2.0 -//Pentabarf//Schedule//EN PUBLISH HAC9SB@@cfp.hackfest.ca -HAC9SB Hackfest Opening en en 20201120T085000 20201120T090000 001000 Hackfest Opening ** Here’s what you can expect from the 2020 event! ** Technologies used and adaptations Partnerships They are adapted to formulas for a virtual event. Training 100% Virtual via GoToTraining the days preceding the event: https://hackfest.ca/en/trainings Conferences and workshops 2 days of virtual conferences via Hackfest Discord and Hackfest YouTube Villages 100% Virtual via GoToWebinar Atmosphere and networking Discord server with interaction and badge,goodies and more by level of participation, audio room, partner room and more! Conference registration: Moderator ticket for registration ($10) PUBLIC CONFIRMED Speed Talk https://cfp.hackfest.ca/hackfest-2020/talk/HAC9SB/ Hackfest - Track 1 Patrick PUBLISH MFVK7J@@cfp.hackfest.ca -MFVK7J You Shared What? Seriously?! en en 20201120T090000 20201120T095000 005000 You Shared What? Seriously?! This is >that< conversation which needs to happen between a parent and their teenage child about the challenges of growing up in an increasingly connected world. We will discuss many privacy and security related decisions and experiences, and the differing perspectives on each. The reality is we don’t know all we think we know - and neither do our teens. This is an opportunity to understand the perspective and impacts of the interplay between a privacy & security-aware parent and teenage daughter as they navigate the competing priorities of parents, schools, peers and teachers in a highly interconnected and data rich world. While news media and the echo chamber might suggest that these things are top of mind, our experience suggests this may not be accurate. PUBLIC CONFIRMED Regular talk https://cfp.hackfest.ca/hackfest-2020/talk/MFVK7J/ Hackfest - Track 1 Don Mallory PUBLISH 78EAKP@@cfp.hackfest.ca -78EAKP Behavior & Reputation based filtering reloaded en en 20201120T100000 20201120T105000 005000 Behavior & Reputation based filtering reloaded In 2020, our ways of living and working turned completely upside down in a matter of days. We all brought our companies home and our homes in our companies’ systems. Staying connected to our colleagues, friends and family became a critical necessity, which opened the door for hackers to cause disruption and we saw a huge increase of attacks all around the world. Even though worldwide spending on cybersecurity is predicted to reach $1 trillion in 2021 according to Forbes, the game will still be asymmetrical and all companies will keep being hacked regardless of their security budgets. Expensive security doesn’t mean better security. A new approach is needed. Join us for this talk so we can explore why a collaborative approach to security could contribute to solve the problem and how we could make the Internet safer together. PUBLIC CONFIRMED Regular talk https://cfp.hackfest.ca/hackfest-2020/talk/78EAKP/ Hackfest - Track 1 Philippe Humeau & Thibault Koechlin PUBLISH 8UKRXP@@cfp.hackfest.ca -8UKRXP Urban Exploration - A COVID-Friendly Hacker Hobby en en 20201120T113000 20201120T115000 002000 Urban Exploration - A COVID-Friendly Hacker Hobby This is an "Urban Exploration 101" presentation, designed to get people back into this forgotten hobby that involves plenty of physical security bypassing and technological archeology. It will provide actionable, how-to information that will help the viewer get started. We will cover the basics of how to discover worthy locations for exploration, the resulting legal issues, a rundown of must-have gear (both safety and recording) as well as contextual recommendations for various situations which may arise PUBLIC CONFIRMED Speed Talk https://cfp.hackfest.ca/hackfest-2020/talk/8UKRXP/ Hackfest - Track 1 Johnny Xmas PUBLISH ULXKSJ@@cfp.hackfest.ca -ULXKSJ Template Injection in Action en en 20201120T120000 20201120T140000 020000 Template Injection in Action The workshop is divided in five parts. The first, part is an introduction to the vulnerability class. This segment is needed to get a good understanding of the attack patterns and to recognize potential vulnerabilities. Next, we investigate four different template engines with unique twists. Each template engine is accompanied by an exercise which consists of a web application with a template engine being exposed. - Introduction - Template Injection - Identifying Template Engine - Template Engines - Twig (PHP) - Jinja2 (Python) - Tornado (Python) - Velocity (Java) - Sandbox escape PUBLIC CONFIRMED Workshop https://cfp.hackfest.ca/hackfest-2020/talk/ULXKSJ/ Hackfest - Track 1 Philippe Arteau PUBLISH P3LN9A@@cfp.hackfest.ca -P3LN9A Automatisation de la sécurité dans AWS fr fr 20201120T150000 20201120T155000 005000 Automatisation de la sécurité dans AWS Durant cette conférence, un point de situation des capacités d'automatisation et de sécurité "as a code" dans AWS sera d'abord effectué. A cette occasion, ces deux concepts seront expliqués en détail. Afin de mettre en perspective ces concepts, une démonstration en pratique d'un scénario d'attaque ainsi que d'un comportement utilisateur à risque, mitigés de façon automatisée sera ensuite effectuée. Enfin, les bénéfices ainsi que les risques associés à cette automatisation de la sécurité seront abordés à l'issue des démonstrations pratiques. PUBLIC CONFIRMED Regular talk https://cfp.hackfest.ca/hackfest-2020/talk/P3LN9A/ Hackfest - Track 1 Cédric Thibault PUBLISH S7DW3B@@cfp.hackfest.ca -S7DW3B Prévention et détection de fraude en Télécom fr fr 20201120T160000 20201120T165000 005000 Prévention et détection de fraude en Télécom Prévention et détection de fraude en Télécommunications, un monde qui se rapproche de plus en plus des crimes informatiques. Aperçu général de la problématique et de l'impact de la fraude en télécommunications. Impact pour les gens, impact pour les compagnies de télécoms, impact sur la législation. Fraude à l'abonnement et/ou Vol d'identité pour commettre des arnaques (Amazon, Apple, IRS, Microsoft, SSA, etc.). Fraude technique: pour faire des appels vers d'autres pays ou pour faire du "traffic pumping". PUBLIC CONFIRMED Regular talk https://cfp.hackfest.ca/hackfest-2020/talk/S7DW3B/ Hackfest - Track 1 Véronique Meunier PUBLISH XDLZLU@@cfp.hackfest.ca -XDLZLU Chatty documents: OSINT data from document mapping en en 20201120T170000 20201120T172000 002000 Chatty documents: OSINT data from document mapping The practice of parsing documents and assembling knowledge maps out of them it is well known and widely used. Once a target has been defined, it is relatively easy to find and collect files that contain "interesting" bits of intelligence, and parsing would give us the information we want. What if we are not interested in one specific target, but we want to find the entities that are one step away from out main target? Can we find a way identify entities connected to our target and mount a supply chain attack on them? can we find the weakest links by using only passive techniques or offline data analysis and collect enough data to be able to predict where and how a targeted attack could be lunched? Our research aims at exploring tools and techniques that make use of common open-source tools that, when used together and in combination with machine learning techniques, can give significant advantages to threat analysts and/or defenders. We will also provide some initial result on the results of a series of tests performed against more than 10.000 documents that resulted in the discovery of hundreds of weak links and dozens of possible entry point to both government entities and companies alike. PUBLIC CONFIRMED Speed Talk https://cfp.hackfest.ca/hackfest-2020/talk/XDLZLU/ Hackfest - Track 1 Enrico Branca PUBLISH MXHWHJ@@cfp.hackfest.ca -MXHWHJ Introducing OWASP TimeGap Theory en en 20201120T173000 20201120T182000 005000 Introducing OWASP TimeGap Theory There are several security issues out there that everyone talks and knows about - cross-site scripting, SQL injection, clickjacking, XXE. Every organization out there has some sort of secure software lifecycle to identify these issues - it can be SAST scanners, DAST scanners, or the protesting. What I’m going to do in this session is to introduce you to a security issue that most of these scanners can not detect. It’s called Time-of-Check to Time-of-use, often abbreviated and pronounced as TOCTOU. Forget scanners, a significant portion of pen testers out there also do not test the applications for this security issue. We will be using the OWASP TimeGap Theory as our training platform for learning TOCTOU issues. Remember WebGoat? It’s something like that but focusing only on TOCTOU issues. You can also call it a TOCTOU-Goat or a RaceCondition-Goat. By the end of this session, you will