• Threat Intel Dumpster Diving & A Day in the Life of a Vulnerability Researcher

    Hey hackers! Who is excited for the next DEFCON Toronto Meetup? The group for hackers, cyber security professionals, and enthusiasts. We are excited to have you join us for our July meetup at a new venue - Design Exchange's Exhibition Hall, where we will have two fantastic talks. This month's meetup is sponsored by Trend Micro and in partnership with Design Exchange - Toronto's Design, Tech, and Innovation Hub! Check them out! Trend Micro - https://www.trendmicro.com Design Exchange - https://www.dx.org/ Talk #1 Topic: Digital Dumpster Diving for Threat Intel Abstract: 8 years ago while leading an engagement, Chandra created a stager that downloaded an encoded string from Pastebin. This string would decode to the malware that he was trying to deploy. Websites like Pastebin & Gist are often used by developers and whitelisted at most organizations. Chandra saw an opportunity to exploit this inherent trust to deliver a desired payload. After the engagement, he wondered if other attackers were trying to do the same thing. This was the start of his digital dumpster diving quest. Now there are several campaigns both sophisticated and unsophisticated leveraging text dump sites and blogging platforms to deploy their payloads. Bio: Chandra Majumdar has been working in the trenches of InfoSec for over 15 years, focused on developing threat detection capabilities. He started hacking back in the Dial-Up internet days because he did not like running ISP’s custom dialer which served Ads and enforced time limits. His team won a Black Badge at Defcon 19 for winning the badge hacking contest. He Founded ByteSec Labs, a boutique security research company. Chandra is also the Co-Founder and CTO of ElevatedPrompt Solutions, specializing in Threat Intelligence, Threat Hunting, Incident Response and Penetration testing. In his spare time, he likes to hack the airwaves, IoT and Reverse Engineer embedded electronics. He is currently working on an open source man in the middle platform using Orange Pi R1 or NanoPi R1 - https://github.com/elevatedprompt/mitm_toolkit. Talk #2 Topic: A Day in the Life of a Vulnerability Researcher at the Zero Day Initiative Abstract: Have you ever wondered what happens after you submit a report to the Zero Day Initiative (ZDI)? What happens behind the scenes of the Pwn2Own hacking competition? What does an average day of a vulnerability researcher of ZDI look like? This talk is going to answer all these questions and provide a peek into the life of a ZDI vulnerability researcher. Bio: Vincent Lee is a vulnerability researcher at Trend Micro’s Zero Day Initiative (ZDI) program. His primary role involves performing root cause analysis and determining the exploitability of ZDI submissions. Prior to joining ZDI, Vincent served as a researcher at TELUS Security Labs, where he looked at known security issues to provide detection guidance to a variety of security solution vendors. Vincent has a BASc in Computer Engineering from the University of Toronto and is working towards his CISSP designation. He has previously presented at the BSidesTO, the Mexican and Chilean chapters of the 8.8 security conference, published numerous blogs posts on security issues in various enterprise software, and discovered vulnerabilities in products from Microsoft, Adobe, and Hewlett Packard Enterprise. Is your company hiring? At every DC416 event we give hiring managers the opportunity to do a "Call for Candidates" for open IT, Development, or Cyber Security related roles. Want to learn more about DC416? Visit our site! http://dc416.com Missed a DC416 talk? checkout the DC416 archives. https://dc416.com/archives/ Want to give a talk at DC416? Checkout our CFP. https://dc416.com/cfp/ Join the conversation on Twitter! Share and follow along with @defcon_toronto Interested in sponsoring a DC416 event? Checkout our sponsors page! https://dc416.com/become-a-sponsor/ Want to join our slack? E-mail us at [masked]

