NorthSec 2022

Version 1.8 May 20, 2022

We released a new schedule version!

We sadly had to cancel a session: “Red Team Tradecraft - Vulnerability Research for Operators” by Etizaz Mohsin.

We had to move some sessions, so if you were planning on seeing them, check their new dates or locations:

“Red Team Block” by Olivier Bilodeau, Lisandro Ubiedo, Rolland Winters, Martin Dubé (May 20, 2022, 5:55 p.m. → May 20, 2022, 5:15 p.m.)
“Passive recon & intelligence collection using cyber-squatted domains” by Rolland Winters (May 20, 2022, 5:15 p.m. → May 20, 2022, 4:35 p.m.)

Version 1.7 May 20, 2022

Edited day 2 of community room schedule to reflect reality. Edited 1 session description.

We have new sessions!

Version 1.4 May 15, 2022

We released a new schedule version!

We had to move some sessions, so if you were planning on seeing them, check their new dates or locations:

“10 Things I wish I knew before my first incident” by Caspian Kilkelly (May 19, 2022, 4 p.m. → May 19, 2022, 3:55 p.m.)
“Red Team Tradecraft - Vulnerability Research for Operators” by Etizaz Mohsin (May 20, 2022, 4:30 p.m. → May 20, 2022, 4:35 p.m.)
“Passive recon & intelligence collection using cyber-squatted domains” by Rolland Winters (May 20, 2022, 5:10 p.m. → May 20, 2022, 5:15 p.m.)
“Announcements & Raffle” (May 19, 2022, 3:50 p.m. → May 20, 2022, 3:40 p.m.)
“The road to BeyondCorp is paved with good intentions” by Maya Kaczorowski, Eric Chiang (May 19, 2022, 5:20 p.m. → May 19, 2022, 5:15 p.m.)
“Detection & Response Block” by Émilio Gonzalez, Maya Kaczorowski, Yuriy Arbitman, Guillaume Ross, Eric Chiang, Caspian Kilkelly (May 19, 2022, 6 p.m. → May 19, 2022, 5:55 p.m.)
“Red Team Block” by Olivier Bilodeau, Lisandro Ubiedo, Rolland Winters, Martin Dubé (May 20, 2022, 5:50 p.m. → May 20, 2022, 5:55 p.m.)
“Obfuscation classification via Machine Learning” by Yuriy Arbitman (May 19, 2022, 4:40 p.m. → May 19, 2022, 4:35 p.m.)
“The Risks of RDP and How to Mitigate Them” by Olivier Bilodeau, Lisandro Ubiedo (May 20, 2022, 3:50 p.m. → May 20, 2022, 3:55 p.m.)

Version 1.3 May 15, 2022

We pushed a few things by 5 minutes to allow for longer breaks.

We had to move some sessions, so if you were planning on seeing them, check their new dates or locations:

“Passive recon & intelligence collection using cyber-squatted domains” by Rolland Winters (May 20, 2022, 5:05 p.m. → May 20, 2022, 5:10 p.m.)
“Privacy Block” by Philippe Lamontagne, Lex Gill, Michael Geist, Andreanne Bergeron (May 19, 2022, 11:15 a.m. → May 19, 2022, 11:20 a.m.)
“What Lies Behind Canada’s Internet Regulation Reversal?” by Michael Geist (May 19, 2022, 9:15 a.m. → May 19, 2022, 9:20 a.m.)
“Red Team Block” by Olivier Bilodeau, Lisandro Ubiedo, Rolland Winters, Martin Dubé (May 20, 2022, 5:45 p.m. → May 20, 2022, 5:50 p.m.)
“Formalizing the right to be forgotten: law meets crypto” by Philippe Lamontagne (May 19, 2022, 10:35 a.m. → May 19, 2022, 10:40 a.m.)
“The Risks of RDP and How to Mitigate Them” by Olivier Bilodeau, Lisandro Ubiedo (May 20, 2022, 3:45 p.m. → May 20, 2022, 3:50 p.m.)
“Capture-The-Flag 101” by Olivier Bilodeau (May 19, 2022, 9:50 a.m. → May 19, 2022, 10 a.m.)
“Red Team Tradecraft - Vulnerability Research for Operators” by Etizaz Mohsin (May 20, 2022, 4:25 p.m. → May 20, 2022, 4:30 p.m.)
“Tell me where you live and I will tell your P@ssw0rd: Understanding the macrosocial factors influencing password’s strength” by Andreanne Bergeron (May 19, 2022, 9:55 a.m. → May 19, 2022, 10 a.m.)