have some of the best tools and techniques to find and exploitTOCTOU issues. You will also learn how to identify TOCTOU issues early in the development lifecycle (threat modeling sessions). PUBLIC CONFIRMED Regular talk https://cfp.hackfest.ca/hackfest-2020/talk/MXHWHJ/ Hackfest - Track 1 Abhi M Balakrishnan PUBLISH KBRKXV@@cfp.hackfest.ca -KBRKXV Talos: Threats and Dual-Use Tools in the Landscape en en 20201120T183000 20201120T192000 005000 Talos: Threats and Dual-Use Tools in the Landscape Dual-use tools are developed to assist administrators in managing their systems or assist during security testing or red-teaming activities. Unfortunately, many of these same tools are often co-opted by threat actors attempting to compromise systems, attack organizational networks, or otherwise adversely affect companies around the world. This talk will dive into the topic of dual-use tools and how they have historically been used in various attacks. It will also provide case studies that walk through how native system functionality and dual-use tools are often used in real-world attacks to evade detection at various stages of the attack lifecycle. PUBLIC CONFIRMED Regular talk https://cfp.hackfest.ca/hackfest-2020/talk/KBRKXV/ Hackfest - Track 1 William Largent PUBLISH KM8M3W@@cfp.hackfest.ca -KM8M3W How Crypto Gets Broken (by you) en en 20201120T200000 20201121T000000 040000 How Crypto Gets Broken (by you) Slides are available here https://drive.google.com/file/d/1xiY2B00GimSaXuFPR-1U9EKV2Vlf44GW/view?usp=sharing PUBLIC CONFIRMED Workshop https://cfp.hackfest.ca/hackfest-2020/talk/KM8M3W/ Hackfest - Track 1 Ben Gardiner PUBLISH NENLKB@@cfp.hackfest.ca -NENLKB Hackfest Ouverture fr fr 20201120T085000 20201120T090000 001000 Hackfest Ouverture Voici ce à quoi vous pouvez vous attendre de l’événement 2020! Technologies utilisées et adaptations Les partenariats Ils sont adaptés à des formules pour un événement virtuel. Formations 100% Virtuelles via GoToTraining les jours précédant l’événement : https://hackfest.ca/fr/formations Conférences et workshops 2 journées de conférences virtuelles via GoToWebinar Villages 100% Virtuels via le Hackfest Discord et Hackfest YouTube Ambiance et réseautage Serveur Discord avec interaction et badge par niveau de participation, salle audios, salle de partenaires et plus encore! Inscription conférence: Ticket modérateur pour inscription (10$) PUBLIC CONFIRMED Speed Talk https://cfp.hackfest.ca/hackfest-2020/talk/NENLKB/ Hackfest - Sponsor room (and workshops) Patrick PUBLISH GAJSAY@@cfp.hackfest.ca -GAJSAY L'Insécurité de l'Internet des objets fr fr 20201120T090000 20201120T095000 005000 L'Insécurité de l'Internet des objets 👽 Whoami : Comme le titre l’indique, nous allons présenter brièvement l’entreprise soit les différents services offerts par La Société-conseil Lambda ainsi que les intervenants de la conférence : Martin M Samson, Rémikya Hellal et Denys Desfosses. Maintenant que nous nous sommes présentés… passons à table 🍽️! ---- 🥂Pour l’apéro : La définition simplifiée de l’Internet des objets Le World Wide Web propose plusieurs définitions (souvent compliquées) de l’Internet des objets, mais ne s’entend toujours pas sur la question. C’est pourquoi nous présentons une définition simplifiée et gentille ou l’on mentionne les 3 caractéristiques principales (Connexion, autonomie et action dans le monde réel) d’IoT pour ouvrir l’appétit ! ---- 🥨 En Entrée : Les composants d’un objet connecté L’IoT maintenant définit, nous allons brièvement aborder les différents composants d’un objet connecté soit : les capteurs, les actionneurs, les modules de communication, l’alimentation, la carte mère et le CPU… Ainsi que le rôle occupé par chacun de ces composants dans le fonctionnement de l’objet. En gros nous partagerons la recette d’un objet connecté ! ---- 🍝 Le plat de résistance : Les problématiques de sécurité de l’Internet des objets Maintenant que nous avant pris un avant-goût de ce qu’est l’Internet des objets et quels sont les composants un objet connecté nous allons passer au plat de résistance. La question des problématiques de sécurité sera soulevée ainsi que le pourquoi de la très grande vulnérabilité de l’Internet des objets. Les sujets abordés seront : la chaine d’approvisionnement, l’environnement restreint, l’OWASP top 10 des vulnérabilités IoT suivi de plusieurs exemples d’hacking… ---- 🧀 Le plateau de fromages : Audit des