    11
  • Pride Toronto X Trace Labs OSINT CTF for Missing Persons

    Hey hackers, want to help find missing people while sharpening your OSINT skills? Then form a team for this full day special edition of the Missing CTF with Trace Labs and Pride Toronto. Refreshments and lunch will be provided! All participants who want to compete must signup on Eventbrite to form a team of no more than 4 before Friday June 7th at 5PM. Registration Link: https://www.eventbrite.ca/e/pride-toronto-x-trace-labs-missing-ctf-osint-ctf-for-missing-persons-tickets-61855153429 Looking for a team? Join the Trace Labs slack and head on over to the #prideto channel to find some teammates! Trace Labs Slack Registration Link: https://join.slack.com/t/tracelabs/shared_invite/enQtNjUyMDAxOTc0ODg3LWFiYTVlYjNiZmFiNTk5OGE0MjMxMDQ2YzdjZGEwOThiZTVhNTc1MjUzZjllY2JmMjVjYWQ4YzMyZjZkYmU1YmU This event will feature teams of professional investigators and OSINT enthusiasts collaboratively conducting online searches for Missing Persons while sharpening their OSINT skills. Individuals of all skill levels are encouraged to participate! We will be joined by the following speakers at our event: Lusia Dion, Founder of missingadults.ca, a website dedicated to increasing the awareness of cases involving long-term missing and unidentified adults. Lusia will be delivering a talk on “The Power of Collaboration”. Radar, Cyber Security Professional who will deliver a talk on “An Introduction to OSINT Tools & Techniques”. Danny Vacar, Security Consultant at Security Compass who will deliver a talk on “Practical OSINT - a walkthrough of Common Tools". What is Trace Labs and how does the Missing CTF work? Trace Labs is a nonprofit organization whose mission is to accelerate the reunification of missing persons with their families while training members in Open Source Intelligence (OSINT). The missing persons issue is getting worse and requires modern and scalable solutions at various levels to help mitigate risk to society. Trace Labs leverages an intelligence platform that enables the of collection of OSINT to power these crowd-sourced community CTF events. These CTF events allow missing persons to receive the attention that is needed early in the search process. This event will be comprised of 8 missing persons from the Greater Toronto Area. If you are not familiar with the Trace Labs CTF, the point system is documented here: https://www.tracelabs.org/getinvolved/ctf/ Rules: https://www.tracelabs.org/getinvolved/ctf/ctf-rules Prizes for top 3 placed teams are as follows; 1st place - Up to 4 $100 amazon gift card. Security Compass hoodies, Hunchly Licenses & 1 Intel Techniques Virtual Training License 2nd place - Up to 4 $50 amazon gift card + Security Compass T-shirts 3rd place - Up to 4 $25 amazon gift card + Swag bag To learn how to prepare for the event, check out the preparation details in the EventBrite.

    7
  • Building Security Awareness & World-Class Pen Testing Programs

    Hey hackers! Who is excited for the next DEFCON Toronto Meetup? The group for hackers, cyber security professionals, and enthusiasts. We are excited to have you all join us for our May meetup at Pivotal Labs where we will have some great talks for you! This month's meetup will be a joint DC416/Leading Cyber Ladies event with food and soft drinks sponsored by Cycura! Talk #1 Topic: Building a Security Awareness Program Abstract: A Security Awareness Program is imperative to building a strong security culture at an organization. Neetika Bhargava, Information Security Specialist at Prodigy Game, will go over the techniques on how to build a tailored security awareness training for various teams. This presentation will focus on how to develop training for your development, sales, marketing, customer support, and operations teams. Bio: Neetika Bhargava is an Information Security Specialist at Prodigy Game where she works to build their information security program. Prior to Prodigy Game, Neetika worked at TD Bank and Deloitte Canada where she consulted for clients in the public and private sector. Her core skill sets include conducting cyber security assessments, application security, cloud security, and translating data privacy laws into information security initiatives. Outside work, Neetika is the co-organizer of Leading Cyber Ladies - Toronto chapter, and is a volunteer at Hack Student, a non-profit organization that organizes cybersecurity workshops for middle and high school students. Talk #2 Topic: Building a First-class Penetration Testing Program Not all Pen-Testers are created equal, and neither are Pen-Testing Programs. Melinda Coultar, Director of Consulting at Cycura, an offensive security research and services company, explores how to build a successful penetration testing program as a customer or a consultant. This presentation will discuss program design and delivery, project management for testing, resource matching, and stakeholder engagement issues that commonly affect the outcomes of testing programs. Bio: Melinda Coultar has been a Security Practitioner for more than 5 years and currently holds GIAC GSTRT and SSCP designations. Her focus within the industry to date has been on SDLC Security, Governance and Web Application Hacking. She is currently the Director of Consulting at Cycura in Toronto. In addition to managing the growth and delivery of Consulting Department services at Cycura, Melinda has prepared and delivered numerous workshops and tabletop exercises for Cycura clients ranging from IR Preparedness and Red Team Exercises to Secure Coding and Secure SDLC Workshops. In her spare time, Melinda enjoys participating in CTFs, is an active participant in the HackerOne bug bounty program and is a fledgling reverse engineer. She is currently pursuing a degree in Biology at Harvard University and looks forward to applying her love of science and security to securing evolving biotechnologies in the future. Is your company hiring? At every DC416 event we give hiring managers the opportunity to do a "Call for Candidates" for open IT, Development, or Cyber Security related roles. Want to learn more about DEFCON Toronto? Visit our Website! (http://dc416.com) Missed a DC416 talk? checkout the DC416 archives. (https://dc416.com/archives/) Want to give a talk at DC416? Checkout our CFP. (https://dc416.com/cfp/) Join the conversation on Twitter! Share and follow along with @defcon_toronto (https://twitter.com/defcon_toronto) Interested in sponsoring a DEFCON Toronto event? Checkout our sponsors page! (https://dc416.com/become-a-sponsor/) Want to join our slack? E-mail us at [masked]

