AtlSecCon 2014 – Presentations Jon Blanchard – 20 top Hacked and Defaced Maritime Websites Mark Stanislav – Eyes on IZON: Surveilling IP Camera Security AtlSecCon 2014 – Agenda – Day 1 – Thursday, March 27 Time Track 1 Track 2 Track 3 8:30 AM Registration 8:45 AM Opening Remarks & Opening Keynote - Dr. Michael Geist 10:00 AM Henry Stern - Beyond Zone File Access: Discovering Novel Domain Names Using Passive DNS Colin O'Flynn - Hacking Embedded Systems: Power Analysis & Clock Glitching 10:45 AM Morning Break 11:00 AM 11:45 AM Catered Lunch - Complements of HP and Mobia David Fraser - Privacy and technology lawyer Topic: Compliance - Legal & Regulatory Requirements & Obligations Patrick O’Byrne – Senior Solution Architect, HP Enterprise Security Topic: HP Enterprise Security ArcSight – How ArcSight technology can help with audit & compliance requirements. 1:00 PM Russ Doucette - Advanced Malware: Do We Need Other Layers David Shipley - Securing the Ivory Tower Marc-Andre Belanger - UsingThreat Modeling techniques to develop the ultimate keylogger 2:00 PM Natalie Oldfield - Protecting your organization’s most valuable asset Norbert Griffin - The Blinky-Light Syndrome and why it’s Not Making Us More Secure Peter Morin - How many times did I use the bathroom today? An introduction to Open Source Intelligence 2:45 PM Afternoon Break 3:00 PM Jamie Rees - Information Assurance Mike Doherty - Legal Issues in Computer Security Research Ryan Wilson - Advanced Evasion Techniques (AET’s), bypassing NextGen Firewall, IPS and other network security defenses. How do you keep up? 4:00 PM Kellman Meghu - Weaponized Security 5:00 PM Palo Alto Networks Social Mixer 8:00 PM Speakers Dinner (Ticket Required) AtlSecCon 2014 – Agenda – Day 2 – Friday, March 28 Time Track 1 - Room 200B Track 2 - Room 200D Track 3 - Room 200C 9:00 AM Opening Remarks 9:15 AM Dale "Dr. Z" Zabriskie - The State of Mobile Security Derek Manky - Beyond BYOD – Hacking the Internet of Things 10:00 AM Rick Vanover -Data Protection Security Mishaps that you can Avoid Dale O'Grady - Application Identification 10:45 AM Morning Break 11:00 AM Matias Katz - Hacking the Cloud Ami Luttwak - An Inconvenient Zeus: The rise of SaaS Targeted Malware Jean-Francois Gignac - The Economics of Cybercrime 11:45 AM Catered Lunch - Complements of Varonis Vitaly Levin - Securing Unstructured Data, The Next Evolution of eDiscovery and Data Loss Prevention 1:00 PM Mark Stanislav - Eyes on IZON: Surveilling IP Camera Security Jon Blanchard - 20 top Hacked and Defaced Maritime Websites James Placer - Payment Card Industry 3.0 Updates and Requirements from an Industry Perspective 2:00 PM Sandy Fadale - How to Setup a Framework for the Governance of Enterprise IT Joseph Malinka - One ring to rule them all” – Using CPU Features to Enable Any Device to Protect Itself By Design Guillaume Ross - URL Scheme Security on iOS 2:45 PM Afternoon Break 3:00 PM Closing Keynote - Brian Krebs 4:00 PM Closing Remarks and Prize DrawsAtlSecCon 2014 – Speakers Opening Keynote Speaker Dr. Michael Geist is a law professor at the University of Ottawa where he holds the Canada Research Chair in Internet and E-commerce Law. He has obtained a Bachelor of Laws (LL.B.) degree from Osgoode Hall Law School in Toronto, Master of Laws (LL.M.) degrees from Cambridge University in the UK and Columbia Law School in New York, and a Doctorate in Law (J.S.D.) from Columbia Law School. Dr. Geist is a syndicated columnist on technology law issues with his regular column appearing in the Toronto Star and the Ottawa Citizen. Dr. Geist is the editor of several copyright books including The Copyright Pentalogy: How the Supreme Court of Canada Shook the Foundations of Canadian Copyright Law (2013, University of Ottawa Press), From "Radical Extremism" to "Balanced Copyright": Canadian Copyright and the Digital Agenda (2010, Irwin Law) and In the Public Interest: The Future of Canadian Copyright Law (2005, Irwin Law). He is also the editor ofseveral monthly technology law publications, and the author of a popular blog on Internet and intellectual property law issues. Dr. Geist serves on many boards, including the CANARIE Board of Directors, the Canadian Legal Information Institute Board of Directors, the Privacy Commissioner of Canada’s Expert Advisory Board, the Electronic Frontier Foundation Advisory Board, and on the Information Program Sub-Board of the Open Society Institute. He has received numerous awards for his work including the Kroeger Award for Policy Leadership and the Public Knowledge IP3 Award in 2010, the Les Fowlie Award for Intellectual Freedom from the Ontario Library Association in 2009, the Electronic Frontier Foundation’s Pioneer Award in 2008, Canarie’s IWAY Public Leadership Award for his contribution to the development of the Internet in Canada and he was named one of Canada’s Top 40 Under 40 in 2003. In 2010, Managing Intellectual Property named him one of the 50 most influential people onintellectual property in the world and Canadian Lawyer named him one of the 25 most influential lawyers in Canada in 2011, 2012 and 2013. More information can be obtained at Closing Keynote Speaker Brian Krebs worked as a reporter for The Washington Post from 1995 to 2009, authoring more than 1,300 blog posts for the Security Fix blog, as well as hundreds of stories for washingtonpost.com