NAME: Nadeem Douba

Nadeem Douba (GPEN, GWAPT) is a Managing Partner & Hacker at Red Canari; an Ottawa-based information security startup that offers highly specialized technical security services to clients in the public and private sector. With over 15 years experience, Nadeem specializes in performing and leading technical security engagements (penetration tests and red teaming) for Fortune 100s, critical infrastructure, health care, and law enforcement clients. He has also presented at some of the world’s largest security conferences and is the author of many well-known open source security tools, including PyMiProxy (used by the Internet Archive), Sploitego/Canari Framework (previously presented at DEF CON 20), and BurpKit (presented at DEF CON 23). His primary research interests include open source intelligence, application and operating system security, financial technology, and big data.

Presentation Description: (with Trevor Stevado)

Goto Fail – Hacking the Enterprise: Today’s cyber-landscape is looking grimmer and grimmer. Organizations continue to get compromised – from financial institutions to social media to retail – but why? Is it because organizations don’t have the necessary tools to defend themselves or is it because we are not implementing the correct defences? In this talk we’ll demonstrate how easy it is to breach an enterprise perimeter with nothing more than some good old open source intelligence and automation. We’ll demonstrate how compromising the weakest link (human behaviour) can end up handing your organization’s crown jewels to the enemy. This talk will be highly demo-centric and are based on real life scenarios. Audience participation is highly encouraged!