vulnérabilités et tests d’intrusions sur les objets connectés Nous proposons ensuite le plateau de fromages… Ou plutôt notre plateau d’outils d’audit des vulnérabilités et de test d’intrusions sur les objets connectés. Nous en avons 4 grandes variétés qui désignent les 4 cibles principales de l’audit des vulnérabilités et des tests d’intrusions soit : le hardware, le firmware, les communications et les applications. Nous présenterons aussi quel genre d’informations peut-on tirer de chacune de ces 4 variétés. ---- 🍰 Le dessert : Une démonstration colorée Pour finir sur une note plus COOL, nous allons faire la démonstration de l’une des exploitations réalisées lors de nos laboratoires « The NightClub Bulb ». La démo consiste en l’exploitation d’une ampoule connectée via Bluetooth et des étapes réalisées : La reconnaissance, le reverse engineering, l’exploitation et l’automatisation de l’attaque avec un script ! Selon le temps qui reste, la démonstration sera plus ou moins live, mais une chose est sûre, nous allons voir de toutes les couleurs ! ---- 🥃 Le digestif : L’offre de service cybersécurité IoT de Lambda Après un repas assez chargé, nous présenterons en digestif l’offre de service de Lambda pour adresser l’Insécurité de l’Internet des objets ainsi que les différents points importants de l’offre. Nous discuterons aussi de l’importance du contexte d’affaire dans nos interventions ainsi que de l'aspect dynamique de l'offre nous permettant de répondre aux différents besoins du marché. PUBLIC CONFIRMED Regular talk https://cfp.hackfest.ca/hackfest-2020/talk/GAJSAY/ Hackfest - Sponsor room (and workshops) Rémikya Hellal Denys Desfosses Martin Samson PUBLISH HQM7UF@@cfp.hackfest.ca -HQM7UF Red Team Results to Tangible Risk Management en en 20201120T103000 20201120T105000 002000 Red Team Results to Tangible Risk Management PUBLIC CONFIRMED Speed Talk https://cfp.hackfest.ca/hackfest-2020/talk/HQM7UF/ Hackfest - Sponsor room (and workshops) Rohan Shanbhag PUBLISH QBXER7@@cfp.hackfest.ca -QBXER7 Peek-a-Boo: A Game with Threat Actors&Researchers en en 20201120T112500 20201120T121500 005000 Peek-a-Boo: A Game with Threat Actors&Researchers Threat actors have always played the game of emotions. Fear is the emotion they are using right now to lure users to click on an email or manipulate them to install an application. In the last four months, cyber criminals have used fear as their main weapon to compromise users by using pandemic-related themes to deliver malware. The dropped malwares are deadlier and stealthier and are hybrid in nature. Here is how the talk will progress: 1. Pandemic Threat Landscape 2. New stealthy methods : Hiding macros inside hidden excel sheet and hiding macros inside form elements in VBA 3. How popular tools failed to detect these threats ? 4. Azerbaijan Targets and Energy Sectors hit : RAT trojans that are upgraded 5. Evasion of Agent Tesla and how they have defeated sandboxes. 6. Rise of False positives with Sodinobki ransomware spraying legit domains in config files. 7. Using Entropy to solve image exfiltration by malwares. 8. How can we convict the extracted domains and IP from malware config files, C2 communication using Cisco Umbrella and crack the malware infra. PUBLIC CONFIRMED Regular talk https://cfp.hackfest.ca/hackfest-2020/talk/QBXER7/ Hackfest - Sponsor room (and workshops) Shyam Sundar Ramaswami PUBLISH ZLN8QM@@cfp.hackfest.ca -ZLN8QM Sécurisation des systèmes de vote électronique fr fr 20201120T130000 20201120T135000 005000 Sécurisation des systèmes de vote électronique Nous ferons un retour sur les récents cafouillages liés au vote par la poste (Partie conservateur et élections présidentielles du côté des États-Unis) afin de mettre en perspective le niveau de sécurité associé à ce type de vote. Nous ferons également un retour du vote plus traditionnel (urne). Par la suite, bien que nous ferons allusion aux urnes électroniques pouvant être utilisées en remplacement des urnes traditionnelles, nous mettrons davantage l’emphase sur le vote électronique dans le cadre de la conférence. Avant d’aller dans le volet plus technique, nous mettrons en perspective suite les différents niveaux de confiances attendus d’un système de vote électronique en fonction des enjeux relative à l’issue du vote. Par exemple, devons-nous mettre autant d’effort à protéger un vote pour un OSBL, un vote pour un ordre professionnel, celui d’un