SecTor 2025 | Hacking Policy for the Public Good

What happens when a security professional tries to help a government fix its insecure software? In this talk, I'll share my story: from writing a secure coding policy and offering it to the Canadian government, lobbying elected officials, contacting agencies like CRA about their poor security practices—and being met with silence, deflection, or outright dismissal. I didn't stop there. I wrote public letters, went on podcasts, published on Risky Biz, and even got interviewed by CBC. But the institutions in charge of protecting our data? Either silence or "No comment, because security." This isn't just a rant—it's a roadmap. I'll show you the secure coding guideline I created (free to reuse), explain why governments need public-facing AppSec policies, and outline how we can push for secure-by-default practices as citizens, hackers, and builders. Because secure code isn't just for dev teams—it's for democracy, privacy, and public safety. Let's make it law. Let's make it public. By: Tanya Janca | CEO and Secure Coding Trainer, She Hacks Purple Consulting Presentation Materials Available at: https://ift.tt/oTsheWV

source https://www.youtube.com/watch?v=JDo_RfDKQCw

SecTor 2025 | Behind Closed Doors - Bypassing RFID Readers & Physical Access Controls

Join me to watch attacks on physical access control systems, showcased during multiple live demos alongside interesting stories from real-life physical Red Team assessments. As a Red Teamer, I did a lot of engagements requiring me to break into buildings protected by RFID-based Access Control Systems. Normally, I would start with access card cloning... but what if it's not an option? What are the other ways in which one could bypass these systems to bypass the security mechanisms of physical ACS? We will see: - How to intercept the communication between the reader and the controller that are using the Wiegand protocol, along with a demo of this attack; - How the reader can be weaponized to perform a downgrade attack, allowing for making a malicious clone of a card that otherwise would be hard to forge; - How the OSDP protocol works and what the security implications of using it are - What are the other ways to bypass the access control security mechanisms? I will also share some experience and stories from Red Team engagements to demonstrate how to try and use this knowledge in real life – possibly without getting caught. By: Julia Zduńczyk | IT Security Specialist, SecuRing Presentation Materials Available at: https://ift.tt/1ySxY4D

source https://www.youtube.com/watch?v=DcmOObS1Wgc

Black Hat Stories | Meet David Oswald, Cyber Security Professor at Durham University

Unlike traditional academic conferences, Black Hat offers practical, hands-on insights that bring fresh perspective to research and teaching. Hear David's perspective on how Black Hat connects theory with real-world application and why it's a must-attend for anyone in security and academia. 🎥 Watch the full story: https://youtu.be/U6ZV6m4hOaQ?si=-OwHc4GmESCcBjO1 🎟️Join us at Black Hat USA: https://ift.tt/on1QAcY... 🔗 Visit our site: https://blackhat.com/ 📧 Subscribe to our free newsletter: https://ift.tt/VqPeN51 #BlackHatStories #BlackHat #cybersecurity

source https://www.youtube.com/shorts/aE8dDZ2OveE

SecTor 2025 | What If We Caught SUNBURST in CI/CD?

SUNBURST attack was a wake-up call to blue teams everywhere. It showed that nation-state attackers can exploit DevOps pipelines as stealthy backdoors. This talk explores what would have happened if we had embedded threat hunting in the build process itself. Let's reimagine how a tightly integrated DevSecOps pipeline - powered by eBPF, behaviour modeling, and AI-assisted detection - might have surfaced anomalies before malware ever shipped. By: Aleksandr Krasnov | Security Engineer, Meta Presentation Materials Available at: https://ift.tt/GKkAuj1

