BEGIN:VCALENDAR VERSION:2.0 PRODID:-//pretalx//cfp.hackfest.ca//hackfest-2020 BEGIN:VTIMEZONE TZID:EST BEGIN:STANDARD DTSTART:20001029T030000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20061029T070000Z TZNAME:EST TZOFFSETFROM:-0400 TZOFFSETTO:-0500 END:STANDARD BEGIN:STANDARD DTSTART:20071104T030000 RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11 TZNAME:EST TZOFFSETFROM:-0400 TZOFFSETTO:-0500 END:STANDARD BEGIN:DAYLIGHT DTSTART:20000402T030000 RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060402T080000Z TZNAME:EDT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 END:DAYLIGHT BEGIN:DAYLIGHT DTSTART:20070311T030000 RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3 TZNAME:EDT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT UID:pretalx-hackfest-2020-NENLKB@cfp.hackfest.ca DTSTART;TZID=EST:20201120T085000 DTEND;TZID=EST:20201120T090000 DESCRIPTION:Ouverture du Hackfest 2020\n\nAprès plusieurs mois à analyser la situation du Covid-19 au Québec\, nous sommes heureux d’annoncer qu e le Hackfest 2020 sera officiellement en mode virtuel/remote/Covid-19 et que nous avons adaptés nos offres de partenariat en conséquence! DTSTAMP:20260607T173030Z LOCATION:Hackfest - Sponsor room (and workshops) SUMMARY:Hackfest Ouverture - Patrick URL:https://cfp.hackfest.ca/hackfest-2020/talk/NENLKB/ END:VEVENT BEGIN:VEVENT UID:pretalx-hackfest-2020-HAC9SB@cfp.hackfest.ca DTSTART;TZID=EST:20201120T085000 DTEND;TZID=EST:20201120T090000 DESCRIPTION:Hackfest 2020 Opening\n\nAfter several months of analyzing the Covid-19 situation in Quebec\, we are happy to announce that Hackfest 2020 will officially be in virtual / remote / Covid-19 mode and that we have a dapted our partnership offers accordingly! DTSTAMP:20260607T173030Z LOCATION:Hackfest - Track 1 SUMMARY:Hackfest Opening - Patrick URL:https://cfp.hackfest.ca/hackfest-2020/talk/HAC9SB/ END:VEVENT BEGIN:VEVENT UID:pretalx-hackfest-2020-GAJSAY@cfp.hackfest.ca DTSTART;TZID=EST:20201120T090000 DTEND;TZID=EST:20201120T095000 DESCRIPTION:Cette présentation débute avec une introduction de notre entr eprise La Société-conseil Lambda suivie d’une brève définition de l ’Internet des objets et des différents composants d’un objet connect é avant de rentrer dans le vif du sujet : L’Insécurité de l’Interne t des objets. Nous soulèverons les problématiques de sécurité de l’I nternet des objets et discuterons de la très grande vulnérabilité des o bjets connectés\, les raisons de ces vulnérabilités ainsi que des outil s permettant de faire l’audit des vulnérabilités et les tests d’intr usions sur les objets connectés. La présentation va se conclure sur une démonstration « NightClub Bulb » d’exploitation d’une ampoule conne ctée suivie d’une réflexion sur les enjeux de l’Insécurité de l’ IoT. DTSTAMP:20260607T173030Z LOCATION:Hackfest - Sponsor room (and workshops) SUMMARY:L'Insécurité de l'Internet des objets - Rémikya Hellal\, Denys D esfosses\, Martin Samson URL:https://cfp.hackfest.ca/hackfest-2020/talk/GAJSAY/ END:VEVENT BEGIN:VEVENT UID:pretalx-hackfest-2020-MFVK7J@cfp.hackfest.ca DTSTART;TZID=EST:20201120T090000 DTEND;TZID=EST:20201120T095000 DESCRIPTION:This is that conversation which needs to happen between a paren t and their teenage child about the challenges of growing up in an increas ingly connected world. We will discuss many privacy and security related d ecisions and experiences\, and the differing perspectives on each. The rea lity is we don’t know all we think we know - and neither do our teens.  \n\nThis is an opportunity to understand the perspective and impacts of th e interplay between a privacy & security-aware parent and teenage daughter as they navigate the competing priorities of parents\, schools\, peers an d teachers in a highly interconnected and data rich world. While news medi a and the echo chamber might suggest that these things are top of mind\, o ur experience suggests this may not be accurate. DTSTAMP:20260607T173030Z LOCATION:Hackfest - Track 1 SUMMARY:You Shared What? Seriously?! - Don Mallory URL:https://cfp.hackfest.ca/hackfest-2020/talk/MFVK7J/ END:VEVENT BEGIN:VEVENT UID:pretalx-hackfest-2020-78EAKP@cfp.hackfest.ca