ATLSECCON 2025

Encrypt your data in the cloud, or someone else will do it for you. Here’s just one of the learnings we will share with you at ATLSECCON 2025. We’ve spent a ridiculous amount of time in the data protection and backup industry. In this session, we’ll share with you what we’ve learned so you won’t have any backdoors, surprises, mistakes or other unfortunate circumstances to put your data at risk. We will share common breakdowns in data protection strategies when it comes to ransomware recovery (and how to avoid them) as well as some practical advice for using backup data for analytics and cyber forensic purposes.

Modern information stealers have evolved far beyond simple credential harvesters into sophisticated tools that capture complete digital fingerprints of their victims. In this technical deep-dive, we unveil groundbreaking research into stealer architecture, attack chains, and defensive countermeasures. Through analysis of real-world compromise scenarios, including desktop screenshots captured at infection moments, we reveal how threat actors leverage compromised ad networks and trojanized software for mass deployment. 
Building on hands-on experience with stealer log analysis, we detail how modern threats bypass multi-factor authentication, compromise (or not) password managers, and extract cryptocurrency wallets. We examine Chrome's application-bound encryption and why, although already circumvented, it creates new detection opportunities. The session concludes with practical defensive strategies and the release of two community resources: a PowerShell script for automated credential testing against Entra ID and a curated dataset of stealer logs for security research.
This presentation equips security practitioners with concrete insights and tools to defend against one of today's most consequential yet underexamined threats.

Canada struggles to find and keep cyber-talent. If cybersecurity is addressed in schools at all it tends to be as a passive media marketing campaign, but cyber-skills are teachable and approaching them that way also develops mentorships. In 2025 the Global Forum for Cybersecurity Excellence published a cyberstory about CyberTitan, Canada's national student cyber competition and the importance of intergenerational relationship building in an industry so new that it has no mechanisms for this essential process.

Cybersecurity has an image problem which causes many young people to opt out of opportunities in the field. In addition, cyber struggles to retain talent even when it can find it because the discipline is relatively new and has yet to mature into a sustainable field of study where human connections are supported professionally. Until cyber nurtures these professional relationships (which are evident in established fields through apprenticeships and other mentoring mechanisms), it will struggle to sustain itself as the essential component of digital infrastructure that it is.

One of the most challenging aspects of anyone’s cyber journey is finding mentors to support their growth. The challenges implicit in this early stage of digital security are not only faced by younger people. Many senior cyber specialists leave due to overwork and frustration around a lack of resources, many of which are (ironically) related to an inability to hire new talent.

How do we nurture these intergenerational human aspects of cybersecurity to encourage a more sustainable approach to the discipline?

In developing CyberTitan, the Information & Communication Technology Council of Canada (ICTC-CTIC) has partnered with the Communications Security Establishment (CSE-CST – Canada’s cryptography agency) to develop a nationwide initiative to develop the real world cyberskills in Canadian students while also illuminating pathways into the field. To create a sustainable cyber future in Canada we must work together to build these intergenerational bridges. We have the tools, we can build the homegrown talent.

There have been a variety of global attacks that disrupted power distribution, fuel distribution, and shipments. The attacks were successful because they exploited vulnerabilities in Operational Technology (OT). Due to the nature of OT, these disruptions not only cause a loss in revenue but can cause a loss of life as well. However, the industry is changing, and as assets become exposed to the Internet, the fundamental technologies of IT can help secure them. The presentation focuses on understanding past OT attacks, the differences and similarities between securing IT and OT technologies, and how we can merge the two to be able to have safer critical infrastructure.