»Mainframe Hacking in 2019« Philip 'Soldier of FORTRAN' Young; 45 min talk -- Round 1 (60 minutes)

Over the past 5 years tactics, techniques and procedures have been developed to help you pentest a Mainframe. This talk will cover new tools not yet released and new techniques to help you hack yours.


»Threat Modeling« Jonathan Marcil; 2 hr workshop -- Round 2 (2 hours)

A collaborative experience where we will learn basic threat modeling components by brainstorming and drawing altogether.


»The SOC Counter ATT&CK« Mathieu Saulnier; 20 min talk -- Round 1 (30 minutes)

Leverage the Mitre ATT&CK Framework to improve your organization security posture and bring your SOC up to speed with the current Tactics, Techniques and Procedures (TTP) that modern Threat Actors use


»Friday Lunch« Admin; Lunch day 2 (75 minutes)

Lunch


»Call Center Authentication« Kelley Robinson; 45 min talk -- Round 1 (60 minutes)

I called dozens of contact centers to learn about how companies attempt to identify and authenticate the end user. This talk will share best practices you can use to secure your own call centers.


»Thursday Lunch« Admin; Lunch day 1 (75 minutes)

Lunch


»From Bitcoins Amateurs to Experts: Fundamentals, grouping, tracing and extracting bulk information with open-source tools« Masarah Paquet-Clouston; 3hr workshop -- Round 1 (3 hours)

Hands-on workshop to understand bitcoin fundamentals, learn clustering techniques, trace transactions in the blockchain and extract bulk transactions via the GraphSense open-source platform.


»Breaking smart contracts« Maurelian, Shayan Eskandari; 2 hr workshop -- Round 1 (2 hours)

Some of the most financially devastating hacks in recent years have happened on the blockchain. This Ethereum focused workshop, will teach you the fundamentals of writing and breaking smart contracts.


»Sponsor event« Admin; Filler for 3hr workshop slot (3 hours)

Unavailable.


»64-bit shellcoding and introduction to buffer overflow exploitation on Linux« Silvia Väli; 3hr workshop -- Round 2 (3 hours)

64-bit shellcoding and introduction to buffer overflow exploitation on Linux is a 3h workshop with a fast paced introduction to x86-64 architecture, assembly language and tooling.


»Introduction to appliance reverse engineering« Olivier Arteau; 2 hr workshop -- Round 1 (2 hours)

Do you need to analyze a product that was shipped with a locked down operating system ? This workshop will cover the basic of analyzing this type of product.


»Registration« Admin; Registration (45 minutes)

Registration


»Conference Party« Admin; Meta -- Film (2 hours)

Conference party at Barcade and Meltdown.


»Post-Quantum Cryptography: today's defense against tomorrow's quantum hackers« Christian Paquin; 20 min talk -- Round 2 (30 minutes)

I present Post-Quantum Cryptography designed to resist attacks by quantum computers, and describe our expirements in integrating it into protocols such as TLS, SSH, and VPN.


»Intro to badge soldering« Martin Lebel; 2 hr workshop -- Round 2 (2 hours)

Get an introduction to soldering (and the #badgelife).


»HAK MTL Screening« Admin; Meta -- Film (2 hours)

An exclusive preview of Alexandre Sheldon's film HAK MTL.


»Welcome to the Jumble: Improving RDP Tooling for Malware Analysis and Pentesting« Francis Labelle, Émilio Gonzalez; 45 min talk -- Round 1 (60 minutes)

PyRDP, the open-source RDP man-in-the-middle, allows complete interception of Remote Desktop sessions. This opens the door for new techniques in malware research and pentesting.


»Cybersecurity vs the world« Matt Mitchell; Keynote (60 minutes)

Is our industry a savior or annihilator?


»Capture-The-Flag 101« Olivier Bilodeau; 3hr workshop -- Round 1 (3 hours)

An introduction to Capture-The-Flag (CTF) with easy challenges and tips on how to approach them.


