this is a bio
- Opening Speeches
Alexandre is a security researcher working for GoSecure. His area of expertise is reverse engineering, binary exploitation and tool development. His previous experience as a software developer covers a broad spectrum of topics ranging from low-level systems and binary protocols to web applications. Prior to joining the research team, Alexandre spent time as an Ethical Hacker honing his offensive security skills. His areas of interest include binary analysis, compiler theory and systems programming. Alexandre gives back to the Montréal infosec community by volunteering his time, contributing workshops and designing application security challenges for events like MontréHack and REcon.
- Advanced Binary Analysis
Alex Ivkin is a director of solutions at Eclypsium, a US security company. His focus is on secure deployments of (in)secure software, including container orchestration, application security, and firmware security. Alex has two decades of security integration experience, presented at numerous security conferences, delivered trainings, holds MS in CSci, co-authored the ISACA CSXP certification and climbs mountains in his spare time.
- Practical security in the brave new Kubernetes world
Alyssa Miller (CISM) is a hacker, security advocate, author, professional, and public speaker with almost 15 years of experience in the security industry. She has always had a passion for deconstructing technology, particularly since buying her first computer at the age of 12 teaching herself BASIC programming. In her career, Alyssa has performed all forms of security assessments but given her developer background, she had a dedication to application security. She specializes in working with business and security leaders to design and deploy effective security programs that create a true culture of shared responsibility and developer enablement.
Alyssa is also committed to evangelizing security. Not only does she speak internationally at various industry, vendor and corporate events, Alyssa also engages in the community through her online content, media appearances, and security community activism. Her journey through security was recently featured in an article by Cybercrime Magazine. She’s also been recognized in Peerlyst’s e-Book “50 Influential Penetration Testers”. Alyssa is board member for Women of Security (WoSEC) and co-host of The Uncommon Journey podcast focusing on the unique stories of security professionals across the community. Finally, Alyssa is an Application Security Advocate for London-based Snyk Ltd.
- Look! There's a Threat Model in My DevSecOps
bx enjoys tinkering with systems in undocumented manners to find hidden sources of computation. She has previously studied the weird machines present in application linkers and loaders, publishing some nifty PoC along the way, but has since turned her focus towards the kinds of loaders that bootstrap systems. bx is currently a senior security researcher at Narf Industries.
- Regions are types, types are policy, and other ramblings
I am a crypto specialist in Microsoft Research's Security and Cryptography team. I’m currently involved in projects related to post-quantum cryptography, such as the Open Quantum Safe project. I’m also leading the development of the U-Prove technology. I’m also interested in privacy-enhancing technologies, smart cloud encryption (e.g., searchable and homomorphic encryption), and the intersection of AI and security. Prior to joining Microsoft in 2008, I was the Chief Security Engineer at Credentica, a crypto developer at Silanis Technology working on digital signature systems, and a security engineer at Zero-Knowledge Systems working on TOR-like systems.
- Stay quantum safe: future-proofing encrypted secrets
Emily is a digital forensics investigator on the Insider Threat Investigations team at Morgan Stanley. In her role, Emily helps protect the Firm against insider threats by conducting investigations and working to improve forensic tooling and techniques. In her spare time, Emily's passion for forensics persists as a hobby, but she also enjoys crime shows, ballet, and pursuing her not-so-secret mission of finding the best ice cream in the world.
- Finding the Needle in the Needlestack: An Introduction to Digital Forensics
Etienne Maynier is a security researcher and activist working in the Amnesty Tech team on digital surveillance of Human Rights Defenders. He enjoys political discussions, weird malware tricks, hummus and hates illeism.
- Defending Human Rights in the Age of Targeted Attacks
Holger is working for Cisco Talos, the threat research organization of Cisco. Our goal is to find and reverse engineer new unknown malware campaigns. My team uncovered attacks like NotPetya, WannaCry, DNSpionage, SeaTurtle and many more. I am frequently presenting on internal and external conferences, for example: Microsoft Digital Crime Consortium (DCC), Google Annual RE Meeting, FIRST, ISC, 4th International Conference on Cybersecurity and Privacy Balkan, BSIDES Munich, SecIT Germany, CiscoLive and more.
- Dynamic Data Resolver IDA plugin – Extending IDA with dynamic data
Former pentester, I used to play a lot with Microsoft Active Directory infrastructures, both on defensive and offensive aspects at Synacktiv, a french offensive security company. I am now in the Reverse Engineering team within my company, focusing on Windows and hardware topics.
- IOMMU and DMA attacks
Kelley works on the Account Security team at Twilio. Previously she worked in a variety of API platform and data engineering roles at startups. Her research focuses on authentication user experience and design trade-offs for different risk profiles and 2FA channels. Kelley lives in Brooklyn, is an avid home cook, and spends too much time on Twitter (@kelleyrobinson).