source https://www.youtube.com/watch?v=mvC0xy-9JeA

SecTor 2025 | Deconstructing a Meta-Adversary Forged from Offensive AI

Artificial intelligence has become an active combatant in the theatre of cyberwarfare. Yet the ways in which near-future offensive actors will leverage AI are unlikely to mirror familiar playbooks or even the scope of today's proof-of-concepts. These agentic aggregations will think and move asymmetrically, guided by machine logic, probability and speed rather than human intuition. Over the past several years, the speaker has been a leading voice in offensive AI research, focused on probing the edges of emerging machine-enabled threats. His work began with AI-driven polymorphic malware frameworks that demonstrated how LLMs could dynamically create payloads to evade detection. Building on that, he developed agent-based espionage and surveillance systems inspired by leaked nation-state tradecraft, capable of operationalizing vast amounts of stolen data and harvesting intelligence by profiling social media at scale. Adjacent experiments with AI red teaming led to agents designed to undermine large language model safety alignment, manipulating outputs to produce unsafe CBRN content. Most recently, his research turned toward decentralized planning swarms: collections of intelligent agents capable of simulating full-spectrum cyber operations through autonomous wargaming and iterative threat modeling. In this talk, we will reframe the exploration of these systems not as standalone experiments but as modules of a hypothetical meta-adversary. Through a step-by-step deconstruction of real agentic projects, we will explore how AI-driven malware, large-scale OSINT harvesters, surveillance systems, model-jailbreakers and collective planning swarms could interconnect to form an Apex Adversary: a capable system-of-systems proficient in real-time sensing, deception, planning and execution across the cyber battlefield. This is not a call to panic or a last-stand prediction. Rather, it is an exercise in grounded foresight: by examining demonstrated offensive and defensive AI capabilities through the lens of system convergence, we gain actionable insights into where the next breakthroughs and blind spots may lie. This teardown shows how intelligent agents are reshaping the cyber battlefield today, and hints at how they may converge in the future tomorrow. By: Jeff Sims | Data Scientist and Cybersecurity Researcher Presentation Materials Available at: https://ift.tt/KJeBdYy

source https://www.youtube.com/watch?v=xC7CDrgI2VU

SecTor 2025 | Is Your Data Canadian Yet?

As governments, regulators, and customers sharpen their focus on data sovereignty, the gap between marketing promises and technical realities continues to grow. In this engaging discussion, we'll explore the evolving landscape of digital sovereignty – from China's isolationist model to the EU's regulatory rigor, and Canada's ongoing search for its place on the map. We'll unpack what sovereignty actually means (and doesn't), examine the risks of "sovereign-washing," and share practical guidance on how to communicate clearly as a vendor and remain diligent as a customer. Whether you're building, buying, or just trying to keep up, this talk offers grounded insight into the realities of sovereignty – and how to strike the right balance between business goals, regulatory pressure, and risk management. By: Kevin Fox | Customer Cybersecurity Advocate, Aiven Jamie Arlen | CISO, Aiven.io Presentation Materials Available at: https://ift.tt/kNzXyFO

source https://www.youtube.com/watch?v=R0PM_gjSg7k

SecTor 2025 | Interactive Network Visualization of Data Poisoning Attacks

What if we could not only visualize poisoned training data, but also interact with it? As data poisoning becomes a growing threat to the integrity of machine learning systems, understanding its effects requires more than static visualizations. This talk introduces GraphLeak, an open-source, interactive web tool designed to visualize how poisoned training data alters network structure. We will explore how adversarial data manipulation impacts graph-based representations. Building on network science concepts, this session will go deeper: not just showing how poisoning affects structure, but allowing users to directly interact with poisoned vs. clean datasets in real time. We'll walk through how the app ingests CSV or JSON data, builds networks, and renders them via layouts. The presentation of this tool emphasizes accessibility through making data poisoning tangible and transparent, allowing security practitioners and non-experts to understand how data poisoning attacks distort model behavior. By making threats visible, we make the defenses of these threats more approachable, democratizing insight into machine learning vulnerabilities and supporting the development of more robust, transparent systems. By: Maria Khodak | Security Engineer Presentation Materials Available at: https://ift.tt/Si7joR5

source https://www.youtube.com/watch?v=VSOmZKHbbew

Black Hat Stories | Or Yair, Security Research Team Lead at SafeBreach

In this episode of Black Hat Stories, we sit down with Or Yair, the Security Research Team Lead at SafeBreach. With multiple years of experience attending Black Hat — including presenting at Black Hat Europe 2025 — Or shares his unique perspective on vulnerability research, curiosity, and the real purpose of the Black Hat community. 🎥 Watch the full story: https://youtu.be/rNtuyrXPIc0?si=zgkZJsWfJQWImoM3 🔗 Visit our site: https://blackhat.com/ 📧 Subscribe to our free newsletter: https://ift.tt/JrKGTo9 #BlackHatStories #BlackHat #cybersecurity

source https://www.youtube.com/shorts/_4VR_GnbLbo

SecTor 2025 | EDR Bypass Testing: A Systematic Approach to Validating Endpoint Defenses

