BSides Winnipeg 2017

Saturday, November 4th, 2017

Sunday, November 5th, 2017

This talk will discuss tools that can be used to investigate emails to determine whether they are phishing attempts.

Aemilianus AKA AK is a local tech enthusiast, currently working as a Systems Administrator for Deposit Guarantee Corporation of Manitoba. He spends his day fighting with government IT systems, and his nights trying to forget his days.

The latest marketing fad and hype in our industry is the pushing of machine learning as a magic panacea for all cyber ills. We're told that by utilizing artistically crafted pixie dust and rainbow unicorn algorithms all your cyber woes can cured. Unfortunately, otherwise rational people in our industry seem to give a lot of weight to these marketing claims because 1) machine learning is complicated and 2) we've seen machine learning do some really incredible things like drive cars, beat the best Go players, "dream" crazy images, etc. This talk will illustrate some of the hype we're being bombarded with, pull back the covers on what machine learning is and how it works, present some basic statistics (Bayesian) and show why security is a much harder problem for machine learning than we realize.

Like all great cyber security thought leaders, Brandon Enright is a self-aggrandizing media REDACTED. When he isn't leading cyber infosec thoughts, he's leading cyber dreams. Brandon can factor large primes with nothing more than pencil and paper and even recite the digits of Pi in random order in arbitrary bases. Recognized as one of the great legends in machine learning, several of Brandon's machines have learned so much Harvard is working on granting them PhDs. Rumor has it that shortly after Elon Musk met Brandon, Elon bought a small island in the south pacific for shelter and revised his estimate of the coming singularity up a decade. Brandon is why Bruce Schneier has trouble sleeping at night.

This talk will discuss some of the core design objectives Fastly had regarding their WAF implementation. Christian will discuss the design of Fastly's custom Modsecurity toolchain, and the need to thoroughly test both their code and WAF rule sets using the FTW WAF testing framework. He will discuss how continuous testing of their rules and toolchain helps identify WAF evasion and technical issues which are used to improve their technology. Finally Christian will discuss some findings and insights that we have shared with the OWASP and security communities.

Christian has 17 years experience in cybersecurity and security based open-source engineering and development. At Fastly Christian performs threat and vulnerability research, prototype and proof of concept development.

Commercial radio communications have evolved from islands of single-media, low-datarate "dumb" analog repeaters to interconnections of multiplexed, high-speed, self-optimizing multimedia networks. Due to budgetary and legacy reasons, many amateur radio systems have not changed notably in the last decades. Unwilling to let this great hobby (and emergency resource) atrophy, the dedicated VA4WAN group is installing a High-Speed MultiMedia "HAMWAN" around and beyond Winnipeg, repurposing donated 2.4/5.8ghz outdoor Wi-Fi gear into the 2.3/5.9Ghz amateur radio frequency bands. This presentation introduces the amateur radio hobby, the VA4WAN project's goals, methods, current status and future plans.

Involved in many Winnipeg technology communities, businesses and projects since a young age, Colin has very in-depth experience in all aspects of networking, PCs and long-distance/rural wireless networks.

Metasploit's getsystem makes us lazy and hides a very interesting phase of penetration testing. Sometimes it simply fails. This talk will cover basic Windows and Linux privilege escalation commands and methods.

Dmitry currently works at iQmetrix as Software Developer and PCI Internal Security Assessor. He likes to design and develop software for payment terminals during the day and play with vulnerable VMs during the night.

Scraping data from the Internet is an old practice, but one that is more and more popular these days. Pricerazzi scrapes pricing and product data from retailers to facilitate price matching. Unsurprisingly, retailers have a wide range of quality in their sites, apps, and systems; they have seen many questionable things ranging from simple poor practice to severe security issues. This will be a discussion on the state of retail websites in 2017.

Jason currently works at Pricerazzi as Lead Software Developer, he went through the Computer Science Co-op Program at the University of Manitoba and has been working as a developer for around 8 years. He spends his spare time working on web scraping projects and fixing his house.

Kevin is a computer science undergrad with a passion for learning about artificial intelligence. He spends his day as a developer for Pricerazzi dealing with the joys of web scraping.

