![\"Party](\"/img/contest/2024-party.jpg\")
![\"KeepSec\"](\"https://nsec.io/img/partners/keepsec.svg\")
", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/9VXFRJ/", "id": 643, "guid": "368aab7f-9ecb-596d-8006-e0f2f034f44a", "date": "2024-05-16T09:00:00-04:00", "start": "09:00", "logo": null, "duration": "00:15", "room": "Ville-Marie", "slug": "2024-643-conference-introduction", "title": "Conference Introduction", "subtitle": "", "track": null, "type": "Opening Remarks", "language": "en", "abstract": "Opening speech by our President, the Conference VP and our sponsor CyberEco // Discours d'ouverture par le pr\u00e9sident, le Vice-pr\u00e9sident aux conf\u00e9rences et notre partenaire CyberEco", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/UKQ99W/", "id": 641, "guid": "274680bb-afe7-5f5d-9faa-a21c1073c040", "date": "2024-05-16T09:15:00-04:00", "start": "09:15", "logo": null, "duration": "00:30", "room": "Ville-Marie", "slug": "2024-641-technical-analysis-past-present-and-future-insights-from-a-reverse-engineering-perspective", "title": "Technical Analysis Past, Present, and Future - Insights from a Reverse Engineering Perspective", "subtitle": "", "track": "Malware", "type": "Keynote", "language": "en", "abstract": "A few helpful notes from over a decade of reverse engineering malware and documenting the process along the way! By the end of this, you will be able to unpack most malware with a single breakpoint... maybe?", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "054fb198-59d1-5fb5-b9db-b2e381d173ec", "id": 503, "code": "DTUPMG", "public_name": "Sergei Frankoff", "avatar": "https://cfp.nsec.io/media/avatars/sergei_2024_no_bg_jpXEm7y.png", "biography": "Sergei is a co-founder of OpenAnalysis Inc, and part of the team behind UnpacMe. When he is not reverse engineering malware Sergei is focused on building automation tools for malware analysis, and producing tutorials for the OALABS YouTube channel. With over a decade in the security industry Sergei has extensive experience working at the intersection of incident response and threat intelligence.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/PHSJND/", "id": 632, "guid": "ba2096e8-53c3-5eb3-93c2-9d12f9c2c449", "date": "2024-05-16T10:00:00-04:00", "start": "10:00", "logo": null, "duration": "00:30", "room": "Ville-Marie", "slug": "2024-632-api-alternate-pathway-to-injection", "title": "API: Alternate Pathway to Injection", "subtitle": "", "track": "Application security", "type": "Talk \u2013 Round 2 [EN]", "language": "en", "abstract": "API Documentation often gives the simplest most bare-bones examples to get something running. This runs into the old adage: *Nothing is more permanent than a temporary solution*. Come join me and walk through a particularly fun example of cloud API documentation showing you the wrong way.\r\n\r\nIncluded will be a deep dive and demo of a vulnerability caused directly by this kind of mistake which maybe shows that Phreaking is alive and well in 2024.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "b0fca475-8f57-52c3-bbc4-49b5046a69ac", "id": 492, "code": "WFTVVS", "public_name": "Fennix", "avatar": "https://cfp.nsec.io/media/avatars/fennix_H7dkhSZ.jpg", "biography": "Pronouns: he/him\r\n\r\nI'm a lifelong hacker and avid selfhoster/homelabber who works a day job pentesting.\r\nOn the side, I build CTF challenges and occasionally even go outside to see the world.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/XY8XKG/", "id": 594, "guid": "fe69775e-49a8-5ff5-a023-fe2f831b9603", "date": "2024-05-16T10:45:00-04:00", "start": "10:45", "logo": null, "duration": "00:30", "room": "Ville-Marie", "slug": "2024-594-under-the-radar-how-we-found-0-days-in-the-build-pipeline-of-oss-packages", "title": "Under the Radar: How we found 0-days in the Build Pipeline of OSS Packages", "subtitle": "", "track": "Application security", "type": "Talk \u2013 Round 1 [EN]", "language": "en", "abstract": "Beyond the buzzword of 'supply chain security,' lies a critical, frequently ignored area: the Build Pipelines of Open Source packages. In this talk, we discuss how we\u2019ve developed a data analysis infrastructure that targets these overlooked vulnerabilities. Our efforts have led to the discovery of 0-days in major OSS projects, such as Terraform providers and modules, AWS Helm Charts, and popular GitHub Actions. We will present a detailed attack tree for GitHub Actions pipelines, offering a deeper analysis than the prior art, and outlining attacks and mitigations. In addition, we will introduce a unique reference for 'Living Off the Pipeline' (LOTP) components, aimed at providing Red and Blue teams with a way to prioritize more risky scenarios.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "7b526d11-0cc1-5aa6-83fc-5d0107b67517", "id": 334, "code": "G8LEMY", "public_name": "Fran\u00e7ois Proulx", "avatar": "https://cfp.nsec.io/media/avatars/1697309897266_42Wekm7.jpeg", "biography": "Fran\u00e7ois is a Senior Product Security Engineer for BoostSecurity, where he leads the Supply Chain research team. With over 10 years of experience in building AppSec programs for large corporations (such as Intel) and small startups he has been in the heat of the action as the DevSecOps movement took shape. Fran\u00e7ois is one of founders of NorthSec and was a challenge designer for the NorthSec CTF.", "answers": []}, {"guid": "28c12ec1-3b03-5fac-a6ea-f3b4a7c57c6a", "id": 480, "code": "KEYFMH", "public_name": "Benoit Cote-Jodoin", "avatar": "https://cfp.nsec.io/media/avatars/be_lMHyjNn.jpg", "biography": "Beno\u00eet C\u00f4te-Jodoin is a Senior Product Security Engineer at BoostSecurity researching software supply chain security. Former active CTF player, he now designs challenges for the NorthSec CTF competition.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/PKPLXC/", "id": 644, "guid": "ecf7e908-beb9-5593-a2f1-e025e4caf296", "date": "2024-05-16T11:30:00-04:00", "start": "11:30", "logo": null, "duration": "00:30", "room": "Ville-Marie", "slug": "2024-644-appsec-q-a", "title": "AppSec Q&A", "subtitle": "", "track": "Application security", "type": "Panel discussion and Q&A", "language": "en", "abstract": "Q&A Discussion for the AppSec block", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "b0fca475-8f57-52c3-bbc4-49b5046a69ac", "id": 492, "code": "WFTVVS", "public_name": "Fennix", "avatar": "https://cfp.nsec.io/media/avatars/fennix_H7dkhSZ.jpg", "biography": "Pronouns: he/him\r\n\r\nI'm a lifelong hacker and avid selfhoster/homelabber who works a day job pentesting.\r\nOn the side, I build CTF challenges and occasionally even go outside to see the world.", "answers": []}, {"guid": "28c12ec1-3b03-5fac-a6ea-f3b4a7c57c6a", "id": 480, "code": "KEYFMH", "public_name": "Benoit Cote-Jodoin", "avatar": "https://cfp.nsec.io/media/avatars/be_lMHyjNn.jpg", "biography": "Beno\u00eet C\u00f4te-Jodoin is a Senior Product Security Engineer at BoostSecurity researching software supply chain security. Former active CTF player, he now designs challenges for the NorthSec CTF competition.", "answers": []}, {"guid": "7b526d11-0cc1-5aa6-83fc-5d0107b67517", "id": 334, "code": "G8LEMY", "public_name": "Fran\u00e7ois Proulx", "avatar": "https://cfp.nsec.io/media/avatars/1697309897266_42Wekm7.jpeg", "biography": "Fran\u00e7ois is a Senior Product Security Engineer for BoostSecurity, where he leads the Supply Chain research team. With over 10 years of experience in building AppSec programs for large corporations (such as Intel) and small startups he has been in the heat of the action as the DevSecOps movement took shape. Fran\u00e7ois is one of founders of NorthSec and was a challenge designer for the NorthSec CTF.", "answers": []}, {"guid": "938e59ee-a3cb-5a63-9bd9-73ea45439597", "id": 22, "code": "LK8MRV", "public_name": "Philippe Arteau", "avatar": "https://cfp.nsec.io/media/avatars/philippe-arteau_RiQIzmW.jpg", "biography": "Philippe is a security engineer for ServiceNow. He has an interest in software development, penetration testing and security code review. He maintains Find Security Bugs, the static analysis tool. He has presented at various conferences including Black Hat Arsenal, SecTor, AppSec USA, ATLSecCon, 44CON and JavaOne.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/NWRSZS/", "id": 612, "guid": "3c35812d-a1a5-559b-b15b-76ba52fe6d79", "date": "2024-05-16T13:00:00-04:00", "start": "13:00", "logo": null, "duration": "00:30", "room": "Ville-Marie", "slug": "2024-612-ebury-10-years-in-the-evolution-of-a-sophisticated-linux-server-threat", "title": "Ebury, 10 years in: The evolution of a sophisticated Linux server threat", "subtitle": "", "track": "Malware", "type": "Talk \u2013 Round 1 [EN]", "language": "en", "abstract": "In 2014, we published a paper about Operation Windigo, where we described a cluster of server-side threats fuelled by Ebury, a backdoor and credential stealer injected into the OpenSSH server and client of compromised servers. That report shed light on web traffic redirections, delivery of Windows malware, and spam campaigns, all using Ebury-compromised servers.\r\n\r\nAfter the arrest and extradition of one of the perpetrators in 2015, some of the monetization activities temporarily stopped, but not all of the botnet\u2019s activities. Ebury continued to be updated and deployed to tens of thousands of servers each year, to reach a cumulative total of nearly 400,000 victims since 2009, the first year Ebury was seen. Moreover, we have discovered its operators have added more tools to their arsenal, such as Apache modules to exfiltrate HTTP requests or proxy traffic, Linux kernel modules to perform traffic redirections, and modified Netfilter tools to inject and hide firewall rules.\r\n\r\nFor this investigation we set up honeypots to collect Ebury samples and understand deployment tactics, and partnered with law enforcement. This gave us unique visibility into the perpetrators\u2019 activities, which expanded to include cryptocurrency theft and possibly exfiltration of credit card details. We now have a better understanding of how they expand their botnet not only by stealing credentials, but also by actively trying to compromise the hosting provider\u2019s infrastructure to deploy malware on all of the providers\u2019 customer-rented servers. In some cases, this resulted in the compromise of tens of thousands of servers, hosting millions of domains.\r\n\r\nThe latest update to Ebury, versioned 1.8.2, was first seen in January 2024. In the past years, clever userland rootkit functionalities were added to Ebury, which make its detection a lot more difficult than before. From a system administrator\u2019s perspective, not only is the malware file absent, but none of the resources it uses \u2013 such as processes, sockets, and mapped memory \u2013 are listed when inspecting the system.\r\n\r\nThis presentation not only reveals the latest toolset of the Ebury gang, but also discusses detection techniques to protect against some of the trickiest Linux threats. Some techniques are specific to Ebury, but most apply to the detection of any userland rootkit.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "71d4ec3c-0085-5d35-8a71-6ced07fba707", "id": 73, "code": "TQDKBA", "public_name": "Marc-Etienne M.L\u00e9veill\u00e9", "avatar": "https://cfp.nsec.io/media/avatars/7b7146e38f491b2cb25c47d427f9f0e7_XY4A1cp.jpg", "biography": "Marc-Etienne is a malware researcher at ESET since 2012. He specializes in\r\nmalware attacking unusual platforms, whether it\u2019s fruity hardware or software\r\nfrom south pole birds. Marc-Etienne focused his research on the reverse\r\nengineering of server-side malware to discover their inner working and\r\noperation strategy. His research led to the publication of the Operation\r\nWindigo white paper that won Virus Bulletin\u2019s P\u00e9ter Sz\u0151r Award for best\r\nresearch paper in 2014. He\r\npresented at multiple conferences including RSAC, FIRST, 44con, CARO and\r\nLinuxcon Europe. When he\u2019s not one of the organizer, he loves participating in\r\nCTF competitions like a partying gentleman. Outside the cyberspace,\r\nMarc-Etienne plays the clarinet and read comics.\r\n\r\nMarc-Etienne est chercheur en logiciels malveillants chez ESET depuis 2012. Il\r\nse sp\u00e9cialise dans les logiciels qui ciblent les plateformes inhabituelles,\r\ncomme les ordinateurs avec des pommes ou des pingouins. Durant les derni\u00e8res\r\nann\u00e9es, Marc-Etienne s'est concentr\u00e9 sur la r\u00e9tro-ing\u00e9nierie de logiciels\r\nmalveillants s'attaquant aux serveurs, \u00e0 la fois pour comprendre leurs\r\nfonctionnements et comment ils sont utilis\u00e9s. Ses recherches ont men\u00e9 \u00e0 la\r\npublication du rapport Operation Windigo qui s'est m\u00e9rit\u00e9 le prix P\u00e9ter Sz\u0151r\r\nAward \u00e0 Virus Bulletin pour meilleur rapport de recherche en 2014. Il a pr\u00e9sent\u00e9 \u00e0 de multiples conf\u00e9rences incluant RSAC, FIRST, 44con, CARO Workshop et Linuxcon Europe. Quand il n'est pas dans le comit\u00e9\r\norganisateur, il aime participer \u00e0 des comp\u00e9titions de s\u00e9curit\u00e9 (CTF) comme un\r\ngentilhomme en f\u00eate. En dehors du cyberespace,\r\nMarc-Etienne joue de la clarinette et lit des bandes dessine\u00e9s.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/MG3A7C/", "id": 611, "guid": "e21fc477-8948-524f-9278-bb85c94c68ed", "date": "2024-05-16T13:45:00-04:00", "start": "13:45", "logo": null, "duration": "00:30", "room": "Ville-Marie", "slug": "2024-611-will-the-real-attribution-please-stand-up-", "title": "Will the real attribution please stand up?", "subtitle": "", "track": "Malware", "type": "Talk \u2013 Round 1 [EN]", "language": "en", "abstract": "Does attribution of cyber operations actually matter? It depends on who\u2019s asking. Using real world APT examples from threats attributed to Iran, Turkey, North Korea and Russia, we\u2019ll demonstrate what details go into attribution work from the perspective of email security vendor, why attribution can be useful for defenders and how Blue Teams can use it to better inform threat modeling and risk. We'll define attribution, compare the concepts of attribution and Attribution, discuss how softer attribution should be paired with harder, more technical attribution and then close by discussing potential pitfalls we\u2019ve seen with attribution working for the government, private corporations and at a security vendor.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "e52fc7fb-bee0-5e6b-8093-6ebf244f49e0", "id": 474, "code": "UACABC", "public_name": "Alexis Dorais-Joncas", "avatar": "https://cfp.nsec.io/media/avatars/UACABC_4lifkXT.jpg", "biography": "Alexis Dorais-Joncas is the Senior Manager of Proofpoint\u2019s APT research team, where he and his team of threat researchers and intelligence analysts focus on tracking the most elusive state-sponsored threat actors and ensuring Proofpoint customers are protected against these persistent attackers.\r\nPrior to joining Proofpoint, Alexis led ESET\u2019s Montreal-based R&D branch office for over 10 years, where his team focused on malware research, network security and targeted attacks tracking. Alexis is an established speaker on current cyberthreats, having spoken in front of diverse audiences at events such as Northsec, Bluehat, Botconf, First CTI, Sector and Rightscon. He has also been quoted in several security and technical media such as Wired, ITWorldCanada and Ars Technica, with broadcast appearances on Radio-Canada and Skynews.\r\nAlexis holds an M. Sc. in Electrical Engineering from the University of Sherbrooke in Canada.", "answers": []}, {"guid": "2c40d775-19f4-5fea-ae65-7d304b0d7d33", "id": 505, "code": "FRTT8Z", "public_name": "Greg Lesnewich", "avatar": "https://cfp.nsec.io/media/avatars/greg-lesnewich_3Gftrv2.jpg", "biography": "Greg Lesnewich is a Senior Threat Researcher at Proofpoint, focused on identifying, tracking, detecting, and disrupting malicious activity linked to North Korea and Russia. Greg has a background in threat intelligence, incident response, and managed detection, previously working at Recorded Future, Leidos, and NCFTA, with experience in developing methods of tracking espionage and state-sponsored activity. Greg enjoys the topics of weird forensic artifacts, measuring malware similarity, YARA, and infrastructure tracking.