DTSTART;TZID=EST:20201120T100000 DTEND;TZID=EST:20201120T105000 DESCRIPTION:Did you know that\, every day across the Internet\, each IP add ress is scanned hundreds of times? Or that more than 2\,000 attacks are pe rpetrated\, stealing 1.4 million personal records? That’s right\, every single day! Today\, there may be a way to rebalance the odds and protect o ur resources. DTSTAMP:20260607T173030Z LOCATION:Hackfest - Track 1 SUMMARY:Behavior & Reputation based filtering reloaded - Philippe Humeau & Thibault Koechlin URL:https://cfp.hackfest.ca/hackfest-2020/talk/78EAKP/ END:VEVENT BEGIN:VEVENT UID:pretalx-hackfest-2020-HQM7UF@cfp.hackfest.ca DTSTART;TZID=EST:20201120T103000 DTEND;TZID=EST:20201120T105000 DESCRIPTION:As much as red teams love to believe that every vulnerability t hey uncover poses an immediate and urgent high risk – it is often not th e case. Furthermore\, it is seen that red teams are great at providing tec hnical solutions\, but often also fail to consider the size\, scale\, and scope of their target’s operations. \n\nAt times\, framing every success fully executed MITRE ATT&CK technique does not equate to\, or presents\, a tangible risk to an organization. And presenting them as such ends up exa cerbating the disconnect between technical teams and management - where a dire landscape fraught with risks around every corner is presented\, with unrealistic goals and targets being proposed for remediation that just doe s not lend itself to actual implementation\, especially within the small-t o-medium enterprise landscape. \n\nHopefully\, this speed talk can help re d teams think about how to practically evaluate\, translate\, and present their findings to management. Helping red teams to share their knowledge a nd engaging in constructive dialogue around the risks an organization face s. DTSTAMP:20260607T173030Z LOCATION:Hackfest - Sponsor room (and workshops) SUMMARY:Red Team Results to Tangible Risk Management - Rohan Shanbhag URL:https://cfp.hackfest.ca/hackfest-2020/talk/HQM7UF/ END:VEVENT BEGIN:VEVENT UID:pretalx-hackfest-2020-QBXER7@cfp.hackfest.ca DTSTART;TZID=EST:20201120T112500 DTEND;TZID=EST:20201120T121500 DESCRIPTION:Threat actors have always played the game of emotions. Fear is the emotion they are using right now to lure users to click on an email or manipulate them to install an application. In the last four months\, cybe r criminals have used fear as their main weapon to compromise users by usi ng pandemic-related themes to deliver malware. The dropped malwares are de adlier and stealthier and are hybrid in nature. There is a need for advanc ed investigation techniques\, like memory forensics that are raiding energ y/power sectors and entropy-based detection for new-age trojan exfiltratio ns. The talk discusses how we use traditional methods to identify these th reats\, how we cracked some emotet epoch's stealthy nature and also how we added a pinch of new-age forensics tricks to do some big reveals. DTSTAMP:20260607T173030Z LOCATION:Hackfest - Sponsor room (and workshops) SUMMARY:Peek-a-Boo: A Game with Threat Actors&Researchers - Shyam Sundar Ra maswami URL:https://cfp.hackfest.ca/hackfest-2020/talk/QBXER7/ END:VEVENT BEGIN:VEVENT UID:pretalx-hackfest-2020-8UKRXP@cfp.hackfest.ca DTSTART;TZID=EST:20201120T113000 DTEND;TZID=EST:20201120T115000 DESCRIPTION:With North America famously leading the way in industrial produ ction and technological innovation in its extremely short modern life\, it has blasted full-force through many huge economic eras\, leaving swaths o f forgotten times in its wake. From the Cotton Belt to the Rustbelt\, ther e is an ocean of abandoned buildings to be explored and documented by thos e brave enough to accept the legal and life-threatening risks involved. "U rban Exploration" is itself becoming an abandoned hobby in a post-9/11 wor ld\, and this talk will seek to rectify that by serving as an introduction to the craft. DTSTAMP:20260607T173030Z LOCATION:Hackfest - Track 1 SUMMARY:Urban Exploration - A COVID-Friendly Hacker Hobby - Johnny Xmas URL:https://cfp.hackfest.ca/hackfest-2020/talk/8UKRXP/ END:VEVENT BEGIN:VEVENT UID:pretalx-hackfest-2020-ULXKSJ@cfp.hackfest.ca