post view

Meeting Location

TASK meets the last Wednesday of Every Month 6:00 pm to 9:00 pm (with a few exceptions). Our next meeting is located at 55 John Street, Toronto, ON. Meeting room is the Rotunda (On main floor, just past elevators).

May 2018

MondayTuesdayWednesdayThursdayFridaySaturdaySunday
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

May TASK: Reverse Engineering Automotive Diagnostics / Cyber Insurance in Canada – What You Need to Know

Wednesday 30-May-2018 // 6:00 – 9:00 PM
Meeting Location: Michener Auditorium at UHN, 222 Patrick Street, Toronto


May TASK

This month we welcome Eric Evenchick as he takes you under the hood with a talk on reverse engineering automotive diagnostics and Ms. Ruby Rai discussing cyber insurance in Canada.

Please note our meeting location is at the Michener Auditorium at UHN.

As always, TASK is free, registration is not required to attend, and we invite you to bring your friends and colleagues.

Any questions email info@task.to. We look forward to seeing you there!


Speaker: Eric Evenchick
Topic: Reverse Engineering Automotive Diagnostics

Automotive diagnostics provide access for manufacturing, service, and forensics of automotive systems, and are present in nearly every vehicle on the road today. These systems provide a large attack surface, and often contain undocumented features. Unfortunately, information about these systems is proprietary, and tools for interacting with them are expensive. In this talk, we’ll introduce automotive networks, then dive into detail about diagnostic systems. Next, we’ll show open source tools for automating the reverse engineering of diagnostic systems, and finish up with some practical examples. Attendees should leave with a better understanding of how their car works, and where to go hunting for vulnerabilities in diagnostics.

 
Speaker: Ruby Rai, AIG
Topic: Cyber Insurance in Canada – What You Need to Know

Ms. Ruby Rai is an acknowledged expert in the Canadian cyberinsurance industry. She will provide a history of the underwriting experience, tips and tricks for a cost- effective cyber insurance policy, and hints on the future of cyber insurance in Canada.


Meeting Location: Michener Auditorium, 222 Patrick Street, Toronto.

Posted in Events.

March TASK: The Journey to Malware Analyst / Blue Meets Red

Wednesday 28-March-2018 // 6:00 – 9:00 PM
Meeting Location: Michener Auditorium at UHN, 222 Patrick Street, Toronto


March TASK

This month we welcome Yevgeniy Kulakov as he walks you through what to expect when you transition into the field of Malware Research, and Milos Stojadinovic and Jamie Gamble discuss how effectively using red and blue teams improve organization security.

Don’t forget our new meeting location is at the Michener Auditorium at UHN.

As always, TASK is free, registration is not required to attend, and we invite you to bring your friends and colleagues.

Any questions email info@task.to. We look forward to seeing you there!


Speaker: Yevgeniy Kulakov
Subject: The Journey to Malware Analyst

During this talk Yevgeniy Kulakov will provide an overview the path security professionals should expect to take while transitioning into Malware Research. From the first steps on how to get into the field to typical day-to-day activities, surprises, tools, skills development and advancement into research and automation. Expect tips and demos along the way.

Speakers: Milos Stojadinovic and Jamie Gamble
Subject: Blue Meets Red

This team will discuss effectively using red and blue teams improve an organizations security. We will delve in to methods organizations can employ to leverage the red/blue teams skillset, outside of traditional exercises, in order to improve blue team TTPs. The talk will also discuss general operating models and integration considerations between offensive and defensive teams in enterprise environments.


Meeting Location: Michener Auditorium, 222 Patrick Street, Toronto.

Posted in Events.

February TASK: Compendium of Creative Campaigns / Securing outbound browsing traffic in the era of mobile workspace and SaaS applications

Wednesday 28-February-2018 // 6:00 – 9:00 PM
Meeting Location: 88 Queens Quay West, Toronto
Room: 29th Floor


February TASK

This month we welcome Julian Pileggi as he shares insights into the more creative campaigns and techniques used in recent attackers, and Evgeniy Kharam discussing browsing security in the era of the mobile workspace.