    3
  • Exploring Tactical Threat Intel & The Dark Market Economy

    Hey hackers! Who is excited for the next DEFCON Toronto Meetup? The group for hackers, cyber security professionals, and enthusiasts. We are excited to have you all join us for our April meetup at Pivotal Labs where we will have some great talks for you! Food and soft drinks sponsored by Elevated Prompt! Talk #1 Speaker: Dhruv Majumdar Topic: Effective Threat Hunting with Tactical Threat Intelligence Abstract: Continuous threat hunting is a proactive approach to identifying threats within the environment while adopting the assumption of breach mentality. Find out why threat hunting is important and learn some key points when implementing threat hunting in your organization. Incorporating threat intelligence into your daily hunts; and what is required in a successful threat hunting platform. Some freebies for the attendees: - Analysis of Intelligence Reports - Competing Hypotheses - YARA Rule Development - STIX Framework - Importance of Building a Campaign Heat Map - Enriching and Understanding Limitations leveraging RedTeam Simulations of specific APT groups. Bio: A seasoned Threat Researcher and Cyber Threat Intelligence professional, Dhruv Majumdar is ElevatedPrompt’s Threat Hunting division technical lead. Dhruv’s previous experience as an enterprise SIEM architect, strategic adviser, and ICS network and core infrastructure monitoring team lead continues to pay dividends through his guidance of our MDR Threat Hunting Team Talk # 2 Speaker: Abhinab Chakraborty Topic: Digital Evolution and Dark Market Economy Abstract: The evolution of the e-commerce space has enabled businesses to tap into new markets. Cybercriminals have adopted similar technologies to sell personally identifiable information on underground marketplaces. With law enforcement cracking down on these marketplaces and hacking forums, threat actors are leveraging alternate means of communications. With this topic of discussion, the presentation will be an open platform for security professionals to discuss current challenges with collection of such intelligence, and practical techniques to overcome such challenges. Bio: Over his career, Abhinab has worked with organizations in multiple industries to enhance their cyber defenses and threat intelligence collection and analysis strategies. Abhinab is also an Internet of Everything (IoE) enthusiast, understanding that society's increasing reliance on digital technologies is expanding our attack surfaces, translating to increased risk of data breaches. Is your company hiring? At every DC416 event we give hiring managers the opportunity to do a "Call for Candidates" for open IT, Development, or Cyber Security related roles. Want to learn more about DEFCON Toronto? Visit our Website! (http://dc416.com) Missed a DC416 talk? checkout the DC416 archives. (https://dc416.com/archives/) Want to give a talk at DC416? Checkout our CFP. (https://dc416.com/cfp/) Join the conversation on Twitter! Share and follow along with @defcon_toronto (https://twitter.com/defcon_toronto) Interested in sponsoring a DEFCON Toronto event? Checkout our sponsors page! (https://dc416.com/become-a-sponsor/) Want to join our slack? E-mail us at [masked]

