post view

Meeting Location

TASK meets the last Wednesday of Every Month 6:00 pm to 9:00 pm (with a few exceptions). Our next meeting is located at 55 John Street, Toronto, ON. Meeting room is the Rotunda (On main floor, just past elevators).

Nov 2018

MondayTuesdayWednesdayThursdayFridaySaturdaySunday
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

November TASK: A Gentle Introduction to Memory Forensics

Wednesday 28-November-2018 // 6:00 – 9:00 PM
Meeting Location: Michener Auditorium at UHN, 222 St. Patrick Street, Toronto


November TASK

This month we welcome Nick Johnson with a talk on memory forensics and René Hamel discussing cybercrime investigations at the Michener Auditorium at UHN.

As always, TASK is free, registration is not required to attend, and we invite you to bring your friends and colleagues.

We look forward to seeing you there!


Speaker: Nick Johnston
Topic: A Gentle Introduction to Memory Forensics

Memory resident post-exploitation frameworks like Empire[1] and mimikatz[2] are designed to minimize forensic artifact creation on a compromised host’s disk. This so-called “fileless” malware presents a significant challenge to traditional forensic disk image analysis. Memory analysis software like Volatility[3] enables incident responders and forensic investigators to examine a compromised system’s volatile storage and identify these otherwise stealthy attack tools.

This talk will serve as a light introduction to the how and why of memory forensics. The talk will begin with the arguments in favour of memory capture during a digital forensics and incident response (“DFIR”) matter vs immediately powering down the target system for disk imaging. Different memory collection scenarios will be presented and solutions using different software utilities will be demonstrated. Finally, collected memory samples will be analyzed using the Volatility framework with callouts to alternate software solutions where applicable. After this talk you will be able to explain the basic steps involved in memory forensics and recommend tools appropriate for different DFIR scenarios.

Speaker: René Hamel
Cybercrime Investigations: Handling the new Forensic Challenges

René’s digital forensic career spans over twenty years. His experience include several civil and criminal investigations for the Royal Canadian Mounted Police (“RCMP”), the banking industry, mid and large accounting firms in Canada, Europe and South East Asia. He currently manages the Forensics and E-Discovery practice at TELUS Security. René will talk about his latest experience with some of his cybercrime investigations challenges including some of the large scale forensic assignments he and his team managed.


This month’s TASK is sponsored by Proofpoint:

Proofpoint Inc. (NASDAQ: PFPT) is a leading next-generation security and compliance company that provides cloud-based solutions to protect the way people work today. Proofpoint solutions enable organizations to protect their users from advanced attacks delivered via email, social media, mobile, and cloud applications, protect the information their users create from advanced attacks and compliance risks, and respond quickly when incidents occur.


Meeting Location: Michener Auditorium, 222 Patrick Street, Toronto.

Posted in Events.

No October TASK

Due to a lack of venue availability and Halloween being the same night, we’ve had to postpone our October TASK event.

Stay tuned for November details.

Happy Halloween!
TASK Steering Committee

Posted in Events.

No September TASK

Don’t miss BSidesTO on Saturday, September 28 and SecTor 2018 on Monday, October 1 to Wednesday, October 3.

Be sure to register for each before you attend, engage, learn, network and support your local IT community!

We hope to see you there,
TASK Steering Committee

Posted in Events.

August TASK – BlackHat, DefCon, BSidesLV Recap

Wednesday 29-August-2018 // 6:00 – 9:00 PM
Meeting Location: Michener Auditorium at UHN, 222 St. Patrick Street, Toronto


TASK Vegas

This month we have our ever-popular Vegas recap special being at the Michener Auditorium at UHN.

If you attended BlackHat, DefCon or BSidesLV – this is your chance to help your fellow TASK members by sharing a summary and some key lessons you learnt from a couple of different talks. If you went and can help us, please email info@task.to with the session/s you want to cover.

As always, TASK is free, registration is not required to attend, and we invite you to bring your friends and colleagues.

Thanks for your help, and we look forward to seeing you there!


Download the presentation here.


BlackHat/DefCon/BSides-LV Recap

Speakers include:

  • Joshua Arsenio
  • Brian Bourne
  • Dillon Aykac
  • Geoffrey Vaughan
  • Paul O’Grady

Topics include:

  • Who Controls the Controllers – Hacking Crestron IoT Automation Systems
  • Detecting Blue Team Research Through Targeted Ads
  • Applied Self-Driving Car Security
  • Legal Liability for IOT Cybersecurity Vulnerabilities
  • Introduction to Docker
  • An Attacker Looks at Docker: Approaching Multi-Container Applications
  • Optical Spy Receivers with Joe Grand
  • Reverse Engineering OpenSCAD
  • Your Bank’s Digital Side Door – Steven Danneman
  • Subverting Sysmon: Application of a Formalized Security Product Evasion Methodology

And many more!


Meeting Location: Michener Auditorium, 222 Patrick Street, Toronto.

Posted in Events.