DTSTART;TZID=EST:20201120T120000 DTEND;TZID=EST:20201120T140000 DESCRIPTION:Template engines are libraries mainly used to design views for web applications. Their use helps simplify common design tasks for develop ers. However\, their use may introduce new risks when they are used in an improper way. Template injection is a vulnerability class that has emerged in 2016. The exploitation of this type of issue requires specific knowled ge associated with the template library or programming language being used . Only knowing vulnerability basics is often insufficient to be effective. For these reasons\, we are proposing a practical workshop with a special focus on template injection vulnerabilities. The training covers various template engines in the context of different programming languages (PHP\, Python and Java) and explores how to successfully exploit them. \n\nThis workshop is a unique opportunity to have live access to vulnerable applica tions. The participants will receive a complete introduction to the templa te injection and step-by-step instructions on how to attack each exercise. DTSTAMP:20260607T173030Z LOCATION:Hackfest - Track 1 SUMMARY:Template Injection in Action - Philippe Arteau URL:https://cfp.hackfest.ca/hackfest-2020/talk/ULXKSJ/ END:VEVENT BEGIN:VEVENT UID:pretalx-hackfest-2020-ZLN8QM@cfp.hackfest.ca DTSTART;TZID=EST:20201120T130000 DTEND;TZID=EST:20201120T135000 DESCRIPTION:Dans le contexte de la COVID-19\, les gouvernements\, les parti s politiques\, les entreprises privées et les OSBL désirent mettre en pl ace le vote électronique rapidement. Inévitablement\, des erreurs ont é té commises où le seront bientôt... et les pirates n'attendent que ça! \n\nEn parallèle\, que ce soit dans le cadre du vote à la chefferie du P arti conservateur du Canada ou encore aux élections présidentielles du c ôté des États-Unis\, des cafouillages majeurs viennent mettre un pied d e nez au vote par correspondance!\n\nCette conférence portera un regard B lue Team et Red Team sur les embûches à prévoir dans le déploiement et l'utilisation d'un système de vote électronique\, tout en portant un re gard critique sur les alternatives possibles. DTSTAMP:20260607T173030Z LOCATION:Hackfest - Sponsor room (and workshops) SUMMARY:Sécurisation des systèmes de vote électronique - Jean-Philippe R acine\, Nicholas Milot URL:https://cfp.hackfest.ca/hackfest-2020/talk/ZLN8QM/ END:VEVENT BEGIN:VEVENT UID:pretalx-hackfest-2020-R8D8PF@cfp.hackfest.ca DTSTART;TZID=EST:20201120T140000 DTEND;TZID=EST:20201120T145000 DESCRIPTION:The buzz is there… Zero Trust\, Gartner’s CARTA\, Forrester ’s Zero Trust Extended\, Vendor X’s magical zero trust unicorn\, etc\; but what does any of this really mean to the security practitioner? In th is session\, I will provide clarity to all this noise\, and discuss how a pure Zero Trust model was always intended to be\, why and how that model p rovides for efficient security\; the way it changes the paradigm of the pr oblem we face securing our data and our workforce\, and how ZT is complete ly complimentary to a threat-centric approach to security that we have bee n following for many years. Many approaches to ZT are focused only on situ ations where a user can interactively authenticate. However\, ZT does not end with just strong authentication of users. Machine-to-machine connectio ns have grown to nearly 50% of all connections\, and many ZT architectures can often ignore these headless devices and workloads. DTSTAMP:20260607T173030Z LOCATION:Hackfest - Sponsor room (and workshops) SUMMARY:Demystifying Zero Trust Architecture - Jamie Sanbower URL:https://cfp.hackfest.ca/hackfest-2020/talk/R8D8PF/ END:VEVENT BEGIN:VEVENT UID:pretalx-hackfest-2020-P3LN9A@cfp.hackfest.ca DTSTART;TZID=EST:20201120T150000 DTEND;TZID=EST:20201120T155000 DESCRIPTION:Alors que l'infrastructure se codifie de plus en plus dans les environnements Cloud\, la sécurité amorce la même tendance. L'automatis ation et la sécurité "as a code" offrent aujourd'hui des moyens efficace s de compenser en partie le manque de ressources humaines spécialisées e t surtout d'améliorer la capacité de détection des menaces et des écar ts de