Version 1.2 May 15, 2022

We released a new schedule version!

We have new sessions!

Version 1.1 May 8, 2022

We released a new schedule version!

We have new sessions!

We had to move some sessions, so if you were planning on seeing them, check their new dates or locations:

“From the cluster to the cloud and back to the cluster: Lateral movements in Kubernetes” by Yossi Weizman (May 20, 2022, 10:20 a.m. → May 20, 2022, 10:30 a.m.)
“Privacy-friendly QR codes for identity” by Christian Paquin (May 20, 2022, 2:10 p.m. → May 20, 2022, 2:20 p.m.)
“Public, verifiable, and unbiasable randomness: wassat?” by Yolan Romailler (May 20, 2022, 1:30 p.m. → May 20, 2022, 1:40 p.m.)
“Red Team Tradecraft - Vulnerability Research for Operators” by Etizaz Mohsin (May 20, 2022, 4:15 p.m. → May 20, 2022, 4:25 p.m.)
“Passive recon & intelligence collection using cyber-squatted domains” by Rolland Winters (May 20, 2022, 4:55 p.m. → May 20, 2022, 5:05 p.m.)
“AppSec Block” by Vickie Li, Joëlle-Alexandra Desmarais, Abhay Bhargav, Yossi Weizman, Nate Warfield (May 20, 2022, 11:40 a.m. → May 20, 2022, 11:50 a.m.)
“I thought writing a technical book was supposed to be fun?!!” by Vickie Li (May 20, 2022, 9 a.m. → May 20, 2022, 9:10 a.m.)
“I am become loadbalancer, owner of your network” by Nate Warfield (May 20, 2022, 11 a.m. → May 20, 2022, 11:10 a.m.)
“Hook, Line and Sinker - Pillaging API Webhooks” by Abhay Bhargav (May 20, 2022, 9:40 a.m. → May 20, 2022, 9:50 a.m.)
“Red Team Block” by Olivier Bilodeau, Lisandro Ubiedo, Rolland Winters, Martin Dubé (May 20, 2022, 5:35 p.m. → May 20, 2022, 5:45 p.m.)
“Cryptography Block” by Pierre-David Oriol, Yolan Romailler, Christian Paquin (May 20, 2022, 2:50 p.m. → May 20, 2022, 3 p.m.)
“The Risks of RDP and How to Mitigate Them” by Olivier Bilodeau, Lisandro Ubiedo (May 20, 2022, 3:35 p.m. → May 20, 2022, 3:45 p.m.)

Version 1.0 May 8, 2022

We released a new schedule version!

We had to move some sessions, so if you were planning on seeing them, check their new dates or locations:

“Electronic music workshop 2” (May 20, 2022, 4 p.m. → May 20, 2022, 3:30 p.m.)
“Reverse and bypass of modern Android runtime protections [FR]” by Georges-Bastien Michel (May 19, 2022, 10 a.m. → May 20, 2022, 9 a.m.)
“Capture-The-Flag 101” by Olivier Bilodeau (May 20, 2022, 9 a.m. → May 19, 2022, 9:50 a.m.)

This release includes a first tentative public schedule for the Community Room, which is included as a public preview but should be considered highly subject to change. / Cette version de l'horaire comprend un premier aperçu de certaines activités dans la Salle Communauté - tous les horaires sont sujets à changement

We have new sessions!