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/BP7KTP/", "id": 569, "guid": "c0ecd37b-0992-5b7f-a804-3c906bc60743", "date": "2024-05-16T14:30:00-04:00", "start": "14:30", "logo": null, "duration": "00:30", "room": "Ville-Marie", "slug": "2024-569-reverse-engineering-nim-malware-or-a-brief-tale-of-analyzing-the-compiler-for-a-language-i-had-never-used", "title": "Reverse-Engineering Nim Malware: Or a brief tale of analyzing the compiler for a language I had never used", "subtitle": "", "track": "Malware", "type": "Talk \u2013 Round 1 [EN]", "language": "en", "abstract": "Nim has become the language of choice for a number of libraries and tools used by red-teamers and pentesters. Much like with Mimikatz and Cobalt Strike before, malicious actors have started putting some of the same tooling to their nefarious purposes . One such example is Mustang Panda, a China-aligned APT that started using Nim to create custom loaders for their Korplug backdoor. For attackers, using a less common language also has benefits when it comes to evading defenses and hindering analysts\u2019 work; we have seen the same thing with the growth of malware written in Go and Rust.\r\nIn this presentation, we will go over some of the specific challenges associated with analyzing Nim malware. We will then present tips and tools to help mitigate these difficulties. This will include the presentation of Nimfilt, our analysis script for IDA Pro that we will release shortly before the conference.\r\nFinally, we will demonstrate the use of Nimfilt and other publicly available tools on real malware samples .", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "d8018178-d479-5392-a91c-2c77ea1cce63", "id": 442, "code": "KVHBVQ", "public_name": "Alexandre C\u00f4t\u00e9", "avatar": "https://cfp.nsec.io/media/avatars/9Q4A0557_3_Who6Boz.jpg", "biography": "Alexandre is a malware researcher at ESET since 2021. Working with the Montreal team, his research is focused on tracking APT groups and their toolsets.\r\n\r\nHe has previously presented about APTs and attribution at Botconf, Sleuthcon, Hackfest, and BSidesMTL. He is also involved in mentoring students getting started in infosec. \r\nHis interests include operating systems fundamentals, writing shell scripts to automate tasks that don't always need to be automated, and brewing beer.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/GV33WS/", "id": 645, "guid": "f9ebbd56-e627-5b72-8555-6a2c1d0ccd74", "date": "2024-05-16T15:15:00-04:00", "start": "15:15", "logo": null, "duration": "00:30", "room": "Ville-Marie", "slug": "2024-645-malware-q-a", "title": "Malware Q&A", "subtitle": "", "track": "Malware", "type": "Panel discussion and Q&A", "language": "en", "abstract": "Q&A Discussion for the malware block.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "dd3ed27c-ad9d-5489-8f14-8f266dffecba", "id": 507, "code": "7HNAFA", "public_name": "Pierre-Marc Bureau", "avatar": null, "biography": null, "answers": []}, {"guid": "054fb198-59d1-5fb5-b9db-b2e381d173ec", "id": 503, "code": "DTUPMG", "public_name": "Sergei Frankoff", "avatar": "https://cfp.nsec.io/media/avatars/sergei_2024_no_bg_jpXEm7y.png", "biography": "Sergei is a co-founder of OpenAnalysis Inc, and part of the team behind UnpacMe. When he is not reverse engineering malware Sergei is focused on building automation tools for malware analysis, and producing tutorials for the OALABS YouTube channel. With over a decade in the security industry Sergei has extensive experience working at the intersection of incident response and threat intelligence.", "answers": []}, {"guid": "e52fc7fb-bee0-5e6b-8093-6ebf244f49e0", "id": 474, "code": "UACABC", "public_name": "Alexis Dorais-Joncas", "avatar": "https://cfp.nsec.io/media/avatars/UACABC_4lifkXT.jpg", "biography": "Alexis Dorais-Joncas is the Senior Manager of Proofpoint\u2019s APT research team, where he and his team of threat researchers and intelligence analysts focus on tracking the most elusive state-sponsored threat actors and ensuring Proofpoint customers are protected against these persistent attackers.\r\nPrior to joining Proofpoint, Alexis led ESET\u2019s Montreal-based R&D branch office for over 10 years, where his team focused on malware research, network security and targeted attacks tracking. Alexis is an established speaker on current cyberthreats, having spoken in front of diverse audiences at events such as Northsec, Bluehat, Botconf, First CTI, Sector and Rightscon. He has also been quoted in several security and technical media such as Wired, ITWorldCanada and Ars Technica, with broadcast appearances on Radio-Canada and Skynews.\r\nAlexis holds an M. Sc. in Electrical Engineering from the University of Sherbrooke in Canada.", "answers": []}, {"guid": "71d4ec3c-0085-5d35-8a71-6ced07fba707", "id": 73, "code": "TQDKBA", "public_name": "Marc-Etienne M.L\u00e9veill\u00e9", "avatar": "https://cfp.nsec.io/media/avatars/7b7146e38f491b2cb25c47d427f9f0e7_XY4A1cp.jpg", "biography": "Marc-Etienne is a malware researcher at ESET since 2012. He specializes in\r\nmalware attacking unusual platforms, whether it\u2019s fruity hardware or software\r\nfrom south pole birds. Marc-Etienne focused his research on the reverse\r\nengineering of server-side malware to discover their inner working and\r\noperation strategy. His research led to the publication of the Operation\r\nWindigo white paper that won Virus Bulletin\u2019s P\u00e9ter Sz\u0151r Award for best\r\nresearch paper in 2014. He\r\npresented at multiple conferences including RSAC, FIRST, 44con, CARO and\r\nLinuxcon Europe. When he\u2019s not one of the organizer, he loves participating in\r\nCTF competitions like a partying gentleman. Outside the cyberspace,\r\nMarc-Etienne plays the clarinet and read comics.\r\n\r\nMarc-Etienne est chercheur en logiciels malveillants chez ESET depuis 2012. Il\r\nse sp\u00e9cialise dans les logiciels qui ciblent les plateformes inhabituelles,\r\ncomme les ordinateurs avec des pommes ou des pingouins. Durant les derni\u00e8res\r\nann\u00e9es, Marc-Etienne s'est concentr\u00e9 sur la r\u00e9tro-ing\u00e9nierie de logiciels\r\nmalveillants s'attaquant aux serveurs, \u00e0 la fois pour comprendre leurs\r\nfonctionnements et comment ils sont utilis\u00e9s. Ses recherches ont men\u00e9 \u00e0 la\r\npublication du rapport Operation Windigo qui s'est m\u00e9rit\u00e9 le prix P\u00e9ter Sz\u0151r\r\nAward \u00e0 Virus Bulletin pour meilleur rapport de recherche en 2014. Il a pr\u00e9sent\u00e9 \u00e0 de multiples conf\u00e9rences incluant RSAC, FIRST, 44con, CARO Workshop et Linuxcon Europe. Quand il n'est pas dans le comit\u00e9\r\norganisateur, il aime participer \u00e0 des comp\u00e9titions de s\u00e9curit\u00e9 (CTF) comme un\r\ngentilhomme en f\u00eate. En dehors du cyberespace,\r\nMarc-Etienne joue de la clarinette et lit des bandes dessine\u00e9s.", "answers": []}, {"guid": "d8018178-d479-5392-a91c-2c77ea1cce63", "id": 442, "code": "KVHBVQ", "public_name": "Alexandre C\u00f4t\u00e9", "avatar": "https://cfp.nsec.io/media/avatars/9Q4A0557_3_Who6Boz.jpg", "biography": "Alexandre is a malware researcher at ESET since 2021. Working with the Montreal team, his research is focused on tracking APT groups and their toolsets.\r\n\r\nHe has previously presented about APTs and attribution at Botconf, Sleuthcon, Hackfest, and BSidesMTL. He is also involved in mentoring students getting started in infosec. \r\nHis interests include operating systems fundamentals, writing shell scripts to automate tasks that don't always need to be automated, and brewing beer.", "answers": []}, {"guid": "2c40d775-19f4-5fea-ae65-7d304b0d7d33", "id": 505, "code": "FRTT8Z", "public_name": "Greg Lesnewich", "avatar": "https://cfp.nsec.io/media/avatars/greg-lesnewich_3Gftrv2.jpg", "biography": "Greg Lesnewich is a Senior Threat Researcher at Proofpoint, focused on identifying, tracking, detecting, and disrupting malicious activity linked to North Korea and Russia. Greg has a background in threat intelligence, incident response, and managed detection, previously working at Recorded Future, Leidos, and NCFTA, with experience in developing methods of tracking espionage and state-sponsored activity. Greg enjoys the topics of weird forensic artifacts, measuring malware similarity, YARA, and infrastructure tracking.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/PUSK7Y/", "id": 598, "guid": "87dd7cdb-b920-5ed9-a6a1-fa2b8c53c364", "date": "2024-05-16T16:00:00-04:00", "start": "16:00", "logo": null, "duration": "00:30", "room": "Ville-Marie", "slug": "2024-598-unveiling-the-ot-threat-landscape", "title": "Unveiling the OT Threat Landscape", "subtitle": "", "track": "Other", "type": "Talk \u2013 Round 2 [EN]", "language": "en", "abstract": "Let us embark you on a journey through the OT Threat Landscape. We will start our voyage by looking at what the global threat landscape looks like today, with a focus on Canadian (and Quebecois) events of note. We will then explore how these landscapes have evolved and the earthquakes that shaped them in recent months and years. We will wrap-up by covering some intelligence-informed takeaways and recommendations on how to weather the incoming rogue waves of the OT ocean.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "948f852b-bdb9-5371-8f7a-44eaf1922782", "id": 461, "code": "RRGARF", "public_name": "Camille Felx Leduc", "avatar": "https://cfp.nsec.io/media/avatars/camille-felx-leduc_J68csyB.jpg", "biography": "Ms. Felx Leduc is an ICS Senior Security Consultant in Mandiant\u2019s Canadian practice. As part of the ICS Services team, Camille supports clients with better securing their ICS networks, analyzes client networks for threats, and supports clients with strategic assessment, roadmap development, and initiative implementation, including Security Program Assessments, and threat modeling.", "answers": []}, {"guid": "b243f081-f86f-5fdb-981e-538a74f99df7", "id": 509, "code": "JDHKRW", "public_name": "Thomas Poinsignon Clavel", "avatar": null, "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/YVBKMG/", "id": 558, "guid": "0d2a98e8-c71b-57b7-ba49-afe5374c9a10", "date": "2024-05-16T16:45:00-04:00", "start": "16:45", "logo": null, "duration": "00:30", "room": "Ville-Marie", "slug": "2024-558-unregister-me-advanced-techniques-for-hunting-and-securing-user-registration-vulnerabilities-", "title": "UnRegister Me - Advanced Techniques for hunting and securing user registration vulnerabilities.", "subtitle": "", "track": "Other", "type": "Talk \u2013 Round 1 [EN]", "language": "en", "abstract": "In a mobile-first world, user registration using only a phone number has become pretty common, this phone number has become the primary method of authentication due to its convenience and speed. These systems may or may not verify other details about the user, such as their email address and typically rely on Single Sign-On (SSO) identity Providers. \r\n\r\nThis talk explores the potential issues that can arise when multiple systems are used for authentication, and how these can lead to vulnerabilities. We will touch upon how authentication and authorization bugs can originate from user registration and how this can lead to full account takeover, password stealing, and denial of service. The speaker will draw from their own experiences in identifying and addressing these vulnerabilities, providing valuable insights into this common issue.\r\n\r\nFinally, the talk concludes by discussing potential solutions and stronger controls that can be implemented to prevent these issues from occurring.\r\n\r\nAttendee Takeaways \r\n* Security engineers will gain valuable experience in identifying and addressing authentication bugs, helping them to improve their skills in this area.\r\n* Developers will be encouraged to think more broadly about potential edge cases and vulnerabilities in their applications, leading to stronger and more secure authentication and authorization controls.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "f28fe6d0-d473-5868-ab75-967a0de798c6", "id": 436, "code": "MLU3QP", "public_name": "Priyank", "avatar": "https://cfp.nsec.io/media/avatars/priyank-nigam_oRoBYeW.jpg", "biography": "As an offensive security engineer at Microsoft, Priyank's primary focus is conducting security exercises that emulate real-world threats impacting billions of users. He is well known for his expertise in identifying high-impact vulnerabilities and has shared his research openly through various industry conferences.\r\n\r\nHis forte is web/mobile application security assessments, network penetration testing and secure source code reviews. In the past, he has advised F500 brands and startups and does mobile and IoT related research in his spare time. \r\n\r\nAs a new parent, he is now (re)learning hacking from his toddler who defeats all the \"restrictions\" to limit their mobility.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/D3MLCR/", "id": 665, "guid": "3b456da2-ac68-51fd-9691-fcda0bf51758", "date": "2024-05-16T18:00:00-04:00", "start": "18:00", "logo": null, "duration": "00:45", "room": "Ville-Marie", "slug": "2024-665-gaming-on-the-video-wall", "title": "Gaming on the video wall", "subtitle": "", "track": null, "type": "Announcements", "language": "en", "abstract": "Smash, Mario Kart, who knows...", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/G8VANU/", "id": 668, "guid": "f812a017-2d7b-5762-b0d2-3b7913df06e2", "date": "2024-05-16T19:30:00-04:00", "start": "19:30", "logo": null, "duration": "00:45", "room": "Ville-Marie", "slug": "2024-668-pickpocket-show", "title": "Pickpocket Show", "subtitle": "", "track": null, "type": "Party", "language": "en", "abstract": "Come and see James Harrison's unique craft!\r\n\r\nhttps://pickpocketmagic.com", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/8BP3GY/", "id": 667, "guid": "a9ab7fdc-0888-5ec4-ad98-ae39dd94892c", "date": "2024-05-16T20:15:00-04:00", "start": "20:15", "logo": null, "duration": "00:45", "room": "Ville-Marie", "slug": "2024-667-electroencephalogram-eeg-duel", "title": "Electroencephalogram (EEG) Duel", "subtitle": "", "track": null, "type": "Party", "language": "en", "abstract": "Venez d\u00e9ployer vos pouvoirs de concentration dans un duel EEG comme vous n'en avez jamais v\u00e9cu!", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/UMEVQJ/", "id": 666, "guid": "b19684d0-ed61-5655-aa6b-7c0b258cd983", "date": "2024-05-16T21:00:00-04:00", "start": "21:00", "logo": null, "duration": "03:00", "room": "Ville-Marie", "slug": "2024-666-thursday-party", "title": "Thursday Party", "subtitle": "", "track": null, "type": "Party", "language": "en", "abstract": "Party with guest DJs from Toronto! // Party avec des performances de DJ de Toronto !\r\n\r\n", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}], "Salle de Bal": [{"url": "https://cfp.nsec.io/2024/talk/QRZYRE/", "id": 663, "guid": "0663a4f4-151d-5f03-ab26-786e2d0778e9", "date": "2024-05-16T08:00:00-04:00", "start": "08:00", "logo": null, "duration": "01:00", "room": "Salle de Bal", "slug": "2024-663-registration-thursday-jeudi", "title": "Registration - Thursday/Jeudi", "subtitle": "", "track": null, "type": "Announcements", "language": "en", "abstract": "Refreshments sponsored by KoaSec // Rafraichissements gr\u00e2ce \u00e0 KoaSec\r\n\r\n![\"KoaSec\"](\"https://nsec.io/img/partners/koasec.png\")
", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/39KUWQ/", "id": 629, "guid": "ea2745f3-88bb-5638-ad1d-4a4ab39d3880", "date": "2024-05-16T10:00:00-04:00", "start": "10:00", "logo": null, "duration": "00:30", "room": "Salle de Bal", "slug": "2024-629-with-great-gain-comes-greater-security-issues-when-ml-frameworks-scale-for-growth-incorporates-security-risks-to-users-cloud-accounts", "title": "With Great gAIn Comes Greater Security Issues - When ML Frameworks' Scale for Growth Incorporates Security Risks to Users' Cloud Accounts", "subtitle": "", "track": "Machine Learning", "type": "Talk \u2013 Round 2 [EN]", "language": "en", "abstract": "There are various Machine Learning/BigData frameworks that have become quite popular in the past year due to the release of ChatGPT. This sudden popularity has caused that the scale for growth in parallel computing comes first and leaves aside the implementation of security mechanisms in some of the frameworks' components. In this talk I will go over the research process that I performed on one of these frameworks in an AWS install, showing how it started as two vulnerabilities in a web dashboard and quickly became privilege escalation in an AWS account.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "bcbcfb68-67ba-5a72-9efa-c85738c837fd", "id": 491, "code": "CMJTEV", "public_name": "Berenice Flores", "avatar": "https://cfp.nsec.io/media/avatars/B_HGT851G.jpg", "biography": "As a senior penetration tester at Bishop Fox, Berenice focuses on application security and cloud penetration testing (AWS). In the past year, Berenice has worked in security research against frameworks in the cloud. Berenice holds many cybersecurity certifications including Offensive Security Certified Professional (OSCP), Off-Sec Web Assessor (OSWA) and Offensive Security Wireless Professional (OSWP).\r\nWhen she's not finding bugs, Berenice enjoys attending hacking conferences and collecting stickers, pins and token coins.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/FQ3YZB/", "id": 599, "guid": "358173a4-174a-5982-a2a9-24d94c7f6b62", "date": "2024-05-16T10:45:00-04:00", "start": "10:45", "logo": null, "duration": "00:30", "room": "Salle de Bal", "slug": "2024-599-what-s-new-is-old-parallels-of-owasp-s-top-10-for-llms-and-web-applications", "title": "What's New is Old - Parallels of OWASP's Top 10 for LLMs and Web Applications", "subtitle": "", "track": "Machine Learning", "type": "Talk \u2013 Round 1 [EN]", "language": "en", "abstract": "LLMs are the hot new thing, and are exciting enough to even have their own OWASP Top 10 as of 2023! But are these vulnerabilities really any different from what we already see in more traditional web applications? \r\n\r\nIn this talk, Logan will explore the different vulnerability families from the new OWASP Top 10 for LLM Applications, discuss the different scenarios represented therein with a focus on real-world exploitation scenarios, and outline how they parallel the vulnerabilities that we've all grown to love and pwn over the years.\r\n\r\nAttendees should leave this talk with a more complete understanding of the vulnerabilities manifesting in LLM applications, how these vulnerabilities can directly affect end users, and scenarios to be conscious of when developing for, or around, LLM applications.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "393ecec8-a766-5bcc-9245-e53179636721", "id": 375, "code": "A8YSFX", "public_name": "Logan MacLaren", "avatar": "https://cfp.nsec.io/media/avatars/A8YSFX_3ZV4MkZ.jpg", "biography": "Logan is a Senior Product Security Engineer at GitHub where he focuses on the success of their Bug Bounty program. When not hacking on GitHub itself, Logan can be found doing security research focused on open source projects, or learning and refining new skills with CTF challenges!", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/QHV3MR/", "id": 647, "guid": "a5f3743b-5867-52c5-8162-4615915f4e49", "date": "2024-05-16T11:30:00-04:00", "start": "11:30", "logo": null, "duration": "00:30", "room": "Salle de Bal", "slug": "2024-647-machine-learning-q-a", "title": "Machine Learning Q&A", "subtitle": "", "track": "Machine Learning", "type": "Panel discussion and Q&A", "language": "en", "abstract": "Q&A Discussion for the Machine Learning (ML) block.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "084a4dad-4527-574f-bf4c-5fa81c41bb86", "id": 506, "code": "ZRSPDZ", "public_name": "Fran\u00e7ois Labr\u00e8che", "avatar": "https://cfp.nsec.io/media/avatars/fb_profile_Z2JyT5R.jpg", "biography": "Fran\u00e7ois is a Research Lead at Secureworks, who focuses on applying machine learning approaches to research problems related to security alerts and vulnerabilities. He focuses on using machine learning to improve the prioritization of alerts and vulnerabilities, in the context of XDR and vulnerability management. He has a PhD from \u00c9cole Polytechnique de Montr\u00e9al, and has published research papers on the topics of spam detection, malware analysis and machine learning applied to cybersecurity.", "answers": []}, {"guid": "bcbcfb68-67ba-5a72-9efa-c85738c837fd", "id": 491, "code": "CMJTEV", "public_name": "Berenice Flores", "avatar": "https://cfp.nsec.io/media/avatars/B_HGT851G.jpg", "biography": "As a senior penetration tester at Bishop Fox, Berenice focuses on application security and cloud penetration testing (AWS). In the past year, Berenice has worked in security research against frameworks in the cloud. Berenice holds many cybersecurity certifications including Offensive Security Certified Professional (OSCP), Off-Sec Web Assessor (OSWA) and Offensive Security Wireless Professional (OSWP).\r\nWhen she's not finding bugs, Berenice enjoys attending hacking conferences and collecting stickers, pins and token coins.", "answers": []}, {"guid": "393ecec8-a766-5bcc-9245-e53179636721", "id": 375, "code": "A8YSFX", "public_name": "Logan MacLaren", "avatar": "https://cfp.nsec.io/media/avatars/A8YSFX_3ZV4MkZ.jpg", "biography": "Logan is a Senior Product Security Engineer at GitHub where he focuses on the success of their Bug Bounty program. When not hacking on GitHub itself, Logan can be found doing security research focused on open source projects, or learning and refining new skills with CTF challenges!", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/GKD9AL/", "id": 557, "guid": "7d4ddddf-4e71-5eac-991b-9cf2bf7d7087", "date": "2024-05-16T13:00:00-04:00", "start": "13:00", "logo": null, "duration": "00:30", "room": "Salle de Bal", "slug": "2024-557-hardware-hacking-curiosity", "title": "Hardware Hacking Curiosity", "subtitle": "", "track": "Hardware", "type": "Talk \u2013 Round 1 [EN]", "language": "en", "abstract": "This talk, centered around curiosity and its transformative power, reflects my personal exploration into uncharted territories, an area that few people are familiar with. Surprisingly, I had no prior experience with hardware hacking; everything I've learned so far, starting from scratch, thanks to countless YouTube tutorials and extensive PDF books. \r\n\r\nI'm excited to share my discoveries and experiences thus far, highlighting the potential that curiosity holds in reshaping one's path. This talk aims to provide you with the fundamentals of protocols, types of devices, and the equipment needed to start. Additionally, I will guide you on how to undertake your first hardware hacking project on a connected device. **Are you up for joining me on this adventure?**", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "9321b625-78c4-55c7-82ee-fc7bc188a0cb", "id": 435, "code": "LRABZS", "public_name": "Adrien Lasalle", "avatar": "https://cfp.nsec.io/media/avatars/LRABZS_gGNAcVx.jpg", "biography": "Formerly a firefighter in France \ud83c\uddeb\ud83c\uddf7 \ud83d\ude92, I decided to pursue my passion for IT and especially offensive cybersecurity. Now a Pentester in Montreal \ud83c\udde8\ud83c\udde6 for almost 3 years and an active member of HackersWithoutBorders North America, I am gradually specializing in internal and network intrusion testing. \r\n\r\nSharing our passion for this field, whether for awareness or education, is an important mission for me! \r\n\r\nFeel free to contact me to discuss cyber or anything else over a beer :D \ud83c\udf7b", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/SJYV3M/", "id": 559, "guid": "4b389ec2-6cb1-5bd4-a042-67aa1e61fb04", "date": "2024-05-16T13:45:00-04:00", "start": "13:45", "logo": null, "duration": "00:30", "room": "Salle de Bal", "slug": "2024-559-scrutiny-debugger-debug-test-and-configure-embedded-softwares-through-instrumentation", "title": "Scrutiny Debugger - Debug, test and configure embedded softwares through instrumentation", "subtitle": "", "track": "Hardware", "type": "Talk \u2013 Round 1 [EN]", "language": "en", "abstract": "Debugging and testing an embedded application is always painful. A serial `printf` might not be enough, a high end JTAG with 1000+ pages of documentation might be too costly or complex. \r\n\r\nScrutiny Debugger is a new open source project that offers an alternative by enabling remote control of the memory through any communication channel (Serial, UDP, etc.). How does that work? A Python server continuously communicates with an embedded application that runs a small instrumentation library. Using the debugging symbols, extracted at compile time, the server exposes all the variables and memory structure to client applications through a websocket API. 2 clients are available: an Electron GUI and a Python SDK for programmatic interaction with the server.\r\n\r\nClients can read/write variables or raw memory. They can do graphs of variables; being continuous time logging or embedded graphs that triggers on a specific variable change, like an electronic scope does. Not the best for low-level driver development; but ideal for high-level embedded application.\r\n\r\nThe Python SDK is fully synchronized with the target device, meaning that a Python script can remotely run and behave like it was an internal thread inside the device; but with slow memory access time. That powerfully enables HIL (Hardware-in-the-loop) testing.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "88f586e0-f09a-584f-84d6-c92d7df990e0", "id": 437, "code": "SFDPDN", "public_name": "Pier-Yves Lessard", "avatar": "https://cfp.nsec.io/media/avatars/1709926572932_W7Lr9i0.jpg", "biography": "Embedded software engineer working at NXP semiconductor on embedded AI optimization for the automotive industry. Past experience in EV/motor control software. Author of 2 (relatively) widely used open source library dedicated to ECU communications and the main developer of Scrutiny Debugger, a project soon to be released. Father of two who develops open source stuff between 21h and 00h", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/73ADLS/", "id": 646, "guid": "28245179-22bc-5984-86bb-b37268e54d94", "date": "2024-05-16T14:30:00-04:00", "start": "14:30", "logo": null, "duration": "00:30", "room": "Salle de Bal", "slug": "2024-646-hardware-q-a", "title": "Hardware Q&A", "subtitle": "", "track": "Hardware", "type": "Panel discussion and Q&A", "language": "en", "abstract": "Q&A Discussion for the hardware block", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "8fe5fa1a-57cc-5923-a0cb-9f37e151e8b4", "id": 59, "code": "Y97WKP", "public_name": "Marc-Andr\u00e9 Labont\u00e9", "avatar": "https://cfp.nsec.io/media/avatars/IMG_20220524_201710_Mhd4gbF.jpg", "biography": "Marc-andre Labonte was a system administrator for more than a decade at the McGill Genome Center while it was known as the McGill University and Genome Quebec Innovation Center. There, he took part in the design, deployment, operation and maintenance of the data center as it went through multiple upgrade cycles to accommodate ever powerful high throughput genome sequencers coming to market.\r\n\r\nThen, he joined the ETTIC team at Desjardins in 2016 as infrastructure penetration tester. Currently doing vulnerability research on IOT devices, he also presented \"Automated contact tracing experiment on ESP Vroom32\" workshop at NSEC in 2021. His work is motivated by curiosity and a strong sense of personal privacy in a world of connected devices and data hungry organizations.", "answers": []}, {"guid": "88f586e0-f09a-584f-84d6-c92d7df990e0", "id": 437, "code": "SFDPDN", "public_name": "Pier-Yves Lessard", "avatar": "https://cfp.nsec.io/media/avatars/1709926572932_W7Lr9i0.jpg", "biography": "Embedded software engineer working at NXP semiconductor on embedded AI optimization for the automotive industry. Past experience in EV/motor control software. Author of 2 (relatively) widely used open source library dedicated to ECU communications and the main developer of Scrutiny Debugger, a project soon to be released. Father of two who develops open source stuff between 21h and 00h", "answers": []}, {"guid": "9321b625-78c4-55c7-82ee-fc7bc188a0cb", "id": 435, "code": "LRABZS", "public_name": "Adrien Lasalle", "avatar": "https://cfp.nsec.io/media/avatars/LRABZS_gGNAcVx.jpg", "biography": "Formerly a firefighter in France \ud83c\uddeb\ud83c\uddf7 \ud83d\ude92, I decided to pursue my passion for IT and especially offensive cybersecurity. Now a Pentester in Montreal \ud83c\udde8\ud83c\udde6 for almost 3 years and an active member of HackersWithoutBorders North America, I am gradually specializing in internal and network intrusion testing. \r\n\r\nSharing our passion for this field, whether for awareness or education, is an important mission for me! \r\n\r\nFeel free to contact me to discuss cyber or anything else over a beer :D \ud83c\udf7b", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/GG8DUB/", "id": 600, "guid": "c4621609-f432-5acb-a994-00d6ce930a47", "date": "2024-05-16T15:15:00-04:00", "start": "15:15", "logo": null, "duration": "00:30", "room": "Salle de Bal", "slug": "2024-600-insert-coin-hacking-arcades-for-fun", "title": "Insert coin: Hacking arcades for fun", "subtitle": "", "track": "Other", "type": "Talk \u2013 Round 1 [EN]", "language": "en", "abstract": "Since we were children we wanted to go to the arcade and play for hours and hours for free. How about we do it now? In this talk I\u2019m gonna show you some vulnerabilities that I discovered in the cashless system of one of the biggest companies in the world, with over 2,300 installations across 70 countries. We will talk about api security, access control and nfc among other things.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "bc75df0f-3535-5811-b1cd-d4aa32129adb", "id": 463, "code": "HTVFWW", "public_name": "Ignacio Navarro", "avatar": "https://cfp.nsec.io/media/avatars/HTVFWW_zd4CRLj.jpg", "biography": "Ignacio Navarro, an Ethical Hacker and Security Researcher from Cordoba, Argentina. With around 6 years in the cybersecurity game, he's currently working as an Application Security. Their interests include code analysis, web application security, and cloud security. \r\nSpeaker at Hackers2Hackers, Security Fest, BSides, Diana Initiative, Hacktivity Budapest, 8.8, Ekoparty.\r\n@Ignavarro1", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/M8M8VJ/", "id": 603, "guid": "6ccf8069-ab2a-594f-8a70-5bdc67e91351", "date": "2024-05-16T16:00:00-04:00", "start": "16:00", "logo": null, "duration": "00:30", "room": "Salle de Bal", "slug": "2024-603-crowdsourced-ddos-attacks-amid-geopolitical-events", "title": "Crowdsourced DDoS Attacks Amid Geopolitical Events", "subtitle": "", "track": "Other", "type": "Talk \u2013 Round 1 [EN]", "language": "en", "abstract": "This talk examines the rise of crowdsourced DDoS attacks amid geopolitical events, focusing on the Russia-Ukraine and Israel-Hamas conflicts. Once the domain of well-resourced actors, large-scale attacks now involve networks of novices using open-source tools, provided there are enough individuals sympathetic to a particular political ideology or cause. To incentivize participation, hacktivists employ leaderboards, cryptocurrency rewards, and gamified ranking systems based on contributions to DDoS attacks. This transforms disruptive criminal attacks against services into a competitive and commoditized activity.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "d428c47f-675f-53f8-ba04-20ae7532ab04", "id": 466, "code": "NKMZTB", "public_name": "Zaid Osta", "avatar": "https://cfp.nsec.io/media/avatars/Zaid_Osta_Headshot_Y4jzHqr.jpg", "biography": "Zaid Osta is a Cyber Threat Intelligence Analyst at Flare, and his primary role involves the collection, research, and analysis of the latest cyber threats.