SecTor 2017 — Day 2 at MTCCC
November 14th, 2017
This is the log of our second day at SecTor 2017 at MTCCC in Toronto. After a great day and evening yesterday, I am now eager to see more of the talks and presentations. It was quite difficult to choose the talks, however please find below my personal comments for the presentations I have chosen to see.
Canada’s Cyber Security Strategy
Mrs. Colleen Merchant, Director General for National Cyber Security from the Government of Canada, has given the first keynote today. She is talking about Canada’s cyber security defense strategy and challenges they face today with cyber risks and external intruders. Colleen introduced the three pillars of the Canada’s Cyber Security Strategy:
- Securing Government systems
- Partnering to secure vital cyber systems outside the federal Government
- Helping Canadians to be secure online
Protecting Critical Infrastructures
Second, Colleen made her talk around the importance of protecting the 10 different areas of Canadian critical infrastructures and why it is crucial for any nation state to address the cyber risk accordingly. At the end of the conference, she has given the crowd the following three messages to take with:
- be open minded
- be creative and work together
- promote cyber security
Security Training in a (Virtual) Box
I was eager to see the talk by Marcelle Lee and Joe Gray about the hands-on training in their VirtualBox environment. It was very nice to see how they developed a story around a hacking case and how the scanning, fingerprinting, exploiting and lateral movement has been incorporated. I would consider their approach more on a beginner level, but this did perfectly fit for the audience they had today.
Fighting Cyber (In)Security by David Shrier
Over lunch, the US security guy David Shrier gave a very emotional presentation about how to solve the security problems in the world. The presentation style and his communication skills were extraordinary. He opened a debate if the government should have access to private keys of devices and tools for law enforcement and the fight against terrorism. Even the talk was very compelling, I was not able to fully catch the solution and how his approach that will help us solving the cyber security problems we face today or in the future.
When 2FA is a Foe by Vladimir Katalov
The presentation by Vladimir Katalov and his research in the field of two factor authentication bypass was a challenge. Not because of the complexity of the topic he has chosen to speak about. To be honest, because of the monotony of his voice and how he speaks to the crowd. The information he gave was really interesting and a brain opener for security researchers. I appreciate the information he shared with us today.
Disrupting the Mirai Botnet by Chuck McAuley
From a digital forensics and incident response point of view, I have chosen the talk as inspiration for our own work with Compass Security. The title promises some insights about the Mirai Botnet. Due ot McAuley, the Mirai Botnet was leveraging a DDoS attack with more than 600GB traffic per second and firstly noticed by KrebsOnSecurity. Chuck wanted to have his own version of the Botnet and that’s why he is sharing his github based botnet repo for other researchers. Running the command “vagrant up”, allows everyone having git and vagrant installed on his computer to run a private instance of the educational Mirai Botnet. But it should be used in an isolated network, said Chuck.
The botnet has some smart signal based mechanism for hiding from reverse engineers and researchers. Chuck is explaining how the signal based communication is doing the trick.
If the Mirai Botnet needs to know if it runs on x86, ARM or whatever architecture, the bot is analyzing the first 5 bytes of an ELF file on the target system by cat and echo a local file.
Chuck McAuley References
Party at Steam Whistle Brewing
Bruno and myself were eager to join the crowd at the Steam Whistle Brewing for the evening party and tasting real Canadian beer. The venue was very cool and close by the MTCCC. But the music turned out to be far too loud for us and that’s why we decided to leave and go out for dinner in the city.
Outlook
Wednesday will be our last day in Toronto Ontario. We will visit SecTor during the day and will later in the afternoon heading to the airport to catch our flight to Vancouver BC. Today, the conference is going to start with a keynote by Bruce Schneier. I keep you posted, if you wish.