July TASK: Threat Modelling for the Blue Team / Surviving in-house Bug Bounty Program – Handling the Unknown

Wednesday 25-July-2018 // 6:00 – 9:00 PM
Meeting Location: Michener Auditorium at UHN, 222 St. Patrick Street, Toronto


July TASK

This month we welcome Max Cizauskas with a talk on threat modelling for blue teams and Dolev Farhi with a session on in-house bug bounty programs at the Michener Auditorium at UHN.

As always, TASK is free, registration is not required to attend, and we invite you to bring your friends and colleagues.

Heading to Black Hat, DefCon or B-SidesLV? Let us know (email info@task.to). Along with connecting you with fellow TASKers, each August we hold a special BH/DC/BSLV recap, so if you are going, please consider putting your hand up to share overview of the sessions you attend and what you learn.

We look forward to seeing you Wednesday night!


Speaker: Max Cizauskas
Topic: Threat Modelling for the Blue Team

Threat Modelling gets your organization to see your systems, applications and processes through the eyes of an attacker. It can be used early in the development process to quickly reveal issues making it cheaper to fix and teaching the developers where controls need to be placed to build in resilience.

This talk will first discuss the important factors in scoping an assessment. Then it will cover how to do dataflow diagrams to capture the important components of the system in scope, how they interact, and which are exposed to an attacker. Next it will discuss the application of the STRIDE model to do the actual threat modelling, and finally how to capture all of the potential threats in a threat matrix. At the end of this talk you will know how threat modelling cuts down on assessment time and brings value to the organization beyond just threat assessment.

 
Speaker: Dolev Farhi
Topic: Surviving in-house Bug Bounty Program – Handling the Unknown

We often hear about vulnerabilities found through Bug Bounty programs, but we never get to hear the side who’s handling them. How do you keep up with hundreds of hackers probing your infrastructure?

In this talk, Dolev Farhi will provide you with his experience running an in-house Bug Bounty Program, the benefits, the challenges, tips, and how an external security report can easily turn into a potential threat.


Meeting Location: Michener Auditorium, 222 Patrick Street, Toronto.

Posted in Events.

June TASK: Recent Development in Quantum Key Distribution / Cyber Threat Intelligence: A Primer

Wednesday 27-June-2018 // 6:00 – 9:00 PM
Meeting Location: Michener Auditorium at UHN, 222 St. Patrick Street, Toronto


June TASK

This month we welcome Cordell Grant with a talk on Quantum Key Distribution and John Daniele with a session on cyber threat intelligence at the Michener Auditorium at UHN.

As always, TASK is free, registration is not required to attend, and we invite you to bring your friends and colleagues.

Any questions email info@task.to. We look forward to seeing you there!


Speaker: Cordell Grant
Topic: Recent Development in Quantum Key Distribution

Massive investments in quantum computing and quantum communications are moving society toward technological upheaval. To the dismay of the cyber security industry, the impending Quantum Revolution will render conventional Public Key Encryption methods obsolete, possibly within the decade. Quantum Key Distribution (QKD), conceived of decades ago and often billed as an answer to the looming quantum threat is an area that has recently experienced rapid development and significant worldwide investment. This talk will cover recent efforts around the world to build a workable QKD infrastructure that can address a variety of use-cases. Of particular focus will be the emerging race for QKD satellites.

 
Speaker: John Daniele
Topic: Cyber Threat Intelligence: A Primer

The term “Cyber Threat Intelligence” has become the latest buzzword that has captured the attention of executives and cybersecurity leaders alike. However, there’s been little consensus on what constitutes a cyber threat intelligence capability and most attempts to articulate a definition are too vague and ambiguous to be of much value to most organizations. This presentation aims to clear up some misconceptions about cyber threat intelligence and place it in its rightful context as an emerging intelligence discipline. John Daniele, a cybersecurity professional with over 20 years experience in defense and intelligence, will provide insight on how an organization can build a cyber threat intelligence program by introducing his threat intelligence maturity model and roadmap. John will also explore how to operationalize threat intelligence at both a tactical and strategic level so that it becomes a pivotal instrument for cyber risk management in your organization.


Meeting Location: Michener Auditorium, 222 Patrick Street, Toronto.

Posted in Events.

May TASK: Reverse Engineering Automotive Diagnostics / Cyber Insurance in Canada – What You Need to Know

Wednesday 30-May-2018 // 6:00 – 9:00 PM
Meeting Location: Michener Auditorium at UHN, 222 Patrick Street, Toronto


May TASK

This month we welcome Eric Evenchick as he takes you under the hood with a talk on reverse engineering automotive diagnostics and Ms. Ruby Rai discussing cyber insurance in Canada.

Please note our meeting location is at the Michener Auditorium at UHN.

As always, TASK is free, registration is not required to attend, and we invite you to bring your friends and colleagues.

Any questions email info@task.to. We look forward to seeing you there!