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/83TKPA/", "id": 593, "guid": "1631d683-98eb-5b75-8e30-36a14f794e22", "date": "2024-05-16T16:45:00-04:00", "start": "16:45", "logo": null, "duration": "00:30", "room": "Salle de Bal", "slug": "2024-593-cyber-incident-command-system-a-firefighter-s-approach-to-managing-cyber-incidents", "title": "Cyber Incident Command System: A Firefighter's Approach to Managing Cyber Incidents", "subtitle": "", "track": "Other", "type": "Talk \u2013 Round 2 [EN]", "language": "en", "abstract": "Let's face it, responding to cyber incidents is full of challenges but managing the dreaded \"war room\" shouldn't have to be one of them. In this talk AJ Jarrett, Incident Response Director at DTCC and former firefighter will discuss how cybersecurity and IT teams can leverage the tactics and techniques used by first responders during disasters to bring cyber incident response to the next level.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "5a9d21b7-2c6f-5331-8ae7-57bb66970d5d", "id": 459, "code": "RNDLWC", "public_name": "AJ Jarrett", "avatar": "https://cfp.nsec.io/media/avatars/258185849_10160183553447868_6113334893294514657_n_6Cbt1kT.jpg", "biography": "AJ Jarrett is the Incident Response Director for the Threat Management Center at DTCC. Prior to joining DTCC, AJ worked for over 15 years in various IT and cybersecurity roles including defense, compliance, assessments, and incident response. In addition to his work at DTCC, AJ is also an Adjunct Instructor at the Texas A&M Engineering Extension Service and volunteers with various educational initiatives to help bring cybersecurity knowledge to as many people as possible.", "answers": []}], "links": [], "attachments": [], "answers": []}], "Workshop 1": [{"url": "https://cfp.nsec.io/2024/talk/GU3KTM/", "id": 570, "guid": "69e33000-bff0-5cf6-8845-aa06c4076b87", "date": "2024-05-16T10:00:00-04:00", "start": "10:00", "logo": null, "duration": "02:00", "room": "Workshop 1", "slug": "2024-570-mastering-exegol", "title": "Mastering Exegol", "subtitle": "", "track": null, "type": "2hr workshop -- Round 2 [FR]", "language": "en", "abstract": "Apprenez \u00e0 r\u00e9aliser des tests d'intrusion de mani\u00e8re s\u00e9curis\u00e9e, professionnelle et efficace avec Exegol. Prenez une longeur d'avance en suivant ce training qui se concentrera sur la mani\u00e8re dont les professionnels peuvent facilement configurer et utiliser leur environnement de test d'intrusion, bas\u00e9 sur Docker, en quelques minutes, sans difficult\u00e9. \r\nL'\u00e9poque des tests d'intrusion non professionnels, non s\u00e9curis\u00e9s et laborieux est r\u00e9volue.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "762b4873-a0f1-5080-8db3-26e997a6d2a0", "id": 372, "code": "BF7L3G", "public_name": "Charlie Bromberg (Shutdown)", "avatar": "https://cfp.nsec.io/media/avatars/Photo_pro_qjggknv.jpg", "biography": "Creator of The Hacker Recipes and Exegol. \r\nCreator or contributor to many other projects.\r\nLeading ethical hacking offerings for Capgemini France.\r\nPassionate about Active Directory.", "answers": []}, {"guid": "ceac42a1-2d2b-5e5b-8371-39a7fd95e1a4", "id": 502, "code": "WFQCGX", "public_name": "Mathieu Calemard du Gardin (Dramelac)", "avatar": "https://cfp.nsec.io/media/avatars/photo_2023-11-26_20-52-05_copy_acmlBmK.jpg", "biography": "Red Teamer and co-creator of Exegol", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/GHC8F9/", "id": 582, "guid": "5b0f939b-3280-5f89-a381-e38259a2bd06", "date": "2024-05-16T13:00:00-04:00", "start": "13:00", "logo": null, "duration": "03:00", "room": "Workshop 1", "slug": "2024-582-how-crypto-gets-broken-by-you-", "title": "How crypto gets broken (by you)", "subtitle": "", "track": null, "type": "3hr workshop -- Round 1 [EN]", "language": "en", "abstract": "This is an introduction to crypto: building blocks, protocols and attacks on them. We cover: encoding vs encryption, hashes, \u2018classic\u2019 crypto, stream ciphers, block ciphers, symmetric crypto, asymmetric crypto, has attacks, classic crypto attacks, stream cipher attack, block cipher attack models, ECB attacks, crypto protocols, digital signatures, message authentication code, nonces, simple authentication, challenge response, simple authentication attacks (key collisions, key extraction and extension, replay, valet, bad counter resync), MAC attacks, digital signature attacks, pubkey substitution, challenge response attacks (middleperson attack, UDS style seed-key predictions), WPA2 password cracking, WPA2 key reinstallation, WPA2 key nulling, TLS/SSL middleperson attacks, SWEET32, DROWN, logjam, POODLE, UDS seed-key exchange attacks (reverse key algorithm, lift key algorithm, solve for unknowns, retry-retry-retry, brute force, glitch past).\r\n\r\nTools covered include: rumkin.com, hashcat, john the ripper, binwalk, radare2, binvis.io, Veles, airocrack-ng, mitmproxy, MITMf.\r\n\r\nThe workshop is a \u2018101\u2019 level: geared for people good at computers but maybe no knowledge of cryptography. There will be minimal math (I promise). We\u2019ll talk mostly about how to break bad crypto and bad crypto algorithms with 10-15min hands-on sessions integrated into 4 hours of workshop: Decrypt \u2018Crypto\u2019, Break Hashes, Break Crypto, Visualize Crypto.\r\n\r\nWe will explore three applications of the building blocks and attacks also. Towards the end we tie-in the building blocks and attacks into how the following crypto protocols get broken: WPA2, TLS and UDS Seed-Key exchange (from automotive). Please join us for an intro-level exploration of cryptography building blocks, protocols and how to attack them. And, as always, crypto means cryptography.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "37aa1a15-0e92-5541-8bc3-2ba2a9a8adaa", "id": 36, "code": "ARPCRK", "public_name": "Ben Gardiner", "avatar": "https://cfp.nsec.io/media/avatars/c9d4b2e9b60e39790beb6e1573383647_3PNjvSA.jpg", "biography": "Mr. Gardiner is an independent consultant at Yellow Flag Security, Inc. presently working to secure commercial transportation at the NMFTA and connected transportation with TMNA. With more than ten years of professional experience in embedded systems design and a lifetime of hacking experience, Gardiner has a deep knowledge of the low-level functions of operating systems and the hardware with which they interface. Prior to YFS Inc., Mr. Gardiner held security assurance and reversing roles at a global corporation, as well as worked in embedded software and systems engineering roles at several organizations. He holds a M.Sc. Eng. in Applied Math & Stats from Queen\u2019s University. He is a DEF CON Hardware Hacking Village (DC HHV) and Car Hacking Village (CHV) volunteer. He is GIAC GPEN certified and a GIAC advisory board member, he is also chair of the SAE TEVEES18A1 Cybersecurity Assurance Testing TF (drafting J3061-2), contributor to several ATA TMC task forces, ISO WG11 committees, and a voting member of the SAE Vehicle Electronic Systems Security Committee. Mr. Gardiner has delivered workshops and presentations at several world cybersecurity events including the Cybertruck Challenge, GENIVI security sessions, Hack in Paris, HackFest and DEF CON main stage.", "answers": []}], "links": [], "attachments": [], "answers": []}], "Workshop 2": [{"url": "https://cfp.nsec.io/2024/talk/Z9TZAS/", "id": 616, "guid": "76e6ea01-4b43-5b85-b232-44fb6b05d703", "date": "2024-05-16T10:00:00-04:00", "start": "10:00", "logo": null, "duration": "02:00", "room": "Workshop 2", "slug": "2024-616-prevent-first-detect-second-an-open-source-approach", "title": "Prevent First, Detect Second: An Open-Source Approach", "subtitle": "", "track": null, "type": "2 hr workshop -- Round 2 [EN]", "language": "en", "abstract": "As the authors of this talk can testify from experience, it feels almost impossible to detect cyberattacks, let alone stop them. Alert fatigue and a shortage of automation, skills, and personnel further exacerbate this problem, emphasizing the need for prevention mechanisms that allow defenders time to investigate threats.\r\n\r\nIncident response, even if automated, is best done after an attack has already been thwarted. Easier said than done? Not really if you use the right tools!\r\n\r\nThe right tools we will discuss in this talk are our open-source RPC-Firewall and LDAP-Firewall.\r\nFirst, we prevent! We show how these tools can be used in every Microsoft domain environment to halt innumerable attacks throughout the kill chain. We can stop the initial stages of an attack by preventing domain enumerations via SharpHound, BloodHound.py, SOAPHound, and various LDAP queries. We can also prevent numerous types of privilege escalation and lateral movement attacks, including DCSync attacks, remote DCOM execution, PsExec, PetitPotam attacks, Coercing attacks, and many more\u2026\r\n\r\nSecond, we detect! Our open-source tools write Windows events to the local event logs, which can be easily forwarded to your local SIEM. The RPC Firewall and LDAP Firewall also have their own Sigma rules published for them, making detection engineering even simpler. Using Sentinel as an example, we show how these events can be ingested into any SIEM, how baselines can be easily created, and how detection rules are formulated.\r\n\r\nFinally, we will summarize with RPC and LDAP firewall internals, which will help guide the security community on how to better contribute, expand, and customize these open-source tools to bring more value to the community.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "f8df77ce-6dd6-5d76-a51d-4604ab5a54e1", "id": 236, "code": "UUHNM9", "public_name": "Sagie", "avatar": "https://cfp.nsec.io/media/avatars/sagie_nsvOU5f.jpg", "biography": "Sagie is a defensive security researcher, leading the Zero-Labs team as VP of Research @ Zero Networks.\r\nWith a bachelor's in Electrical-Engineer, Sagie started out designing and breaking-up communication schemas in the Intelligence unit of the military. After his service, Sagie went on to perform research on diverse topics, introducing new attacks techniques such as the \"man-in-the-cloud\" attacks and supply chain compromises against container developers. In recent years, Sagie is focused on research that delivers practical solutions to security teams, mainly in the form of open source security tools.", "answers": []}, {"guid": "d5a1f685-9dab-5116-8311-cb2b552bae69", "id": 399, "code": "LJZN8U", "public_name": "Dekel Paz", "avatar": "https://cfp.nsec.io/media/avatars/dekel_bwYJZpQ.jpeg", "biography": "Security Researcher with over 15 years of experience in Cybersecurity and software development. I\u2019ve been on both sides of the fence \u2013 leading Offensive and Defensive security teams in the past.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/ZE837Z/", "id": 658, "guid": "302869ba-c0cb-5707-9044-f334580c05c3", "date": "2024-05-16T13:00:00-04:00", "start": "13:00", "logo": null, "duration": "01:30", "room": "Workshop 2", "slug": "2024-658-examen-radioamateur-comptence-de-base-amateur-radio-basic-competency-exam", "title": "Examen radioamateur Comp\u00e9tence de Base / Amateur Radio Basic Competency Exam", "subtitle": "", "track": null, "type": "2 hr workshop -- Round 1 [FR]", "language": "en", "abstract": "Une opportunit\u00e9 inestimable pour ceux qui aspirent \u00e0 obtenir leur licence de radioamateur - passez l'examen pour la comp\u00e9tence de base durant Northsec! \r\n--\r\nAn invaluable opportunity for those aspiring to obtain their amateur radio license - take the basic competency exam during Northsec!", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}], "Salle de la Commune": [{"url": "https://cfp.nsec.io/2024/talk/MCEMZU/", "id": 654, "guid": "16a620e3-5fab-5c17-9aa4-0838bc274d2e", "date": "2024-05-16T10:00:00-04:00", "start": "10:00", "logo": null, "duration": "07:30", "room": "Salle de la Commune", "slug": "2024-654-thursday-community-booths-kiosques-communautaires-du-jeudi", "title": "Thursday Community Booths / Kiosques communautaires du jeudi", "subtitle": "", "track": null, "type": "Community Room (Villages)", "language": "en", "abstract": "English below\r\n\r\nVous \u00eates cordialement invit\u00e9s \u00e0 venir explorer la salle communautaire, o\u00f9 la convergence de la technologie, de l'amusement et de l'apprentissage vous attend. Que vous soyez un amateur de jeux, un technophile averti ou simplement curieux de d\u00e9couvrir de nouvelles choses, on vous y attend!\r\n\r\nD\u00e9couvrez nos kiosques :\r\n\r\n* Guys, Games and Beer (G2B)\r\n* Cybercap\r\n* Jeux de table\r\n* \u00c9changes d'auto-collants\r\n* Foulab\r\n* Crochetage de serrures\r\n* Vol \u00e0 la tire : De retour pour une troisi\u00e8me ann\u00e9e, James Harrison r\u00e9alisera ses techniques de prestidigitation \u00e9poustouflantes de pr\u00e8s. Vous pourriez m\u00eame apprendre un tour ou deux !\r\n* Atelier de CV\r\n\r\net plus encore\r\n\r\n// English //\r\nYou are cordially invited to come explore the community hall, where the convergence of technology, fun, and learning awaits you. Whether you're a gaming enthusiast, a seasoned technophile, or simply curious to discover new things, we'll be expecting you there!\r\n\r\n* Guys, Games and Beer (G2B)\r\n* Cybercap \r\n* Tabletop games\r\n* Sticker exchange\r\n* Foulab\r\n* Lockpicking\r\n* Pickpocketing : Come learn and be amazed by Canada's Pickpocket Magician! Back for a third year, James Harrison will perform his mindblowing sleigh of hand techniques up close. You might even learn a trick or two!\r\n* HR village\r\n\r\nand much more!", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}], "Studio Podcast": [{"url": "https://cfp.nsec.io/2024/talk/XTWAAJ/", "id": 659, "guid": "3c4b82e7-2823-5c5c-b8b5-03b23d92c076", "date": "2024-05-16T15:00:00-04:00", "start": "15:00", "logo": null, "duration": "01:00", "room": "Studio Podcast", "slug": "2024-659-enregistrement-du-podcast-polyscure", "title": "Enregistrement du podcast PolyS\u00e9cure", "subtitle": "", "track": null, "type": "Community Room (Villages)", "language": "en", "abstract": "PolyS\u00e9cure est un podcast francophone sur la cybers\u00e9curit\u00e9 qui s'adresse aux professionels et curieux depuis 2020.\r\n\r\nLe podcast se s\u00e9pare en six grands segments:\r\n\r\n Curieux: Segment destin\u00e9 au grand public, afin de vulgariser des sujets pointus et qui peuvent sembler herm\u00e9tique\r\n PME: Segment pour les petites et moyennes entreprises, o\u00f9 les d\u00e9fis de cybers\u00e9curit\u00e9 sont existants, mais o\u00f9 les ressources sont limit\u00e9es\r\n Professionnel: Segment pour ceux qui \u0153uvrent dans le domaine de la cybers\u00e9curit\u00e9 ou dans un domaine connexe\r\n Teknik: Segment pour ceux qui d\u00e9sire approfondir des sujets pointus en cybers\u00e9curit\u00e9\r\n Juridik: Segment abordant les questions juridiques (rappel, nous ne donnons pas de conseil juridique, veuillez consulter votre avocat pour une opinion juridique) qui affectent l'univers des technologies et de la cybers\u00e9curit\u00e9. Nous y abordons r\u00e9guli\u00e8rement des sujets relatifs \u00e0 la vie priv\u00e9e et aux lois qui la prot\u00e8ge.\r\n H'umain: Segment qui place l'humain au centre des pr\u00e9occupations, puisque celui-ci n'est pas le maillon faible, mais le maillon fort de la cybers\u00e9curit\u00e9.\r\n\r\nTous les \u00e9pisodes et notes de recherche se trouvent \u00e0 polysecure.ca", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}], "Sc\u00e8ne de la Commune": [{"url": "https://cfp.nsec.io/2024/talk/SEQ3S9/", "id": 653, "guid": "6ae639d2-a9f3-53e3-abef-ae5b7086c802", "date": "2024-05-16T10:00:00-04:00", "start": "10:00", "logo": null, "duration": "03:00", "room": "Sc\u00e8ne de la Commune", "slug": "2024-653-ctf-101", "title": "CTF 101", "subtitle": "", "track": null, "type": "Community Room (Villages)", "language": "en", "abstract": "(English follows) Vous souhaitez d\u00e9couvrir les bases du CTF (Capture The Flag) ? Rejoignez-nous pour un atelier pratique qui vous permettra de plonger dans cet univers passionnant m\u00eame en tant que d\u00e9butant. Apprenez les fondamentaux du CTF et familiarisez-vous avec ses m\u00e9canismes lors de cet atelier interactif. Venez essayer par vous-m\u00eame et laissez-vous emporter par l'excitation du challenge ! Atelier en fran\u00e7ais.