    3
  • Exploring Cyber Security Law & Building a Custom OSINT CTF Platform

    Hey hackers! Who is excited for the next DEFCON Toronto Meetup? The group for hackers, cyber security professionals, and enthusiasts. We are excited to have you all join us for our March meetup at Pivotal Labs where we will have some great talks for you! Food and soft drinks sponsored by Rapid7! Talk #1 Speakers: Chetan Phull & Idan Levy Topic: Legal Aspects of Data Privacy, Cybersecurity, and Cryptocurrency Abstract: This talk will provide an overview of data privacy and cybersecurity law in Canada, and the laws applicable to blockchain and cryptocurrency. Come listen for an overview of legal issues that will need to be managed for development of any online platform based in Canada. With respect to data privacy, we will discuss the legislative landscape, legal guidance on cybersecurity standards, breach reporting obligations, and data residency with the potential for foreign intervention. With respect to blockchain, we will discuss the developing concept of “security tokens”, foreign issued tokens traded OTC in Canada, and financial institution regulations. Bios: Chetan is a lawyer with software development experience and is the founder of Smartblock Law (www.smartblocklaw.com), a cyber tech law firm in Toronto focused in blockchain, data privacy & cybersecurity, IT contracts, and litigation. Chetan is also an international speaker on cross-border legal management of blockchain operations. Some of Chetan's past speaking engagements have included law seminars for the Ontario Bar Association and the Dubai Government. Chetan is also a blockchain law instructor with York University and Osgoode PD. Idan works as a Student-At-Law in all cyber-related practice areas of Smartblock Law. During law school, Idan worked for a large wholesale nutrition company. That experience exposed him to various issues in the law of corporations, commercial contracts, and consumer protection. Idan also has over two years’ experience in software marketing with Spar Group Inc., where he designed and implemented guerilla marketing campaigns for large software and technology brands, including Fitbit and Nest. Talk # 2 Speaker: Peter Vicherek Topic: How We Built Saigar: The First OSINT CTF Platform for Missing Persons Abstract: As hackers, what do we do when no tool does the job? We go ahead and create our own! This talk will dive into how the Saigar team created the first ever OSINT CTF platform dedicated to locating missing persons across the world. We will discuss why a custom platform was needed for this, the journey building it, some of the many lessons learned along the way, and how they can be applied to cybersecurity. Finally, we will demo features of the platform and discuss improvements for the future. Bio: Over his career, Peter has specialized in information security and software development. He has been tinkering with various programming languages and building tools since he was 12 years old. He now spends most of his time working with tech startups to develop and launch their software products. Peter's focus right now is working to launch the world's first dedicated OSINT CTF platform to assist organization's like Trace Labs in collecting and managing OSINT. Is your company hiring? At every DC416 event we give hiring managers the opportunity to do a "Call for Candidates" for open IT, Development, or Cyber Security related roles. Missed a DC416 talk? checkout the DC416 archives here: https://dc416.com/archives/ Want to learn more about DEFCON Toronto? Visit our Website! (http://dc416.com) Join the conversation on Twitter! Share and follow along with @defcon_toronto (https://twitter.com/defcon_toronto) Interested in sponsoring a DEFCON Toronto event? E-mail us at [masked] Want to join our slack? E-mail us at [masked]