conformité dans des environnements Cloud toujours de plus en plus c omplexes. DTSTAMP:20260607T173030Z LOCATION:Hackfest - Track 1 SUMMARY:Automatisation de la sécurité dans AWS - Cédric Thibault URL:https://cfp.hackfest.ca/hackfest-2020/talk/P3LN9A/ END:VEVENT BEGIN:VEVENT UID:pretalx-hackfest-2020-S7DW3B@cfp.hackfest.ca DTSTART;TZID=EST:20201120T160000 DTEND;TZID=EST:20201120T165000 DESCRIPTION:Prévention et détection de fraude en Télécommunications: un monde qui se rapproche de plus en plus des crimes informatiques. \nAperç u général de la problématique\, des types de fraude et de l'impact de l a fraude en télécommunications.\nQu'est-ce que la fraude en télécommun ications.\nQuelles sont les arnaques.\nLe profil de certains fraudeurs.\nL e déplacement de la fraude vers ce qu'est le crime informatique.\nLes imp acts. DTSTAMP:20260607T173030Z LOCATION:Hackfest - Track 1 SUMMARY:Prévention et détection de fraude en Télécom - Véronique Meunier URL:https://cfp.hackfest.ca/hackfest-2020/talk/S7DW3B/ END:VEVENT BEGIN:VEVENT UID:pretalx-hackfest-2020-XDLZLU@cfp.hackfest.ca DTSTART;TZID=EST:20201120T170000 DTEND;TZID=EST:20201120T172000 DESCRIPTION:How difficult it is to acquire actionable intelligence if no ac tive technique could be used? Our preliminary research aimed at finding re levant elements in the supply network of an entity\, resulted in the disco very of hundreds of weak links and dozens of possible entry point. We foun d our technique to have a much smaller footprint compared to normal method s\, and the use of passive techniques coupled with data correlation models to significantly reduce the time of analysis and increase the quality of gathered intelligence. DTSTAMP:20260607T173030Z LOCATION:Hackfest - Track 1 SUMMARY:Chatty documents: OSINT data from document mapping - Enrico Branca URL:https://cfp.hackfest.ca/hackfest-2020/talk/XDLZLU/ END:VEVENT BEGIN:VEVENT UID:pretalx-hackfest-2020-MXHWHJ@cfp.hackfest.ca DTSTART;TZID=EST:20201120T173000 DTEND;TZID=EST:20201120T182000 DESCRIPTION:Race conditions in web applications. They are hard to find and more challenging to exploit. OWASP TimeGap Theory is a free and open-sourc e CTF for learning how-to-find and how-to-exploit race conditions.\n\nYou will get tools\, tips\, and tricks to find and exploit TOCTOU issues. DTSTAMP:20260607T173030Z LOCATION:Hackfest - Track 1 SUMMARY:Introducing OWASP TimeGap Theory - Abhi M Balakrishnan URL:https://cfp.hackfest.ca/hackfest-2020/talk/MXHWHJ/ END:VEVENT BEGIN:VEVENT UID:pretalx-hackfest-2020-KBRKXV@cfp.hackfest.ca DTSTART;TZID=EST:20201120T183000 DTEND;TZID=EST:20201120T192000 DESCRIPTION:Cisco's Talos team specializes in early-warning intelligence an d threat analysis necessary for defending networks against the ever-changi ng threat landscape. In this talk we will cover how our team is built\, lo ok at some interesting threats and exploits -- take a look at the methods and techniques that both the attackers and defenders use to exploit these attacks\, taking a deep dive into dual-use tools and see how they are bein g leveraged by threat actors to exploit\, move laterally\, and deepen the attackers reach into your network. DTSTAMP:20260607T173030Z LOCATION:Hackfest - Track 1 SUMMARY:Talos: Threats and Dual-Use Tools in the Landscape - William Largen t URL:https://cfp.hackfest.ca/hackfest-2020/talk/KBRKXV/ END:VEVENT BEGIN:VEVENT UID:pretalx-hackfest-2020-KM8M3W@cfp.hackfest.ca DTSTART;TZID=EST:20201120T200000 DTEND;TZID=EST:20201121T000000 DESCRIPTION:This is an introduction to crypto: building blocks\, protocols and attacks on them. We cover: encoding vs encryption\, hashes\, ‘classi c’ crypto\, stream ciphers\, block ciphers\, symmetric crypto\, asymmetr ic crypto\, has attacks\, classic crypto attacks\, stream cipher attack\, block cipher attack models\, ECB attacks\, crypto protocols\, digital sign atures\, message authentication code\, nonces\, simple authentication\, ch allenge response\, simple authentication attacks (key collisions\, key ext raction and extension\, replay\, valet\, bad counter resync)\, MAC attacks \, digital signature attacks\, pubkey substitution\, challenge response at tacks (middleperson attack\, UDS style seed-key predictions)\, WPA2 passwo rd cracking\, WPA2 key reinstallation\, WPA2 key nulling\, TLS/SSL middlep erson attacks\, SWEET32\, DROWN\, logjam\, POODLE\, UDS seed-key exchange attacks (reverse key algorithm\, lift key algorithm\, solve for unknowns\, retry-retry-retry\, brute force\, glitch past).