\r\n\r\n\r\nAre you eager to discover the fundamentals of CTF (Capture The Flag)? Join us for a hands-on workshop designed to help beginners make the most out of the CTF experience. Learn the basics of CTF and get acquainted with its mechanics in this interactive session. Come give it a try and immerse yourself in the thrill of the challenge!", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "96249a19-31db-567a-975c-56a2109e410a", "id": 504, "code": "TWCURZ", "public_name": "Simon Nolet (Viper)", "avatar": "https://cfp.nsec.io/media/avatars/Simon_1O9JeCv.png", "biography": "Simon is a cybersecurity expert with 10 years of experience, specializing in offensive security for the past 9 years. He focuses achieving high-impact attack chains .He has conducted over 250 penetration tests. Simon is also an active member of the cybersecurity community, dedicated to sharing his knowledge by volunteering for events like Hackfest CTF and training individuals for over 5 years in the Security 103 course and the Beginner CTF. He values honesty, promoting transparency and integrity in his work. His expertise covers networks, infrastructure, Active Directory pentesting, but he is also interested in red teaming, access control evasion, and efficient computer usage. Simon is constantly striving to enhance a company's security by producing precise reports and offering operational recommendations to increase resilience against adversaries. He believes that often, the root causes of security issues can be addressed through education and training. His goal is to educate and strengthen security measures to protect both businesses and individuals in their digital environments, with a strong emphasis on training others.", "answers": []}], "links": [], "attachments": [], "answers": []}], "Soldering Village": [{"url": "https://cfp.nsec.io/2024/talk/LPRPBQ/", "id": 655, "guid": "b82b9fc3-6dd5-5864-98f1-1915f9966a37", "date": "2024-05-16T10:00:00-04:00", "start": "10:00", "logo": null, "duration": "02:00", "room": "Soldering Village", "slug": "2024-655-soldering-workshop-atelier-de-soudure", "title": "Soldering workshop / Atelier de soudure", "subtitle": "", "track": null, "type": "Community Room (Villages)", "language": "en", "abstract": "REGISTRATION REQUIRED HERE / INSCRIPTION OBLIGATOIRE ICI : https://tickets.nsec.io/2024/\r\n\r\nSoldering (EN below) / Soudure (brasage)\r\n\r\nRejoignez-nous pour un atelier pratique de brasage o\u00f9 vous d\u00e9couvrirez les secrets de vos badges (apportez votre badge Sputnik ou Cerveau!). \r\n\r\nDans cet atelier passionnant, vous apprendrez les techniques de brasage tout en donnant une nouvelle vie \u00e0 vos badges. Apprenez \u00e0 hacker votre badge pour lui donner de nouvelles fonctionnalit\u00e9s et le personnaliser. \r\n\r\nC'est une occasion unique de d\u00e9velopper vos comp\u00e9tences en \u00e9lectronique tout en repartant avec un souvenir unique et personnalis\u00e9 ! L'atelier sera offert en anglais.\r\n\r\nINSCRIPTION OBLIGATOIRE ICI : https://tickets.nsec.io/2024/\r\n\r\n\r\n\r\nJoin us for a hands-on soldering workshop where you'll uncover the secrets of crafting your own electronic badge - bring your Brain or Sputnik badge if you have one! \r\n\r\nIn this exciting workshop, you'll learn soldering techniques while breathing new life into your (Sputnik/Brain) badge. Learn to hack your badge to add new features and customize it to your heart's content. It's a unique opportunity to enhance your electronics skills while walking away with a one-of-a-kind, personalized keepsake!\r\n\r\n(an additional fee is required to cover the cost of materials, REGISTRATION REQUIRED HERE : https://tickets.nsec.io/2024/", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}]}}, {"index": 2, "date": "2024-05-17", "day_start": "2024-05-17T04:00:00-04:00", "day_end": "2024-05-18T03:59:00-04:00", "rooms": {"Ville-Marie": [{"url": "https://cfp.nsec.io/2024/talk/EYVXJW/", "id": 661, "guid": "513796f0-1d0b-5b0d-810e-aa86e22baae4", "date": "2024-05-17T08:00:00-04:00", "start": "08:00", "logo": null, "duration": "01:00", "room": "Ville-Marie", "slug": "2024-661-doors-open-and-registration-friday-vendredi", "title": "Doors open and Registration - Friday/Vendredi", "subtitle": "", "track": null, "type": "Long Panel", "language": "en", "abstract": "\ud83e\udd50 \u2615 \ud83e\udd6f \ud83e\uddc3 Breakfast sponsored by IMC2 // D\u00e9jeuner gr\u00e2ce \u00e0 l'IMC2\r\n\r\n![\"IMC2\"](\"/img/partners/imc2.png\")
", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/ULDTDX/", "id": 564, "guid": "dba4a425-0ea7-5f15-86c1-79fd348eac09", "date": "2024-05-17T09:15:00-04:00", "start": "09:15", "logo": null, "duration": "00:30", "room": "Ville-Marie", "slug": "2024-564-beware-of-infosec-influencers", "title": "BEWARE of Infosec Influencers", "subtitle": "", "track": "Human in the Middle", "type": "Talk \u2013 Round 1 [EN]", "language": "en", "abstract": "Many are aware of clout-chasing influencers on social media such. However, many have not considered this cultural phenomenon transcending into the professional world. From \"thought leaders\" on LinkedIn to law enforcement agencies on Twitter, it is not just Instagram models sharing content with the primary goal of getting more 'likes' and followers. In this presentation, Mr. Myler highlights examples of Infosec influencers providing guidance that, at best, distracts from prioritized risk-based cybersecurity.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "ed104716-2e66-5f2a-aebd-01799975450c", "id": 439, "code": "XNQ7RD", "public_name": "W. Garrett Myler", "avatar": "https://cfp.nsec.io/media/avatars/Garrett_WoodsHallow_cropped_u38Eiej.jpg", "biography": "W. Garrett Myler, Sr. OT cybersecurity Specialist at Red Trident Inc. and proud U.S. Air Force Reservist, has over a decade of experience supporting threat intelligence and cyber operations within the U.S. Department of Defense - from strategic to tactical levels of operation. He has traveled the world performing vulnerability assessments on industrial control systems (ICS) supporting critical infrastructure. Mr. Myler is an experienced and engaging cybersecurity instructor and presenter and has trained professionals and addressed audiences from around the world. He is a CISSP, GIAC Certified Forensic Analyst, an ISA 62443 certified \"expert\", and has a Masters of Science in Digital Forensics and Cyber Investigation. Mr. Myler is honored to fill the roles of husband to his wife Julie and father to their five children.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/JPBGZJ/", "id": 583, "guid": "c06b4af1-041f-563c-a342-328d750c2cf9", "date": "2024-05-17T10:00:00-04:00", "start": "10:00", "logo": null, "duration": "00:30", "room": "Ville-Marie", "slug": "2024-583-real-or-fake-tools-to-fight-online-disinformation", "title": "Real or fake? Tools to fight online disinformation", "subtitle": "", "track": "Human in the Middle", "type": "Talk \u2013 Round 2 [EN]", "language": "en", "abstract": "It is quite challenging to verify the origin of online content. In this era of disinformation exacerbated by ever-evolving AI tools, the creation of seemingly authentic fake accounts and content can be quite dangerous, with risks ranging from harming one\u2019s reputation to damaging society as a whole.\r\nFortunately, content provenance technologies are emerging to fight this problem. The [Coalition for Content Provenance and Authenticity (C2PA)](https://c2pa.org/) is the leading effort allowing creators to cryptographically sign their digital assets and record subsequent edits helping consumers to confirm their origin and authenticity while keeping an auditable history of the data transformations. It has been adopted by leading technology providers (Microsoft, Google, Meta), camera manufacturers (Sony, Nikon), image/video editors (Adobe), generative AI companies (OpenAI, Midjourney), and news organizations (BBC, CBC/Radio-Canada, New York Times). C2PA is also at the forefront of the fight against election disinformation, and was one of two technologies mentioned in the recent [AI Elections accord](https://www.aielectionsaccord.com/) signed at the Munich security conference.\r\nIn this presentation, I\u2019ll describe the C2PA use cases, specifications, and the lifecycle of a protected digital asset (such as images, videos, and audio clips) from their creation, to their modifications and validation. I\u2019ll present open-source tools/SDKs that anyone can use to create and verify protected content or integrate this functionality in their applications and services.\r\nI\u2019ll also present the [Cross-Platform Origin of Content (XPOC)](https://microsoft.github.io/xpoc-framework/) framework allowing content owners to create authoritative lists of their social media accounts and content, addressing a slightly different provenance problem. I\u2019ll give a demonstration of the open-source tools allowing anyone to self-host and verify XPOC manifests.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "7355bf33-e6b5-527e-9ba0-11a27120ad9b", "id": 108, "code": "WFWQWA", "public_name": "Christian Paquin", "avatar": "https://cfp.nsec.io/media/avatars/christian-paquin_Y6uovWy.jpg", "biography": "I\u2019m cryptography and security engineer at Microsoft Research where I aim to bring new research innovations closer to reality. My work focuses lately on privacy-preserving identity, post-quantum cryptography, and content origin and authentication (especially surrounding the work of the C2PA in which I\u2019m a member of the technical working group). Prior to joining Microsoft I was a crypto developer at Zero Knowledge Systems developing a TOR-precursor mixnet and the Chief Security Engineer at Credentica.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/X7YUFZ/", "id": 610, "guid": "c859265b-7f81-5c1c-ad34-0c1e71db5764", "date": "2024-05-17T10:45:00-04:00", "start": "10:45", "logo": null, "duration": "00:30", "room": "Ville-Marie", "slug": "2024-610-i-will-look-for-you-and-i-will-find-you-osint-on-publicly-shared-pictures", "title": "I will look for you and I will find you: OSINT on publicly shared pictures", "subtitle": "", "track": "Human in the Middle", "type": "Talk \u2013 Round 1 [EN]", "language": "en", "abstract": "Liam Neeson is coming for you. But how will he find you? Come to this talk to learn how the picture of a firetruck you took in front of your house and shared on Instagram two years ago will be the source of your demise.\r\n\r\nIn this talk, I will share how I developed this compulsive habit, in which I _need_ to find where a picture was taken. We will cover how to perform _open-source intelligence_ (OSINT) on publicly shared pictures and videos, which tools and techniques to use, accompanied with real step-by-step examples.\r\n\r\nI believe that understanding how OSINT works is key to better protect ourselves online. I'm aiming to give you the tools and knowledge to be better cybersecurity professionals, and learn to be more careful and diligent online, all in a (hopefully) fun and engaging way.\r\n\r\nNot convinced yet? This talk will also cover the following topics: metadata (d'oh!), physical keys (who doesn't like keys?), data in public registries, and conclude with Do's and Don'ts for everyone.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "a2056742-11c6-5d0c-8597-613831eff4e0", "id": 473, "code": "HB99JV", "public_name": "Patricia Gagnon-Renaud", "avatar": "https://cfp.nsec.io/media/avatars/0F7A7836_Web_X6EcFGM.jpg", "biography": "Patricia Gagnon-Renaud is a Cybersecurity Analyst in the Ethical Hacking team at GoSecure. She has a bachelor's degrees in IT engineering, is a licensed engineer, and more recently, has become a Certified Information Systems Security Professional (CISSP). Her interests include social engineering, physical security, lockpicking and urbanism.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/YU9CN7/", "id": 649, "guid": "f4f69ece-99ab-5d5c-af9a-28ad3d8b3f31", "date": "2024-05-17T11:30:00-04:00", "start": "11:30", "logo": null, "duration": "00:30", "room": "Ville-Marie", "slug": "2024-649-human-in-the-middle-q-a", "title": "Human in the Middle Q&A", "subtitle": "", "track": "Human in the Middle", "type": "Panel discussion and Q&A", "language": "en", "abstract": "Q&A Discussion for the Human in the Middle block.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "aa9ecbce-bb44-5deb-af7a-b96170dd6ea2", "id": 508, "code": "ABCTM3", "public_name": "Octavia Hexe", "avatar": "https://cfp.nsec.io/media/avatars/CleanShot_2024-05-01_at_16.23.132x_XiRQcKC.png", "biography": "Octavia is an independent security researcher. They have worked in security engineering, purple team, adversary emulation roles, and as a volunteer with non-profits countering disinformation.", "answers": []}, {"guid": "a2056742-11c6-5d0c-8597-613831eff4e0", "id": 473, "code": "HB99JV", "public_name": "Patricia Gagnon-Renaud", "avatar": "https://cfp.nsec.io/media/avatars/0F7A7836_Web_X6EcFGM.jpg", "biography": "Patricia Gagnon-Renaud is a Cybersecurity Analyst in the Ethical Hacking team at GoSecure. She has a bachelor's degrees in IT engineering, is a licensed engineer, and more recently, has become a Certified Information Systems Security Professional (CISSP). Her interests include social engineering, physical security, lockpicking and urbanism.", "answers": []}, {"guid": "ed104716-2e66-5f2a-aebd-01799975450c", "id": 439, "code": "XNQ7RD", "public_name": "W. Garrett Myler", "avatar": "https://cfp.nsec.io/media/avatars/Garrett_WoodsHallow_cropped_u38Eiej.jpg", "biography": "W. Garrett Myler, Sr. OT cybersecurity Specialist at Red Trident Inc. and proud U.S. Air Force Reservist, has over a decade of experience supporting threat intelligence and cyber operations within the U.S. Department of Defense - from strategic to tactical levels of operation. He has traveled the world performing vulnerability assessments on industrial control systems (ICS) supporting critical infrastructure. Mr. Myler is an experienced and engaging cybersecurity instructor and presenter and has trained professionals and addressed audiences from around the world. He is a CISSP, GIAC Certified Forensic Analyst, an ISA 62443 certified \"expert\", and has a Masters of Science in Digital Forensics and Cyber Investigation. Mr. Myler is honored to fill the roles of husband to his wife Julie and father to their five children.", "answers": []}, {"guid": "7355bf33-e6b5-527e-9ba0-11a27120ad9b", "id": 108, "code": "WFWQWA", "public_name": "Christian Paquin", "avatar": "https://cfp.nsec.io/media/avatars/christian-paquin_Y6uovWy.jpg", "biography": "I\u2019m cryptography and security engineer at Microsoft Research where I aim to bring new research innovations closer to reality. My work focuses lately on privacy-preserving identity, post-quantum cryptography, and content origin and authentication (especially surrounding the work of the C2PA in which I\u2019m a member of the technical working group). Prior to joining Microsoft I was a crypto developer at Zero Knowledge Systems developing a TOR-precursor mixnet and the Chief Security Engineer at Credentica.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/QFMWVQ/", "id": 555, "guid": "99153fb3-2e06-5a93-b1a6-9276b9cbe511", "date": "2024-05-17T13:00:00-04:00", "start": "13:00", "logo": null, "duration": "00:30", "room": "Ville-Marie", "slug": "2024-555-browser-is-the-new-lsass", "title": "Browser is the new LSASS", "subtitle": "", "track": "Red team", "type": "Talk \u2013 Round 1 [EN]", "language": "en", "abstract": "In a world where MFA is enabled on every portal and everything is a web application, red teamers can access cookies and cached information from your browser to gain access to everything without knowing a simple password or having access to your MFA.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "6e037cab-d66c-56e3-b7b4-c6d7dea778a3", "id": 11, "code": "NKHTQJ", "public_name": "Charles F. Hamilton (Mr.Un1k0d3r)", "avatar": "https://cfp.nsec.io/media/avatars/NKHTQJ_gjN7iQV.jpg", "biography": "Charles Hamilton also known as Mr.Un1k0d3r is a Red Teamer, with more than twelve years of experience delivering offensive testing services for various government clients and commercial verticals. In recent years, Charles has focused on covert Red Team operations against complex and secured environments. These operations have allowed him to hone his craft at quietly navigating a client's network without detection. Since 2014, he is the founder and operator of the RingZer0 Team website, a platform focused on teaching hacking fundamentals. The RingZer0 community currently has more than 40,000 members worldwide. Charles is also a prolific toolsmith and speaker in the Infosec industry under the handle of Mr.Un1k0d3r.