Version 0.18 May 5, 2022

We released a new schedule version!

We have a new session: “Blackhoodie at NorthSec 2022 - Getting cosy with Malware Static Analysis” by Suweera De Souza .

We sadly had to cancel a session: “Blackhoodie at NorthSec 2022 - Getting cosy with Malware Static Analysis - Day 2” by Suweera De Souza.

Version 0.17 May 5, 2022

We released a new schedule version!

We sadly had to cancel a session: “Blackhoodie at NorthSec 2022 - Getting cosy with Malware Static Analysis” by Suweera De Souza.

Version 0.16 May 3, 2022

Hi all, we've released a new version of the schedule that hopefully accommodates some of your travel schedules and other restrictions. Please take a look and let us know if it doesn't work. We'd like to have this locked down and published very soon.

Thank you!

We have new sessions!

We had to move some sessions, so if you were planning on seeing them, check their new dates or locations:

“Privacy-friendly QR codes for identity” by Christian Paquin (May 20, 2022, 1:40 p.m. → May 20, 2022, 2:10 p.m.)
“I thought writing a technical book was supposed to be fun?!!” by Vickie Li (May 20, 2022, 3:20 p.m. → May 20, 2022, 9 a.m.)
“The Risks of RDP and How to Mitigate Them” by Olivier Bilodeau, Lisandro Ubiedo (May 19, 2022, 4 p.m. → May 20, 2022, 3:35 p.m.)
“Passive recon & intelligence collection using cyber-squatted domains” by Rolland Winters (May 19, 2022, 5:20 p.m. → May 20, 2022, 4:55 p.m.)
“I am become loadbalancer, owner of your network” by Nate Warfield (May 20, 2022, 5:20 p.m. → May 20, 2022, 11 a.m.)
“The road to BeyondCorp is paved with good intentions” by Maya Kaczorowski, Eric Chiang (May 20, 2022, 10:30 a.m. → May 19, 2022, 5:20 p.m.)
“From the cluster to the cloud and back to the cluster: Lateral movements in Kubernetes” by Yossi Weizman (May 20, 2022, 4:40 p.m. → May 20, 2022, 10:20 a.m.)
“Red Team Tradecraft - Vulnerability Research for Operators” by Etizaz Mohsin (May 19, 2022, 4:40 p.m. → May 20, 2022, 4:15 p.m.)
“10 Things I wish I knew before my first incident” by Caspian Kilkelly (May 20, 2022, 9:10 a.m. → May 19, 2022, 4 p.m.)
“Hook, Line and Sinker - Pillaging API Webhooks” by Abhay Bhargav (May 20, 2022, 4 p.m. → May 20, 2022, 9:40 a.m.)
“Public, verifiable, and unbiasable randomness: wassat?” by Yolan Romailler (May 20, 2022, 1 p.m. → May 20, 2022, 1:30 p.m.)
“Obfuscation classification via Machine Learning” by Yuriy Arbitman (May 20, 2022, 9:50 a.m. → May 19, 2022, 4:40 p.m.)

Version 0.15 May 3, 2022

revert Q&As

Sadly, we had to cancel sessions:

“Malware Block” by Marc-Etienne M.Léveillé, Alexis Dorais-Joncas, Léanne Dutil, Asheer Malhotra, Suweera De Souza
“Detection & Response Block” by Émilio Gonzalez, Maya Kaczorowski, Yuriy Arbitman, Guillaume Ross, Eric Chiang, Caspian Kilkelly
“Privacy Block” by Philippe Lamontagne, Lex Gill, Michael Geist, Andreanne Bergeron
“Red Team Block” by Olivier Bilodeau, Lisandro Ubiedo, Rolland Winters, Martin Dubé

Version 0.14 May 3, 2022

Adding BH and Vickie Li

We have new sessions!

Version 0.13 April 25, 2022

We released a new schedule version!

