Technical Level: Intermediate. Speaker: Bruce Cowper, Microsoft Canada Many organizations have both heterogeneous and geographically distributed systems. Branch offices, Identity Management, collaboration and interoperability present their own challenges. With the release of Windows Server 2003 R2, there are many new and improved features that help you with these scenarios. In this session we will be taking a Security focus on real world scenarios based around Windows Server 2003...

Read More »

Technical Level: Highly Technical. Speaker: Jeremy Richards Linux Live CDs - A penetration testers dream come true -- It's a fully operational linux distribution running in RAM. Hundreds of auditing tools, exploits, scanners, and more. Turn your laptop into a professional auditors platform in a single reboot. We will cover WHAX (previously called Whoppix) and Auditor - two seperate LiveCDs. Live demonstrations of: Audit wireless security, Cracking WEP in 10minutes -- Kismet...

Read More »

Technical Level: Non-Technical. Speakers: Bernedette Schell, Michelle Warren, Harry Benz This month’s TASK meeting will focus on beginning a new career in Information Security, or enhancing your technical and social skills to improve your success in your present career. Our invited speakers will cover the current IT and IS environments in Canada, the changing role of women, technical and soft skills, and the process of preparing for, and successfully applying for, positions in security. Speakers...

Read More »

Technical Level: Highly Technical. Speaker: Brian Bourne and Christopher Diachok Miss us at InfoSec? Here's your chance to see a server behind a firewall, running current A/V being rooted! Rootkits are a word familiar to everyone in the security community, but generally only available to the underground community. A rootkit represents one of the most powerful and dangerous weapons in a hackers toolkit. You need to learn what the blackhats already know. This session will demonstrate...

Read More »

Technical Level: Varied. Some Deep, some not. Speaker: Various DefCon Attendees In case you didn't already know - DefCon is "The largest underground hacking event in the world". If you haven't been, you simply don't know what you're missing. In this presentation, we'll cover the highlights of the conference. The new exploits and tool releases, any new research and make sure you know what you missed out on! Also check the DefCon 13 website....

Read More »

Technical Level: Introduction to Cryptography Speaker: Robert Beggs Cryptography, or “hidden writing”, allows the confidentiality and integrity of electronic data to be preserved when stored or transmitted across an insecure medium such as the Internet. This seminar will provide a hands-on approach to understanding and implementing cryptography. Topics covered will include steganography, private key and public key encryption, a brief overview of Public Key Infrastructure (PKI), hashing...

Read More »

SQL Injection Speaker: Cameron "nummish" Hotchkies, B.Eng Web application attacks take advantage of the fact that most firewalls allow traffic to pass through to the web server. SQL injections, one of the more powerful web attack methods, are fairly easy to learn and understand. This presentation will show everyone how different SQL injections work, as well as useful ways that they can be mitigated by developers. Expect to see demos and code for this presentation. Cameron is one of the founders...

Read More »

Password Vulnerabilities Speaker: Brian Erdelyi, CISSP Brian Erdelyi, a member of the TASK user group and founder of The Security Hive will be presenting on the fundamental concepts of identification (who you are) and authentication (proving you are who you say you are). There will be an in-depth discussion of password vulnerabilities and demonstrations of how attackers exploit these vulnerabilities using the latest software tools and techniques. Learn how attackers capture passwords transmitted on networks and crack Windows, Unix and Web application passwords. Wrapping it up will be a discussion of how you can mitigate these risks. ...

Read More »

Brian Bourne and Christopher Diachok, CMS Consulting Inc. Attack!!! A look at hidden root kits, alternate data streams, priviledge escalation and more. The presentation will take a look a popular attack techniques and tools. Presentation: PDF Here Robert W. Beggs, DigitalDefence "Bringing Down the (Fire)Walls" Nearly every organization has a firewall in place to protect their internal network from the dangers of the...

Read More »

Defence in depth is the military practice of layering defences to provide added protection. Defence in depth increases security by raising the cost of an attack. This system places multiple barriers between an attacker and your business-critical information resources: The deeper an attacker tries to go, the harder it gets. These multiple layers prevent direct attacks against important systems and avert easy reconnaissance of your networks. Tonight's speakers will explore how this practice can be used to secure a network architecture.

...

Read More »