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/DMJEK9/", "id": 591, "guid": "a13968fb-2c2e-5060-ac37-5ad3d853aa4a", "date": "2024-05-17T13:45:00-04:00", "start": "13:45", "logo": null, "duration": "00:30", "room": "Ville-Marie", "slug": "2024-591-simplified-malware-evasion-entropy-and-other-techniques", "title": "Simplified Malware Evasion - Entropy and other Techniques", "subtitle": "", "track": "Red team", "type": "Talk \u2013 Round 2 [EN]", "language": "en", "abstract": "Malware development and evasion techniques are becoming more difficult each day. EDRs are implementing signature-based detection, behaviour-based detection, as well as entropy-based detection techniques. Shellcode is often encoded/encrypted which can cause payloads to have high entropy (randomness), therefore being detected and blocked by EDRs.\r\n \r\nThis presentation is the journey of a red teamer - improving their tools with simple techniques and learning about evasion and Windows internals along the way. \r\n\r\nThrough this talk, we will review the high-level theory behind evasion and present unique approaches to evasion techniques, including entropy reduction and shellcode callbacks. We will present a novel tool to reduce entropy via dictionary word shellcode encoding, and use Windows callback functions to launch our shellcode.\r\n\r\nFurthermore, an overview of detecting these novel techniques will be discussed to help blue teamers in their jobs. Detection methods discussed include using YARA rules, ETW, and PE file memory scanners.\r\n\r\nParticipants will benefit from this talk in many ways. Red teamers can now immediately benefit from the tool, which is publicly released, along with C#/C++ Code samples. And Blue teamers can learn how to better detect these advanced techniques.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "3bfbb98e-59a1-5704-aefa-d9c2c77df229", "id": 214, "code": "8SHLGV", "public_name": "Will Summerhill", "avatar": "https://cfp.nsec.io/media/avatars/IMG_6681_-_Copy_Nygal57.jpg", "biography": "Will Summerhill is a senior security consultant with Mandiant Canada on the Proactive team performing red teams, purple teams, and penetration testing assessments. He has been in offensive security consulting for over 7 years and has 10 years of information security experience combined. He teaches red teaming classes to clients and taught a penetration testing course at the post-grad college level.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/H9XCML/", "id": 648, "guid": "66037c3c-6f59-56b4-8af3-f571aca94958", "date": "2024-05-17T14:30:00-04:00", "start": "14:30", "logo": null, "duration": "00:30", "room": "Ville-Marie", "slug": "2024-648-red-team-q-a", "title": "Red Team Q&A", "subtitle": "", "track": "Red team", "type": "Panel discussion and Q&A", "language": "en", "abstract": "Q&A Discussion for the red team block.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "463b05de-66a0-512d-a56b-0977b81c1a67", "id": 23, "code": "UWDKC8", "public_name": "Laurent Desaulniers", "avatar": "https://cfp.nsec.io/media/avatars/_C8A1684-sincity_BI0aC72.png", "biography": null, "answers": []}, {"guid": "3bfbb98e-59a1-5704-aefa-d9c2c77df229", "id": 214, "code": "8SHLGV", "public_name": "Will Summerhill", "avatar": "https://cfp.nsec.io/media/avatars/IMG_6681_-_Copy_Nygal57.jpg", "biography": "Will Summerhill is a senior security consultant with Mandiant Canada on the Proactive team performing red teams, purple teams, and penetration testing assessments. He has been in offensive security consulting for over 7 years and has 10 years of information security experience combined. He teaches red teaming classes to clients and taught a penetration testing course at the post-grad college level.", "answers": []}, {"guid": "6e037cab-d66c-56e3-b7b4-c6d7dea778a3", "id": 11, "code": "NKHTQJ", "public_name": "Charles F. Hamilton (Mr.Un1k0d3r)", "avatar": "https://cfp.nsec.io/media/avatars/NKHTQJ_gjN7iQV.jpg", "biography": "Charles Hamilton also known as Mr.Un1k0d3r is a Red Teamer, with more than twelve years of experience delivering offensive testing services for various government clients and commercial verticals. In recent years, Charles has focused on covert Red Team operations against complex and secured environments. These operations have allowed him to hone his craft at quietly navigating a client's network without detection. Since 2014, he is the founder and operator of the RingZer0 Team website, a platform focused on teaching hacking fundamentals. The RingZer0 community currently has more than 40,000 members worldwide. Charles is also a prolific toolsmith and speaker in the Infosec industry under the handle of Mr.Un1k0d3r.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/DAQGMD/", "id": 587, "guid": "38303106-fcaa-5024-93f0-2b83ced24439", "date": "2024-05-17T15:15:00-04:00", "start": "15:15", "logo": null, "duration": "00:30", "room": "Ville-Marie", "slug": "2024-587-finding-signals-in-the-noise-why-write-exploits-when-attackers-share-them-for-free-", "title": "Finding signals in the noise: Why write exploits when attackers share them for free?", "subtitle": "", "track": "Other", "type": "Talk \u2013 Round 1 [EN]", "language": "en", "abstract": "Did you know that ransomware groups are actually generous? They're so generous, in fact, that after putting all their time and effort into writing an exploit, they just share it with the internet for free! At GreyNoise, we've made it our mission to detect and categorize all traffic blasted onto the internet, which includes old exploits for old vulnerabilities, new exploits for new vulnerabilities, and everything in between. We'll show you what happens when an experienced exploit developer kicks back and lets others do the hard work - by building and deploying honeypots for emergent threats, we can spend our time analyzing what the baddies are up to, which vulnerabilities are actually being exploited, and who's being naughty. This talk will include real-world exploitation examples, including examples of exploits that would go on to join the Known Exploited Vulnerabilities (KEV) list. We'll Armed with that information, security teams can use their limited resources much more efficiently by prioritizing the vulnerabilities that are under attack!", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "6dc54c21-a95e-5a14-8f28-c25ea8c68e32", "id": 26, "code": "8Z3RAW", "public_name": "Ron Bowes", "avatar": "https://cfp.nsec.io/media/avatars/avatar_nRv3I8k.jpg", "biography": "Ron Bowes is a Lead Security Researcher on the GreyNoise Labs team, which tracks and investigates unusual--typically malicious--internet traffic. His primary role is to understand and track the big vulnerabilities of the day/week/month/year; often, that means parsing vague vendor advisories, diff'ing patches, reconstructing attacks from log files, and--most complex of all--installing and configuring enterprise software. When he's not at work, he runs the BSides San Francisco Capture the Flag contest, is a founder of The Long Con conference in Winnipeg, maintains a personal blog, and continues his question to finish every game in his Steam library.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/YBZPSB/", "id": 607, "guid": "5e7d2669-9a4c-5240-8a96-612e06a8e4ff", "date": "2024-05-17T16:00:00-04:00", "start": "16:00", "logo": null, "duration": "00:30", "room": "Ville-Marie", "slug": "2024-607-redefining-digital-security-a-new-approach-for-ipv-victims", "title": "Redefining Digital Security: A New Approach for IPV Victims", "subtitle": "", "track": "Other", "type": "Talk \u2013 Round 1 [EN]", "language": "en", "abstract": "This presentation, informed by a collaborative research project led by CDEACF, the Alliance des Maisons 2e \u00c9tape and the Lab-2038, addresses the critical need for specialized digital privacy strategies in support of Intimate Partner Violence (IPV) victims. Rather than looking at what advices security experts can give to IPV victims, we investigate how user experience, security settings and data governance pratices can directly impact their digital and physical safety. Our research highlights how generic, one-size-fits-all threat modelling and security policies by providers, including internet service providers, can inadvertently burden IPV victims. The talk emphasizes the importance of developing nuanced, victim-centred digital security approaches that acknowledge the unique challenges faced by IPV victims. It advocates for a collaborative effort among service providers, technologists, and social welfare experts to create more sensitive and effective digital privacy solutions tailored to the needs of IPV victims.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "703c2110-6163-51ed-9814-b08eea30c420", "id": 471, "code": "TSWDSG", "public_name": "Corinne Pulgar", "avatar": "https://cfp.nsec.io/media/avatars/TechnoFeminin2019_Helena_Valles_small_GhbmeO9.jpg", "biography": "Corinne Pulgar brings a unique blend of technical expertise and social awareness to the field of digital security. With a Master's in Software Engineering from \u00c9cole de Technologie Sup\u00e9rieure (ETS) and a Bachelor's in Computer Science from Universit\u00e9 du Qu\u00e9bec \u00e0 Montr\u00e9al (UQAM), they possess a deep understanding of software development and security. They have shown a steadfast commitment to education through their contributions as a project manager and InfoSec at Lab2038 and a teaching assistant and lecturer at multiple institutions, including McGill University, ETS and UQAM. Her ability to translate complex technical concepts into accessible knowledge has made them a sought-after lecturer and mentor.\r\n\r\nCorinne\u2019s research, presented at conferences and published in journals, focuses on model-driven software engineering and DevOps, demonstrating their innovative approach to software development. Their work at the intersection of technology and inclusivity reflects their dedication to leveraging their technical expertise for social good, specifically in enhancing digital privacy and security for vulnerable groups. Their unique perspective, combining technical acumen with a passion for social impact, makes them an ideal speaker to address the critical issue of digital privacy in the context of IPV.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/CPCSGX/", "id": 642, "guid": "a82705b2-a5ec-5caf-ae25-bfbd1845d802", "date": "2024-05-17T16:45:00-04:00", "start": "16:45", "logo": null, "duration": "00:30", "room": "Ville-Marie", "slug": "2024-642-lightning-talks", "title": "Lightning Talks", "subtitle": "", "track": null, "type": "Panel discussion and Q&A", "language": "en", "abstract": "Lightning talks by the community for the community!\r\n\r\n5 minutes, no sales pitches!\r\n\r\nTo enter, fill the form: https://forms.gle/fuUevAiRG3TaNHn77", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/7PVGSW/", "id": 669, "guid": "e3e3ac6c-bf44-5c93-b244-ce45c6c51dff", "date": "2024-05-17T17:15:00-04:00", "start": "17:15", "logo": null, "duration": "00:15", "room": "Ville-Marie", "slug": "2024-669-fermeture-conference-closing", "title": "Fermeture Conference Closing", "subtitle": "", "track": null, "type": "Opening Remarks", "language": "en", "abstract": "Closing conference remarks // Fermeture de la conf\u00e9rence", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}], "Salle de Bal": [{"url": "https://cfp.nsec.io/2024/talk/9PRFYS/", "id": 636, "guid": "39fd384e-61f6-5a7e-b457-1052222e5a5b", "date": "2024-05-17T09:15:00-04:00", "start": "09:15", "logo": null, "duration": "00:30", "room": "Salle de Bal", "slug": "2024-636-heartbleed-ten-years-later", "title": "Heartbleed, ten years later", "subtitle": "", "track": "Other", "type": "Talk \u2013 Round 2 [EN]", "language": "en", "abstract": "This year marks the ten-year anniversary of Heartbleed\u2019s discovery and public disclosure. Heartbleed was a severe flaw in the OpenSSL cryptographic library. It was publicly disclosed on April 7, 2014, initiating a long and arduous process of remediation for more than two thirds of all web servers on the internet. Anybody could potentially eavesdrop on communications, steal data or impersonate users for any vulnerable service or device, without leaving a trace. Described by some experts as \u201cone of the most consequential vulnerability since the advent of the commercial internet\u201d, Heartbleed abruptly unveiled the insecure and unsustainable foundations on which the internet infrastructure was built. How could so many major organizations (Google, Amazon, Facebook, financial and government institutions) depend on OpenSSL, a struggling free software project with one overworked full-time developer and $2,000 in yearly donations? How could they integrate its code without any proper security audit or reciprocal financial support? This presentation traces the historical roots of the OpenSSL project and its growing adoption, from the mid 1990s up to 2014. Based on original interviews with OpenSSL developers and security experts as well as extensive archival research, it portrays a nascent cryptographic library written \u201cas a learning exercise\u201d during the turmoil of the Crypto Wars of the 1990s. Finally, this presentation explores some of the long-lasting effects Heartbleed has had on the tech industry and free software community \u2013 effects that still resonate to this day, ten years later.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "cc6be72e-604d-5f63-a733-fe6d35464174", "id": 495, "code": "89YL73", "public_name": "Louis Melan\u00e7on", "avatar": "https://cfp.nsec.io/media/avatars/Profil_travail_Ksrkkkk.jpg", "biography": "Titulaire d\u2019une ma\u00eetrise en mobilisation et transfert des connaissances de l\u2019Institut national de la recherche scientifique, Louis a toujours cherch\u00e9 \u00e0 combiner son int\u00e9r\u00eat pour le transfert des connaissances \u00e0 sa passion pour la recherche et l\u2019impact des nouvelles technologies. Apr\u00e8s avoir poursuivi ses \u00e9tudes universitaires en s\u2019int\u00e9ressant \u00e0 la vuln\u00e9rabilit\u00e9 Heartbleed et son impact sur les pratiques de s\u00e9curit\u00e9, Louis a collabor\u00e9 avec plusieurs organismes de mobilisation des connaissances tels que Serene-risc et Research Impact Canada. Ayant r\u00e9cemment joint l\u2019\u00e9quipe du soutien \u00e0 la recherche chez Ivado, cette pr\u00e9sentation est l\u2019occasion pour Louis de revisiter le sujet qui l\u2019a passionn\u00e9 pendant des ann\u00e9es.\r\n\r\nHolder of a master's degree in knowledge mobilization from INRS, Louis has always sought to combine his interest in knowledge transfer with his passion for research and the impact of new technologies. After continuing his university studies focusing on the Heartbleed vulnerability and its impact on security practices, Louis collaborated with several knowledge mobilization organizations such as Serene-risc and Research Impact Canada. Having recently joined the research support team at Ivado, this presentation is an opportunity for Louis to revisit the subject that has fascinated him for years.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/3PL9BZ/", "id": 628, "guid": "86f8514f-e058-5016-8049-8094907d303e", "date": "2024-05-17T10:00:00-04:00", "start": "10:00", "logo": null, "duration": "00:30", "room": "Salle de Bal", "slug": "2024-628-graphrunner-and-defending-your-microsoft-tenant", "title": "GraphRunner and Defending Your Microsoft Tenant", "subtitle": "", "track": "Other", "type": "Talk \u2013 Round 2 [EN]", "language": "en", "abstract": "For organizations using Microsoft Entra ID (formerly known as Azure Active Directory) and O365, it\u2019s fairly well understood that a set of default logs are readily available for use, no matter what log management tooling an organization is using. However, this standard logging has its limits.