\n\nTools covered include: rumkin.com\, hashcat\, john the ripper\, binwalk\, radare2\, binvis.io\, Veles\, airocrack-ng\, mitmproxy\, MITMf.\n\nThe workshop is a ‘101’ l evel: geared for people good at computers but maybe no knowledge of crypto graphy. There will be minimal math (I promise). We’ll talk mostly about how to break bad crypto and bad crypto algorithms with 10-15min hands-on s essions integrated into 4 hours of workshop: Decrypt ‘Crypto’\, Break Hashes\, Break Crypto\, Visualize Crypto.\n\nWe will explore three applica tions of the building blocks and attacks also. Towards the end we tie-in t he building blocks and attacks into how the following crypto protocols get broken: WPA2\, TLS and UDS Seed-Key exchange (from automotive). Please jo in us for an intro-level exploration of cryptography building blocks\, pro tocols and how to attack them. And\, as always\, crypto means cryptography . DTSTAMP:20260607T173030Z LOCATION:Hackfest - Track 1 SUMMARY:How Crypto Gets Broken (by you) - Ben Gardiner URL:https://cfp.hackfest.ca/hackfest-2020/talk/KM8M3W/ END:VEVENT BEGIN:VEVENT UID:pretalx-hackfest-2020-7J8ZEW@cfp.hackfest.ca DTSTART;TZID=EST:20201121T090000 DTEND;TZID=EST:20201121T095000 DESCRIPTION:Cloud adoption is on the rise and so is the risk of having Shad ow Admins. In this session\, we will explore Azure’s IAM and the dark pe rmissions and roles\, where Cloud Shadow Admins hide. We will demonstrate how an attacker can escalate privileges using those unintended admin users and how you can discover them before with a new scanning module of the op en-source tool SkyArk. DTSTAMP:20260607T173030Z LOCATION:Hackfest - Track 1 SUMMARY:Fantastic Cloud Shadow Admins and where to find - Asaf Hecht URL:https://cfp.hackfest.ca/hackfest-2020/talk/7J8ZEW/ END:VEVENT BEGIN:VEVENT UID:pretalx-hackfest-2020-RWHK3G@cfp.hackfest.ca DTSTART;TZID=EST:20201121T100000 DTEND;TZID=EST:20201121T105000 DESCRIPTION:Starting with a single highly motivated co-op intern\, Darren h as spent the past number of years forming and developing the Cyber Securit y team for CDW’s Risk Advisory Services practice. He is passionate about Security and making the world a safer place\, as well as\, for those that he has had the privilege of working with while doing so. He will share so me of the strategies and his insights used to develop a high performing te am which now delivers on assessments ranging from traditional network and web application pentests to complex Red Team and Adversarial Simulation en gagements. \n\nHere’s a peek at his recipe for building a high performin g pentest team:\n\nStep 1. Start with a passion and singular vision to ach ieve something great. \n\nStep 2. Hand-pick both fresh and seasoned\, gift ed individuals as the key ingredients \n\nStep 3. Season with progressive training and experience with leading-edge tools\, methodologies and effect ive processes.\n\nStep 4. Blend carefully together in a challenging\, inno vative\, collaborative environment\n\nStep 5. Allow time for each ingredie nt to develop to their full potential. Check regularly\; always reflecting on Step 1\n\nStep 6. Refine by promoting leadership.\n\nStep 7. Volia! S top and enjoy the fruit of the labor!\n\nJoin Darren as he candidly shares on the process that went into building the Cyber Security team at CDW Can ada from the ground up. DTSTAMP:20260607T173030Z LOCATION:Hackfest - Track 1 SUMMARY:Making a High Performing Pentest Team From Scratch - Darren Chin URL:https://cfp.hackfest.ca/hackfest-2020/talk/RWHK3G/ END:VEVENT BEGIN:VEVENT UID:pretalx-hackfest-2020-WTYMFQ@cfp.hackfest.ca DTSTART;TZID=EST:20201121T110000 DTEND;TZID=EST:20201121T115000 DESCRIPTION:10 years ago\, Barnaby Jack famously showed the world that ATMs could be jackpotted. Has the ATM security landscape changed since? Is thi s type of attack still possible? How