post view

Meeting Location

TASK meets the last Wednesday of Every Month 6:00 pm to 9:00 pm (with a few exceptions). Our next meeting is located at 55 John Street, Toronto, ON. Meeting room is the Rotunda (On main floor, just past elevators).

Aug 2018

MondayTuesdayWednesdayThursdayFridaySaturdaySunday
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

August TASK – BlackHat, DefCon, BSidesLV Recap

Wednesday 29-August-2018 // 6:00 – 9:00 PM
Meeting Location: Michener Auditorium at UHN, 222 St. Patrick Street, Toronto


TASK Vegas

This month we have our ever-popular Vegas recap special being at the Michener Auditorium at UHN.

If you attended BlackHat, DefCon or BSidesLV – this is your chance to help your fellow TASK members by sharing a summary and some key lessons you learnt from a couple of different talks. If you went and can help us, please email info@task.to with the session/s you want to cover.

As always, TASK is free, registration is not required to attend, and we invite you to bring your friends and colleagues.

We’ll post details about who is speaking and on what sessions as submissions come in.

Thanks for your help, and we look forward to seeing you there!


Meeting Location: Michener Auditorium, 222 Patrick Street, Toronto.

Posted in Events.

July TASK: Threat Modelling for the Blue Team / Surviving in-house Bug Bounty Program – Handling the Unknown

Wednesday 25-July-2018 // 6:00 – 9:00 PM
Meeting Location: Michener Auditorium at UHN, 222 St. Patrick Street, Toronto


July TASK

This month we welcome Max Cizauskas with a talk on threat modelling for blue teams and Dolev Farhi with a session on in-house bug bounty programs at the Michener Auditorium at UHN.

As always, TASK is free, registration is not required to attend, and we invite you to bring your friends and colleagues.

Heading to Black Hat, DefCon or B-SidesLV? Let us know (email info@task.to). Along with connecting you with fellow TASKers, each August we hold a special BH/DC/BSLV recap, so if you are going, please consider putting your hand up to share overview of the sessions you attend and what you learn.

We look forward to seeing you Wednesday night!


Speaker: Max Cizauskas
Topic: Threat Modelling for the Blue Team

Threat Modelling gets your organization to see your systems, applications and processes through the eyes of an attacker. It can be used early in the development process to quickly reveal issues making it cheaper to fix and teaching the developers where controls need to be placed to build in resilience.

This talk will first discuss the important factors in scoping an assessment. Then it will cover how to do dataflow diagrams to capture the important components of the system in scope, how they interact, and which are exposed to an attacker. Next it will discuss the application of the STRIDE model to do the actual threat modelling, and finally how to capture all of the potential threats in a threat matrix. At the end of this talk you will know how threat modelling cuts down on assessment time and brings value to the organization beyond just threat assessment.

 
Speaker: Dolev Farhi
Topic: Surviving in-house Bug Bounty Program – Handling the Unknown

We often hear about vulnerabilities found through Bug Bounty programs, but we never get to hear the side who’s handling them. How do you keep up with hundreds of hackers probing your infrastructure?

In this talk, Dolev Farhi will provide you with his experience running an in-house Bug Bounty Program, the benefits, the challenges, tips, and how an external security report can easily turn into a potential threat.


Meeting Location: Michener Auditorium, 222 Patrick Street, Toronto.

Posted in Events.

June TASK: Recent Development in Quantum Key Distribution / Cyber Threat Intelligence: A Primer

Wednesday 27-June-2018 // 6:00 – 9:00 PM
Meeting Location: Michener Auditorium at UHN, 222 St. Patrick Street, Toronto


June TASK

This month we welcome Cordell Grant with a talk on Quantum Key Distribution and John Daniele with a session on cyber threat intelligence at the Michener Auditorium at UHN.

As always, TASK is free, registration is not required to attend, and we invite you to bring your friends and colleagues.

Any questions email info@task.to. We look forward to seeing you there!


Speaker: Cordell Grant
Topic: Recent Development in Quantum Key Distribution

Massive investments in quantum computing and quantum communications are moving society toward technological upheaval. To the dismay of the cyber security industry, the impending Quantum Revolution will render conventional Public Key Encryption methods obsolete, possibly within the decade. Quantum Key Distribution (QKD), conceived of decades ago and often billed as an answer to the looming quantum threat is an area that has recently experienced rapid development and significant worldwide investment. This talk will cover recent efforts around the world to build a workable QKD infrastructure that can address a variety of use-cases. Of particular focus will be the emerging race for QKD satellites.

 
Speaker: John Daniele
Topic: Cyber Threat Intelligence: A Primer

The term “Cyber Threat Intelligence” has become the latest buzzword that has captured the attention of executives and cybersecurity leaders alike. However, there’s been little consensus on what constitutes a cyber threat intelligence capability and most attempts to articulate a definition are too vague and ambiguous to be of much value to most organizations. This presentation aims to clear up some misconceptions about cyber threat intelligence and place it in its rightful context as an emerging intelligence discipline. John Daniele, a cybersecurity professional with over 20 years experience in defense and intelligence, will provide insight on how an organization can build a cyber threat intelligence program by introducing his threat intelligence maturity model and roadmap. John will also explore how to operationalize threat intelligence at both a tactical and strategic level so that it becomes a pivotal instrument for cyber risk management in your organization.