\r\n\r\nLast fall, the team at Black Hills Information Security released a post exploitation kit called GraphRunner. This tool is focused on interacting with the Microsoft Graph API, which is the backbone that services Entra ID, O365 and many other services in the Microsoft cloud. The release of GraphRunner and future tools like it streamlines a number of activities that an adversary would perform after gaining access, making it simpler for anyone to use. While GraphRunner is a post exploitation toolkit, there are authentication functions that highlight how adversaries could use the OAuth authorization code flow to their advantage.\r\n\r\nAs a defender, this presents a set of challenges. Less sophisticated adversaries have a lower barrier to entry once they have gained access to the Graph API than they did before. It also highlights that the standard logging may not be sufficient to gain visibility into actions like the refreshing of tokens or other activities that a tool like GraphRunner provides.\r\n\r\nThis talk is designed to provide insight into additional data sets that Microsoft cloud users have access to but may not be as widely deployed. These additional data sets can provide defenders additional insight, detect suspicious activity and can serve as a hunting ground when confronted with an adversary using techniques like those found in GraphRunner.\r\n\r\nBecause GraphRunner contains numerous modules and is written in PowerShell, an adversary can customize it to their own needs. While we won\u2019t be able to cover all possible permutations, our goal is to identify data sets and events that can assist defenders while using GraphRunner as a representative of the kinds of methods that adversaries might use.\r\n\r\nAttendees will come away from this talk with:\r\n-A greater understanding of GraphRunner and its capabilities\r\n-Awareness of the logging available for the Graph API beyond the standard logging\r\n-Ideas around how detections and hunts can be designed to identify GraphRunner activity", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "02fa7555-4b63-53b1-9a97-e173fc5b711c", "id": 490, "code": "L3NFCM", "public_name": "John Stoner", "avatar": "https://cfp.nsec.io/media/avatars/stoner-headshot_08dZBRE.jpeg", "biography": "John Stoner is a Global Principal Security Strategist at Google Cloud and leverages his experience to improve users' capabilities in Security Operations, Threat Hunting, Incident Response, Detection Engineering and Threat Intelligence. He blogs on threat hunting and security operations and has built multiple APT threat emulations for blue team capture the flag events. John has presented and led workshops at various industry symposia including FIRST (CTI, Tech Colloquium), BSides (SF, Las Vegas), SANS Summits (DFIR, Threat Hunting, Cloud and SIEM), WiCyS, Way West Hacking Fest, AISA and DefCon Packet Hacking Village. He also enjoys listening to what his former teammates referred to as \"80s sad-timey music.\"", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/AT7P8Y/", "id": 618, "guid": "6a4fcc1c-ca47-5bdc-987d-2181ea504a40", "date": "2024-05-17T10:45:00-04:00", "start": "10:45", "logo": null, "duration": "00:30", "room": "Salle de Bal", "slug": "2024-618-jupyter-jetpack-automating-cloud-threat-hunting", "title": "Jupyter Jetpack: Automating Cloud Threat Hunting", "subtitle": "", "track": "Other", "type": "Talk \u2013 Round 2 [EN]", "language": "en", "abstract": "The talk will outline detection and threat hunting strategies that could be easily adopted by a mature SOC to look for threats in their Cloud (O365 and AWS) environment. I'll be introducing a Jupyter notebook containing detections mapped to the MITRE ATT&CK framework and threat hunting methodologies backed by unsupervised machine learning. We will take a look at huge datasets using visualizations to find anomalies. These anomalies would be converted into High-Fidelity Detection, along with some ideas to extend this hunt to IAM Platforms like OKTA", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "62666c46-852a-520d-990f-8b6f9bb0549a", "id": 479, "code": "QAFWPU", "public_name": "Kai Iyer", "avatar": "https://cfp.nsec.io/media/avatars/QAFWPU_04N5alF.jpg", "biography": "Kai is a Senior Security Engineer at EY's Cyber Threat Management team and manages Applied Machine Learning and Security Engineering. He holds multiple certifications and has extensive knowledge in various domains, including Web-App Development, Data Science, Incident Response, DevSecOps and Purple Teaming. He is also an advocate for open source software and data privacy. He dreams of a world where no one clicks on phishing e-mails.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/YZXSDH/", "id": 581, "guid": "61b3fea3-3948-5313-89be-6dcf0302aa06", "date": "2024-05-17T11:30:00-04:00", "start": "11:30", "logo": null, "duration": "00:30", "room": "Salle de Bal", "slug": "2024-581-double-trouble-unmasking-twin-phishing-campaigns-targeting-e-commerce-and-travel-sites", "title": "Double Trouble: Unmasking Twin Phishing Campaigns Targeting E-commerce and Travel Sites", "subtitle": "", "track": "Other", "type": "Talk \u2013 Round 2 [EN]", "language": "en", "abstract": "In today's technology-driven landscape, the transition to digital transactions has eclipsed conventional face-to-face interactions, presenting novel challenges in ensuring transaction security. Users, perhaps inadvertently, heighten security risks by opening email attachments from phishing attempts, intensifying the complexities of online transaction security. Moreover, there exists the potential of voluntarily disclosing sensitive information, further adding intricacy to the digital transaction security landscape.\r\n\r\nCompounding this issue, cyber attacks leverage customer data pilfered from compromised merchants. Victims find themselves coerced into divulging credit card details through a sophisticated, multi-step process. This research brings to light a new phishing campaign, unraveling the techniques, tactics, procedures (TTPs), and indicators of compromise (IoCs) employed by threat actors. These encompass the exploitation of the platform's chat function and the incorporation of transaction data to bolster the credibility of phishing pages.\r\n\r\nThe cyber attacks, though strikingly similar, employ urgent language and intimate knowledge of users' bookings, instilling credibility in deceitful messages. However, distinctive cues like odd URLs and typos serve as saviors for potential victims. Upon analysis, these campaigns redirect users to counterfeit sites that mirror legitimate e-commerce platforms. The craftiness of cyber criminals shines through identical HTML elements and scripts, meticulously validating data and even circumventing multi-factor authentication.\r\n\r\nFurther investigation unveils the tactics employed by cyber thieves: exploiting InfoStealer malware to breach hotel chat systems and amass valuable customer data, escalating their targeted attacks. Open-source intelligence tools reveal a broader scope, a twin campaign where attackers impersonating various platforms, not limited to travel sites but also other e-commerce platforms, since 2021. Domain fronting is also consistently employed to conceal their tracks along with some other TTPs.\r\n\r\nThe research culminates in insights and recommendations to enhance the security of all parties involved. By implementing these suggestions, it is hoped that both platforms and merchant-customers can fortify their resilience, mitigating potential risks in the dynamic digital landscape.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "60a0a65c-8a65-519c-aed6-279856ea7d17", "id": 150, "code": "NGGVYW", "public_name": "Mangatas Tondang (@tas_kmanager)", "avatar": "https://cfp.nsec.io/media/avatars/image10_58sO9GL.jpg", "biography": "Tas has spent the last five years immersed in the worlds of threat hunting, detection engineering, and security research. Currently, he's making changes at Microsoft, specializing in cloud security research. Beyond his professional endeavors, Tas is a passionate contributor to the cybersecurity community, holding roles in the DFIR report and Curated Intelligence. He's also no stranger to the stage, having presented at various conferences around the globe, to name a few SANS Summits and DEF CON BTV. When he's not navigating the digital landscape, Tas enjoys the art of astrophotography and embarking on spontaneous adventures across the globe exploring landscapes and cuisines.", "answers": []}], "links": [], "attachments": [], "answers": []}], "Workshop 1": [{"url": "https://cfp.nsec.io/2024/talk/JLME7J/", "id": 622, "guid": "b2f4c6b0-aac0-5ba6-bade-0110c21db8d5", "date": "2024-05-17T09:00:00-04:00", "start": "09:00", "logo": null, "duration": "03:00", "room": "Workshop 1", "slug": "2024-622-reversing-rust-binaries-one-step-beyond-strings", "title": "Reversing Rust Binaries: One step beyond strings", "subtitle": "", "track": null, "type": "3hr workshop -- Round 2 [EN]", "language": "en", "abstract": "Are you a seasoned reverse engineer, but you tremble when a Rust binary lands on your desk? When you encounter a Rust binary, do you just run `strings` on it and hope for the best?\r\n\r\nWe will take a single problem - string recovery from a Rust binary - and uses it as an approachable starting point for exploring reversing Rust binaries. We will cover:\r\n\r\n- What are the practical steps we need to take to recover strings? How are strings represented in memory, passed between functions, and manipulated throughout the program?\r\n\r\n- Once we recover the strings, what do the strings mean? What can the strings we recover tell us about the compiler, language runtime, standard library, and third-party libraries in the binary?\r\n\r\nThis workshop is intended for reverse engineers and malware analysts who are familiar with reversing C or C++ binaries, but who are unfamiliar with the Rust programming language.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "39e252e4-2a6d-5216-b0bb-290e0271a385", "id": 485, "code": "FC7XNE", "public_name": "Cindy Xiao", "avatar": "https://cfp.nsec.io/media/avatars/cindy-xiao_Unmg7c7.jpg", "biography": "Cindy Xiao is a security researcher who works primarily on malware reverse engineering, in support of cyber threat intelligence reporting. Cindy enjoys learning from other security practitioners (both offensive and defensive), developing tools to help with analysis, and mentoring others.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/998BPC/", "id": 630, "guid": "82b53bcf-ab3c-5913-a95f-3e1153f9ddf9", "date": "2024-05-17T13:00:00-04:00", "start": "13:00", "logo": null, "duration": "03:00", "room": "Workshop 1", "slug": "2024-630-machine-learning-for-security-professionals-building-and-hacking-ml-systems", "title": "Machine Learning For Security Professionals: Building And Hacking ML Systems", "subtitle": "", "track": null, "type": "3hr workshop -- Round 2 [EN]", "language": "en", "abstract": "Our training provides an intuitive introduction to machine learning for security professionals with no prior knowledge of mathematics or ML. In the ML4SEC section attendees will gain hands-on experience building MLpowered defensive and offensive security tools using popular libraries like Tensorflow, Keras, Pytorch, and sklearn. We\u2019ll cover the entire ML pipeline, from pre-processing data to building, training, evaluating, and predicting with ML models. In the SEC4ML section we\u2019ll address vulnerabilities in state-of-the-art machine learning methodologies, including adversarial learning, model stealing, data poisoning, and model inference. Participants will work with vulnerable ML applications to gain a thorough understanding of these vulnerabilities and learn possible mitigation strategies. Our training provides practical knowledge that security\r\nprofessionals can apply in their work", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "180dc602-cd76-5191-bd71-0735a92f0cd6", "id": 488, "code": "CBUWBL", "public_name": "Sagar Bhure", "avatar": "https://cfp.nsec.io/media/avatars/sagarbhure_vOYhLTS.jpeg", "biography": "Sagar Bhure is a highly accomplished Security Researcher with a proven track record of excellence in\r\nhis research on security. He is a filed patent holder with the US for his innovative work on ML and Security\r\nand has published several papers on the subject in top-tier journals. He currently leads various projects\r\nat OWASP, including the prestigious \"ML Security Top 10\" , an OWASP flagship project. Sagar has spoken\r\nat several industry-leading international conferences, including Hack in Paris, BlackHat, OWASP, and\r\nAPISecure. He is regarded as a respected thought leader in the cybersecurity community, frequently\r\ninvited to speak at conferences and workshops on topics related to offensive and defensive security.\r\nSagar\u2019s engaging presentations have helped to educate security professionals with cutting-edge research\r\nand tools to strengthen their security toolkits.", "answers": []}], "links": [], "attachments": [], "answers": []}], "Workshop 2": [{"url": "https://cfp.nsec.io/2024/talk/U8ABLY/", "id": 590, "guid": "99e254dc-9fc8-5233-b2e0-f3c0be7384ea", "date": "2024-05-17T09:00:00-04:00", "start": "09:00", "logo": null, "duration": "03:00", "room": "Workshop 2", "slug": "2024-590-exploiter-ansible-worx-et-tout-le-reste", "title": "Exploiter Ansible WorX et tout le reste", "subtitle": "", "track": null, "type": "3hr workshop -- Round 2 [EN]", "language": "en", "abstract": "Ansible WorX (AWX), la version libre de Ansible Tower, sert \u00e0 g\u00e9rer des serveurs \u00e0 distance de fa\u00e7on centralis\u00e9e. L\u2019application permet de simplifier la gestion des serveurs en s\u2019appuyant sur la puissance de Ansible et en ajoutant des fonctionnalit\u00e9s de gestion d\u2019inventaire et d'autorisations. Cependant, qui dit centralisation, dit souvent unique point de rupture.\r\n\r\nPour les attaquants, AWX est une cible de choix. Si des acc\u00e8s \u00e0 la plateforme sont compromis, il est primordial de savoir l\u2019auditer. Il serait facile de causer des incidents et des pertes de service, et c\u2019est \u00e0 \u00e9viter \u00e0 tout prix. Ceci-dit la r\u00e9compense de l\u2019utilisation des acc\u00e8s obtenus se compte souvent en dizaines de serveurs compromis. Il s\u2019agit donc d\u2019 un impact majeur pour une organisation.\r\n\r\nDans cet atelier, vous apprendrez les diff\u00e9rents concepts reli\u00e9s \u00e0 AWX et Ansible. Vous apprendrez \u00e9galement \u00e0 utiliser des acc\u00e8s \u00e0 AWX dans l\u2019objectif de compromettre les serveurs g\u00e9r\u00e9s par la plateforme. Divers sc\u00e9narios et m\u00e9thodes seront abord\u00e9s pour \u00eatre pr\u00eat \u00e0 toutes \u00e9ventualit\u00e9s.\r\n\r\nDans le but d\u2019un atelier le plus fluide possible, s\u2019il-vous-pla\u00eet, pr\u00e9-installez AWX CLI.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "d9693a7f-1f4b-5e04-9a6c-92090baf3aba", "id": 452, "code": "QFKHSK", "public_name": "Simon Lacasse", "avatar": null, "biography": "Simon Lacasse travaille comme testeur d'intrusions chez Desjardins, avec un focus sur des tests organisationels orient\u00e9s par objectifs. Il est tr\u00e8s int\u00e9ress\u00e9 par la s\u00e9curit\u00e9 web et d'infrastructure. \u00c9quip\u00e9 d'une formation en ing\u00e9nierie logicielle, il aime cr\u00e9er ses propres outils pour r\u00e9soudre les diff\u00e9rents d\u00e9fis qu'il rencontre. Lorsque possible, il aime redonner \u00e0 la communaut\u00e9 en faisant de ses outils des logiciels libres. Simon est \u00e9galement un ancien membre du club de s\u00e9curit\u00e9 informatique de Polytechnique Montr\u00e9al, PolyHack/PolyHx.\r\n\r\n(Bio de Charl-Alexandre en attente.)", "answers": []}, {"guid": "374fed1c-a170-5381-a34b-8f410d2dab37", "id": 462, "code": "JM3MBU", "public_name": "Charl-alexandre Le Brun", "avatar": "https://cfp.nsec.io/media/avatars/JM3MBU_QH9iSBO.jpg", "biography": "Je suis un passionn\u00e9 de l'informatique, ce domaine est ma passion et mon m\u00e9tier.