syndicat, un vote au niveau municipal, un Parti politique, un vote provincial ou national? Par la suite, nous étudierons chacune des étapes clés d’un vote électronique et étudierons la vue Blue Team et Red Team à chacune d’elle : 1. La préparation de l’élection 2. L’inscription de votants 3. L’envoi des bulletins de vote 4. La tenue du vote 5. La clôture du vote 6. Le dépouillement du vote 7. La destruction des votes À chacune des étapes, nous démontrerons les différents risques et/ou erreurs qui peuvent survenir et pouvant avoir un impact sur le secret du vote ou encore sur l’intégrité du vote. PUBLIC CONFIRMED Regular talk https://cfp.hackfest.ca/hackfest-2020/talk/ZLN8QM/ Hackfest - Sponsor room (and workshops) Jean-Philippe Racine Nicholas Milot PUBLISH R8D8PF@@cfp.hackfest.ca -R8D8PF Demystifying Zero Trust Architecture en en 20201120T140000 20201120T145000 005000 Demystifying Zero Trust Architecture PUBLIC CONFIRMED Regular talk https://cfp.hackfest.ca/hackfest-2020/talk/R8D8PF/ Hackfest - Sponsor room (and workshops) Jamie Sanbower PUBLISH 7J8ZEW@@cfp.hackfest.ca -7J8ZEW Fantastic Cloud Shadow Admins and where to find en en 20201121T090000 20201121T095000 005000 Fantastic Cloud Shadow Admins and where to find Session's objectives 1. Understand Azure better – its IAM and permissions architecture 2. Learn on the new threat of Azure and AWS Shadow Admins 3. Get recommendations and a free open-source tool for mitigation Nowadays, cloud technologies are everywhere, and specifically, Microsoft’s Azure cloud is gaining more and more popularity. Many companies use the different Azure services and rely on the Azure AD as part of their Office 365 solution. With that increasing adoption, the risk of having Shadow Admins grows as well. We at CyberArk Labs researched Azure cloud and its permission architecture and discovered 10 specific privilege escalation techniques. In the session, we will present the research and how users that seem to have limited privileges at first glance, can actually impersonate and take control of other users that have full Azure admin rights. We called those kinds of unintended privileged users, Shadow Admins. They aren’t full admins at first, but they control other existing admins and can take action on their behalf. The session will also include two demos to present Shadow Admins abuse and actionable mitigation takeaways. In addition we will present a previous research we did on Shadow Admins in AWS environment. Examples for Shadow Admins are: Azure applications can have dedicated Azure permissions. Users who manage the applications can be assigned with the Application Administrator Role in Azure AD. This role is considered to be “limited” and has only the permissions to manage applications. But in fact, it can be used to escalate privileges by taking control over a more permissive application or by registering a new malicious application with privileged permissions that the user didn’t have initially. Another example is a user with only one single permission: “Microsoft.Authorization/roleAssignments/write”. With this sole permission, a user can assign itself the all 5,000 available permissions in Azure RBAC mechanism. And what about a user who is the OWNER (not a member) of privileged AAD group? It’s also a privileged user as well. It doesn’t matter if this user has other permissions at all or if it’s currently a member in this group. Because at any moment, this user can add itself to that admins group and become an admin. Attackers can also create their own Shadow Admins as part of their persistence efforts. In the past, we researched Shadow Admins in on-premises domain networks, and at RSA USA 2018 we presented Shadow Admins in AWS. The research we did on AD Domain Shadow Admins included a blog post and a tool “ACLight”: https://www.cyberark.com/threat-research-blog/shadow-admins-stealthy-accounts-fear/ https://github.com/cyberark/ACLight The research we did on AWS Shadow Admins also included a summary post and a new scanning tool “SkyArk”: https://www.cyberark.com/threat-research-blog/cloud-shadow-admin-threat-10-permissions-protect/ https://github.com/cyberark/SkyArk As part of this Azure research, we’re going to add a new scanning module for targeting this risk of Azure Shadow Admins. The scan is called AzureStealth, and it’s part of the free open-source SkyArk. Organizations worldwide should discover, identify those admins, and