and The Washington Post newspaper, including eight front-page stories in the dead-tree edition and a Post Magazine cover piece on botnet operators. But you didn’t really want to read my résumé, did you? What most people want to know is how I got into computer security, and whether I have a technical background in the field. The short answer is “by accident,” and “no,” respectively. I earned a Bachelor of Arts in International Studies from George Mason University in 1994, and at the time I wasn’t much interested in computers, although I had programmed a bit on an Apple II and spent quite a bit of timevisiting online bulletin boards as a kid. It wasn’t until 2001 — when my entire home network was overrun by a Chinese hacking group — that I became intensely interested in computer security. I had been monkeying with a default installation of Red Hat Linux (6.2) on an old Hewlett-Packard system, because for some reason I had it in my head that it would be fun to teach myself how to turn the spare computer into an oversized firewall [ah, the irony]. That is, until the Lion Worm came around and locked me out of my system. Twice. After that incident, I decided to learn as much as I could about computer and Internet security, and read most everything on the subject that I could get my hands on at the time. It’s an obsession that hasn’t let up. Much of my knowledge about computers and Internet security comes from having cultivated regular and direct access to some of the smartest and most clueful geeks on the planet. The rest I think probably comes from a willingness to take risks, maketechnology is the open source Xen hypervisor, whose community continues to lead innovation in virtualization and isolation. This talk is also a call-to-arms of the research and security ecosystems to use micro-virtualization to advance security research, attack analysis and to further extend the use cases for micro-virtualization. Derek Manky formulates security strategy based on years of threat and industry knowledge, with a goal to make a positive impact towards the global war on cyber crime. Manky has presented research and strategy world-wide at many security conferences, including meetings with leading political figures who help define the future of cyber security. He works globally within the security industry and Computer Emergency Response (CERT) to connect the dots, providing mitigation advice and threat forecasts based on correlated data and personal knowledge. This strategy can be integrated into new, advanced technology to fight cyber attacks. He has been recognized as athought leader in the industry. Manky designed a vulnerability disclosure framework, which has been reliably used for years to responsibly fix security issues before criminals discover and attack them. Manky also sits on a computing program committee with a premier technology institution in Canada, advising on next generation security requirements. He continues to dedicate his career to security, research and education. Beyond BYOD – Hacking the Internet of Things Everyone knows the deal, the doom and gloom. There are threats on the internet, and plenty of them in many shapes and form – worms that have persisted for years, basic Trojans that still perform, and of course advanced persistent threats (APTs). If securing Windows based systems still proves challenging today, what will tomorrow bring? Are Linux and Mac systems really that much more secure? And what about Android vs. iOS vs. Windows Mobile with BYOD? Attacks against home routers, home automation systems, surveillance cameras,printers, smart televisions and embedded system exist today and are certain to shift the security landscape and defensive strategy in 2014 and beyond. Cyber attackers are learning it is beneficial to hide in more nooks, and cast a wider net to hook other popular platforms being adopted by the market. As a result, a larger attack surface is being created. Derek Manky, Global Security Strategist, Fortinet will examine the challenges of multi platform security as it exists today and what we can expect tomorrow. Case examples will be highlighted proving low hanging fruit is ripe for attack on these systems. Strategy will be discussed in an interactive session in an effort to get ahead of what inevitably will come. Kellman Meghu has delivered security talks in private corporate focused events, at school internet safety classes for training students and teachers, as well as public events including SecureWorld Seattle, The Check Point Experience, Bsides St. Johns, Bsides San Francisco, BsidesChicago, Bsides Detroit, Secure360, Trilateral Conference, and Sector lunch keynote for 2012. Kellman has contributed to live TV interviews in the Toronto area with CP24, CityNews, and CHCH TV, as well as radio station interviews and news articles across Canada. Weaponized Security How dangerous can you get with just the security tools you have today? Do you have access to a technology that makes searching patterns of data in the network very simple? I bet you do. Now I want you to imagine implementing that technology on an open wifi and seeing what you find. This talk discusses how a tool to secure people can be turned against them, and the results of random people, leaking data about their computers, and themselves. This is all done with publicly available and commonly