Partner: Brandon Lee
– Refer your peers to future CIBC events


Meeting Location: Michener Auditorium, 222 St. Patrick Street, Toronto.

Posted in Events.

May TASK: Windows VBScript Use-After-Free Vulnerability and Exploit Kit Analysis / They Phish, We Catch

Wednesday 29-May-2019 // 6:00 – 9:00 PM
Meeting Location: Michener Auditorium at UHN, 222 St. Patrick Street, Toronto


May TASK

Speaker: Joe Wu
Topic: Windows VBScript Use-After-Free Vulnerability and Exploit Kit Analysis

What does a Use-After-Free vulnerability look like? How do exploit kits exploit it to deliver bank trojans? Is Windows 10 the same exploitability as Windows 7? In this session, I would like to give a live example in 2019, showing how it creates a type confusion condition in Windows VBScript engine, bypasses Windows security defenses, steals your information, and runs ransomware. We will see what we can do to prevent from being hacked.

Speaker: Jeremy Richards
Topic: They Phish, We Catch

Two years ago Jeremy switched gears from reversing engineering malware to hunting the infrastructure it uses to communicate with it’s authors after deployment (C2 servers). He has been refining this data collection and analysis into a repeatable, automated system that uses the collected data in machine learning models to capture and convict malware and phishing content.

Pull up a chair as we look at the phishing campaigns Lookout’s @PhishingAI has identified targeting government, enterprise, and individuals over the last two years. We will discuss discovery and observed evasion tactics, trends, and dox a couple of kit authors.


This month’s TASK is sponsored by CIBC.

At CIBC, we’re building a relationship-oriented bank for a modern world. We’re looking for passionate collaborators, innovators, advisors, and leaders who share our commitment to putting our clients at the centre of everything we do, working together as one team, and caring for our communities.

What CIBC Offers
At CIBC, our people are our strength. You’ll become part of an inclusive and diverse team that acknowledges unique talents, and empowers team members to bring the best of CIBC to our clients with each interaction and every decision we make.

As part of our team, you will:

  • Thrive: Benefit from an open culture that provides the flexibility and support you need to integrate your life at work and at home
  • Connect: Work in a place where technology and work environment fosters innovation, collaboration and creativity
  • Develop: Grow your skills and career through ongoing learning opportunities, individual development planning and comprehensive product training
  • Prosper: Share in our collective success with a competitive salary, incentive pay, employee banking offer, health benefits, and employee share purchase plan

ü Apply for career opportunities on cibc.com/careers
ü Stay connected with your Talent Acquisition Partner: Brandon Lee
ü Refer your peers to future CIBC events


Meeting Location: Michener Auditorium, 222 St. Patrick Street, Toronto.

Posted in Events.

April TASK: Offensive Windows Administration – The WMI Way / Red Team Attacks – How Do We Get on the Network?

Wednesday 24-April-2019 // 6:00 – 9:00 PM
Meeting Location: Michener Auditorium at UHN, 222 St. Patrick Street, Toronto


April TASK

Speaker: Lee Kagan
Topic: : Offensive Windows Administration – The WMI Way

In this talk, Lee will take the audience through a journey in Windows Management Instrumentation. Together we will explore the underlying technology and history, explain all the moving pieces that make up the world of WMI as well as its intended application and how to leverage WMI for offensive operations against Windows environments. Live demos included.
Speake Bio: Lee Kagan is an offensive security professional with nearly a decade in InfoSec. Penetration tester, red teamer and currently lead for RedBlack Security’s “Rogue Team” specializing in threat and adversary simulations, and senior principal analyst at Symantec focusing on offensive RnD. Lee is also the co-creator of C3X (Canadian Collegiate Cyber Exercise), a war-game, red vs. blue challenge for students in cyber security programs.

Speaker: Robert Beggs
Topic: Red Team Attacks – How Do We Get on the Network?