    5
  • Linux Investigations & Hacking the CI/CD pipeline

    Hey hackers! Who is excited for the next DEFCON Toronto Meetup? The group for hackers, cyber security professionals, and enthusiasts. We are excited to have you all join us for our February meetup at Pivotal Labs where we will have some great in depth technical talks for you! Food & soft drinks sponsored by Mandiant, a FireEye Company. Talk #1 Speaker: Julian Pileggi Topic: Introduction to Linux Investigations Synopsis: This talk is geared towards an analyst who may need to investigate an intrusion into their systems from an external threat actor. This talk will cover some of the basics in performing incident response on a single, Linux-based system. We’ll talk about what artifacts are available to review, and some best practices to make sure your environment is as investigation-friendly as possible in the case where an investigation is required. Drawing on years of incident response experience, this talk has been tailored for the novice analyst or IT professional interesting in learning about the field of Incident Response and Digital Forensics. We'll cover some of the most useful artifacts to know that will help you get most of what you need in the shortest time possible. This talk will include technical content, but is geared towards everyone. Bio: Julian Pileggi is a Principal Incident Response Consultant at Mandiant, based in Toronto, Canada. His areas of expertise include enterprise incident response, digital forensics, threat hunting and security operations center team development. Prior to his employment at Mandiant, Julian worked at a large financial institution within the security operations and incident response team. Talk #2 Speaker: Geoff Heymann Topic: Your CI/CD Pipeline is my CI/CD Pipeline Synopsis: This talk is geared against anyone that is interested in a few creative ways the CI/CD pipeline of an application could be used to compromise said application or the infrastructure around it. This talk will cover the basics of what constitutes a CI/CD pipeline, the attack surface to consider when deploying and maintaining a CI/CD pipeline, Ways an attacker could actionably leverage that pipeline to their advantage and considerations to take when securing the pipeline. Bio: Geoff Heymann is a Senior Security Consultant at Security Compass, based in Toronto, Canada. His areas of expertise include application security, penetration testing in various domains, and cloud security DC416 Tribe Showcase We will open up the floor to any of the dc416 tribes who want to share any cool hacker projects they have been working on. Want to learn more about DEFCON Toronto? Visit our Website (http://dc416.com) Join our Facebook group (https://www.facebook.com/groups/DC647/) Join the conversation on Twitter! Share and follow along with @defcon_toronto (https://twitter.com/defcon_toronto) Interested in sponsoring a DEFCON Toronto event? E-mail us at [masked] To join our slack you can also request an invite by e-mailing [masked]

    5
  • Exploring Hacked Data Services & Defending against the Magecart Gang

    Hey hackers! Who is excited for the next DEFCON Toronto Meetup? The group for hackers, cyber security professionals, and enthusiasts. We are excited to have you all join us for our November meetup at the BlueCat Offices where we will have 2 great talks for you! Talk #1 Speakers: Trevor Giffen & Pamela Hammer Breach Analytica: Exploring the history & design of hacked data services So. Many. Breaches. Hacked data leaks are on the rise, and hacked data services have been created to respond to a growing problem. Many of us know of and use “Have I Been Pwned?”, one of the first services to appear in 2013, but many others have been created since then. This leads up to a project release of our own: we are excited to present “Breach Analytica”, our own hacked data service that is in-the-making. We will walk the audience through the process of creating a hacked data service step-by-step, sharing what we have learned along the way. We will highlight the increasingly negative impact of hacked data services, the challenges of creating a hacked data service, and why hacked data services should be used to complement security awareness training programs. Attendees will gain valuable insights from our guided exploration of “hacked data services”, and will be the second to whom we present the release of “Breach Analytica”, our hacked data search service based on what we have learned, to improve cybersecurity awareness efforts Trev is an undergraduate student at the University of Ontario Institute of Technology, studying Networking & IT Security. He currently works as a Jr. Cybersecurity Consultant and an Independent Editorial Contractor. Previously, he completed two IT co-ops, and a cybersecurity internship in Québec. Since 2013, he has engaged with various InfoSec communities as a personal hobby. Pam is an undergraduate student at the University of Ontario Institute of Technology, where she studies Networking and IT Security. Holding a passion in security and development, Pam spends much of her time working on personal projects and engaging with the InfoSec community. In addition to her studies and personal hobbies, Pam also works as a Jr. Cybersecurity Consultant. Speaker: Talesh Seeparsan The story of Magecart: How we bred a powerful gang Open source is great for many things, especially in security, however in some ways it bares itself as the ultimate battleground between attackers and defenders. A prime example of this is the stealing of credit card data online. One gang that has become particularly prolific at this is the Magecart gang, and I’ve been defending against them for 4 years, even before they became famous and even had a name. We will explore every tried and true defence we’ve thrown up and what they and their nefarious peers have done to try to circumvent the system. Be prepared to try to decipher some JavaScript on screen. All throughout his 20 years working with web application development Talesh has also held a keen interest in the security issues. Given the recent renewed interest in web application security Talesh has started evangelizing defensive development practices and helping teams build defensive Magento sites. Some of that manifests in the security podcast at magedef.com Want to learn more about DEFCON Toronto? Visit our Website (http://dc416.com) Join our Facebook group (https://www.facebook.com/groups/DC647/) Join the conversation on Twitter! Share and follow along with @defcon_toronto (https://twitter.com/defcon_toronto) Interested in sponsoring a DEFCON Toronto event? or Join our slack by emailing: [masked]

