Exploiting CSVs & Securing Neural Networks

This is a past event

175 people went

Design Exchange

234 Bay St · Toronto, ON

How to find us

3rd Floor - Exhibition Hall

Location image of event venue


Hey hackers! Who is excited for the next DEFCON Toronto Meetup? The group for hackers, cyber security professionals, and enthusiasts. We are excited to have you join us for our October meetup at Design Exchange's Exhibition Hall, where we will have two fantastic talks.

This month's meetup is sponsored by BlueCat Networks and Security Compass

Check them out!

BlueCat Networks - https://www.bluecatnetworks.com/
Security Compass - https://securitycompass.com/

Talk #1

Topic: Export to RCE


Often web applications will allow users to export data within CSV files. Without proper output sanitization, poisoned CSV files can be created leading to remote code execution when they're opened. This presentation assumes no prior knowledge with CSV injection and will focus on all aspects of the vulnerability (how it works, how to prevent the issue, and more).


Adam Greenhill is a senior security consultant at Security Compass. He enjoys staying up to date with the latest security trends and researching new aspects of the industry. Adam is an active member of the security community and has presented at BSides Toronto, OWASP Toronto, Toronto's Cyber Security Meetup, and Sheridan College's ISSessions.

Talk #2

Topic: Securing Neural Networks (Deep Learning)


Hackers are actively targeting vulnerabilities in Machine Learning systems to craft targeted attacks, steal sensitive information and to impact the availability of our services. Just recently, two researchers were able to easily bypass the AI-Powered Cylance Antivirus solution, acquired by Blackberry for $1.4B!

Throughout this discussion, we will share some early strategies to perform security analysis on Neural Networks (Deep Learning/Machine Learning Models). We hope the ideas shared will aid future development of Enterprise-Grade SecurityTesting solutions for Neural Networks.


Tahseen Shabab is the CEO of Bibu Labs, a leading University of Waterloo Cybersecurity startup leveraging novel AI modules to solve complex problems for Enterprise clients and MDRs. Under the leadership of Tahseen, Prof. Hassan Khan (Chief Scientist) and two University of Waterloo Professors who are advisors to the company, the firm has secured multiple Large Enterprise clients.

Before Bibu Labs, Tahseen was a Cybersecurity consultant for large Enterprise clients like IBM, A Large Bank in Canada, a Fortune 60 Telecommunication firm in US, a North American Government, and more. Tahseen was also the lead developer of IBM AppScan Source (Cloud), an Application Security (SAST) Tool which was rated Top 3 by Gartner (2017).

Is your company hiring? At every DC416 event we give hiring managers the opportunity to do a "Call for Candidates" for open IT, Development, or Cyber Security related roles.

Want to learn more about DC416? Visit our site! http://dc416.com

Missed a DC416 talk? checkout the DC416 archives. https://dc416.com/archives/

Want to give a talk at DC416? Checkout our CFP. https://dc416.com/cfp/

Join the conversation on Twitter! Share and follow along with @defcon_toronto

Interested in sponsoring a DC416 event? Checkout our sponsors page! https://dc416.com/become-a-sponsor/

Not in our slack? Join here: https://dc416.com/slack-group/