Sadly, we had to cancel sessions:

“Blackhoodie at NorthSec 2022 - Getting cosy with Malware Static Analysis - Day 2” by Suweera De Souza
“Blackhoodie at NorthSec 2022 - Getting cosy with Malware Static Analysis” by Suweera De Souza

Version 0.12 April 24, 2022

We released a new schedule version!

We have new sessions!

We had to move some sessions, so if you were planning on seeing them, check their new dates or locations:

“Formalizing the right to be forgotten: law meets crypto” by Philippe Lamontagne (May 19, 2022, 10:50 a.m. → May 19, 2022, 10:35 a.m.)
“Passive recon & intelligence collection using cyber-squatted domains” by Rolland Winters (May 19, 2022, 5:30 p.m. → May 19, 2022, 5:20 p.m.)
“Privacy-friendly QR codes for identity” by Christian Paquin (May 20, 2022, 3 p.m. → May 20, 2022, 1:40 p.m.)
“Red Team Tradecraft - Vulnerability Research for Operators” by Etizaz Mohsin (May 19, 2022, 4:50 p.m. → May 19, 2022, 4:40 p.m.)
“MuddyWater: From Canaries to Turkeys” by Vitor Ventura, Asheer Malhotra (May 19, 2022, 2:15 p.m. → May 19, 2022, 1:50 p.m.)
“Public, verifiable, and unbiasable randomness: wassat?” by Yolan Romailler (May 20, 2022, 2:20 p.m. → May 20, 2022, 1 p.m.)
“A snapshot of Doplik: Unwanted Software using serialized JavaScript bytecode as an anti-analysis technique” by Léanne Dutil (May 19, 2022, 2:55 p.m. → May 19, 2022, 2:30 p.m.)
“Obfuscation classification via Machine Learning” by Yuriy Arbitman (May 20, 2022, 9:55 a.m. → May 20, 2022, 9:50 a.m.)
“Jumping the air gap: 15 years of nation-state efforts” by Alexis Dorais-Joncas, Facundo Munoz (May 19, 2022, 1:25 p.m. → May 19, 2022, 1:10 p.m.)
“I am become loadbalancer, owner of your network” by Nate Warfield (May 20, 2022, 6:30 p.m. → May 20, 2022, 5:20 p.m.)
“The Risks of RDP and How to Mitigate Them” by Olivier Bilodeau, Lisandro Ubiedo (May 19, 2022, 4:05 p.m. → May 19, 2022, 4 p.m.)
“From the cluster to the cloud and back to the cluster: Lateral movements in Kubernetes” by Yossi Weizman (May 20, 2022, 5:45 p.m. → May 20, 2022, 4:40 p.m.)
“Hook, Line and Sinker - Pillaging API Webhooks” by Abhay Bhargav (May 20, 2022, 5:05 p.m. → May 20, 2022, 4 p.m.)
“The road to BeyondCorp is paved with good intentions” by Maya Kaczorowski, Eric Chiang (May 20, 2022, 10:35 a.m. → May 20, 2022, 10:30 a.m.)
“Advanced Process Injection Techniques” by Yash Bharadwaj (May 20, 2022, 12:35 p.m. → May 20, 2022, 2 p.m.)

Version 0.11 April 20, 2022

We released a new schedule version!

We have a new session: “Blackhoodie at NorthSec 2022 - Getting cosy with Malware Static Analysis” by Suweera De Souza .

We had to move some sessions, so if you were planning on seeing them, check their new dates or locations:

