DEFCON Toronto (DC416) - July Meetup

DC416 July Logo

Introduction

DEFCON Toronto hosted another meetup for hackers, cyber security professionals, and enthusiasts. This July meetup was hosted at a new venue in downtown Toronto at the Design Exchange’s Exhibition Hall.

The meetup is sponsored by Trend Micro in partnership with Design Exchange - Toronto’s Design, tech, and innovation hub.

The two talks at today’s meetup:

  1. Digital Dumpster Diving for Threat Intel
    • By: Chandra Majumdar - Co-founder and CTO of ElevatedPrompt Solutions
  2. A Day in the Life of a Vulnerability Researcher at the Zero Day Initiative
    • By: Vincent Lee - Vulnerability Researcher at Trend Micro’s Zero Day Initiative

Note: This write-up of the event will be less about the event itself and more about learning the topics dicussed. I found that this meetup was too technical for me, and thought it would be best to write about the topics in more of a ELI5 context.

Talk #1 - Digital Dumpster Diving for Threat Intel

What is Dumpster Diving?

Dumpster Diving in person pic

Dumpster diving is a term used to describe looking in someone else’s trash. In the tech world, dumpster diving is a technique used to retrieve information that could be used to carry out an attack.

Websites like Pastebin, Github Gist, Dumpz.org, etc. are popular amongst hackers because of the possibility of leaked sensitive data.

An article posted on Medium that is written by Mark Burnett goes in depth about the abundance of leaked information (passwords) found on Pastebin:

A Glimpse into the world of internet password dumps

Talk #2 - A Day in the Life of a Vulnerability Researcher at the Zero Day Initiative

What does a Vulnerability Researcher do?

Dumpster Diving in person pic

A Vulnerability Researcher analyze malware. At the Zero Day Initiative, they assess vulnerabilities sent by bug bountiers. As a vulnerability research, it is their responsibility to replicate the vulnerability and find a way to remediate the vulnerability.