implemented enterprise security, just implemented in uncommon ways. Peter Morin is a Senior Information Security Specialist with Bell Aliant. His position focuses on information security risk management, penetrationtesting, cyber threat response, application code analysis, malware analysis, and computer forensics. Peter has over 18 years of in-depth information technology experience in the fields of enterprise computing and networking with an emphasis on IT security, application development, business continuity, incident response and forensics. Prior to Bell Aliant, Peter has held positions with KPMG LLP and Ernst & Young LLP as Senior Manager in their IT Security, Risk Advisory & Forensic practices, as well as worked with numerous tech start-up companies and various government and military agencies. Peter is a frequent speaker on the subject of critical infrastructure protection, risk management, penetration testing, malware analysis and forensics and has presented at numerous events held by the HTCIA, Black Hat, DEFCON, PMI, Computer Security Institute, Interop, SANS, and ISACA. Peter is a frequent guest lecturer at numerous colleges and university throughout North America and has also beenfeatured in numerous publications including SC Magazine. Peter sits on numerous executive boards including the High Technology Crime Investigation Association International Board of Directors, HTCIA International Conference, ISC2, and ISACA - Atlantic Provinces Chapter. Peter holds numerous security-related designations including the CISSP, CISA, CGEIT, CRISC, and GCFA. How many times did I use the bathroom today? An introduction to Open Source Intelligence This presentation will discuss the ever growing topic of open source intelligence (OSINT). OSINT is the data mining of intelligence from publically available sources – a form a “Cyber Intelligence”. During this presentation we will discuss the various data points online that can be used to gather information about an individual, an organization, etc. including blogs, forums, personal websites, business intelligence websites such as Salesforce.com, LittleSis and crowd-sourced Jigsaw and social media sites such as Facebook, LinkedInand Twitter. We will discuss the various uses of this data including reconnaissance for hackers, foreign governments/nation states, penetration testers, and competitive intelligence. We will look at demos of some of the more popular automated analysis tools such as Maltego and the use of custom Python scripts used to collect and analyze OSINT data. Colin O'Flynn analyzes the security of embedded systems, and has spoken extensively about his open-source ChipWhisperer tool which was created as part of his ongoing PhD Research at Dalhousie University. He’s previously been involved with a variety of embedded system designs, including wireless protocols used in smart energy meters. His work on embedded security has led him to speak at a number of security conferences including Blackhat EU/USA. Hacking Embedded Systems: Power Analysis & Clock Glitching Embedded systems have historically had all sorts of 'interesting' security holes discovered in them. You often can't blame the engineers whodesigned the systems: it's extremely difficult to keep up to date with all the latest attacks. Performing 3rd party testing can be horrendously expensive, so many companies simply ignore the more exotic attack vectors. One such 'exotic' attack vector is side-channel power analysis, along with glitch attacks. In power analysis, one measures the power a device consumes on each instruction, and uses this information to break encryption or other security running on the device. The vulnerability of systems to such attacks has been known for almost 15 years. But the difficulty in setting up a lab has made these attacks less prevalent in the real world. With glitching attacks, very precise and short pulses are inserted into a devices power rails or clock inputs. It's a well know theoretical risk, but the cost of equipment which can generate suitable glitches is too expensive for most attackers. This presentation will cover some open-source tools which can be used for research into this field,which can be built or bought for $100 to $1500 depending on requirements. Dale O’Grady is a Senior Systems Engineer at Palo Alto Networks with extensive experience in layer 2-7 security. As a 20 year veteran of the Information Technology sector, Dale has had the good fortune of working as a world-wide Product Manager for security solutions such as Firewalls, Proxies, Intrusion Detection/Prevent Systems, Traffic Classification Systems, Mobile Security and Network Access Control. In 2011, Dale decided to move to a dedicated customer facing role to help customers address their real-world security challenges. Application Identification Traffic classification is at the heart of any firewall because classification forms the basis of security and acceptable use policies. Port numbers, protocols, and IP addresses are useful for network devices, but provide nothing about what is on the network. Not knowing what is on the network creates an organization dilemma – secure the network and haveunproductive users or have productive users with an increased attack surface? Detailed information about the applications, users, and content traversing networks empowers