Gaining access to a network and its data resources is the vital first step in compromising security. This talk will explore and demonstrate how this achieved using physical attacks, social engineering, and finding the holes that give access to the network. How do we get your access credentials? Are we impressed with firewalls and IDS? Is there a “best” anti-virus program that you should be using? What are we looking for on your network? Come and see the attacks in action.

Speake Bio: Robert Beggs specializes in penetration testing, incident response, and data forensics


Meeting Location: Michener Auditorium, 222 St. Patrick Street, Toronto.

Posted in Events.

February TASK: Cloud uptake exposes major security challenges in Canada / What I learned about infosec as a cybersecurity blogger

Wednesday 27-February-2019 // 6:00 – 9:00 PM
Meeting Location: Michener Auditorium at UHN, 222 St. Patrick Street, Toronto


February TASK

Speaker: David Senf
Topic: Cloud uptake exposes major security challenges in Canada

Security skills, budget allocation, vendor/tools selection and architectures are being reshaped by rapid cloud adoption – and many organizations struggle to keep pace with the change. David Senf, founder of Cyverity Research, conducted in-depth surveys and analysis to help organizations measure the impact of cloud on these and many aspects of security. He’ll highlight 10 major challenges that his team’s research revealed. He’ll provide guidance organizations can take through 2019. Also, from his research into cloud impact on security vendors/providers, he’ll provide insights from their perspective too.

Speaker: Kim Crawley
Topic: What I learned about infosec as a cybersecurity blogger

For the past few years, I have regularly done research and writing for many popular cybersecurity vendor blogs, including Venafi, Cylance ThreatVector, Sophos Naked Security, Tripwire’s The State of Security, and Comodo’s blogs. I don’t think anyone has written for as many cybersecurity vendors simultaneously as I have. I have also written for 2600 Magazine, Infosecurity Magazine, Peerlyst, CSO Magazine, and SC Magazine. Unlike many people who are security practitioners first, and contribute to vendor blogs in their spare time, vendor blogs are my day job! I usually write for an IT audience, but I have also written for consumer laypeople. In my talk, I’ll explain what I’ve learned about how vendors market their products and services, how to explain cyber attacks and security hardening to non-infosec IT people, and how to explain cyber threats to laypeople. The threat landscape is becoming increasingly complex, and the communications side of their industry is becoming more, and more challenging.


Meeting Location: Michener Auditorium, 222 St. Patrick Street, Toronto.

Posted in Events.

January TASK: A Glorious Celebration of IoT Security / ShmooCon 2019 – Moose, Hackers, Security, More Moose

Wednesday 30-January-2019 // 6:00 – 9:00 PM
Meeting Location: Michener Auditorium at UHN, 222 St. Patrick Street, Toronto


JanuaryTASK

This month we welcome Lee Brotherston with a talk on IoT Security and Brian Bourne hosting a recap-session on lessons learned at the recent ShmooCon in DC.

TASK will kick off at 6pm in the Michener Auditorium at UHN.

As always, TASK is free, registration is not required to attend, and we invite you to bring your friends and colleagues.

We look forward to seeing you there!


Speaker: Lee Brotherston
Topic: A Glorious Celebration of IoT Security

The IoT industry is often lambasted for it’s security, and whilst there are talks about IoT security, most focus on exploitation of unpatched embedded OS’s which naturally appear on these systems. Having moved into a security role in an IoT vendor I have spent the last few months embedded (pun intended) in IoT security from the inside. This talk is intended to discuss some of the unique challenges that IoT faces from security, and attempts to explain why some of the issues that occur, occur. Finally we are going to look at how the industry is changing and how not all vendors are created equal, there can be IoT without the security dumpster fire!

Speaker: Brian Bourne
Topic: ShmooCon 2019 – Moose, Hackers, Security, More Moose

For the 15th time, the Shmoo group promised less moose than ever and while failing on that front, delivered more great content than ever. Check out https://shmoocon.org for complete event details and #shmoocon on Twitter for a view of some of the shenanigans.