»Using Geopolitical Conflicts for Threat Hunting - How Global Awareness Can Enable New Surveillanceware Discoveries« Kristin Del Rosso; 45 min talk -- Round 1 (60 minutes)

Geopolitical decisions are based on digital espionage; awareness of foreign affairs and human elements behind surveillance campaigns greatly assists in understanding and finding new surveillance-ware.


»Using angr to augment binary analysis workflow« Alexander Druffel, Florian Magin; 3hr workshop -- Round 1 (3 hours)

This is a workshop on the open source binary analysis framework angr. We will teach you about its various analyses techniques for reverse engineering and how to integrate them into your workflow.


»Code of conduct, logistics, and more« Admin; Meta (15 minutes)

Info


»Intro (Day 2)« Admin; Meta (15 minutes)

Introductions.


»Fixing the Internet's Auto-Immune Problem: Bilateral Safe Harbor for Good-Faith Hackers« Chloé Messdaghi; 20 min talk -- Round 2 (30 minutes)

This talk provides an overview of Safe Harbor in the context of good-faith hacking and introduces a current effort to create a standardized, open-source platform via disclose.io


»Threat hunting in the cloud« Kurtis Armour, Jacob Grant; 45 min talk -- Round 2 (60 minutes)

There are limited built-in capabilities for detecting attacks and post-exploitation of cloud services. This talk will cover methods of identifying threat actors via cloud and endpoint signals.


»One Key To Rule Them All - ECC Math Tricks« Yolan Romailler; 20 min talk -- Round 1 (30 minutes)

Come and listen to a tale in which we build upon basics about Elliptic Curves to discover how we could have One Key To Rule Them All, in order to do SSH key management or even build a Wireguard PKI.


»DNS On Fire« Paul Rascagnères, Warren Mercer; 20 min talk -- Round 1 (30 minutes)

Cisco Talos identified malicious actors targeting the DNS protocol successfully for the past several years. In the presentation, we will present 2 threat actors we have been tracking.


»Intro (Day 1)« Admin; Meta (15 minutes)

Introductions.


»xRAT: Monitoring Chinese Interests Abroad With Mobile Surveillance-ware« Apurva Kumar, Arezou Hosseinzad-Amirkhizi; 45 min talk -- Round 1 (60 minutes)

The rapid evolution of targeted Android surveillance-ware has enabled China’s mobile arsenal to successfully compromise target devices for years - this talk dives into the xRAT family and its tools.


»Trick or treat? Unveil the “stratum” of the mining pools« Emilien Le Jamtel, Ioana-Andrada Todirica; 45 min talk -- Round 1 (60 minutes)

In this presentation we explain how to hunt for cryptomining malicious activities, focusing on detection of collaborative work using the stratum protocol.


»Where Do We Go From Here? Stalkerware, Spouseware, and What We Should Do About It« Eva Galperin; Keynote (60 minutes)

TBD


»Post-Quantum Manifesto« Philippe Lamontagne; 20 min talk -- Round 2 (30 minutes)

A spectre is haunting the Internet — the spectre of quantum computing. All the powers of old Cryptography have entered into a holy alliance to exorcise this spectre.


»T1: Secure Programming For Embedded Systems« Thomas Pornin; 45 min talk -- Round 1 (60 minutes)

Description of T1, a new programming language that targets embedded systems: low RAM, low ROM, memory-safe, portable, supports coroutines.


»Leveraging UART, SPI and JTAG for firmware extraction« Marc-andre Labonte; 2 hr workshop -- Round 1 (2 hours)

This workshop aims to teach methods to obtain a firmware running on a IOT device by probing the circuit board. Accessing flash memory using common protocols such as UART, SPI and JTAG will be covered


»M33tfinder: Disclosing Corporate Secrets via Videoconferences« Yamila Vanesa Levalle; 45 min talk -- Round 1 (60 minutes)

Remotely and without authentication list the active conferences on a videoconferencing server, obtain meeting information and perform a bruteforce attack to access the information discussed in there


»DNS On Fire« Paul Rascagnères, Warren Mercer; 20 min talk -- Round 2 (30 minutes)

Cisco Talos identified malicious actors targeting the DNS protocol successfully for the past several years. In the presentation, we will present 2 threat actors we have been tracking.


