Security Notes, News, and Thoughts

Thoughts on SecTor

Last week I had the opportunity to speak at SecTor: Canada's Premier IT Security Conference. I had heard positive feedback regarding the conference from previous years and as the conference is only in its 3rd year the number of attendees was impressive. I have attended a number of other conferences in the past year including ShmooCon, BlackHat and Defcon and I thought that the organization of this conference was impressive. For being a new conference I thought that SecTor had a great lineup of speakers, quality vendors, and some great keynotes.

From a speaker's prospective, my first communications with the SecTor team came during the Call For Papers(CFP) stage. Brian Bourne, the primary face of SecTor, was very responsive through this process and once I had been notified that I had been accepted to speak the rest of the planning started. Nanna Ng initiated the trip planning process and guided me through all the steps needed to get plane and hotel reservations handled. SecTor takes excellent care of their speakers. I was amazed at the extent they went to in order to make my trip painless.

SecTor had handled the booking for both airlines and hotel, so once I had all my presentation materials in, all I had to do was show up at the airport. After landing in Toronto there was a car waiting for me to take me to the hotel, where I was checked in without incident. The accommodations at the InterContinental hotel were great and it was attached to the conference center so it was just a short walk from the hotel room to the conference area. The SecTor team had worked to make sure that the travel was painless and the experience that they created for the speakers was amazing.

The conference itself started on Tuesday although there was some training on Monday. After some opening remarks by Brian, Chris Hoff delivered a great keynote on Cloud Computing. Chris is a great speaker and brought forth a ton of information on "the cloud" in an easy to understand way and really made all of the information mesh.

Following the keynotes the sessions started. The first session I attended was "When Web 2.0 Attacks - Understanding AJAX, Flash and "Highly Interactive Technology" by Rafal Los. Rafal is a great speaker and had some good information on some of the vulnerabilities that Web 2.0 present when implemented poorly and had some great points on how many of the old vulnerabilities that we thought had been dealt with are re-emerging in Web 2.0. I really enjoyed this talk.

Andrew Nash from PayPal delivered a lunch keynote. While this was my least favorite keynote, there was good information on identity management. Mr Nash is a good speaker, unfortunately I am not sure that it was as relevant to as many people at the conference. I thought it was interesting to hear some of what PayPal was doing, but there was no real link into how anyone else can leverage the resources or how the information pertained to us aside from that PayPal is working hard to protect our information.

The afternoon sessions were great. After lunch I headed over to see Jennifer Jabbusch's talk "Retaliation: Breaking Attack Vectors in the Infrastructure". She did a great job of explaining emerging threats on the network and what the latest standards are doing to help protect layers 2 and 3 in the network.

The next talk that I went to was by Robert Hansen (RSnake) on ""Consumerization and Future State of Information Warfare". Robert focused on where information warfare is heading and how the technology used by attackers has grown to the point where we are likely to see automated identities formed soon where automated applications role play a part in order to bring people in to their social media circle where the typical spam and malware will be distributed sparingly between meaningful information. Overall a really informative talk although the findings of his research were a little disheartening as it is obvious that the attackers are moving quickly and are very agile.

That evening was a reception and speakers dinner at Joe Badalis. I thought that this was hugely successful. I met some great people and had a chance to talk with both attendees and other speakers and it was overall a great time. The dinner that followed the reception was great and I had some awesome discussions with the other folks at the table. This was a great experience and I hope they keep this for future years.

There was no keynote on Wednesday morning and we instead went directly into talks. I attended Andrés Riancho two talks on the w3af framework. These talks took up the whole morning but the time was well spent. I learned much more about the w3af framework and where it is headed.
Andrés gave great demos and examples of everything from how to do a scan to how to write your own module. He even included some information about how w3af handles web scanning compared to other vendors. Andrés offers w3af training in case anyone is interested, so check it out if you want to know more about the w3af framework.

The lunch keynote was by Adam Laurie known as Major Malfunction. The title was "A day in the life of a hacker.." and covered some great stuff on hardware hacking. He was very engaging as a speaker and even included technical examples during the keynote which seems to be very rare. He went in-depth into how the biometric passports work and exposed some of the scarier sides of the technology that you don't normally get to see.

The rest of the day I was presenting. My first talk on Nsploit went ok, although it wasn't an overwhelming success. I'm not sure if it was the post lunch coma, if the talk was too technical, or if it was just boring but I didn't get a lot of interaction during the talk. I did get a lot of good questions after the talk though so that was nice. The second talk on BeEF seemed to go well with great interaction, some awesome questions, and people seemed to be much more into it. Overall it was a good experience but I may need to tweak the Nsploit talk if I do it again.

The conference finished with some closing remarks from Brian again. The vendor drawings were held and folks got their toys, and then a few of us went out for Mexican across the street for some more networking. Overall I got to meet some great people, hear some awesome talks, and had a great experience thanks to the organizers of SecTor. I hope that I get to attend next year, whether as a presenter again or as an attendee I know that I will enjoy it.

Thanks again to all the organizers of SecTor for making the trip memorable in a positive way. Hope to see everyone again next year.


timdau said...

I was at both your Nsploit and BeEF presentations and I got some valuable information from both of them. Sometimes people don't have questions, *shrug*. It tends to happen when you are presenting a tool, rather than a concept.

It wasn't until I got back to work that I realized I have no idea where to get Nsploit. Help?

Happy Packet said...

It's in SVN with some very basic docs, feel free to email me if you have specific issues:

svn co trunk nsploit


The Assignment House said...
This comment has been removed by the author.
Rona Wedmore said...

Securing the important public figures is the most important task of the event organizers because without ensuring security, we can never make any event successful. As it not only gives physical security but also impacts the psychological part of the person. As when I get the psychology essay from the >best psychology essays writers online, they explained that if a person feels safe mentally, then he will perform better.

casinositewiki 카지노사이트 said...

It's nice to know that there are tv media online that helps in spreading news worldwide. A social community open for everyone online, and I must say, you have done a great job. Feel free to visit my website; 카지노사이트

Essayassignmenthelp said...

Scholars frequently wonder about the rates of an educated academic pen. They try hard to develop content like an expert but fails to do so because they warrant knowledge, assignment writer can be tedious and stressful, and for a professional pen, it's a piece of cutlet because they've been doing this work a long time.
our services-
paraphrasing tool
assignment help brisbane
paper help
assignment help

johnson said...

this is one of the blog about the best smtp services
smtp relay service provider

Medical said...

As a lifelong reader and advocate for diversity and inclusion in literature, I am thrilled to see an increasing number of Black author being published

olsen lisa said...

Thank you for sharing your blog post. Your article was a delightful read. Keep up the fantastic work, and I look forward to reading more!
With Programming Assignment Help, you can get help with various programming assignments ranging from web development to game development. We provide assistance with topics such as databases, mobile applications, algorithms, data structures, and more. Our team of experts will help you write code with efficiency and accuracy, ensuring that you get the best grade possible. We offer timely assistance and provide detailed feedback and solutions to ensure that your programming assignment is completed with excellence.

kenspy said...

I have nothing more to say. It's like they've had every conversation possible while they're together, which means they don't think they need to talk to custom sexdolls each other.