make sure they are well secured. We published our last Azure research here: https://www.cyberark.com/resources/threat-research-blog/diy-hunting-azure-shadow-admins-like-never-before-2 PUBLIC CONFIRMED Regular talk https://cfp.hackfest.ca/hackfest-2020/talk/7J8ZEW/ Hackfest - Track 1 Asaf Hecht PUBLISH RWHK3G@@cfp.hackfest.ca -RWHK3G Making a High Performing Pentest Team From Scratch en en 20201121T100000 20201121T105000 005000 Making a High Performing Pentest Team From Scratch PUBLIC CONFIRMED Regular talk https://cfp.hackfest.ca/hackfest-2020/talk/RWHK3G/ Hackfest - Track 1 Darren Chin PUBLISH WTYMFQ@@cfp.hackfest.ca -WTYMFQ XFS: The Protocol behind ATM Jackpotting en en 20201121T110000 20201121T115000 005000 XFS: The Protocol behind ATM Jackpotting At the core of modern ATM attacks is a specification known as Extended Financial Services (XFS) which has been put together by industry experts as a solution to the multiple-vendor multiple-hardware interoperability woes. The documentation is freely available and provides an interface for financial software to interact uniformly across compatible hardware regardless of vendor and implementation details. In this talk we give a quick overview of a realistic threat model for attacks against ATMs and focus on the software-hardware interface. We begin with a cursory introduction to the XFS protocol, how it works, and provide a security analysis of some of the features included in the foundational structure of the protocol. Some of the major risks that we have uncovered will be presented in detail and sample implementation code will be shown. We also open-source the tool that we developed to explore the XFS protocol and issue commands directly to ATM hardware, bypassing any business logic and software protections. We show that the XFS protocol has major security flaws which lead to any type of code execution achieved on an ATM being enough to perform various attacks, such as arbitrary unauthenticated withdrawals (jackpotting), in-software sniffing of card readers and PIN readers. We conclude by providing mitigation strategies that can be implemented immediately by operators and discuss the long-term changes that must happen to make XFS safer. PUBLIC CONFIRMED Regular talk https://cfp.hackfest.ca/hackfest-2020/talk/WTYMFQ/ Hackfest - Track 1 Alexandre Beaulieu PUBLISH HUMKYU@@cfp.hackfest.ca -HUMKYU Conférence sur les perspectives d'emploi en cybersécurité fr fr 20201121T115500 20201121T122500 003000 Conférence sur les perspectives d'emploi en cybersécurité PUBLIC CONFIRMED Speed Talk https://cfp.hackfest.ca/hackfest-2020/talk/HUMKYU/ Hackfest - Track 1 Steve Waterhouse PUBLISH QJSHJ9@@cfp.hackfest.ca -QJSHJ9 Workshop on Radio Frequency Signals Security en en 20201121T123000 20201121T143000 020000 Workshop on Radio Frequency Signals Security **Session Outline:-** </br> **Part A:** Overview, Ideas, and Prospectus of the attack and defense in the field of RF Security (Objective is to ensure everyone has clarity of Radio Hacking and How is it Different?) - Joys of the Past: History of Attack - Current State of Industry & Sutra for Mitigation: - A glimpse of the Future **Part B:** The learned theory will be reinforced through the use of practical examples and exercises where they can put the tools and techniques into practice. - What is a Software Defined Radio (SDR) - SDR Architecture, DSP, Sampling - Breadth and Depth of DSP - Phases of SDR Hacking — This will explain how an RF attack takes place, and how to gather information and plan, including initial profiling of our device… beginning with 3 foundation questions before any hacks, i) What does our device do in normal operation ii) How do they connect? iii) Determining the Frequency. - Setting up and using RTL-SDR, HackRF - Decode Digital Data - Customizing and Retransmitting Radio Signals — Next, this will go over to discuss how RF signals are captured and transmitted with a Hands-on demo with HackRF-One, RTL-SDR, and USRP to demonstrate replay attack on keyfobs, door locks, alarms. - Capturing Signals and Analyzing a Waterfall Plot - Reverse Engineering Transmissions - Analyzing Data Formats and Injecting Wireless Packets - Hands-on Practice with Tools: GNUradio, GQRX, SDR# - Case Study and Demos PUBLIC CONFIRMED Workshop https://cfp.hackfest.ca/hackfest-2020/talk/QJSHJ9/ Hackfest - Track 1 Harshit Agrawal PUBLISH UMTWUX@@cfp.hackfest.ca -UMTWUX De la