organizations to quickly determine and assess risks. Identifying the actual application lets organizations quickly learn more about activity on the network and analyze incidents from a current or comparative perspective. Please join us for this session as we take a deep dive into the benefits of application identification. We will cover concepts such as how application identification is accomplished, application versus application protocol identification, what to look for in application identification engines as well as how the future of encryption impacts application identification and of course considerations on performance and scaling for real-world scenarios. Natalie Oldfield is known as a passionate and energetic speaker, Natalie has presented to audiences throughout North America, Europe and Asia. Natalie hasworked in marketing communications and sales in multinational companies for 20 years. Natalie's experience working with international ICT organizations drew her to the conclusion that trust is the most important asset a business can protect. That conclusion prompted her extensive study in the field of her Masters degree, How Organizations Build Trust with their External Stakeholders. She facilitates workshops and training sessions and consults with companies looking to improve revenues, protect and deepen relationships, and gain a competitive edge. Natalie’s sessions offer participants strategies and practical tools to improve relationships, customer experiences and the bottom line. Natalie has also been a part time faculty member at Mount Saint Vincent University in the Communications and Public Relations department, and a part time faculty member in the School of Business at the Nova Scotia Community College. She is a graduate of the University of New Brunswick (Bachelor of Arts),Mount Saint Vincent University (Bachelor of Public Relations), the Dupree College of Management, Georgia Institute of Technology(Certificate in Management), and is a candidate for a Masters in Communications. Protecting your organization’s most valuable asset Falling behind in digital security can be extremely expensive; failing to protect trust can be fatal. Trust can take years to build and one breech can destroy it in seconds. Security experts know where the securities threats are. Where are your trust vulnerabilities? Every organization has them. Identifying the vulnerabilities and critical trust points in your organization is critical to your success. Trust is the number one predictor of consumer satisfaction and the critical ingredient to your competitive advantage. It determines how customers, suppliers, employees, bankers and the public make decisions about your organization. They ask: Who should I believe? Which organizations can I trust? Are they competent? Will they keep myconfidential information secure? Will they do the right thing? Drawing on research, Natalie will share with you how some of the world’s top brands build and protect the trust of their stakeholders. The session will offer participants strategies and practical tools to identify critical trust points. Natalie will share the practices of building and protecting trust as well as some tips on how to rebuild trust when there is a security breech. Participants will leave with Monday morning strategies to build and protect trust in their organizations. James Placer is an Information Security and Privacy consultant with a specific focus on network architectures and International compliance requirements. He has spent the last 20 years working primarily with fortune 100 companies in the United States in evaluating, and architecting compliant security solutions He has been a keynote speaker on presentations regarding privacy legislation changes at the state and federal level in the Midwest UnitedStates along with being an adjunct professor in Information Assurance at Davenport University in Michigan. He currently splits his time between residences in Tatamagouche, NS and Allegan, Michigan when he is not on the ski slopes chasing his ski racing daughter. Payment Card Industry 3.0 Updates and Requirements from an Industry Perspective Compliance is the big stick in the corporate security world and one of the strongest drivers is the Payment Card Industry ( PCI) standards. The latest refresh of the Credit card Industry standard has been released and takes effect as of Jan1st 2014. Companies have a period of 14 months to comply with the newly released requirements. How will this affect your company and what do you need to be doing now to prepare for the next PCI audit. This presentation explains the changes in PCI 3.0 and what they mean from a company centered viewpoint for your business and what they mean for security practitioners. Does your corporation have in place therequirements, both in Canada and abroad, process to meet the new requirements? Jamie Rees With 20 plus years in information technology, the majority of that in information security related roles in communications and financial service organizations. Currently Jamie is the Director of Information Assurance - Chief Information Security Officer and the Chief Security Strategist for the Province of New Brunswick, Canada, working for the Executive Council Office. The idea that explaining security in terms of impact on business expected outcomes became evident to Jamie early