Meeting Location: Michener Auditorium, 222 Patrick Street, Toronto.

Posted in Events.

May TASK: Reverse Engineering Automotive Diagnostics / Cyber Insurance in Canada – What You Need to Know

Wednesday 30-May-2018 // 6:00 – 9:00 PM
Meeting Location: Michener Auditorium at UHN, 222 Patrick Street, Toronto


May TASK

This month we welcome Eric Evenchick as he takes you under the hood with a talk on reverse engineering automotive diagnostics and Ms. Ruby Rai discussing cyber insurance in Canada.

Please note our meeting location is at the Michener Auditorium at UHN.

As always, TASK is free, registration is not required to attend, and we invite you to bring your friends and colleagues.

Any questions email info@task.to. We look forward to seeing you there!


Speaker: Eric Evenchick
Topic: Reverse Engineering Automotive Diagnostics

Automotive diagnostics provide access for manufacturing, service, and forensics of automotive systems, and are present in nearly every vehicle on the road today. These systems provide a large attack surface, and often contain undocumented features. Unfortunately, information about these systems is proprietary, and tools for interacting with them are expensive. In this talk, we’ll introduce automotive networks, then dive into detail about diagnostic systems. Next, we’ll show open source tools for automating the reverse engineering of diagnostic systems, and finish up with some practical examples. Attendees should leave with a better understanding of how their car works, and where to go hunting for vulnerabilities in diagnostics.

 
Speaker: Ruby Rai, AIG
Topic: Cyber Insurance in Canada – What You Need to Know

Ms. Ruby Rai is an acknowledged expert in the Canadian cyberinsurance industry. She will provide a history of the underwriting experience, tips and tricks for a cost- effective cyber insurance policy, and hints on the future of cyber insurance in Canada.


Meeting Location: Michener Auditorium, 222 Patrick Street, Toronto.

Posted in Events.

March TASK: The Journey to Malware Analyst / Blue Meets Red

Wednesday 28-March-2018 // 6:00 – 9:00 PM
Meeting Location: Michener Auditorium at UHN, 222 Patrick Street, Toronto


March TASK

This month we welcome Yevgeniy Kulakov as he walks you through what to expect when you transition into the field of Malware Research, and Milos Stojadinovic and Jamie Gamble discuss how effectively using red and blue teams improve organization security.

Don’t forget our new meeting location is at the Michener Auditorium at UHN.

As always, TASK is free, registration is not required to attend, and we invite you to bring your friends and colleagues.

Any questions email info@task.to. We look forward to seeing you there!


Speaker: Yevgeniy Kulakov
Subject: The Journey to Malware Analyst

During this talk Yevgeniy Kulakov will provide an overview the path security professionals should expect to take while transitioning into Malware Research. From the first steps on how to get into the field to typical day-to-day activities, surprises, tools, skills development and advancement into research and automation. Expect tips and demos along the way.

Speakers: Milos Stojadinovic and Jamie Gamble
Subject: Blue Meets Red

This team will discuss effectively using red and blue teams improve an organizations security. We will delve in to methods organizations can employ to leverage the red/blue teams skillset, outside of traditional exercises, in order to improve blue team TTPs. The talk will also discuss general operating models and integration considerations between offensive and defensive teams in enterprise environments.


Meeting Location: Michener Auditorium, 222 Patrick Street, Toronto.

Posted in Events.

February TASK: Compendium of Creative Campaigns / Securing outbound browsing traffic in the era of mobile workspace and SaaS applications

Wednesday 28-February-2018 // 6:00 – 9:00 PM
Meeting Location: 88 Queens Quay West, Toronto
Room: 29th Floor


February TASK

This month we welcome Julian Pileggi as he shares insights into the more creative campaigns and techniques used in recent attackers, and Evgeniy Kharam discussing browsing security in the era of the mobile workspace.

Don’t forget our new meeting location is at Cisco on the 29th Floor, 88 Queens Quay West, Toronto.

As always, TASK is free, registration is not required to attend, and we invite you to bring your friends and colleagues.

Any questions email info@task.to. We look forward to seeing you there!


Speaker: Julian Pileggi
Subject: Compendium of Creative Campaigns

Responding to incidents around the world gives a unique view into some of the more creative techniques used by attackers. We’ve selected a set of recent and interesting TTPs to share with the group. Come to this talk to hear about:

  • AV Server Gone Bad: Attackers leveraging corporate AV solution (ePO) to deploy backdoors
  • Crossing The Air Gap: The way attackers were able to gain information from an air-gapped network
  • DNS Backdoor: A look at a unique piece of malware using DNS for it’s covert channels
  • Webshell OTP: A webshell that used a rudimentary form of multi-factor authentication to allow the attacker to ensure only they could access it
  • Beyond Autoruns: A backdoor used by APT32 leveraging a persistence technique which didn’t appear to get seen by AutoRuns

Speaker: Evgeniy Kharam
Subject: Securing outbound browsing traffic in the era of mobile workspace and SaaS applications

A modern user can conduct business from multiple locations and with many devices, whether in the office, on the go, or while not even using a company device. With the increase of cloud SaaS applications, it becomes harder and harder to achieve comprehensive security controls.