Don’t forget our new meeting location is at Cisco on the 29th Floor, 88 Queens Quay West, Toronto.

As always, TASK is free, registration is not required to attend, and we invite you to bring your friends and colleagues.

Any questions email info@task.to. We look forward to seeing you there!


Speaker: Julian Pileggi
Subject: Compendium of Creative Campaigns

Responding to incidents around the world gives a unique view into some of the more creative techniques used by attackers. We’ve selected a set of recent and interesting TTPs to share with the group. Come to this talk to hear about:

  • AV Server Gone Bad: Attackers leveraging corporate AV solution (ePO) to deploy backdoors
  • Crossing The Air Gap: The way attackers were able to gain information from an air-gapped network
  • DNS Backdoor: A look at a unique piece of malware using DNS for it’s covert channels
  • Webshell OTP: A webshell that used a rudimentary form of multi-factor authentication to allow the attacker to ensure only they could access it
  • Beyond Autoruns: A backdoor used by APT32 leveraging a persistence technique which didn’t appear to get seen by AutoRuns

Speaker: Evgeniy Kharam
Subject: Securing outbound browsing traffic in the era of mobile workspace and SaaS applications

A modern user can conduct business from multiple locations and with many devices, whether in the office, on the go, or while not even using a company device. With the increase of cloud SaaS applications, it becomes harder and harder to achieve comprehensive security controls.

When designing security controls, there is a need to consider how to limit what users can do while they access the internet (ie: DLP URL/Application filtering, data bandwidth limitations, quality of service, etc.). There is also need to provide secure connectivity (ie: providing authorized and auditable secure access to the internet, preventing malware coming into the organization and providing intrusion prevention filtering to the traffic flows exiting and entering an organization, etc).

This session will provide a walkthrough of different practical security uses of technologies such as CASB and Cloud Security Gateways. Examples will incorporate security controls such as User Identification, SSL Inspection, URL/App Filtering, IPS, DLP, Sandboxing, ATP, and Logging.


Meeting Location: 29th Floor – 88 Queens Quay West, Toronto.

Posted in Events.

January TASK: Dark Caracal / Command and Conquer: Red Alert – C2 tradecraft and design

Wednesday 31-January-2018 // 6:00 – 9:00 PM
Meeting Location: 88 Queens Quay West, Toronto
Room: 29th Floor


January TASK

This month we welcome Apurva Kumar and Jeremy Richards as they discuss the Dark Caracal espionage investigation, announced on January 18 at https://blog.lookout.com/dark-caracal-mobile-apt. Lee Kagan will also join us with a tech talk on C2 tradecraft and design.

We have a new meeting location. Don’t forget to mark the new address: 29th Floor, 88 Queens Quay West, Toronto.

As always, TASK is free, registration is not required to attend, and we invite you to bring your friends and colleagues.

Any questions email info@task.to. We look forward to seeing you there!


Apurva Kumar & Jeremy Richards
Dark Caracal

Lookout and Electronic Frontier Foundation (EFF) have discovered Dark Caracal, a persistent and prolific actor running a global espionage campaign against military personnel, enterprises, medical professionals, lawyers, journalists, educational institutions, and activists.

Dark Caracal has operated a series of multi-platform campaigns starting from at least January 2012, according to our research. The campaigns span across 21+ countries and thousands of victims. Types of data stolen include documents, call records, audio recordings, secure messaging client content, contact information, text messages, photos, and account data. We believe this actor is operating their campaigns from a building belonging to the Lebanese General Security Directorate (GDGS) in Beirut.

This talk will cover the investigation and findings of the months-long investigation.


Lee Kagan
Command and Conquer: Red Alert – C2 tradecraft and design

An analysis of various C2 infrastructure design concepts for pentesters, red teams, and threat actors.

This presentation will examine the many options available when building and operating a command and control (C2) infrastructure. From the simple to the complex, Lee will cover topics such as design choices made by notable aggressors, differences in requirements between pentesters, red teams, and threat actors, other implementation considerations, OPSEC, and defensive measures. There will also be a video demonstration of a C2 in action.