Endpoint Detection and Response (EDR) solutions have become a cornerstone of modern cybersecurity strategies. However, their very success has made them prime targets for attackers who now routinely incorporate EDR evasion and bypass techniques into their toolsets, as evidenced by recent cybercrime leaks. This escalating threat necessitates a shift from reactive defense to proactive, systematic validation of EDR capabilities. This presentation will detail the comprehensive EDR bypass tracking and testing program developed and implemented at eSentire. We will explore the common EDR attack surfaces (user-mode components, kernel callbacks, tamper protections like PPL) and general bypass methodologies. The core of the talk will introduce our systematic approach, including the EDR Bypass Matrix—an internal framework for tracking techniques and test results across a group of supported EDR products. We will showcase our custom testing methodology, automation infrastructure (including a Sandbox Manager application), and provide concrete examples of bypasses, along with their variants and mitigation strategies. The session aims to equip attendees with insights into building robust EDR testing programs and fostering a more resilient security posture. By: Jacob Gajek | Principal Security Researcher, eSentire Ryan Hasmatali | Software Developer, eSentire Presentation Materials Available at: https://ift.tt/p4it8lg

source https://www.youtube.com/watch?v=59GFy4-gIcQ

SecTor 2025 | Tracing Adversary Steps through Cyber-Physical Attack Lifecycle

Cyber operations are increasingly being militarized, with cyber commands being moved under national Ministries/Departments of Defense or simply military forces. In this new setting, cyber-physical security is destined to become a potent weapon. But is the mostly civilian defense ready to deal with such a capable adversary? Ten years ago, at BH USA 2015, I presented a cyber-physical attack lifecycle, the first and to date the only attack lifecycle which specifically describes the steps the attacker needs to take to architect and practically implement an attack that leads to a desired physical impact. After the initial release and highly positive feedback, I further refined the attack lifecycle and extensively verified it on several complex cyber-physical systems such as traffic lights and moving bridge systems. The truth is that, to date, mostly state-associated types of users benefited from the framework, while the civilian sector is still struggling to find pragmatic approaches to cyber-physical risk assessments and adversary emulation exercises. Vendors similarly lack a structured approach to assess their solutions for both exploitability and post-exploitability. This talk will present the finalized version of the cyber-physical attack lifecycle, with two attack stages, and illustrate its utility with the example of designing a targeted attack on a Real-Time Locating System (RTLS), a class of localization solutions used for, e.g., medical patients' location tracking, safety geofencing, contact tracing, and more. Starting from a vulnerability in a communication protocol and ending with fooling the solution operators, the talk will demonstrate numerous nontrivial hurdles the attacker needs to overcome to reach the desired outcome. Spoiler: math and geometry are involved. The talk will conclude with a close examination of how rapid advancements in AI technologies are expected to streamline the process of designing high-precision cyber-physical attacks by automating previously manual or highly laborious tasks and partially replacing the need for SME inputs. Last but not least, the talk touches upon the relevant threat landscape in Canada to date. By: Marina Krotofil | Cyber Security Engineer, Critical Infrastructures, mk|security Presentation Materials Available at: https://ift.tt/hT1FI0k

source https://www.youtube.com/watch?v=12-iW20pBuI

SecTor 2025 | Unmasking a North Korean IT Farm

This session exposes a real-world covert remote-control system developed by a North Korean IT worker operating undetected within a legitimate organization. The forensic investigation revealed a sophisticated ecosystem that leveraged Address Resolution Protocol (ARP)-based payload delivery, WebSockets for stealthy command and control, and Zoom for covert persistence and remote access. Through technical analysis and a live attack demo, we'll unpack how the attacker: -Built an advanced C2 infrastructure using WebSockets to control infected machines. -Used ARP packets as a payload transport mechanism, embedding commands inside network traffic to execute commands without traditional TCP/IP communication. -Weaponized Zoom as a Remote Access Trojan (RAT), launching meetings without user interaction and auto-approving remote-control access via HID injection techniques. -Covertly executed commands through a Python script, allowing keystroke and mouse movement emulation, bypassing endpoint logging. -Enabled remote execution through a command client, which persistently reconnected to the C2 when the user was active. By reverse-engineering the threat actor's toolkit, the investigation uncovered previously undocumented techniques for network protocol abuse and application-layer persistence. In this session, we'll not only highlight how these tactics were deployed but also how defenders can detect and disrupt them before they escalate into full-scale espionage. Attendees will leave with a deeper understanding of offensive tradecraft and practical strategies for detection, threat hunting, and forensic response. By: Avi Sambira | Director, Client Leadership, Sygnia Full Presentation Materials Available at: https://ift.tt/oNFdtXM

source https://www.youtube.com/watch?v=wUQJ5pjZDgo