“Hook, Line and Sinker - Pillaging API Webhooks” by Abhay Bhargav (May 20, 2022, 12:05 p.m. → May 20, 2022, 5:05 p.m.)
“MuddyWater: From Canaries to Turkeys” by Vitor Ventura, Asheer Malhotra (May 19, 2022, 9:45 a.m. → May 19, 2022, 2:15 p.m.)
“Red Team Tradecraft - Vulnerability Research for Operators” by Etizaz Mohsin (May 19, 2022, 12:45 p.m. → May 19, 2022, 4:50 p.m.)
“Fleet and osquery - open source device visibility” by Guillaume Ross (May 19, 2022, 2:55 p.m. → May 19, 2022, 1 p.m.)
“Public, verifiable, and unbiasable randomness: wassat?” by Yolan Romailler (May 20, 2022, 9 a.m. → May 20, 2022, 2:20 p.m.)
“Formalizing the right to be forgotten: law meets crypto” by Philippe Lamontagne (May 19, 2022, 6:45 a.m. → May 19, 2022, 10:50 a.m.)
“Web Application Firewall Workshop” by Philippe Arteau (May 19, 2022, noon → May 19, 2022, 10 a.m.)
“What Lies Behind Canada’s Internet Regulation Reversal?” by Michael Geist (May 19, 2022, 5:10 a.m. → May 19, 2022, 9:15 a.m.)
“Passive recon & intelligence collection using cyber-squatted domains” by Rolland Winters (May 19, 2022, 1:30 p.m. → May 19, 2022, 5:30 p.m.)
“10 Things I wish I knew before my first incident” by Caspian Kilkelly (May 20, 2022, 5:05 a.m. → May 20, 2022, 9:10 a.m.)
“Obfuscation classification via Machine Learning” by Yuriy Arbitman (May 20, 2022, 6:35 a.m. → May 20, 2022, 9:55 a.m.)
“From the cluster to the cloud and back to the cluster: Lateral movements in Kubernetes” by Yossi Weizman (May 20, 2022, 12:50 p.m. → May 20, 2022, 5:45 p.m.)
“Privacy-friendly QR codes for identity” by Christian Paquin (May 20, 2022, 9:45 a.m. → May 20, 2022, 3 p.m.)
“The Risks of RDP and How to Mitigate Them” by Olivier Bilodeau, Lisandro Ubiedo (May 19, 2022, 12:05 p.m. → May 19, 2022, 4:05 p.m.)
“The road to BeyondCorp is paved with good intentions” by Maya Kaczorowski, Eric Chiang (May 20, 2022, 5:50 a.m. → May 20, 2022, 10:35 a.m.)
“Jumping the air gap: 15 years of nation-state efforts” by Alexis Dorais-Joncas, Facundo Munoz (May 19, 2022, 9 a.m. → May 19, 2022, 1:25 p.m.)
“Reverse and bypass of modern Android runtime protections [FR]” by Georges-Bastien Michel (May 19, 2022, 8 a.m. → May 19, 2022, 10 a.m.)
“I am become loadbalancer, owner of your network” by Nate Warfield (May 20, 2022, 1:35 p.m. → May 20, 2022, 6:30 p.m.)
“A snapshot of Doplik: Unwanted Software using serialized JavaScript bytecode as an anti-analysis technique” by Léanne Dutil (May 19, 2022, 10:35 a.m. → May 19, 2022, 2:55 p.m.)

Version 0.10 April 20, 2022

We released a new schedule version!

We had to move some sessions, so if you were planning on seeing them, check their new dates or locations:

“Fleet and osquery - open source device visibility” by Guillaume Ross (May 19, 2022, 9 a.m. → May 19, 2022, 2:55 p.m.)
“Advanced Process Injection Techniques” by Yash Bharadwaj (May 20, 2022, 9 a.m., Community Room (de la commune) → May 20, 2022, 12:35 p.m., Virtual)
“Web Application Firewall Workshop” by Philippe Arteau (May 19, 2022, 6 a.m. → May 19, 2022, noon)
“Capture-The-Flag 101” by Olivier Bilodeau (May 20, 2022, 5 a.m. → May 20, 2022, 9 a.m.)
“Reverse and bypass of modern Android runtime protections [FR]” by Georges-Bastien Michel (May 19, 2022, 6 a.m. → May 19, 2022, 8 a.m.)

Version 0.9 April 20, 2022

We released a new schedule version!

