Next Meetup

Exploring Hacked Data Services & Defending against the Magecart Gang
Hey hackers! Who is excited for the next DEFCON Toronto Meetup? The group for hackers, cyber security professionals, and enthusiasts. We are excited to have you all join us for our November meetup at the BlueCat Offices where we will have 2 great talks for you! Talk #1 Speakers: Trevor Giffen & Pamela Hammer Breach Analytica: Exploring the history & design of hacked data services So. Many. Breaches. Hacked data leaks are on the rise, and hacked data services have been created to respond to a growing problem. Many of us know of and use “Have I Been Pwned?”, one of the first services to appear in 2013, but many others have been created since then. This leads up to a project release of our own: we are excited to present “Breach Analytica”, our own hacked data service that is in-the-making. We will walk the audience through the process of creating a hacked data service step-by-step, sharing what we have learned along the way. We will highlight the increasingly negative impact of hacked data services, the challenges of creating a hacked data service, and why hacked data services should be used to complement security awareness training programs. Attendees will gain valuable insights from our guided exploration of “hacked data services”, and will be the second to whom we present the release of “Breach Analytica”, our hacked data search service based on what we have learned, to improve cybersecurity awareness efforts Trev is an undergraduate student at the University of Ontario Institute of Technology, studying Networking & IT Security. He currently works as a Jr. Cybersecurity Consultant and an Independent Editorial Contractor. Previously, he completed two IT co-ops, and a cybersecurity internship in Québec. Since 2013, he has engaged with various InfoSec communities as a personal hobby. Pam is an undergraduate student at the University of Ontario Institute of Technology, where she studies Networking and IT Security. Holding a passion in security and development, Pam spends much of her time working on personal projects and engaging with the InfoSec community. In addition to her studies and personal hobbies, Pam also works as a Jr. Cybersecurity Consultant. Speaker: Talesh Seeparsan The story of Magecart: How we bred a powerful gang Open source is great for many things, especially in security, however in some ways it bares itself as the ultimate battleground between attackers and defenders. A prime example of this is the stealing of credit card data online. One gang that has become particularly prolific at this is the Magecart gang, and I’ve been defending against them for 4 years, even before they became famous and even had a name. We will explore every tried and true defence we’ve thrown up and what they and their nefarious peers have done to try to circumvent the system. Be prepared to try to decipher some JavaScript on screen. All throughout his 20 years working with web application development Talesh has also held a keen interest in the security issues. Given the recent renewed interest in web application security Talesh has started evangelizing defensive development practices and helping teams build defensive Magento sites. Some of that manifests in the security podcast at magedef.com Want to learn more about DEFCON Toronto? Visit our Website (http://dc416.com) Join our Facebook group (https://www.facebook.com/groups/DC647/) Join the conversation on Twitter! Share and follow along with @defcon_toronto (https://twitter.com/defcon_toronto) Interested in sponsoring a DEFCON Toronto event? or Join our slack by emailing: [masked]

Bluecat

4100 Yonge Street (3rd floor) · Toronto, on

Find us also at