cybervictimisation à la résilience : 12 clés fr fr 20201121T143000 20201121T152000 005000 De la cybervictimisation à la résilience : 12 clés PUBLIC CONFIRMED Regular talk https://cfp.hackfest.ca/hackfest-2020/talk/UMTWUX/ Hackfest - Track 1 Michaël Giguère PUBLISH RBZSBT@@cfp.hackfest.ca -RBZSBT All Software is Open Source: An Introduction to RE en en 20201121T153000 20201121T162000 005000 All Software is Open Source: An Introduction to RE Reverse engineering of a piece of software may seem like a daunting and mysterious task, but it does not have to be. When approached with the right attitude and the right tools it can be a lot of fun and a very intellectually-stimulating experience. If you don't know much about reverse engineering but are curious about it, then this presentation is for you. We will touch on: - What is it and why do it? - Legality of reverse engineering - Different type of technologies that you can reverse - What are the knowledge pre-requisites? - How to get started? - What tools to use? - How and where to practice? - ...and more! PUBLIC CONFIRMED Regular talk https://cfp.hackfest.ca/hackfest-2020/talk/RBZSBT/ Hackfest - Track 1 Dmitriy Beryoza PUBLISH HNG8CQ@@cfp.hackfest.ca -HNG8CQ Trust, but Verify: Maintaining Democracy In Spite en en 20201121T163000 20201121T172000 005000 Trust, but Verify: Maintaining Democracy In Spite There are many important elections this year. As you read this, Russia is already disrupting them. When we talk about election security, most people think of hacking voting machines. But what about other cyber methods and means of disrupting an election? What can nation state threat actors do today, tomorrow, the day of the election, and after to sow chaos and erode our faith in democracy? In this session, we’ll discuss how Russia has influenced worldwide elections using cyberwarfare and how we have fought back. We’ll understand the natural asymmetry between how Russia and other countries are able to respond, and how we have changed our approach since 2016. By the end, we will be brainstorming all of the ways to disrupt an election that countries aren’t prepared for. Get ready to put your nation state threat actor hat on and disrupt some elections - and maybe even earn some ириски-тянучки. PUBLIC CONFIRMED Regular talk https://cfp.hackfest.ca/hackfest-2020/talk/HNG8CQ/ Hackfest - Track 1 Allie Mellen PUBLISH NSUM8E@@cfp.hackfest.ca -NSUM8E Lightspeed SQL Injections en en 20201121T173000 20201121T182000 005000 Lightspeed SQL Injections Vous pouvez voir toute la presentation ici: https://docs.google.com/presentation/d/1lQ18wjfqL9xkbKi_6PcQ71EfrCrr6s9Xm6sZHOiCeqk/edit?usp=sharing La presentation et finit e presque. Je vais publiquer aussi des noveux outils pour fair des injections SQL. Ces outils sont les plus rapids dans tout le monde. Le method que ces outils utilize est un peux plus complique en comparation avec les methods tranditionels pour fair des attaques. Je vais expliquer clairement comment est-ce que ces travail. Excusez mon francais, je peux parler un peu mais la presentation va etre fait en anglais, parce que il y a 15 ans que je n'avais pas parler en votre langue. PUBLIC CONFIRMED Regular talk https://cfp.hackfest.ca/hackfest-2020/talk/NSUM8E/ Hackfest - Track 1 Ruben Ventura PUBLISH JDMXS3@@cfp.hackfest.ca -JDMXS3 The Spoon Problem with: Life, Hacking & InfoSec en en 20201121T183000 20201121T193000 010000 The Spoon Problem with: Life, Hacking & InfoSec PUBLIC CONFIRMED Regular talk https://cfp.hackfest.ca/hackfest-2020/talk/JDMXS3/ Hackfest - Track 1 Jayson E. Street PUBLISH W9KVWZ@@cfp.hackfest.ca -W9KVWZ Ransomware : la plaie de 2020 fr fr 20201121T113000 20201121T115000 002000 Ransomware : la plaie de 2020 Plus de 300 attaques pour Maze ; plus de 150 pour Sodinokibi ; plus de 500 en additionnant Ragnar, Doppel, Conti, Pysa, XxX, … Les cyberattaques de type ransomware auront été la plaie de cette année 2020. Nous allons découvrir dans cette conférence, 365 jours de la vie de ces pirates, des entreprises impactées ; celles qui ont payé et qui se retrouvent quand même avec leurs données volées dans le black market. Plus de 40 groupes sous surveillance affichant plusieurs milliers d’entreprises victimes, petites et grandes, dont plusieurs dizaines de Canadiennes. Vous découvrirez comment derrière ces chiffrements de fichiers, de machines, de cloud … les pirates se jettent sur la moindre donnée qu’ils