Meeting Location: 29th Floor – 88 Queens Quay West, Toronto.

Posted in Events.

October TASK: Life After Breach: Ashley Madison in 2017 / Beyond OWASP Top 10

Wednesday 25-October-2017 // 6:00 – 9:00 PM
Meeting Location: 55 John Street, Toronto
Room: #308/309 (up the escalators)


October TASK

This month Matthew Maglieri talks life after the Ashley Madison breach and Aaron Hnatiw discussing common web application vulnerabilities that fall outside the OWASP Top 10 but are just as dangerous.

As always, TASK is free, registration is not required to attend, and we invite you to bring your friends and colleagues.

Any questions email info@task.to. We look forward to seeing you there!


Matthew Maglieri, CISO at Ruby Life Inc.
Life After Breach: Ashley Madison in 2017

What does it really mean to fall victim to a headline-grabbing breach? What does the aftermath of a targeted attack look like? How can you overcome the challenges needed to recover and rebuild trust with your customers?

Join Matthew Maglieri, CISO of Ashley Madison’s parent company Ruby Life Inc. and ex-Mandiant consultant, as he presents this unique look on what is really required to defend against an advanced targeted attack and recover from the scenario that keeps us all up at night.


Aaron Hnatiw, Senior Security Researcher at Security Compass
Beyond OWASP Top 10

The OWASP Top 10 is the standard first reference we give web developers who are interested in making their applications more secure. It is also the categorization scheme we give to web vulnerabilities on our security assessment reports. And finally, and perhaps most frighteningly, it is the most common framework used by organizations for securing their web applications. But what if there was more to web application security than the OWASP Top 10? In this talk, we will discuss vulnerabilities that don’t fit into the OWASP Top 10 categories, but are just as dangerous if present in a web application. Developers and pentesters will benefit from this talk, as both exploits and mitigations will be covered for each of the vulnerabilities.

Meeting Location: 55 john Street, Toronto. Room: #308/309 (just up the escalators)

Posted in Events.

September TASK: Growing Up and Out of the Sandbox: Examining information security beyond the micro-technical lens / Building machine-learning pipelines at scale

Wednesday 27-September-2017 // 6:00 – 9:00 PM
Meeting Location: 55 John Street, Toronto
Room: #308/309 (up the escalators)


September TASK

This month we have Alana Staszczyszyn examining information security beyond the micro-technical lens and Roy Firestein discussing building machine-learning pipelines at scale.

As always, TASK is free, registration is not required to attend, and we invite you to bring your friends and colleagues.

Any questions email info@task.to. We look forward to seeing you there!


Alana Staszczyszyn
Growing Up and Out of the Sandbox: Examining information security beyond the micro-technical lens

Information security’s primary principle is no secret: that the human is the security’s greatest threat. One young security student’s journey through Ontario’s home and community care sector examines the human aspect of fostering security from within the organization – as well as beyond the office. Between discovering the criminal treasure trove that is electronic health records, struggling to communicate the importance of security to colleagues amidst stringent deadlines, and grappling with acquiring organizational buy-in, this story illuminates how exactly interest can be won by those who are not security, or even IT professionals – and how they, as both employees and consumers, have the potential to be leveraged to cultivate security as a larger social responsibility.

Alana Staszczyszyn is an admittedly inexperienced but wholly enthusiastic information security analyst in the public healthcare sector, and is currently completing a degree in Information Systems Security. Her passion for security is propagated by its wide breadth of intersectionality with other fields of study. Particularly, she loves to examine the social, political, and economic implications that technology and security create.


Roy Firestein
Building machine-learning pipelines at scale

Roy Firestein, R&D Manager at eSentire, will talk about how his company deployed a machine-learning pipeline, with feedback loops, on AWS, to detect post-exploitation attacks using logs from Active Directory and endpoint agents. He will share the architectural decisions and walk us through the implementation, deployment automation and tools used in the project. By the end attendees will learn how to approach similar projects in their own companies, when to use hosted machine-learning tools or run your own, and common pitfalls to avoid.

Meeting Location: 55 john Street, Toronto. Room: #308/309 (just up the escalators)

Posted in Events.