Speaker: Eric Evenchick
Topic: Reverse Engineering Automotive Diagnostics

Automotive diagnostics provide access for manufacturing, service, and forensics of automotive systems, and are present in nearly every vehicle on the road today. These systems provide a large attack surface, and often contain undocumented features. Unfortunately, information about these systems is proprietary, and tools for interacting with them are expensive. In this talk, we’ll introduce automotive networks, then dive into detail about diagnostic systems. Next, we’ll show open source tools for automating the reverse engineering of diagnostic systems, and finish up with some practical examples. Attendees should leave with a better understanding of how their car works, and where to go hunting for vulnerabilities in diagnostics.

 
Speaker: Ruby Rai, AIG
Topic: Cyber Insurance in Canada – What You Need to Know

Ms. Ruby Rai is an acknowledged expert in the Canadian cyberinsurance industry. She will provide a history of the underwriting experience, tips and tricks for a cost- effective cyber insurance policy, and hints on the future of cyber insurance in Canada.


Meeting Location: Michener Auditorium, 222 Patrick Street, Toronto.

Posted in Events.

March TASK: The Journey to Malware Analyst / Blue Meets Red

Wednesday 28-March-2018 // 6:00 – 9:00 PM
Meeting Location: Michener Auditorium at UHN, 222 Patrick Street, Toronto


March TASK

This month we welcome Yevgeniy Kulakov as he walks you through what to expect when you transition into the field of Malware Research, and Milos Stojadinovic and Jamie Gamble discuss how effectively using red and blue teams improve organization security.

Don’t forget our new meeting location is at the Michener Auditorium at UHN.

As always, TASK is free, registration is not required to attend, and we invite you to bring your friends and colleagues.

Any questions email info@task.to. We look forward to seeing you there!


Speaker: Yevgeniy Kulakov
Subject: The Journey to Malware Analyst

During this talk Yevgeniy Kulakov will provide an overview the path security professionals should expect to take while transitioning into Malware Research. From the first steps on how to get into the field to typical day-to-day activities, surprises, tools, skills development and advancement into research and automation. Expect tips and demos along the way.

Speakers: Milos Stojadinovic and Jamie Gamble
Subject: Blue Meets Red

This team will discuss effectively using red and blue teams improve an organizations security. We will delve in to methods organizations can employ to leverage the red/blue teams skillset, outside of traditional exercises, in order to improve blue team TTPs. The talk will also discuss general operating models and integration considerations between offensive and defensive teams in enterprise environments.


Meeting Location: Michener Auditorium, 222 Patrick Street, Toronto.

Posted in Events.

February TASK: Compendium of Creative Campaigns / Securing outbound browsing traffic in the era of mobile workspace and SaaS applications

Wednesday 28-February-2018 // 6:00 – 9:00 PM
Meeting Location: 88 Queens Quay West, Toronto
Room: 29th Floor


February TASK

This month we welcome Julian Pileggi as he shares insights into the more creative campaigns and techniques used in recent attackers, and Evgeniy Kharam discussing browsing security in the era of the mobile workspace.

Don’t forget our new meeting location is at Cisco on the 29th Floor, 88 Queens Quay West, Toronto.

As always, TASK is free, registration is not required to attend, and we invite you to bring your friends and colleagues.

Any questions email info@task.to. We look forward to seeing you there!


Speaker: Julian Pileggi
Subject: Compendium of Creative Campaigns

Responding to incidents around the world gives a unique view into some of the more creative techniques used by attackers. We’ve selected a set of recent and interesting TTPs to share with the group. Come to this talk to hear about:

  • AV Server Gone Bad: Attackers leveraging corporate AV solution (ePO) to deploy backdoors
  • Crossing The Air Gap: The way attackers were able to gain information from an air-gapped network
  • DNS Backdoor: A look at a unique piece of malware using DNS for it’s covert channels
  • Webshell OTP: A webshell that used a rudimentary form of multi-factor authentication to allow the attacker to ensure only they could access it
  • Beyond Autoruns: A backdoor used by APT32 leveraging a persistence technique which didn’t appear to get seen by AutoRuns

Speaker: Evgeniy Kharam
Subject: Securing outbound browsing traffic in the era of mobile workspace and SaaS applications

A modern user can conduct business from multiple locations and with many devices, whether in the office, on the go, or while not even using a company device. With the increase of cloud SaaS applications, it becomes harder and harder to achieve comprehensive security controls.

When designing security controls, there is a need to consider how to limit what users can do while they access the internet (ie: DLP URL/Application filtering, data bandwidth limitations, quality of service, etc.). There is also need to provide secure connectivity (ie: providing authorized and auditable secure access to the internet, preventing malware coming into the organization and providing intrusion prevention filtering to the traffic flows exiting and entering an organization, etc).

This session will provide a walkthrough of different practical security uses of technologies such as CASB and Cloud Security Gateways. Examples will incorporate security controls such as User Identification, SSL Inspection, URL/App Filtering, IPS, DLP, Sandboxing, ATP, and Logging.


Meeting Location: 29th Floor – 88 Queens Quay West, Toronto.

Posted in Events.

Our Sponsors