Topic: Recon 2 Root Speaker: Jeremy Richards Jeremy will demonstrate the usage of BackTrack 2.0 (a live linux penetration testing distribution) to perform a staged penetration test from initial recon and knowledge gathering, to identification of logical and software vulnerabilities and, finally, the tools used to exploit these vulnerabilities. Jeremy has been performing network and application based security audits for financial institutions, critical infrastructure, as well as government and...

Read More »

Technical Level: All Levels (Mostly technical) Topic: Introductions Presentation: Click here for PPT Speaker: Fred Hopper Topic: PCI DSS 101 - An introduction to the Payment Card Industry (PCI) Security Standards Council's Data Security Standard - what it is, where it came from and why your shop may find it useful, even if you do not process credit card data. Presentation: Click here for PPT...

Read More »

Technical Level: Intermediate Speaker: Seth Hardy Key and Identity Management With PGP There are many introductory tutorials out there on PGP (and its open source equivalents), but few seem to touch on one of the most important aspects of it, why many people choose to use it: key and identity management. It's been said that key management is the hardest (and worst) part of cryptography; trust is hard to manage because it's both very important and completely intangible. There's a reason why...

Read More »

Technical Level: Intermediate to Advanced Speaker: Bruce Cowper, Rodney Buike With launch of Windows Vista, there is much speculation about the new approach to securing Windows and the numerous security features in the operating system. This session will be hosted by Microsoft and provides an opportunity to see and discuss ‘the most Secure version of Microsoft Windows to date’. You will be taken through an in-depth look at feature functionality as well as given an opportunity to ask your security...

Read More »

Technical Level: Advanced Speaker: Larry Gagnon and Robert Beggs One of the most exciting area in the field of data forensics is live system response - the collection and analysis of forensic evidence from a live system that has been compromised, or during the actual attack itself This seminar will demonstrate the process for responding to a security incident involving a live system, including a hands on demonstration of tools and a walk through of writing and using a script for automated data collection By the end of the seminar, you will know how to collect the maximum amount of information from a live system before starting more conventional forensic analysis of a system hard drive ...

Read More »

Technical Level: Intermediate to Highly Technical. Speakers: Brian Bourne, Robert Beggs, Bruce Cowper For those of you who haven't had the opportunity, we'll be re-visiting Hidden Rootkits in Windows. We'll demo Hacker Defender and FuTo... we'll discuss hardware virtualization rootkits and most importantly we will focus on detection and removal. In addition, Robert Beggs and Bruce Cowper will discuss some of their findings with detection and removal of malware. We also hope to have...

Read More »

Technical Level: Intermediate Speaker: Andrew Graydon, CTO, BorderWare Technologies Inc. VoIP is no longer hype. It’s a business reality. Gartner predicts that 90% of all new corporate telephone networks will be IP-enabled and based on SIP protocols by 2008. It’s only a matter of time before VoIP becomes a mission critical communication system. Still, concerns remain around the security of VoIP and the underlying SIP protocol, fearing that they are susceptible to similar types of threats and exploits that plague the Web and email. Today organizations of all sizes need to evaluate and understand the security measures available that allow companies to deploy real-time messaging, voice, data, video and other SIP based applications with confidence. ...

Read More »

Technical Level: Highly Technical. Speakers: Jeremy Richards, Robert Beggs, Sue McGlashan, Jay Graver, Marcelo Tamaki, Brian Bourne, Gord Taylor, Jason Lam In this presentation, we'll cover the highlights of each conference. The new exploits and tool releases, new research and make sure you know what you missed out on! This is the MUST ATTEND TASK event of the year. If there is any specific topic you'd like covered, be sure to contact us and let us know. Reference: Defcon Official Website...

Read More »

Technical Level: Intermediate Technical. Speaker: Dave Millier, SentryMetrics Leveraging both open source and commercial tools, discover how to transform raw logs from security and non-security devices into meaningful information. Get the information that both IT and senior management need for both day-to-day and long-term planning. Turn millions of daily events into meaningful reports, alerts, or action items. Turn down the "noise" and turn up the value from systems you've already...

Read More »

Technical Level: Highly Technical. Speaker: Glen Lewis, Workbrain.com Glen will talk about loopholes in web-based enterprise applications, starting with simple problems like cross-site scripting and SQL injection, all the way up to impersonation and unauthorized access. Topic: Security Risks beyond the Network: Developing Secure Solutions Technical Level: Highly Technical. Speaker: Jeff Zado, Senior Product Manager, Microsoft Canada Ensuring that your organization’s applications are secure is no longer just about firewalls, networks and simple authentication. Security is a big challenge for organizations and the price of failure could mean disastrous results for companies and shareholders. But I am sure that you all know this, as you are security experts. However, developing secure software is a relatively new discipline that organizations are adopting and integrating throughout the software development lifecycle. In this talk we will look at common application security issues, how companies can identify them earlier in the development lifecycle and how Microsoft solutions can be leveraged to assist you and our organizations. ...

Read More »