August TASK – BlackHat, Defcon, BSidesLV Review

Wednesday 30-August-2017 // 6:00 – 9:00 PM
Meeting Location: 55 John Street, Toronto
Room: 308/309 (Go up escalator, door is just as you step off)


August TASK

This month we have our popular BlackHat and Defcon review meeting.  Below is a list of talks we hope to cover with something for everyone.  A huge thanks to those TASK members who attended and will be speaking.

As always, TASK is free, registration is not required to attend, and we invite you to bring your friends and colleagues.

Any questions email info@task.to. We look forward to seeing you there!


Download the presentation here.


  • Jeremy Richards:
    • Android APK unboxing
  • Brian Bourne
    • Intro
    • Defcon and Black Hat Highlights
    • Lies and Damn Lies: Getting Past The Hype Of Endpoint Security Solutions
  • Jamie Gamble
    • MEATPISTOL, A Modular Malware Implant Framework
    • THEY’RE COMING FOR YOUR TOOLS: EXPLOITING DESIGN FLAWS FOR ACTIVE INTRUSION PREVENTION
  • Tom Tran
    • “How We (Google) Created the First SHA-1 Collision and What it means For Hash Security”
  • Cole Stichhaller
    • Exploiting the Most Notorious C&C Toolkits
  • Eldon Sprickerhoff
    • JavaScript obfuscation
    • Safecracking
  • Cheryl Biswas
    • Threat Intel for All: There’s More to Your Data than Meets the Eye  Defcon Wall of Sheep
    • Interrogation Techniques for Fun and Profit Besides Proving Ground
  • Laura Payne
    • Icthyology: Phishing as a Science
    • Hacking Serverless Runtimes
  • Stephan Davidson
    • Backdooring the Lottery and Other Security Tales from Gaming
  • Dan Friesh
    • Introducing HUNT: Data driven web hacking & manual testing
    • Bypassing Android password manager apps without root
  • James Arlen
    • Minimum Viable Risk Management Program
  • Matt Dean
    • The Internet Already Knows I’m Pregnant

Meeting Location: 55 John Street, Toronto. Room:  308/309

Posted in Events.

July TASK: How to roll your own document tracker using macros and tracking pixels / Threat Intelligence, Debunking Advanced Persistent Threats, and Dealing with Attribution Challenges

Wednesday 26-July-2017 // 6:00 – 9:00 PM
Meeting Location: 55 John Street, Toronto
Room: Rotunda (Main floor past the elevators)


July TASK

This month we have Roy Firestein hosting a session on how you can track users in phishing campaigns using Word and Excel attachments—using macro-based and pixel-based solutions.

As always, TASK is free, registration is not required to attend, and we invite you to bring your friends and colleagues.

Any questions email info@task.to. We look forward to seeing you there!


Roy Firestein, Research & Development Lead at eSentire Inc.
How to roll your own document tracker using macros and tracking pixels

Microsoft Office documents are ubiquitous in the corporate environment, and are an excellent vector for information gathering and exploitation. While most attacks require a sophisticated vulnerability to run your payload, there are still other “non-malicious” techniques to achieve your goal. In this talk we will delve into how, at eSentire, we generate and track users in our phishing campaigns using Word and Excel attachments—using macro-based and pixel-based solutions. Some of the cool things we will explore include how to trick users into opening your .docm file and executing a PowerShell script that interrogates ActiveDirectory or starts a port scan. Sample code and tools will be released as part of the talk so you can experiment later with these techniques.


Viktors Engelbrehts, Director of Threat Intelligence at eSentire
Threat Intelligence, Debunking Advanced Persistent Threats, and Dealing with Attribution Challenges

The buzzwords of “Threat Intelligence” and “Advanced Persistent Threats” continue to be used throughout the information security (“cyber”) industry. Viktors will describe how actionable threat intelligence actually fits into the defence cycle, and where you should be skeptical (including reliable vs. unreliable attribution methods).

Meeting Location: 55 john Street, Toronto. Room: Rotunda (Main floor past the elevators)

Posted in Events.

Our Sponsors