We had to move some sessions, so if you were planning on seeing them, check their new dates or locations:

“Reverse and bypass of modern Android runtime protections [FR]” by Georges-Bastien Michel (May 19, 2022, 11:55 a.m., Salle de bal → May 19, 2022, 6 a.m., Community Room (de la commune))
“Advanced Process Injection Techniques” by Yash Bharadwaj (May 20, 2022, 4 a.m., Salle de bal → May 20, 2022, 9 a.m., Community Room (de la commune))

Version 0.8 April 20, 2022

We released a new schedule version!

We have new sessions!

We had to move some sessions, so if you were planning on seeing them, check their new dates or locations:

“Jumping the air gap: 15 years of nation-state efforts” by Alexis Dorais-Joncas, Facundo Munoz (May 20, 2022, 5:05 a.m. → May 19, 2022, 9 a.m.)
“Capture-The-Flag 101” by Olivier Bilodeau (May 19, 2022, 9:05 a.m., Salle de bal → May 20, 2022, 5 a.m., Community Room (de la commune))
“Formalizing the right to be forgotten: law meets crypto” by Philippe Lamontagne (May 20, 2022, 4:25 a.m. → May 19, 2022, 6:45 a.m.)
“10 Things I wish I knew before my first incident” by Caspian Kilkelly (May 19, 2022, 8:45 a.m. → May 20, 2022, 5:05 a.m.)
“MuddyWater: From Canaries to Turkeys” by Vitor Ventura, Asheer Malhotra (May 19, 2022, 7 a.m. → May 19, 2022, 9:45 a.m.)
“The Risks of RDP and How to Mitigate Them” by Olivier Bilodeau, Lisandro Ubiedo (May 19, 2022, 10:40 a.m. → May 19, 2022, 12:05 p.m.)
“Public, verifiable, and unbiasable randomness: wassat?” by Yolan Romailler (May 20, 2022, 7:30 a.m. → May 20, 2022, 9 a.m.)
“A snapshot of Doplik: Unwanted Software using serialized JavaScript bytecode as an anti-analysis technique” by Léanne Dutil (May 19, 2022, 5:50 a.m. → May 19, 2022, 10:35 a.m.)

Version 0.7 April 7, 2022

We released a new schedule version!

We have a new session: “What Lies Behind Canada’s Internet Regulation Reversal?” by Michael Geist .

We have moved a session around: “Public, verifiable, and unbiasable randomness: wassat?” by Yolan Romailler (May 20, 2022, 7:25 a.m. → May 20, 2022, 7:30 a.m.)

We have moved a session around: “Capture-The-Flag 101” by Olivier Bilodeau (May 19, 2022, 7:30 a.m., Ville-Marie → May 19, 2022, 4 a.m., Community Room (de la commune)).

Version 0.2 March 28, 2022

We released a new schedule version!

We have a new session: “Capture-The-Flag 101” by Olivier Bilodeau .

Version 0.1 March 28, 2022

We released our first schedule!

NorthSec 2022

Version 1.8 May 20, 2022

Version 1.7 May 20, 2022

Version 1.6 May 18, 2022

Version 1.5 May 18, 2022

Version 1.4 May 15, 2022

Version 1.3 May 15, 2022

Version 1.2 May 15, 2022

Version 1.1 May 8, 2022

Version 1.0 May 8, 2022

Version 0.19 May 8, 2022

Version 0.18 May 5, 2022

Version 0.17 May 5, 2022

Version 0.16 May 3, 2022

Version 0.15 May 3, 2022

Version 0.14 May 3, 2022

Version 0.13 April 25, 2022

Version 0.12 April 24, 2022

Version 0.11 April 20, 2022

Version 0.10 April 20, 2022

Version 0.9 April 20, 2022

Version 0.8 April 20, 2022

Version 0.7 April 7, 2022

Version 0.6 April 6, 2022

Version 0.5 March 29, 2022

Version 0.4 March 29, 2022

Version 0.3 March 29, 2022

Version 0.2 March 28, 2022

Version 0.1 March 28, 2022