difficult is it really to perform? As it turns out\, all that is required in 2020 to successfully jackpot an AT M is intermediate C programming and physical access to the cabinet\, and t he C programming part is about to become optional! DTSTAMP:20260607T173030Z LOCATION:Hackfest - Track 1 SUMMARY:XFS: The Protocol behind ATM Jackpotting - Alexandre Beaulieu URL:https://cfp.hackfest.ca/hackfest-2020/talk/WTYMFQ/ END:VEVENT BEGIN:VEVENT UID:pretalx-hackfest-2020-W9KVWZ@cfp.hackfest.ca DTSTART;TZID=EST:20201121T113000 DTEND;TZID=EST:20201121T115000 DESCRIPTION:Avec des milliers d'entreprises piégées par un ransomware en 2020\, les cyberattaques à l'encontre de petites et grandes entreprises a uront impacté le business des victimes... mais pas que ! Les employés\, clients\, familles se retrouvent\, dans la grande majorité des cas\, dans les mains de pirates. DTSTAMP:20260607T173030Z LOCATION:Hackfest - Sponsor room (and workshops) SUMMARY:Ransomware : la plaie de 2020 - Damien Bancal URL:https://cfp.hackfest.ca/hackfest-2020/talk/W9KVWZ/ END:VEVENT BEGIN:VEVENT UID:pretalx-hackfest-2020-HUMKYU@cfp.hackfest.ca DTSTART;TZID=EST:20201121T115500 DTEND;TZID=EST:20201121T122500 DESCRIPTION:Lors de cette conférence\, nous discuterons des perspectives d 'emploi en sécurité de l'information et nous aborderons les profils de R SI\, OSSI\, CISO et les chemins pour s'y rendre. Il y a de longs chemins\, de courts chemins ainsi nous verrons comment nous pouvons nous y prendre pour y arriver? DTSTAMP:20260607T173030Z LOCATION:Hackfest - Track 1 SUMMARY:Conférence sur les perspectives d'emploi en cybersécurité - Stev e Waterhouse URL:https://cfp.hackfest.ca/hackfest-2020/talk/HUMKYU/ END:VEVENT BEGIN:VEVENT UID:pretalx-hackfest-2020-QJSHJ9@cfp.hackfest.ca DTSTART;TZID=EST:20201121T123000 DTEND;TZID=EST:20201121T143000 DESCRIPTION:The session will introduce audiences to the world of RF analysi s\, As we introduce each new attack\, we will draw parallels to similar w ired exploits\, and highlight attack primitives that are unique to RF. Dur ing the session\, we'll walk through wireless sniffing\, spoofing\, clonin g\, replay\, and DoS attacks. These offensive exercises will give one brie f idea of how to analyze the devices' security\, and the best practice gui delines will help to design them properly. DTSTAMP:20260607T173030Z LOCATION:Hackfest - Track 1 SUMMARY:Workshop on Radio Frequency Signals Security - Harshit Agrawal URL:https://cfp.hackfest.ca/hackfest-2020/talk/QJSHJ9/ END:VEVENT BEGIN:VEVENT UID:pretalx-hackfest-2020-A8MWCN@cfp.hackfest.ca DTSTART;TZID=EST:20201121T133000 DTEND;TZID=EST:20201121T142000 DESCRIPTION:This fireside talk will propose an open discussion from both an offensive and defensive perspective on the topic of Game Cheating. When i joined back the Entertainment industry from the Financial one\, i found t here's alot of similarities in both the motivation and techniques used.\n\ nMarc-André Bélanger will be joined by Manfred\, a long term hacker of g ames\, to discuss multiple aspect of cheating in games. From motivation to industrialisation of cheats. \n\nA Vice article is available at: https:// www.vice.com/en_us/article/59p7qd/this-man-has-survived-by-hacking-mmo-onl ine-games\nAlso his latest Blackhat talk: https://www.youtube.com/watch?v= QOfroRgBgo0 DTSTAMP:20260607T173030Z LOCATION:Hackfest - Sponsor room (and workshops) SUMMARY:Fireside Talk: Cheating in games - Marc-André Bélanger URL:https://cfp.hackfest.ca/hackfest-2020/talk/A8MWCN/ END:VEVENT BEGIN:VEVENT UID:pretalx-hackfest-2020-UMTWUX@cfp.hackfest.ca DTSTART;TZID=EST:20201121T143000 DTEND;TZID=EST:20201121T152000 DESCRIPTION:À 13 ans et alors qu'il vivait les premiers instants du World Wide Web mainstream québécois\, Michaël G. a été la cible de cyberpr édateurs. Son parcours\, de la cybervictimisation à la résilience\, en passant par le système de justice\, l’initiera à ce qui deviendra plus tard son nouveau domaine professionnel.\n\n22 ans après les faits\, alor s que les dénonciations de crimes d’exploitation sexuelle des enfants s ur le web explosent\, que peut-on apprendre de l’expérience de la premi ère génération de survivants de cybercrimes contre la personne?