We are inundated with Information about high-cost solutions for info sec problems, but there are several free or low-cost solutions out there that are suitable for self-education or use in small businesses. Examples would include Snort, open source Tripwire, free honeypots, and Nessus Home as well as most of the tools in the Kali Linux distro. Without going into great detail on any of these, Mark will show how they can be combined into a comprehensive solution to some of the critical security controls either as a test lab or for zero-budget targets.

Mark has been in IT since late in the previous century, filling a wide variety of roles and continuing to prove that there is room in IT for a jack of all trades with a short attention span and good people skills. He arrived to the information security role pretty recently and is drinking from the Fire Hose of Knowledge in order to catch up.

Mark is still obsessed with what he calls secure bootstrap problems: 1) how do you know you're actually running a desired system and program build? and 2) how do you know a compiled program matches source? The latest state of the art will be reviewed, possibly including diverse double-compiling, Heads (Trammell Hudson), Joanna Rutkowska papers, reproducible builds, and non x86 prospects for owner-controlled computing.

Mark is a Winnipeg-based IT double-threat (ops and dev) who works at the University of Winnipeg Library. He's a Bachelor of Computer Science graduate (University of Manitoba 2006) and Linux Foundation Certified Engineer (LFCE). Mark spoke at BSides Winnipeg 2013 and 2015.

With public cloud adoption accelerating by all measures, the task of understanding how to deploy secure applications and architectures using the tools available in these environments is increasingly complex. This talk will cover the important aspects of public cloud security including products and tools available, compliance management, application and architecture design, identity and access management, and general best-practice.

Mike has an undergrad degree in Mathematics and a Master's degree in computer engineering focusing on computer network security. These days he does "cloud" stuff professionally, focusing on architecting and building applications and systems using public cloud technologies. Mike has several AWS certifications, enjoys powerlifting, loves cats, and volunteers with the Canadian Cyber Defence Challenge.

When Mike started learning buffer overflows, he thought it was something everybody else already knew. But the reality is, there are lots of us, just like hi,, who want to know more but are either overwhelmed by the idea that buffer overflows are beyond their capabilities or just don’t know where to get started. This is a 101-level talk; it’ll talk about how a buffer overflow works, how to fuzz an app to identify an overflow opportunity, and how to create a simple overflow that will result in a compromise of a target system. If you can already smash the stack, spray the heap, and write ROP chains in your sleep, this isn’t the talk for you. If you want to learn more about how simple buffer overflows work and how to write them, this talk is for you. When you leave, you will have the information necessary to help you write your first overflow when you walk out the door.

Mike's love of IT started in the third grade when he discovered he could view the code of BASIC programs on an Apple ][e. Mike now performs penetration testing and vulnerability assessments for a multinational agribusiness corporation. He has held many information technology and IT security positions, including developer, network administrator, system administrator, security architect and security incident handler. Mike holds the OSCP, ISC2 CISSP, and GIAC GPEN, GWAPT, GMOB, and GCIH certifications. When he is not at work, he is an avid kayak fisherman and member of a local horn rock band.

Recent years have seen the scanning the entire IPv4 Internet become more and more commonplace. Rob has gone and compiled a database of reverse DNS records for every IP address. What information can be extracted from them? Perhaps secure-admin.someprovider.com might not have been the smartest name to use. This presentation will go over how he was able to reverse DNS the entire world, as well as some examples of interesting entries.

Rob is an active player in Winnipeg’s tech scene, lending his talents to a variety of entrepreneurial and startup ventures. He is currently Founder and CEO at Pegboard Hosting and a Founding Director of Coldhak. His previous community involvement has included serving on boards of SkullSpace and the Manitoba Unix User Group (MUUG). Previous titles include developer, systems admin, CTO, etc.

Let's talk about risk assessment and personal security! As technically inclined people, we are at an advantage when it comes to our privacy and security. We are more aware of the risks and consequences associated with our use of technology than the average person. For them, standard security advice is overwhelming, unrealistic and failure to comply comes with intangible consequences. Sensationalist media coverage of obscure DDoS attacks from China combined with the reality that people tend to suck at assessing risk means that the average person is more worried about the Russian government reading their email than they are of giving their own password away. On the other side of things, as professionals who have some idea of what actually can go wrong, our trouble with assessing risk tends to take us in the opposite direction. We lock everything down to the point of missing out on some of the cool things that our tech can offer us. This talk looks at how we can help ourselves and the people around us better assess their risk so we can start giving more realistic advice.