When designing security controls, there is a need to consider how to limit what users can do while they access the internet (ie: DLP URL/Application filtering, data bandwidth limitations, quality of service, etc.). There is also need to provide secure connectivity (ie: providing authorized and auditable secure access to the internet, preventing malware coming into the organization and providing intrusion prevention filtering to the traffic flows exiting and entering an organization, etc).

This session will provide a walkthrough of different practical security uses of technologies such as CASB and Cloud Security Gateways. Examples will incorporate security controls such as User Identification, SSL Inspection, URL/App Filtering, IPS, DLP, Sandboxing, ATP, and Logging.


Meeting Location: 29th Floor – 88 Queens Quay West, Toronto.

Posted in Events.

January TASK: Dark Caracal / Command and Conquer: Red Alert – C2 tradecraft and design

Wednesday 31-January-2018 // 6:00 – 9:00 PM
Meeting Location: 88 Queens Quay West, Toronto
Room: 29th Floor


January TASK

This month we welcome Apurva Kumar and Jeremy Richards as they discuss the Dark Caracal espionage investigation, announced on January 18 at https://blog.lookout.com/dark-caracal-mobile-apt. Lee Kagan will also join us with a tech talk on C2 tradecraft and design.

We have a new meeting location. Don’t forget to mark the new address: 29th Floor, 88 Queens Quay West, Toronto.

As always, TASK is free, registration is not required to attend, and we invite you to bring your friends and colleagues.

Any questions email info@task.to. We look forward to seeing you there!


Apurva Kumar & Jeremy Richards
Dark Caracal

Lookout and Electronic Frontier Foundation (EFF) have discovered Dark Caracal, a persistent and prolific actor running a global espionage campaign against military personnel, enterprises, medical professionals, lawyers, journalists, educational institutions, and activists.

Dark Caracal has operated a series of multi-platform campaigns starting from at least January 2012, according to our research. The campaigns span across 21+ countries and thousands of victims. Types of data stolen include documents, call records, audio recordings, secure messaging client content, contact information, text messages, photos, and account data. We believe this actor is operating their campaigns from a building belonging to the Lebanese General Security Directorate (GDGS) in Beirut.

This talk will cover the investigation and findings of the months-long investigation.


Lee Kagan
Command and Conquer: Red Alert – C2 tradecraft and design

An analysis of various C2 infrastructure design concepts for pentesters, red teams, and threat actors.

This presentation will examine the many options available when building and operating a command and control (C2) infrastructure. From the simple to the complex, Lee will cover topics such as design choices made by notable aggressors, differences in requirements between pentesters, red teams, and threat actors, other implementation considerations, OPSEC, and defensive measures. There will also be a video demonstration of a C2 in action.


Meeting Location: 29th Floor – 88 Queens Quay West, Toronto.

Posted in Events.

October TASK: Life After Breach: Ashley Madison in 2017 / Beyond OWASP Top 10

Wednesday 25-October-2017 // 6:00 – 9:00 PM
Meeting Location: 55 John Street, Toronto
Room: #308/309 (up the escalators)


October TASK

This month Matthew Maglieri talks life after the Ashley Madison breach and Aaron Hnatiw discussing common web application vulnerabilities that fall outside the OWASP Top 10 but are just as dangerous.

As always, TASK is free, registration is not required to attend, and we invite you to bring your friends and colleagues.

Any questions email info@task.to. We look forward to seeing you there!


Matthew Maglieri, CISO at Ruby Life Inc.
Life After Breach: Ashley Madison in 2017

What does it really mean to fall victim to a headline-grabbing breach? What does the aftermath of a targeted attack look like? How can you overcome the challenges needed to recover and rebuild trust with your customers?

Join Matthew Maglieri, CISO of Ashley Madison’s parent company Ruby Life Inc. and ex-Mandiant consultant, as he presents this unique look on what is really required to defend against an advanced targeted attack and recover from the scenario that keeps us all up at night.


Aaron Hnatiw, Senior Security Researcher at Security Compass
Beyond OWASP Top 10

The OWASP Top 10 is the standard first reference we give web developers who are interested in making their applications more secure. It is also the categorization scheme we give to web vulnerabilities on our security assessment reports. And finally, and perhaps most frighteningly, it is the most common framework used by organizations for securing their web applications. But what if there was more to web application security than the OWASP Top 10? In this talk, we will discuss vulnerabilities that don’t fit into the OWASP Top 10 categories, but are just as dangerous if present in a web application. Developers and pentesters will benefit from this talk, as both exploits and mitigations will be covered for each of the vulnerabilities.

Meeting Location: 55 john Street, Toronto. Room: #308/309 (just up the escalators)

Posted in Events.

Our Sponsors