InfoSec Hamilton

Session description:
The DPRK-attributed Contagious Interview campaign continues to target software developers through fake recruitment schemes disguised as technical assessments and code reviews of projects hosted on platforms like GitHub. A relatively new technique in the campaign's arsenal leverages Microsoft Visual Studio Code task files (located at `.vscode/tasks.json`) to achieve malicious code execution upon project open. This report documents our observations tracking this vector, presents GitHub-based discovery methods, highlights unique findings including a newly published malicious Node Package Manager (NPM) package, and outlines detection opportunities for defenders.
More details available here: https://www.abstract.security/blog/contagious-interview-tracking-the-vs-code-tasks-infection-vector

Your speaker:
A proven technical leader in the security industry, Justin Borland (LinkedIn) started his career with a Canadian Secret clearance while still in College. After graduating, he spent the next decade building custom packet capture systems, intrusion detection systems, logging systems, and DFIR tooling for large organizations. Justin established and ran the Countermeasures team at Equifax. The team was responsible for building and maintaining the fleet of Moloch PCAP/IDS, IPS, and hundreds of other systems using petabytes of data. His team was also responsible for discovering the 2017 data breach. Justin was called into the Senate, while on paternity leave, in 2018.

At Barclays, Justin was part of the Global Hunt team and helped develop and mature many Threat Hunting capabilities and processes, especially related to malware analysis and DFIR. Justin lead both the Threat Detection & Response and IT Ops functions at Unqork, a no-code/codeless-as-a-service company.

Currently, Justin is the Director of Threat Engineering at Abstract, and works with the Abstract Security Threat Research Organization (ASTRO) team to develop and implement threat detection content.

Despite always being a "Blue Teamer", Justin has documented CVEs in MISP and Qualys Cloud Agent, and actively contributes to open source technology, in addition to having open sourced a malware analysis platform (Phoenix).

Your co-hosts:
Todd Dow (LinkedIn) is a Technical Security Solutions Architect at Cisco. He is also a writer, speaker and founder of InfoSec Hamilton. Todd has over 20 years of experience in the cybersecurity field performing penetration tests, providing security architecture and compliance consulting and creating, developing and leading high performing security teams – this included working as the CISO at two organizations: First Ontario Credit Union and ArcelorMittal Dofasco. Todd maintains CISSP, CISA and PMP credentials and he has also earned an Hon BA in Philosophy and Religious Studies from the University of Toronto.

Don Mallory (LinkedIn) has over 30 years of experience in enterprise IT, primarily in critical infrastructure, specializing in operations, data storage, disaster recovery, and security for critical infrastructure. Professionally, Don is a Senior Security Analyst in the healthcare sector. He is a co-author of “Applied Data Security Strategy - A Leader’s Guide”, and has been involved in various volunteer activities including C3X, Hak4Kidz Toronto, the Hamilton Infosec Meetup, and the Latow Photographer's Guild at the Art Gallery of Burlington, where he teaches traditional wet darkroom photography.

Your co-hosts:
Todd Dow (linkedin) is a Technical Security Solutions Architect at Cisco. He is also a writer, speaker and founder of InfoSec Hamilton. Todd has over 20 years of experience in the cybersecurity field performing penetration tests, providing security architecture and compliance consulting and creating, developing and leading high performing security teams – this included working as the CISO at two organizations: First Ontario Credit Union and ArcelorMittal Dofasco. Todd maintains CISSP, CISA and PMP credentials and he has also earned an Hon BA in Philosophy and Religious Studies from the University of Toronto.

Don Mallory (LinkedIn) has over 30 years of experience in enterprise IT, primarily in critical infrastructure, specializing in operations, data storage, disaster recovery, and security for critical infrastructure. Professionally, Don is a Senior Security Analyst in the healthcare sector. He is a co-author of “Applied Data Security Strategy - A Leader’s Guide”, and has been involved in various volunteer activities including C3X, Hak4Kidz Toronto, the Hamilton Infosec Meetup, and the Latow Photographer's Guild at the Art Gallery of Burlington, where he teaches traditional wet darkroom photography.

Your co-hosts:
Todd Dow (linkedin) is a Technical Security Solutions Architect at Cisco. He is also a writer, speaker and founder of InfoSec Hamilton. Todd has over 20 years of experience in the cybersecurity field performing penetration tests, providing security architecture and compliance consulting and creating, developing and leading high performing security teams – this included working as the CISO at two organizations: First Ontario Credit Union and ArcelorMittal Dofasco. Todd maintains CISSP, CISA and PMP credentials and he has also earned an Hon BA in Philosophy and Religious Studies from the University of Toronto.

Don Mallory (LinkedIn) has over 30 years of experience in enterprise IT, primarily in critical infrastructure, specializing in operations, data storage, disaster recovery, and security for critical infrastructure. Professionally, Don is a Senior Security Analyst in the healthcare sector. He is a co-author of “Applied Data Security Strategy - A Leader’s Guide”, and has been involved in various volunteer activities including C3X, Hak4Kidz Toronto, the Hamilton Infosec Meetup, and the Latow Photographer's Guild at the Art Gallery of Burlington, where he teaches traditional wet darkroom photography.