»What is our Ethical Obligation to Ship Secure Code?« Elissa Shevinsky; 20 min talk -- Round 2 (30 minutes)

There is no legal obligation to ship secure code, but is there an ethical one? This talk argues that companies - and in some cases, individual devs - are obligated in strong security best practices.


»Introduction to Return Oriented Programming« Lisa Aichele; 3hr workshop -- Round 2 (3 hours)

This is an introductory workshop to Return Oriented Programming, a technique to overcome non-executable stacks during exploitation.


»Container Security Deep Dive« Yashvier Kosaraju; 2 hr workshop -- Round 1 (2 hours)

Containers are the next big thing in virtualization tech. If configured properly they provide immense security. In this workshop I will go over how to secure your container deployment end to end


»Hacking Heuristics: Exploiting the Narrative« Kelly Villanueva; 45 min talk -- Round 2 (60 minutes)

Distinctions between advantages and disadvantages are based on context, and with a strong narrative, context can be created.


»Making it easier for everyone to get Let's Encrypt certificates with Certbot« Erica Portnoy; 20 min talk -- Round 1 (30 minutes)

To get to 100% HTTPS adoption, it has to be easy for every website operator to turn on HTTPS. Through usability testing, the Certbot team is making Certbot more helpful for more people.


»Safer Online Sex: Harm Reduction and Queer Dating Apps« Norman Shamas; 45 min talk -- Round 1 (60 minutes)

Harm reduction as a security framework can increase user safety. We will look at a case study around user-centric security based on harm reduction for gay dating apps.


»Cache Me If You Can: Messing with Web Caching« Louis Dion-Marcil; 45 min talk -- Round 1 (60 minutes)

Recent development in AppSec research has shown an increase in popularity of caching related attacks. This talk will delve into the latest developments in web caching related vulnerabilities.


»Reversing WebAssembly Module 101« Patrick Ventuzelo; 2 hr workshop -- Round 1 (2 hours)

WebAssembly (WASM) is a new binary format supported by all the major web-browsers. In this workshop, attendees will learn how to reverse WebAssembly modules (crackmes, cryptominers, browser addons)


»The (Long) Journey To A Multi-Architecture Disassembler« Joan Calvet; 45 min talk -- Round 1 (60 minutes)

We will describe the internals of the disassembler engine we built fully in-house to analyze x86/x64, ARM/ARM64 and MIPS executables (among others).


»A good list of bad ideas« Laurent Desaulniers; 20 min talk -- Round 1 (30 minutes)

Have you ever wondered, 'What if?' in a pentest? Are movies like 'Die Hard' a source of inspiration for your next red team? If so, this talk is for you!


»Hunting Linux Malware for Fun and Flags« Marc-Etienne M.Léveillé; 2 hr workshop -- Round 1 (2 hours)

Fun introduction to Linux malware analysis and incident response. Trainees get root access to compromised Linux servers where they need to understand what they are up against (and find the flags!).


»Wajam: From a Start-up to Massive Spread Adware« Hugo Porcher; 45 min talk -- Round 2 (60 minutes)

How a Montreal-made "social search engine" application has managed to become one of the most widely spread adware, while escaping consequences.


»Red Teaming Workshop« Charles F. Hamilton; 3hr workshop -- Round 1 (3 hours)

Red teaming workshop dedicated to improve participant capabilities during red team assessment


»Deserialization: RCE for modern web applications« Philippe Arteau; 3hr workshop -- Round 1 (3 hours)

Deserialization is the process of converting a data stream to an object instance. This 3-hour workshop will go through the basics of exploiting such vulnerabilities in multiple languages.