\r\nJe fais des tests d'intrusion depuis quelques ann\u00e9es et sur le c\u00f4t\u00e9 j'aime entreprendre des recherches ou des projets. \r\nQue ce soit identifi\u00e9 des vuln\u00e9rabilit\u00e9s ou construire des outils, je vais toujours suivre ma curiosit\u00e9.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/EJAXLP/", "id": 597, "guid": "c9b31cdf-35d8-55a9-bf1e-1b6779a9a28f", "date": "2024-05-17T13:00:00-04:00", "start": "13:00", "logo": null, "duration": "03:00", "room": "Workshop 2", "slug": "2024-597-toolbox-for-reverse-engineering-and-binary-exploitation", "title": "Toolbox for reverse engineering and binary exploitation", "subtitle": "", "track": null, "type": "3hr workshop -- Round 1 [EN]", "language": "en", "abstract": "The objective of the workshop is to learn how to use some powerful but intimidating tools while reverse engineering IOT devices: Angr, Unicorn and Qiling.\r\n\r\nThe workshop aim to show common use cases for each of these tools and also their limits.\r\n\r\nTo that end, the workshop will propose the following exercices:\r\n\r\n* Decipher XOR encrypted strings with Angr\r\n* Automated buffer overflow exploitation with Angr\r\n* Emulation of arbitrary function or code blocks with Unicorn\r\n* Binary emulation with Qiling\r\n* Complete device emulation after firmware extraction with Renode", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "8fe5fa1a-57cc-5923-a0cb-9f37e151e8b4", "id": 59, "code": "Y97WKP", "public_name": "Marc-Andr\u00e9 Labont\u00e9", "avatar": "https://cfp.nsec.io/media/avatars/IMG_20220524_201710_Mhd4gbF.jpg", "biography": "Marc-andre Labonte was a system administrator for more than a decade at the McGill Genome Center while it was known as the McGill University and Genome Quebec Innovation Center. There, he took part in the design, deployment, operation and maintenance of the data center as it went through multiple upgrade cycles to accommodate ever powerful high throughput genome sequencers coming to market.\r\n\r\nThen, he joined the ETTIC team at Desjardins in 2016 as infrastructure penetration tester. Currently doing vulnerability research on IOT devices, he also presented \"Automated contact tracing experiment on ESP Vroom32\" workshop at NSEC in 2021. His work is motivated by curiosity and a strong sense of personal privacy in a world of connected devices and data hungry organizations.", "answers": []}], "links": [], "attachments": [], "answers": []}], "Salle de la Commune": [{"url": "https://cfp.nsec.io/2024/talk/DPNKWF/", "id": 656, "guid": "572b8a8f-3f5a-5a53-a50e-cf4ef5c55d72", "date": "2024-05-17T09:30:00-04:00", "start": "09:30", "logo": null, "duration": "06:00", "room": "Salle de la Commune", "slug": "2024-656-friday-community-booths-kiosques-communautaires-du-vendredi", "title": "Friday Community Booths / Kiosques communautaires du vendredi", "subtitle": "", "track": null, "type": "Community Room (Villages)", "language": "en", "abstract": "English below\r\n\r\nVous \u00eates cordialement invit\u00e9s \u00e0 venir explorer la salle communautaire, o\u00f9 la convergence de la technologie, de l'amusement et de l'apprentissage vous attend. Que vous soyez un amateur de jeux, un technophile averti ou simplement curieux de d\u00e9couvrir de nouvelles choses, on vous y attend!\r\n\r\nD\u00e9couvrez nos kiosques :\r\n\r\n* Guys, Games and Beer (G2B)\r\n* Cybercap\r\n* Jeux de table\r\n* \u00c9changes d'auto-collants\r\n* Foulab\r\n* Crochetage de serrures\r\n* Vol \u00e0 la tire : De retour pour une troisi\u00e8me ann\u00e9e, James Harrison r\u00e9alisera ses techniques de prestidigitation \u00e9poustouflantes de pr\u00e8s. Vous pourriez m\u00eame apprendre un tour ou deux !\r\n* Atelier de CV\r\n\r\net plus encore\r\n\r\n// English //\r\nYou are cordially invited to come explore the community hall, where the convergence of technology, fun, and learning awaits you. Whether you're a gaming enthusiast, a seasoned technophile, or simply curious to discover new things, we'll be expecting you there!\r\n\r\n* Guys, Games and Beer (G2B)\r\n* Cybercap \r\n* Tabletop games\r\n* Sticker exchange\r\n* Foulab\r\n* Lockpicking\r\n* Pickpocketing : Come learn and be amazed by Canada's Pickpocket Magician! Back for a third year, James Harrison will perform his mindblowing sleigh of hand techniques up close. You might even learn a trick or two!\r\n* HR village\r\n\r\nand much more!", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}], "Sc\u00e8ne de la Commune": [{"url": "https://cfp.nsec.io/2024/talk/VGD7GT/", "id": 664, "guid": "c0f6543e-67a8-5d04-a020-1368e32066df", "date": "2024-05-17T13:15:00-04:00", "start": "13:15", "logo": null, "duration": "00:45", "room": "Sc\u00e8ne de la Commune", "slug": "2024-664-guys-games-and-beer-podcast-recording-cybersecurity-in-the-video-game-industry", "title": "Guys Games and Beer Podcast Recording - Cybersecurity in the Video Game Industry", "subtitle": "", "track": "Other", "type": "Community Room (Villages)", "language": "en", "abstract": "Podcast recording in front of a live audience in English. Contact us in #villages on Discord to be interviewed!\r\n\r\nMore info: https://www.facebook.com/GuysGamesAndBeer", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/8MGKPT/", "id": 682, "guid": "911eb54d-04a3-5336-9592-5b394b34431a", "date": "2024-05-17T15:15:00-04:00", "start": "15:15", "logo": null, "duration": "01:00", "room": "Sc\u00e8ne de la Commune", "slug": "2024-682-i-will-look-for-you-and-i-will-find-you-osint-extras", "title": "I will look for you and I will find you: OSINT Extras", "subtitle": "", "track": "Human in the Middle", "type": "Community Room (Villages)", "language": "en", "abstract": "If you've enjoyed https://nsec.io/session/2024-i-will-look-for-you-and-i-will-find-you-osint-on-publicly-shared-pictures.html, or if you've missed it, this session is not to be missed! Patricia will cover contents that didn't fit in the condensed talk format.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "a2056742-11c6-5d0c-8597-613831eff4e0", "id": 473, "code": "HB99JV", "public_name": "Patricia Gagnon-Renaud", "avatar": "https://cfp.nsec.io/media/avatars/0F7A7836_Web_X6EcFGM.jpg", "biography": "Patricia Gagnon-Renaud is a Cybersecurity Analyst in the Ethical Hacking team at GoSecure. She has a bachelor's degrees in IT engineering, is a licensed engineer, and more recently, has become a Certified Information Systems Security Professional (CISSP). Her interests include social engineering, physical security, lockpicking and urbanism.", "answers": []}], "links": [], "attachments": [], "answers": []}], "Soldering Village": [{"url": "https://cfp.nsec.io/2024/talk/RSTZ98/", "id": 657, "guid": "6d7e3fd1-cda5-5cff-8257-e5066a0f895a", "date": "2024-05-17T09:30:00-04:00", "start": "09:30", "logo": null, "duration": "03:00", "room": "Soldering Village", "slug": "2024-657-soldering-village-village-de-la-soudure", "title": "Soldering village / Village de la soudure", "subtitle": "", "track": null, "type": "Community Room (Villages)", "language": "en", "abstract": "Open all day // Ouvert toute la journ\u00e9e\r\nVenez apprendre ou perfectionner votre technique de brasage! Nos b\u00e9n\u00e9voles sauront vous aider \u00e0 vous initier ou vous am\u00e9liorer. Premier arriv\u00e9, premier servi!\r\n\r\nCome learn or perfect your soldering technique! Our volunteers will be able to help you get started or improve. First come, first served!", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/AFFKRT/", "id": 662, "guid": "df4205e1-793b-5a85-a5d7-244fa0743175", "date": "2024-05-17T13:00:00-04:00", "start": "13:00", "logo": null, "duration": "02:00", "room": "Soldering Village", "slug": "2024-662-soldering-workshop-day-2-atelier-de-soudure-jour-2", "title": "Soldering Workshop - Day 2 / Atelier de soudure - Jour 2", "subtitle": "", "track": null, "type": "Community Room (Villages)", "language": "en", "abstract": "REGISTRATION REQUIRED HERE / INSCRIPTION OBLIGATOIRE ICI : https://tickets.nsec.io/2024/\r\n\r\nSoldering (EN below) / Soudure (brasage)\r\n\r\nRejoignez-nous pour un atelier pratique de brasage o\u00f9 vous d\u00e9couvrirez les secrets de vos badges (apportez votre badge Sputnik ou Cerveau!). \r\n\r\nDans cet atelier passionnant, vous apprendrez les techniques de brasage tout en donnant une nouvelle vie \u00e0 vos badges. Apprenez \u00e0 hacker votre badge pour lui donner de nouvelles fonctionnalit\u00e9s et le personnaliser. \r\n\r\nC'est une occasion unique de d\u00e9velopper vos comp\u00e9tences en \u00e9lectronique tout en repartant avec un souvenir unique et personnalis\u00e9 ! L'atelier sera offert en anglais.\r\n\r\nINSCRIPTION OBLIGATOIRE ICI : https://tickets.nsec.io/2024/\r\n\r\n\r\n\r\nJoin us for a hands-on soldering workshop where you'll uncover the secrets of crafting your own electronic badge - bring your Brain or Sputnik badge if you have one! \r\n\r\nIn this exciting workshop, you'll learn soldering techniques while breathing new life into your (Sputnik/Brain) badge. Learn to hack your badge to add new features and customize it to your heart's content. It's a unique opportunity to enhance your electronics skills while walking away with a one-of-a-kind, personalized keepsake!\r\n\r\n(an additional fee is required to cover the cost of materials, REGISTRATION REQUIRED HERE : https://tickets.nsec.io/2024/", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}], "CTF": [{"url": "https://cfp.nsec.io/2024/talk/3QYAEM/", "id": 672, "guid": "0a953df3-d453-53b5-9840-f38fcf2a7261", "date": "2024-05-17T18:00:00-04:00", "start": "18:00", "logo": null, "duration": "01:00", "room": "CTF", "slug": "2024-672-ctf-salle-de-bal-registration-enregistrement", "title": "CTF Salle de Bal Registration / Enregistrement", "subtitle": "", "track": null, "type": "CTF", "language": "en", "abstract": "Setup your table // Installez vous", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/TFRNFP/", "id": 673, "guid": "864aad84-2677-532a-ad0f-ec515e2831e3", "date": "2024-05-17T19:00:00-04:00", "start": "19:00", "logo": null, "duration": "01:00", "room": "CTF", "slug": "2024-673-ctf-salle-de-la-commune-registration-enregistrement", "title": "CTF Salle de la commune Registration / Enregistrement", "subtitle": "", "track": null, "type": "CTF", "language": "en", "abstract": "Setup your table // Installez-vous", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/JHPCB9/", "id": 675, "guid": "09043105-ab58-5d98-b0e8-3053cdaee030", "date": "2024-05-17T20:00:00-04:00", "start": "20:00", "logo": null, "duration": "00:30", "room": "CTF", "slug": "2024-675-the-ctf-begins-ouverture-du-ctf", "title": "The CTF Begins // Ouverture du CTF", "subtitle": "", "track": null, "type": "CTF", "language": "en", "abstract": "Opening speeches: Welcome by Emile and Theme reveal by Eric. Sponsored speech by Boost Security.\r\n\r\n//\r\n\r\nDiscours de bienvenue par \u00c9mile et r\u00e9v\u00e9lation du th\u00e8me par Eric. Discours de notre commanditaire Boost Security.", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/PSNNCB/", "id": 677, "guid": "59e2341b-2970-5c22-80cd-8f06fbd1a171", "date": "2024-05-17T20:30:00-04:00", "start": "20:30", "logo": null, "duration": "06:30", "room": "CTF", "slug": "2024-677-ctf-day-1-competition-jour-1", "title": "CTF Day 1 // Competition Jour 1", "subtitle": "", "track": null, "type": "CTF", "language": "en", "abstract": "Get all the flags, learn on the way. // Obtenez tous les drapeaux, apprenez au passage.", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}]}}, {"index": 3, "date": "2024-05-18", "day_start": "2024-05-18T04:00:00-04:00", "day_end": "2024-05-19T03:59:00-04:00", "rooms": {"CTF": [{"url": "https://cfp.nsec.io/2024/talk/SDVMYS/", "id": 671, "guid": "692e2385-cb07-5fef-867b-4a304bcb1940", "date": "2024-05-18T08:00:00-04:00", "start": "08:00", "logo": null, "duration": "01:00", "room": "CTF", "slug": "2024-671-ouverture-de-la-comptition-jour-2-ctf-opening-day-2", "title": "Ouverture de la comp\u00e9tition jour 2 // CTF Opening Day 2", "subtitle": "", "track": null, "type": "CTF", "language": "en", "abstract": "![\"Corsek\"](\"https://nsec.io/img/partners/corsek.svg\")
Ouverture du service de garde // Day care opens
\r\n\r\n\ud83e\udd50 \u2615 \ud83e\udd6f \ud83e\uddc3 Breakfast sponsored by Corsek // D\u00e9jeuner gr\u00e2ce \u00e0 Corsek", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/BHGMG9/", "id": 678, "guid": "84cc4513-cd43-5be1-8d33-33adf3cd776e", "date": "2024-05-18T09:00:00-04:00", "start": "09:00", "logo": null, "duration": "12:00", "room": "CTF", "slug": "2024-678-ctf-day-2-comptition-jour-2", "title": "CTF Day 2 // Comp\u00e9tition jour 2", "subtitle": "", "track": null, "type": "CTF", "language": "en", "abstract": "Get all the flags, learn on the way. // Obtenez tous les drapeaux, apprenez au passage.", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/X39DX9/", "id": 670, "guid": "11dbfbe5-abeb-5d37-848b-160558c0c3e2", "date": "2024-05-18T21:00:00-04:00", "start": "21:00", "logo": null, "duration": "02:00", "room": "CTF", "slug": "2024-670-hacker-jeopardy", "title": "Hacker Jeopardy", "subtitle": "", "track": null, "type": "CTF", "language": "en", "abstract": "The classic Hacker Jeopardy at NorthSec. Hackers answer weird and obscure clues for your entertainment! In the form of a question!!!
\r\n\r\n//\r\n\r\nLe Hacker Jeopardy classique de NorthSec. Des participants r\u00e9pondent a des \u00e9nigmes \u00e9tranges et obscures pour le divertissement de tous! Sous la forme d'une question!! \u00c9v\u00e9nement en anglais.\r\n\r\nEvent sponsored by Corsek // \u00c9v\u00e9nement commandit\u00e9 par Corsek", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/F9Z3MQ/", "id": 680, "guid": "a7918ec4-b9f8-5dbe-83a7-52c8bd4b35c8", "date": "2024-05-18T23:00:00-04:00", "start": "23:00", "logo": null, "duration": "00:30", "room": "CTF", "slug": "2024-680-post-jeopardy-pizza-", "title": "Post-Jeopardy Pizza!", "subtitle": "", "track": null, "type": "CTF", "language": "en", "abstract": "![\"Okiok\"](\"https://nsec.io/img/partners/okiok.png\")
La classique pizza post-Jeopardy commandit\u00e9e par Okiok.\r\n\r\nThe classic post-Jeopardy pizza sponsored by Okiok.", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/M9B7ME/", "id": 681, "guid": "96c71235-eb62-556f-86ed-eb1a6defd846", "date": "2024-05-18T23:30:00-04:00", "start": "23:30", "logo": null, "duration": "03:30", "room": "CTF", "slug": "2024-681-ctf-day-2-cont-comptition-jour-2-suite-", "title": "CTF Day 2 (cont.) // Comp\u00e9tition jour 2 (suite)", "subtitle": "", "track": null, "type": "CTF", "language": "en", "abstract": "Get all the flags, learn on the way. // Obtenez tous les drapeaux, apprenez au passage.", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}]}}, {"index": 4, "date": "2024-05-19", "day_start": "2024-05-19T04:00:00-04:00", "day_end": "2024-05-20T03:59:00-04:00", "rooms": {"CTF": [{"url": "https://cfp.nsec.io/2024/talk/VHY9VS/", "id": 679, "guid": "903dcdbc-203f-5036-9e81-c1e49e9c40ec", "date": "2024-05-19T08:00:00-04:00", "start": "08:00", "logo": null, "duration": "07:00", "room": "CTF", "slug": "2024-679-ctf-day-3-comptition-jour-3", "title": "CTF Day 3 // Comp\u00e9tition jour 3", "subtitle": "", "track": null, "type": "CTF", "language": "en", "abstract": "![\"Google\"](\"https://nsec.io/img/partners/google.png\")
Get all the flags, learn on the way. Refreshments sponsored by Google. // Obtenez tous les drapeaux, apprenez au passage. Les rafra\u00eechissements sont une gracieuset\u00e9 de Google.", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.nsec.io/2024/talk/MB3BAT/", "id": 676, "guid": "13673945-acff-5360-ba77-45a25271bc79", "date": "2024-05-19T15:30:00-04:00", "start": "15:30", "logo": null, "duration": "01:00", "room": "CTF", "slug": "2024-676-ctf-closing-ceremony-crmonie-de-clotre-du-ctf", "title": "CTF Closing Ceremony // C\u00e9r\u00e9monie de clot\u00fbre du CTF", "subtitle": "", "track": null, "type": "CTF", "language": "en", "abstract": "Closing speech by the NorthSec crew. Sponsored speech by Okiok.\r\n\r\n//\r\n\r\nDiscours de fermeture par l'\u00e9quipe de NorthSec. Discours de notre partenaire Okiok.", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}]}}]}}}