\n\nDans sa présentation\, Michaël propose un survol - en 12 clés - construit à partir de son expérience personnelle\, vous permettant de voir un tabl eau sommaire de l’expérience de la cybervictimisation telle qu’il l ’a vécue de l’intérieur. Vous découvrirez un champ de mines que sur vivant.e.s d’actes cybercriminels doivent mais peuvent traverser\, en lu ttant quotidiennement contre les multiples pièges cognitifs et illusions créés et nourris par la cybervictimisation. \n\nBien sûr\, gardez en t ête qu'il s'agit d'un parcours parmi tant d'autres et que chaque parcours est différent pour chacun.e.\n\nEnfin\, dans ces 12 clés\, peut-être t rouverez-vous un début de réponse pour comprendre l’expérience d’un proche radicalisé\, d’un ami dans le déni\, d’une cliente ambivalen te\, d’un enfant ou d’une ado cyberdépendant.e? Peut-être y trouvere z-vous un écho à votre propre expérience? Ou peut-être pas. Mais au mo ins\, vous saurez! \n\n***\n\nLa présentation sera suivi d’une discussi on où tous seront invités à poser leurs questions par rapports aux poin ts précédemment exposés. DTSTAMP:20260607T173030Z LOCATION:Hackfest - Track 1 SUMMARY:De la cybervictimisation à la résilience : 12 clés - Michaël Gi guère URL:https://cfp.hackfest.ca/hackfest-2020/talk/UMTWUX/ END:VEVENT BEGIN:VEVENT UID:pretalx-hackfest-2020-BYPLNE@cfp.hackfest.ca DTSTART;TZID=EST:20201121T143000 DTEND;TZID=EST:20201121T163000 DESCRIPTION:In this workshop\, I will cover some advanced fuzzing technique s and tricks for finding bugs in real modern software. I will show you how to improve your fuzzing workflow\, using a methodology that can be easily applied to your software projects.\n\nThe workshop has a practical orient ation so that attendees get a chance to learn by themselves and use their acquired knowledge. The format of the workshop will be a CTF (Capture-the- flag).\n\nI will also show real vulnerabilities that I have found during t he last year\, as well as how I've used fuzzing to find them. Such bugs wi ll serve as starting point for the rest of the workshop.\n\nThe CFT phase will be divided into **3 challenges**:\n\n- **Challenge 1**: a review of t he basic concepts\n- **Challenge 2**: focused on Network fuzzing\n- **Chal lenge 3**: focused on Custom mutators\n\nI will give participants some hin ts and tips before and during each challenge. After each challenge\, I wil l give participants a possible solution and I will explain it to them. In this way\, participants will go through a learning-by-doing process\n\nIt' s a medium-advanced level workshop\, so previously knowledge about fuzzing and bug hunting is required. DTSTAMP:20260607T173030Z LOCATION:Hackfest - Sponsor room (and workshops) SUMMARY:Advanced fuzzing workshop - Antonio Morales URL:https://cfp.hackfest.ca/hackfest-2020/talk/BYPLNE/ END:VEVENT BEGIN:VEVENT UID:pretalx-hackfest-2020-RBZSBT@cfp.hackfest.ca DTSTART;TZID=EST:20201121T153000 DTEND;TZID=EST:20201121T162000 DESCRIPTION:Commercial software is full of dark secrets - embedded keys and passwords\, hidden backdoors\, security vulnerabilities... But with compa nies guarding proprietary source code\, is there any hope of discovering a nd rectifying them? \n\nEnter Reverse Engineering. With its powerful tools and techniques\, you can analyze any closed-source software\, and have fu n doing it! DTSTAMP:20260607T173030Z LOCATION:Hackfest - Track 1 SUMMARY:All Software is Open Source: An Introduction to RE - Dmitriy Beryoz a URL:https://cfp.hackfest.ca/hackfest-2020/talk/RBZSBT/ END:VEVENT BEGIN:VEVENT UID:pretalx-hackfest-2020-HNG8CQ@cfp.hackfest.ca DTSTART;TZID=EST:20201121T163000 DTEND;TZID=EST:20201121T172000 DESCRIPTION:In this session\, we’ll discuss how Russia has influenced wor ldwide elections using cyberwarfare and how countries have fought back. We ’ll understand the natural asymmetry between how countries are able to r espond\, and how they have changed their approach since 2016. DTSTAMP:20260607T173030Z LOCATION:Hackfest - Track 1 SUMMARY:Trust\, but Verify: Maintaining Democracy In Spite - Allie Mellen URL:https://cfp.hackfest.ca/hackfest-2020/talk/HNG8CQ/ END:VEVENT BEGIN:VEVENT UID:pretalx-hackfest-2020-NSUM8E@cfp.hackfest.ca DTSTART;TZID=EST:20201121T173000 DTEND;TZID=EST:20201121T182000 DESCRIPTION:This presentation will focus on private and new optimized SQL i njection exploitation methods.