NorthSec 2020 (Online Edition)

“AMITT - Adversarial Misinformation Playbooks” Roger Johnston, Sara-Jayne Terp · Talk – Round 1 (45 minutes)

We describe the use of adversarial misinformation playbooks to detect and counter disinformation, and explore advances in misinfosec tooling appropriated from the infosec community.

“Designing Customer Account Recovery in a 2FA World” Kelley Robinson · Talk – Round 1 (45 minutes)

This session will show how to securely accommodate account recovery when the user has 2FA enabled while minimizing account takeover and support overhead.

“Offensive Cloud Security Workshop” Xavier Garceau-Aranda · 3hr workshop -- Round 1 (3 hours)

The workshop is tailored towards individuals who have some experience with “the Cloud”, seeking to improve their proficiency at assessing the security of cloud hosted applications and infrastructures.

“High speed fingerprint cloning: myth or reality?” Paul Rascagnères, Vitor Ventura · Talk – Round 1 (45 minutes)

During this presentation, we will explain how the democratization of resin 3D printers impacts the fingerprint cloning. And the security implications on devices such as phones, laptops or padlocks.

“The Path to Software-Defined Cryptography via Multi-Party Computation” Prof. Yehuda Lindell · Talk – Round 1 (45 minutes)

Exploring applied cryptography (Secure Multi-Party Computation) as an enabler of innovation, growth, and risk aversion in enterprise key management and protection.

“Stay quantum safe: future-proofing encrypted secrets” Christian Paquin · Talk – Round 1 (45 minutes)

I present last year’s progress on the development of quantum-safe cryptography to protect communications susceptible to being intercepted today and decrypted later with the help of a quantum computer.

“Advanced Binary Analysis” Alexandre Beaulieu · 3hr workshop -- Round 1 (3 hours)

Discover practical advanced binary analysis techniques like code emulation, symbolic execution and dynamic instrumentation to help dealing with and understanding obfuscated and packed executables.

“Defending Human Rights in the Age of Targeted Attacks” Etienne Maynier · Talk – Round 1 (45 minutes)

In this talk, we will see what type of attacks are targeting Human Rights Defenders, how they evolved over the past years and how we are trying to respond to these attacks at Amnesty International.

“Practical security in the brave new Kubernetes world” Alex Ivkin · Talk – Round 1 (45 minutes)

Dive into a typical Kubernetes cluster by messing with the default security controls, popular sidecar containers and supporting infrastructure.

“Finding the Needle in the Needlestack: An Introduction to Digital Forensics” Emily Wicki · 3hr workshop -- Round 1 (3 hours)

Learn how to apply the best forensics tool (spoiler: it's your brain!) to solve a mock insider threat investigation.

“Capture-The-Flag 101” Olivier Bilodeau · 3hr workshop -- Round 1 (3 hours)

An introduction to Capture-The-Flag (CTF) with easy challenges and tips on how to approach them.

“Unicode vulnerabilities that could byͥte you” Philippe Arteau · Talk – Round 1 (45 minutes)

Transformation of Unicode characters can lead to various side effects. In this talk, you will learn why normalization and capitalization can be misused and affect modern applications.

“Dynamic Data Resolver IDA plugin – Extending IDA with dynamic data” Holger Unterbrink · Talk – Round 1 (45 minutes)

Dynamic Data Resolver IDA plugin – Extending IDA with dynamic data

“Regions are types, types are policy, and other ramblings” bx · Talk – Round 1 (45 minutes)

Compilers and interpreters make use of types to ensure a degree of semantic sanity. I will describe how types can be used outside this narrow paradigm to apply policies across address spaces.

“Look! There's a Threat Model in My DevSecOps” Alyssa Miller · Talk – Round 1 (45 minutes)

Threat Modeling is a crucial activity that often gets left out of DevSecOps. This session will present a fast-paced backlog-based approach that doesn’t require tools or slow down development.

“IOMMU and DMA attacks” Jean-Christophe Delaunay · Talk – Round 2 (45 minutes)

Direct Memory Access technology allows peripherals to access RAM without relying on CPU. DMA increases performances but bring up security issues. An IOMMU was incorporated to address these concerns.

“Opening Speeches” Admin · Opening Speeches (15 minutes)

Opening speeches and welcome.