Sarah started her education in technology by hanging out with IT professionals and hobbyists who were passionate about their projects. She grew that interest by volunteering at conferences and asking lots of questions. When she finally had more questions than her friends could answer, she decided it was time for a more formal education. She started with Applied Computer Science and Business Administration at University of Winnipeg, then studied Digital Forensics, Penetration Testing and Ethical Hacking at Glasgow Caledonian University in Scotland before transferring into the Business Information Technology program at Red River College. She is currently on the board of technology student group, Bits and Bytes Association. Never quite satisfied with her current level of knowledge, Sarah is always working to strengthen her skills and build her expertise by taking on side projects and talking to people more experienced than herself. Upon graduation (expected: June, 2019), she wants to work as a security analyst. She enjoys hipster coffee, going to the gym, and Instagramming her food. You can find her on the Internet as @punkrockgoth.

Border Gateway Protocol or BGP for short, is the standardized, open protocol that allows ISPs of all sizes to form routing relationships with other ISPs, carriers, and Internet Exchanges. Theo will talk about challenges he has faced operating his own personal BGP Autonomous System (as395089) since April 2016.

With nearly two decades experience working with Manitoban ISP networks, Theo has long toiled behind the scenes of many ISPs and enterprises bringing the Internet to people. He continues to be involved in the local Internet provider community through things like the Manitoba Internet Exchange (MBIX), and the Manitoba Network Operator Group (MBNOG), and currently holds a director position on the MBIX board, as well as a volunteer network operator role at MBIX.

Conducting assessments against 2500+ machines is very different than conducting smaller 500 or less assessments. This talk will provide basics on managing these sorts of assessments, and provide tips for automating repetitive tasks to allow you to maximize your engagement time. This includes useful tools Tim has found, custom scripts, and writing basic Metasploit Aux modules to get things done fast.

Tim Jensen is a Senior Penetration Tester with AppSec Consulting, based out of San Jose California. Tim lives in Fargo, ND USA and greatly enjoys Network, Physical, and Wireless testing. When not obsessing over hacking, Tim spends time playing with Software Defined Radios, volunteering, and going on adventures.

The Microsoft NTLM authentication protocol has been around since 1993, and remains widely supported 24 years later. In this talk, Travis will discuss NTLM relaying, a powerful, ubiquitous attack against networks that support NTLM authentication, the potential impact of these attacks, and techniques to protect your network.

After obtaining a Master of Science in computer engineering focussing on computer security, Travis took a break from InfoSec for a couple years to write autopilot software for UAVs. Now he's back, working at MERLIN to help to keep schools safe from the bad guys, while educating future white hats by volunteering as part of the infrastructure and challenge team for the Canadian Cyber Defence Challenge.

If we did a typical IT Risk assessment of the Titanic before its maiden voyage, would it have sailed? Would the risk of loss of life come in as "Medium-Low" with a Low likelihood? Would the risk practitioners have focused on an incremental approach of adding another 4 lifeboats, and putting in an initiative in the next fiscal year to fund four more? A tongue in cheek look at the typical problems with risk assessments in IT Security.

William has been in the Information Security field for 5 years. William worked as an Information Security Specialist at MTS conducting penetration testing, vulnerability management and risk assessments. He currently works as a Senior Information Security Analyst at Great-West Life specializing in Penetration Testing. William has a Bachelor of Computer Science from the University of Manitoba and has obtained his Offensive Security Certified Professional (OSCP) and Offensive Security Certified Expert (OSCE) certifications.

An overview of techniques for bypassing web application firewalls, and how to use them in conjunction with automated testing tools to validate the efficacy of application defenses.

Yvan has been in computer security for many years, and in information technology for even longer. He's spoken at several conferences, and had positions with several companies whose names you would recognize. Yvan likes to live on the edge, by doing things like letting conference organizers write bios for him.