    9
  • Tor: In the age of big surveillance & Using Machine Learning to Detect Attacks

    Details Tor: In the age of big surveillance & Using Machine Learning to Detect Attacks Hey hackers! Who is excited for the next DEFCON Toronto Meetup? The group for hackers, cyber security professionals, and enthusiasts. We are excited to have you all join us for our May meetup. We have 2 great talks for you as well as a networking event after the talks! Schedule: 6:00pm - 9:00pm (Technical Talks) Talks & Presenters: Talk #1: Tor: Internet privacy in the age of big surveillance Tor is a free-software anonymizing network that helps people around the world use the Internet in safety. Tor's 8000 volunteer relays carry traffic for millions of daily users, including ordinary citizens who want protection from identity theft and prying corporations, corporations who want to look at a competitor's website in private, people around the world whose Internet connections are censored, and even governments and law enforcement. In this talk I'll take you on a tour of the Tor landscape, starting with a crash course on Tor, how it works, and what security it provides. I'll explain why Tor's open design and radical approach to transparency are critical to its success, and then compare the censorship circumvention arms race to the nation-state surveillance arms race. We'll end with a discussion of onion services, which are essentially an even stronger version of https, but which you might instead know from confusing phrases like "the dark web". Roger Dingledine is president and co-founder of the Tor Project, a nonprofit that develops free and open source software to protect people from tracking, censorship, and surveillance online. Wearing one hat, Roger works with journalists and activists on many continents to help them understand and defend against the threats they face. Wearing another, he is a lead researcher in the online anonymity field, coordinating and mentoring academic researchers working on Tor-related topics. Since 2002 he has helped organize the yearly international Privacy Enhancing Technologies Symposium (PETS). Among his achievements, Roger was chosen by the MIT Technology Review as one of its top 35 innovators under 35, he co-authored the Tor design paper that won the Usenix Security "Test of Time" award, and he has been recognized by Foreign Policy magazine as one of its top 100 global thinkers. Talk #2: Building Machine Learning at Scale to Detect Post-exploitation Attacks In this talk ROY Firestein will talk about how his team deployed a machine-learning pipeline, with feedback loops, on AWS to detect post-exploitation attacks using logs from Active Directory and endpoint agents. He will share the architectural decisions and walk us through the implementation, deployment automation and tools used in the project. By the end attendees will learn how to approach similar projects in their own companies, when to use hosted machine-learning tools or run your own, and common pitfalls to avoid. Roy Firestein, CPO at Cycura, is a seasoned hacker and expert in cyber security, business development and project management. He has a background in security, research management, marketing, sales and is a frequent speaker in security conferences. Roy's passion lies in Big Data and Machine Learning, especially when applied to cyber security. Want to learn more about DEFCON Toronto? Visit our Website (http://dc416.com) Join our Facebook group (https://www.facebook.com/groups/DC647/) Join the conversation on Twitter! Share and follow along with @defcon_toronto (https://twitter.com/defcon_toronto) Interested in sponsoring a DEFCON Toronto event? or Join our slack by emailing: [masked]