réutilisent, vendent, diffusent sans aucun respect de l’être humain. Comment les données de Donald Trump, Madonna, Lady Gaga ont été vendus ; comment, peut-être, vos propres informations personnelles, celles de votre famille, collègues, … ont été volés puis revendus. PUBLIC CONFIRMED Speed Talk https://cfp.hackfest.ca/hackfest-2020/talk/W9KVWZ/ Hackfest - Sponsor room (and workshops) Damien Bancal PUBLISH A8MWCN@@cfp.hackfest.ca -A8MWCN Fireside Talk: Cheating in games en en 20201121T133000 20201121T142000 005000 Fireside Talk: Cheating in games I've selected offensive track, but this is both an offensive and defensive perspective on the issue. Again this is a FireSide chat, we'll exchange on a series of topics as it relates to cheating. Manfred made alot of money exploiting games over the years, his experience is really valuable to develop attacker profiles. Marc-André is a long term security professional that worked in retail, banking and in the Entertainment industry. Also been a long term Hackfest attendee and speaker. We all looking forward to this interesting Blue vs Red discussion PUBLIC CONFIRMED Regular talk https://cfp.hackfest.ca/hackfest-2020/talk/A8MWCN/ Hackfest - Sponsor room (and workshops) Marc-André Bélanger PUBLISH BYPLNE@@cfp.hackfest.ca -BYPLNE Advanced fuzzing workshop en en 20201121T143000 20201121T163000 020000 Advanced fuzzing workshop ### WorkShop URL https://github.com/antonio-morales/Hackfest_Advanced_Fuzzing_Workshop ### Telegram Group If you haven't already joined, it's time to do it: https://t.me/joinchat/CdbD2UVzGlW2j6yQizL5Yw You will need it to use it to send me your questions & solutions ### Prerequisites - Basic knowledge of fuzzing - Working knowledge of C programming - Command-line basics - Bug hunting experience is desirable ### Agenda I will cover different fuzzing topics, including the following: - Sanitizers (ASAN, UBSAN, MSAN, etc.) - Custom coverage and efficient instrumentation - Dictionaries optimization - Dealing with checksums, ciphers, and other monsters - Structure-aware fuzzing & Custom Mutators - Domain-specific feedback (FuzzFactory) - Parallel fuzzing and Mutation scheduling ### Who should attend? - Bug hunters who don't make ends meet - Pentesters tired of using Burp and Nessus - Developers that want to know more about the dark side - Anyone wishing to improve their skills of fuzzing or with an interest in how to find vulnerabilities in real software projects. ### Technical Requirements A laptop capable of connecting to the internet ### Tools required Nothing special. A virtual machine image will be provided a few days before the workshop ### Level Medium-advanced ### Why this workshop? I think there are not many free workshops about finding vulnerabilities and fuzzing (almost all out there are expensive paid workshops) I will also cover some fuzzing topics that are novel (such as Domain-specific feedback and External event monitoring). ### Bio Antonio Morales works as a security researcher at GitHub, whose primary mission is to help improve Open Source project's security. Antonio's interests include fuzzing, code analysis, exploit development and C/C++ security. PUBLIC CONFIRMED Workshop https://cfp.hackfest.ca/hackfest-2020/talk/BYPLNE/ Hackfest - Sponsor room (and workshops) Antonio Morales PUBLISH V7K8P3@@cfp.hackfest.ca -V7K8P3 CTF Ceremony fr fr 20201121T174000 20201121T183000 005000 CTF Ceremony Discussion is in French, but slides will be in English! PUBLIC CONFIRMED Regular talk https://cfp.hackfest.ca/hackfest-2020/talk/V7K8P3/ Hackfest - Sponsor room (and workshops) Franck - CTF Lead PUBLISH SVHMJD@@cfp.hackfest.ca -SVHMJD Podcast - La French Connection - LIVE fr fr 20201121T190000 20201121T210000 020000 Podcast - La French Connection - LIVE La French Connetion (https://securite.fm) Rejoignez-nous ici en direct le samedi 21 novembre à 19h00 EST YouTube URL: [https://www.youtube.com/watch?v=QjtgbFGYr10](https://www.youtube.com/watch?v=QjtgbFGYr10) Sujets couverts: - Retour sur le Hackfest 2020 - Retour 2020: Covid - Attaques - Cyber + géo/politique - ... - Give me ransomware, loads of ransomware - Politique de cybersécurité du gouvernement du Québec - Nouvelles infosec - Recrutement en sécurité informatique - Comment débuter en sécurité informatique - Et plus encore! PUBLIC CONFIRMED Workshop https://cfp.hackfest.ca/hackfest-2020/talk/SVHMJD/ Hackfest - Sponsor room (and workshops) Patrick