I attended many talks. I took notes at 16 of them and that doesn’t include lobby or bar talks. I’ll do my best to distill the key lessons you need to know and can take back and action. Incident response, machine learning, IoT, DuckDuckGo, IPv6, Office365 and behind the enemy lines of a nation state surveillance program… so many interesting lessons to share.

If you were also at ShmooCon, please email me and you can perhaps also share a lesson or two that you learned. Email brian@blackarts.ca.


This month’s TASK is sponsored by Micro Focus

Micro Focus helps you run your business and transform it. Our software provides the critical tools you need to build, operate, secure, and analyze your enterprise in a constantly changing world. Right now, that means powering your digital transformation with solutions spanning four key areas:

  • Enterprise DevOps—Build and deliver better software faster.
  • Hybrid IT Management—Operate with agility.
  • Security, Risk, and Governance—Secure what matters most.
  • Predictive Analytics—Analyze in time to act.

By design, these solutions bridge the gap between existing and emerging technologies—which means you can innovate faster, with less risk, in the race to digital transformation.


Meeting Location: Michener Auditorium, 222 Patrick Street, Toronto.

Posted in Events.

November TASK: A Gentle Introduction to Memory Forensics / Cybercrime Investigations: Handling the new Forensic Challenges

Wednesday 28-November-2018 // 6:00 – 9:00 PM
Meeting Location: Michener Auditorium at UHN, 222 St. Patrick Street, Toronto


November TASK

This month we welcome Nick Johnston with a talk on memory forensics and René Hamel discussing cybercrime investigations at the Michener Auditorium at UHN.

As always, TASK is free, registration is not required to attend, and we invite you to bring your friends and colleagues.

We look forward to seeing you there!


Speaker: Nick Johnston
Topic: A Gentle Introduction to Memory Forensics

Memory resident post-exploitation frameworks like Empire[1] and mimikatz[2] are designed to minimize forensic artifact creation on a compromised host’s disk. This so-called “fileless” malware presents a significant challenge to traditional forensic disk image analysis. Memory analysis software like Volatility[3] enables incident responders and forensic investigators to examine a compromised system’s volatile storage and identify these otherwise stealthy attack tools.

This talk will serve as a light introduction to the how and why of memory forensics. The talk will begin with the arguments in favour of memory capture during a digital forensics and incident response (“DFIR”) matter vs immediately powering down the target system for disk imaging. Different memory collection scenarios will be presented and solutions using different software utilities will be demonstrated. Finally, collected memory samples will be analyzed using the Volatility framework with callouts to alternate software solutions where applicable. After this talk you will be able to explain the basic steps involved in memory forensics and recommend tools appropriate for different DFIR scenarios.

Speaker: René Hamel
Topic: Cybercrime Investigations: Handling the new Forensic Challenges

René’s digital forensic career spans over twenty years. His experience include several civil and criminal investigations for the Royal Canadian Mounted Police (“RCMP”), the banking industry, mid and large accounting firms in Canada, Europe and South East Asia. He currently manages the Forensics and E-Discovery practice at TELUS Security. René will talk about his latest experience with some of his cybercrime investigations challenges including some of the large scale forensic assignments he and his team managed.


This month’s TASK is sponsored by Proofpoint:

Proofpoint Inc. (NASDAQ: PFPT) is a leading next-generation security and compliance company that provides cloud-based solutions to protect the way people work today. Proofpoint solutions enable organizations to protect their users from advanced attacks delivered via email, social media, mobile, and cloud applications, protect the information their users create from advanced attacks and compliance risks, and respond quickly when incidents occur.


Meeting Location: Michener Auditorium, 222 Patrick Street, Toronto.

Posted in Events.

No October TASK

Due to a lack of venue availability and Halloween being the same night, we’ve had to postpone our October TASK event.

Stay tuned for November details.

Happy Halloween!
TASK Steering Committee

Posted in Events.

Our Sponsors