- Designing Customer Account Recovery in a 2FA World
Olivier Bilodeau is leading the Cybersecurity Research team at GoSecure. With
more than 10 years of infosec experience, he enjoys attracting embedded Linux
malware, writing tools for malware research, reverse-engineering
all-the-things and vulnerability research. Passionate communicator, Olivier has
spoken at several conferences like BlackHat USA/Europe, Defcon, Botconf, SecTor,
Derbycon, HackFest and many more. Invested in his community, he co-organizes
MontréHack, a monthly workshop focused on applied information security, and
NorthSec, Montreal's community conference and Capture-The-Flag.
- Capture-The-Flag 101
Paul is a security researcher within Talos, Cisco’s threat intelligence and research organization. As a researcher, he performs investigations to identify new threats and presents his findings as publications and at international security conferences throughout the world. He has been involved in security research for 7 years, mainly focusing on malware analysis, malware hunting and more specially on Advanced Persistence Threat campaigns and rootkit capabilities. He previously worked for several incident response team within the private and public sectors.
- High speed fingerprint cloning: myth or reality?
Philippe is a security researcher working for GoSecure. His research is focused on Web application security. His past work experience includes pentesting, secure code review and software development. He is the author of the widely used Java static analysis tool OWASP Find Security Bugs (FSB). He is also a contributor to the static analysis tool for .NET called Security Code Scan. He built many plugins for Burp and ZAP proxy tools: Retire.js, Reissue Request Scripter, CSP Auditor and many others. Philippe has presented at several conferences including Black Hat Arsenal, SecTor, AppSec USA, ATLSecCon, NorthSec, and 44CON.
- Unicode vulnerabilities that could byͥte you
Yehuda Lindell is a professor at Bar-Ilan University in Israel and the CEO of Unbound Tech. Yehuda attained his Ph.D. at the Weizmann Institute of Science in 2002 and spent two years at the IBM T.J. Watson research lab as a Postdoctoral fellow in the cryptography research group. Yehuda has carried out extensive research in cryptography, and has published over 100 conference and journal publications, as well as one of the leading undergraduate textbooks on cryptography. Yehuda has presented at numerous international conferences, workshops and university seminars, and has served on program committees for top international conferences in cryptography. In addition to Yehuda's notable academic work, he has significant industry experience in the design and deployment of cryptography in a wide variety of scenarios.
- The Path to Software-Defined Cryptography via Multi-Party Computation
Roger Johnston is a security analyst at Ubisoft Montreal where he specializes in adversary emulation and threat intelligence.
In 2019 he worked closely with the Credibility Coalition misinfosec working group to develop counters for disinformation, and to provide tooling to the AMITT community.
Today, Roger volunteers with the Cognitive Security Collaborative where he builds capabilities to bootstrap elf communities, provides trainings, and evangelizes the need for greater awareness of disinformation. His recent work at Cognitive Security Collaborative includes the launch of a MISP sharing community for influence operations.
Through Cognitive Security Collaborative, Roger recently joined the CTI League to counter COVID-19 disinformation.
- AMITT - Adversarial Misinformation Playbooks
Sara-Jayne “SJ” Terp is a data nerd with a long history of working on the hardest data problems she can find. Her background includes designing unmanned vehicle systems, transport, intelligence and disaster data systems with an emphasis on how humans and autonomous systems work together; developing crowdsourced advocacy tools, managing innovations, teaching data science to Columbia’s international development students, designing probabilistic network algorithms, working as a pyrotechnician, and CTO of the UN’s big data team. Her current interests are focused on misinformation mechanisms and counters; she founded Bodacea Light Industries to focus on this, worked with the Global Disinformation Index to create an independent disinformation rating system, and runs a Credibility Coalition working group on the application of information security principles to misinformation. SJ holds degrees in artificial intelligence and pattern analysis and neural networks.
- AMITT - Adversarial Misinformation Playbooks
Vitor Ventura is a Cisco Talos security researcher. Has a researcher, he investigated and published various articles on emerging threats. Most of the days Vitor is hunting for threats, investigating, them reversing code but also looking for the geopolitical and/or economic context that better suits them. Vitor has been a speaker in conferences, like Recon Brussels, Defcon Crypto Village and BSides Lisbon among others.
Prior to that he was IBM X-Force IRIS European manager where he was lead responder on several high profile organizations affected by the WannaCry and NotPetya infections, helping to determine the extent of the damage and to define the recovery path. Before that he did penetration testing at IBM X-Force Red, where Vitor lead flagship projects like Connected Car assessments and Oil and Gas ICS security assessments, custom mobile devices among other IoT security projects. Vitor holds multiple security related certifications like GREM (GIAC Reverse Engineer Malware), CISM (Certified Information Security Manager).
- High speed fingerprint cloning: myth or reality?
Xavier is a senior security consultant at NCC Group, with experience in both academia and the private sector. He has worked as a developer, security researcher and consultant. Xavier currently spends most of his time focusing on application and cloud security, as well as driving the development of Scout Suite
(https://github.com/nccgroup/ScoutSuite/), an open source multi-cloud security-auditing tool.
Xavier holds the AWS Certified Security – Specialty, Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE) and Offensive Security Wireless Professional (OSWP) certifications.
- Offensive Cloud Security Workshop