\n\nNew private tools that exploit Blind SQL Injection vulnerabilities will be released. These ones are much more fast er than the existing free and commercial tools\nout there because the priv ate ones use modern attack vectors (created by myself) which perform cleve r injections designed to hack databases in more efficient methods.\n\nTo e xplain this\, graphs and tables will be used to show the differences betwe en the best tools out there and the 3 private tools introduced in the talk .\n\nAll the techniques used by the tools\, which are the result of origin al private research\, will be exposed in high detail.\n\nThe most popular free tool to exploit SQL Injections\, sqlmap\, needs to make a maximum of 7 requests to retrieve a single character and it also has threading\nlimit ations. There is a notable gap between sqlmap and my new tools because the y only require a maximum of 3 requests to retrieve a character. They\nare also finer not only because of the number of requests they require nor due to the threading capabilities they have\, but also because the SQL inject ion itself runs much faster faster due to the instruction set they use.\n\ nUnderground methods (some discovered by a fellow 1337 researcher and othe rs by me) to test for SQL Injection and XSS vulnerabilities will be shown. These will transform pen-testing into an easier and more optimized task. DTSTAMP:20260607T173030Z LOCATION:Hackfest - Track 1 SUMMARY:Lightspeed SQL Injections - Ruben Ventura URL:https://cfp.hackfest.ca/hackfest-2020/talk/NSUM8E/ END:VEVENT BEGIN:VEVENT UID:pretalx-hackfest-2020-V7K8P3@cfp.hackfest.ca DTSTART;TZID=EST:20201121T174000 DTEND;TZID=EST:20201121T183000 DESCRIPTION:CTFs Winners will be announced\nLes gagnants CTFs seront annonc és DTSTAMP:20260607T173030Z LOCATION:Hackfest - Sponsor room (and workshops) SUMMARY:CTF Ceremony - Franck - CTF Lead URL:https://cfp.hackfest.ca/hackfest-2020/talk/V7K8P3/ END:VEVENT BEGIN:VEVENT UID:pretalx-hackfest-2020-JDMXS3@cfp.hackfest.ca DTSTART;TZID=EST:20201121T183000 DTEND;TZID=EST:20201121T193000 DESCRIPTION:It's the start of a new decade (please no arguing about that le t's just say it is.) The best way to start it off right is with a delightf ul educational rant. One of the most asked questions I receive is\, "How d o I become a Hacker?" I've been asked this so many times I literally creat ed a webpage\, iR0nin.com\, on this very topic. Spoiler alert that hasn't helped with people asking the question. So Let's not only address that top ic for the next year with help from people in the industry\, but there are some other things I would like to get off my chest as well\, so why not l ump them all together and get this party/decade started right! I promise t here will be no war stories\, but hopefully\, some will be started with it ! So prepare for some insights as well as information being delivered more loudly and probably more passionately than usual. The main objective is n ot to watch Jayson burn everything down to the ground\, though it may appe ar that way\, but to hear some unvarnished truth and knowledge shared for the benefit of the community we all are a part of. DTSTAMP:20260607T173030Z LOCATION:Hackfest - Track 1 SUMMARY:The Spoon Problem with: Life\, Hacking & InfoSec - Jayson E. Street URL:https://cfp.hackfest.ca/hackfest-2020/talk/JDMXS3/ END:VEVENT BEGIN:VEVENT UID:pretalx-hackfest-2020-SVHMJD@cfp.hackfest.ca DTSTART;TZID=EST:20201121T190000 DTEND;TZID=EST:20201121T210000 DESCRIPTION:Joignez-vous à nous pour cette tradition annuel du Podcast en direct lors de la 2e soirée du Hackfest! \nOpinions\, actualités\, pouti ne et assurément quelques dérapages seront au rendez-vous pour discuter de tout ce qui entour la sécurité de l'information! DTSTAMP:20260607T173030Z LOCATION:Hackfest - Sponsor room (and workshops) SUMMARY:Podcast - La French Connection - LIVE - Patrick URL:https://cfp.hackfest.ca/hackfest-2020/talk/SVHMJD/ END:VEVENT END:VCALENDAR