    5
  • DEFCON TORONTO MISSING OSINT CTF 2018 *FULL-DAY EVENT*

    University of Toronto

    Event Site: https://osint.dc416.com On July 28th, DEFCON Toronto is partnering with Trace Labs to host an in-person, full-day OSINT CTF (Open Source Intelligence Capture the Flag) event in order to find key information on real missing persons cases from Ontario. The goal of this event is to bring together local Toronto hackers and information security enthusiasts in order to accelerate the family reunification of missing persons while providing training in the craft of open source intelligence (OSINT). Trace Labs is partnering with DEFCON Toronto to improve crowd sourcing of individuals interested in OSINT and together develop a scalable platform which helps authorities with evidence collection. We want to challenge and discover gifted hackers and cyber defenders with the goal of educating the global community about the search and rescue efforts in finding missing persons. The DEFCON Toronto community is run by volunteers. Capture The Flag events are a small part of what we do, but require a lot of effort, energy and resources to be able to stand up a CTF event. We do understand life gets in the way, and respect that, but we ask you to kindly give us a heads up if you or your team can't show up to the event. __Registration is a 2 step process:__ 1.) Use meet up to let us know you're coming 2.) Register your team here: http://osint.dc416.com All skill levels are welcome as training will be provided. EVENT SCHEDULE Registration Opens 6pm - July 14th Official OSINT CTF team registration opens and the event details are made public. Registration Closes 6pm - July 27th Deadline for teams to be formed and registered. Breakfast 8am - July 28th Breakfast containing coffee, tea, water, donuts, muffins, and bagels will be available for participants and volunteers. CTF Tutorial 9am - July 28th A teacher (yet to be announced) will be teaching a 1 hour session on “OSINT CTF Basics – A tutorial on learning OSINT tools” this class will be directed toward students and beginner players in OSINT CTF challenges. CTF Main Event Kick-Off 10am - July 28th DEFCON Toronto OSINT CTF will officially kick-off Lunch 1pm - July 28th Pizza Lunch Break A word from the community: Time TBD - A speaker with first hand experience on the impact that missing persons can have on a family and community. They will also reinforce why the work we are doing today can be helpful for family reunification. More Training: Time TBD - 2 more training sessions will be run after lunch to add to your arsenal of tools and OSINT knowledge. CTF Ends 7:30pm - July 28th DEFCON Toronto OSINT CTF event will official end and organizers will hand out the first place prize.

    17
  • Hunting APTs, Surviving in house Bug Bounty Programs & Hacking Android Phones

    Hunting Multi-Platform APTs on a Global Scale, Surviving an in house Bug Bounty Program - Handling the unknown & Hacking Android Phones for Fun & Profit! Hey hackers! Who is excited for the next DEFCON Toronto Meetup? The group for hackers, cyber security professionals, and enthusiasts. We are excited to have you all join us for our May meetup. We have 3 great talks for you as well as a networking event after the talks! Schedule: 6:00pm - 8:00pm (Technical Talks) Talks & Presenters: Hunting Multi-Platform APTs on a Global Scale Apurva Kumar and Jermey Richards will be lifting the veil behind the Dark Caracal Cyber-Espionage group. Lookout & The EFF teamed up to uncovered a new, global malware espionage campaign. One aspect of that campaign was the use of malicious, fake apps to impersonate legitimate popular apps like Signal and WhatsApp. Interested in learning more? Surviving an in house Bug Bounty Program - Handling the unknown We often hear about vulnerabilities found through Bug Bounty programs, but we never get to hear the side who’s handling them. How do you keep up with hundreds of hackers probing your infrastructure? In this talk, Dolev Farhi will provide you with his experience running an in-house Bug Bounty Program, the benefits, the challenges, tips, and how an external security report can easily turn into a potential threat. Hacking Android Phones - For Fun & Profit Jp Mitri & Amadeus Konopko are going to demonstrate a few different attacks against Android phones using a custom built platform. Instead of demonstrating the how-to compromise we will jump right into the post compromise phase and display what kind of mayhem you can inflict on someone after you get access to their device. Want to learn more about DEFCON Toronto? Visit our Website (http://dc416.com) Join our Facebook group (https://www.facebook.com/groups/DC647/) Join the conversation on Twitter! Share and follow along with @defcon_toronto (https://twitter.com/defcon_toronto) Interested in sponsoring a DEFCON Toronto event? or Join our slack by emailing: [masked]

    8