in his career. Leading him to change his outlook of security programs and the value they bring to business, followed by writing the job descriptions and building the programs used to deliver information security functions. The value proposition used in delivering these roles was his training ground on how to communicate value in security. Information Assurance New Brunswick has successfully launched an InformationAssurance team as part of the government’s Office of the CIO that aligns security objectives with the government’s strategy and planning. This alignment supports government decisions and enables provisioning of secure and timely services. This is a multi-pronged program with inputs at various parts of the information life cycle. Security objectives are being built into the planning and prioritization processes of the government. IT purchase requests are vetted for appropriate security requirements and Information risk management impacts the balanced scorecards of the organization, with measures that public bodies use to report their initiatives. This was done by showing the value we add to the business in terms and language used by the business. We consulted and won over, group by group, the various boards of the public bodies. Showing each of them the value we offered, and bringing them into our process and governance bodies as stakeholders. The presentation will share the models weused, the challenges we faced and overcame and the lessons learned along the way. Guillaume K. Ross is an Information Security consultant with a background in IT. He can typically be found in the Montréal area, helping companies from big to too big with their information security programs. He believes in making security as transparent as possible to employees and IT staff as well as using capabilities found in the world of cloud computing that can help secure systems differently and sometimes better than how it is done on physical systems. None of this is relevant to his talk at AtlSecCon 2014, where only his credentials as an Apple geek are useful. URL Scheme Security on iOS Have you ever clicked a phone number in Safari to get the phone app to call that store/car dealership/pizza place you were searching for? In iOS, this interaction between apps happens via URL schemes, which are available to Apple applications as well as third party applications. Everyone uses them without noticingthey exist. URL Schemes are great. They are, however, a source of user input that should never be trusted as safe. In this presentation, we will look at real life examples of implementations of URL Schemes that could lead to issues such as destruction of data or help a malicious person identify an iOS user. We will also look at simple ways to improve URL Scheme security for users of your apps as well as how to find URL Scheme vulnerabilities, for the ones out there who would like to help out. David Shipley is a member of the IT Security team at the University of New Brunswick. He is responsible for monitoring UNB’s networks and systems, responding to incidents and assisting in long-term security strategy and planning. David also assists with user education and behaviour change. David is a former business journalist with the New Brunswick Telegraph-Journal. He is currently pursuing his Masters of Business Administration at UNB, with a focus on information technology. Securing the IvoryTower Universities are among the highest risk targets for cyber threats due to their nature as places that promote the exchange of information. Encouraging and helping 10000+ minds to collaborate and research on a range of topics is a challenging mission for any IT organization. Having to secure that environment is even tougher. The University of New Brunswick's IT Security Action Team faces a range of threats on a daily basis. From hactivists to denial of service (DDoS) attacks, from target intrusions to trying to handle the daily deluge of malicious software, this team has seen it all. In this talk, UNB's David Shipley will discuss the team's approach to securing this vibrant environment while helping the University achieve it's educational and research objectives. Mark Stanislav is the Security Evangelist for Duo Security, an Ann Arbor, Michigan-based startup focused on two-factor authentication and mobile security. With a career spanning over a decade, Mark has worked within smallbusiness, academia, startup, and corporate environments, primarily focused on Linux architecture, information security, and web application development. Mark has spoken nationally at over 70 events including RSA, ISSA, B-Sides, GrrCon, Infragard, and the Rochester Security Summit. Mark’s security research has been featured on web sites including CSO Online, Security Ledger, and Slashdot. Additionally, Mark is an active participant of local and nationals security organizations including ISSA, Infragard, HTCIA, ArbSec, and MiSec. Mark earned his Bachelor of Science Degree in Networking & IT Administration and his Master of Science Degree in Technology Studies, focused on Information Assurance, both from Eastern Michigan University. During his time at EMU, Mark built the curriculum for two courses focused on Linux administration and taught as an Adjunct Lecturer for two years. Mark holds CISSP, Security+, Linux+, and CCSK certifications. Eyes on IZON: Surveilling IP Camera Security Homecenter. Varonis mission is to help enterprises realize value from their human-generated data. Varonis increases productivity, sustainably reduces risk, and lowers cost in the enterprise. Our products automate time-consuming data management and protection tasks and extract valuable insights from your human-generated data. The Varonis Data Governance suite helps organizations manage and protect their unstructured and semi structured data—the documents, spreadsheets, presentations, media files and other business data in file servers, NAS devices, SharePoint and Exchange. These critical data assets are massive and growing rapidly. At Cisco (NASDAQ: CSCO) customers come first and an integral part of our DNA is creating long-lasting customer partnerships and working with them to identify their needs and provide solutions that support their success. Cisco has shaped the future of the Internet by creating unprecedented value and opportunity for our customers, employees, investors and ecosystempartners and has become the worldwide leader in networking - transforming how people connect, communicate and collaborate. HP's enterprise security software and solutions provide a proactive approach to security that integrates information logging and correlation, application analysis and network-level defense. With Gartner Magic Quadrant leaders in Security Information and Event Management (SIEM), Next-generation Intrusion Prevention and Managed application security testing available on demand, HP has the solutions to take your security posture into the next generation. Bronze Sponsors Educational Sponsors Experience the industry’s most realistic penetration testing, training and certifications. Taught by the core developers of Kali Linux, our information security training will immerse you into the deep-end of real world penetration testing. We know penetration testing. Between Offensive Security Training, Kali Linux and the Exploit-Database, you can trust that we have the expertise,knowledge and experience to provide you with high end penetration testing services. Offensive Security funds and develops several prominent information security niches, such as Kali Linux, the Exploit-Database, Google Hacking Database and Metasploit Framework Unleashed (MSFU) free training. The Hacker Academy provides a unique learning experience, teaching infosec from the hacker’s perspective. You might have heard the phrase, “it takes one to know one mentality”. Our philosophy is to arm our members with the knowledge necessary to practice, implement, and deploy what they have learned immediately and effectively. All training modules are available 24/7 and are perfect for any skill level. Pentester Academy plans to revolutionize online infosec training by providing comprehensive, highly technical, hands-on courses at the most affordable price! Our dream of making infosec training affordable for everyone can only come true with your support! Additional Sponsors Lunch Sponsor Day 1Lunch Sponsor Day 2 Social Mixer Sponsor Palo Alto Networks, Inc. has pioneered the next generation of network security with our innovative platform that allows you to secure your network and safely enable an increasingly complex and rapidly growing number of applications. At the core of this platform is our next-generation firewall, which delivers visibility and control over applications, users, and content within the firewall using a highly optimized hardware and software architecture. Swag Bag Sponsor Check Point Software Technologies Ltd. (www.checkpoint.com), the worldwide leader in securing the Internet, provides customers with uncompromised protection against all types of threats, reduces security complexity and lowers total cost of ownership. Check Point first pioneered the industry with FireWall-1 and its patented stateful inspection technology. Community Sponsors The High Technology Crime Investigation Association (HTCIA) was formed to provide education and collaboration toour global members for the prevention and investigation of high tech crimes. As such, we are an organization that aspires to help all those in the high technology field by providing extensive information, education, collective partnerships, mutual member benefits, astute board leadership and professional management. The High Technology Crime Investigation Association is composed of 8 regions within the United States and 6 international regions, including Canada. The Atlantic Chapter is one of five chapters in the Canadian region. Internationally there are 38 chapters overall. The Halifax Area Security Klatch (HASK), provides a forum for experts to encourage discussion and share expertise in understanding the latest trends and security threats facing computer networks, systems and data. Our membership includes Information Security practitioners, managers, network administrators, students, and anyone who is interesting in learning more about securing information. We meet at the HalifaxClub in Halifax, Nova Scotia. Typically, we meet the last Monday of the month except for March, June, July, August, and December; unless otherwise notified. The Halifax Hack Labs is a way to engage the local information security community to apply skills learned from other events such as the Halifax Area Security Klatch and the Atlantic Security Conference.