Hackfest 2020

Abhi M Balakrishnan

Abhi M Balakrishnan is a security engineer from Silicon Valley. You must have heard about Abhi’s other free and open-source projects like OWASP Mantra, Matriux, ExploitMe REST, Alert Labs, OWASP Bricks, Snow, Brick Town, TinyBird CTF, and ‘web app security testing with browsers.’

  • Introducing OWASP TimeGap Theory
Alexandre Beaulieu

Alexandre is a security researcher working for GoSecure. His areas of expertise are reverse engineering, binary exploitation and tool development. His previous experience as a software developer covers a broad spectrum of topics ranging from low-level systems and binary protocols to web applications. Prior to joining the research team, Alexandre spent time as an Ethical Hacker honing his offensive security skills. His areas of interests include binary analysis, compiler theory and systems programming. Alexandre gives back to the Montréal infosec community by volunteering his time, contributing workshops and designing application security challenges for events like MontréHack and REcon.

  • XFS: The Protocol behind ATM Jackpotting
Allie Mellen

Allie Mellen has spent the past decade in engineering, development, and technical consulting roles at multiple venture-backed startups, as well as research roles at MIT and Boston University. Her passion is combining technology and entrepreneurship, having run her own successful iOS development company out of college and been an investment partner at a venture fund investing in student-run startups. She has worked with multiple nonprofits to teach engineering to students and minorities, including the Global App Initiative and WISP, and has mentored business students at Hult Business School. She received her B.S. degree in Computer Engineering, and has been recognized worldwide for her security research at conferences like Black Hat USA, DEFCON, HOPE, and others. She is now a security strategist in the Office of the CSO at Cybereason, where she is a frequent speaker at security conferences globally teaching about security and pushing the boundaries of the industry.

  • Trust, but Verify: Maintaining Democracy In Spite
Antonio Morales

Antonio Morales works as a security researcher at GitHub Security Lab, whose primary mission is to help improve Open Source project's security. Antonio's interests include fuzzing, code analysis, exploit development and C/C++ security.

Twitter: @Nosoynadiemas

  • Advanced fuzzing workshop
Asaf Hecht

Asaf Hecht is a team leader of one of CyberArk Labs research teams. He focuses on researching and discovering the latest attack techniques, and applying lessons learned to improve cyber-defenses. Hecht’s primary research areas are network defense, cloud security and application of machine learning. Prior to CyberArk, Hecht served eight years in the Israeli Army. He was the Team Leader for the advanced cyber-hunting team, an elite force that protects military top-secret networks and reveals APTs. In addition, Hecht is also a skilled helicopter pilot.

  • Fantastic Cloud Shadow Admins and where to find
Ben Gardiner

Mr. Gardiner is a Cybersecurity Research Engineer at Yellow Flag Security, Inc. specializing in hardware and low-level software security. With more than ten years of professional experience in embedded systems design and a lifetime of hacking experience, Gardiner has a deep knowledge of the low-level functions of operating systems and the hardware with which they interface. Prior to joining the YFS team in 2019, Mr. Gardiner held security assurance and reversing roles at a global corporation, as well as worked in embedded software and systems engineering roles at several organizations. He holds a Masters of Engineering in Applied Math & Stats from Queen’s University. He is a DEF CON Hardware Hacking Village (DC HHV) and Car Hacking Village (CHV) volunteer. He is GIAC GPEN certified and a GIAC advisory board member, he is also chair of the SAE TEVEES18A1 Cybersecurity Assurance Testing TF (drafting J3061-2), and a voting member of the SAE Vehicle Electronic Systems Security Committee. Mr. Gardiner has delivered workshops and presentations at several world cybersecurity events including GENIVI security sessions, Hack in Paris, HackFest and DEF CON.

  • How Crypto Gets Broken (by you)
Cédric Thibault

Spécialiste en sécurité de l’information, certifié CCSK, CISSP et AWS, je me suis focalisé sur la sécurité infonuagique (AWS, Azure, GCP) mais garde un intérêt pour plusieurs domaines connexes : Threat Hunting, gestion des vulnérabilités, CASB, DevSecOps.
Vice-président directeur chez KPMG-Egyde, j’ai le plaisir d’accompagner de nombreux clients au Québec et au Canada dans la sécurité de leur “Journey to the Cloud” avec une large équipe dynamique et multidisciplinaire.

  • Automatisation de la sécurité dans AWS
Damien Bancal

Damien Bancal - Journaliste Européen. Directeur du Pôle Cyber Intelligence pour la société Montréalaise 8Brains.ca. Fondateur de ZATAZ.COM (25 ans) / DataSecurityBreach.fr (10 ans). Travaille sur les sujets High-tech/Cybercriminalité/Cybersécurité depuis 1989.
Gendarme commandant réserviste Cyberdéfense Hauts-de-France.
En savoir plus : https://www.damienbancal.fr

  • Ransomware : la plaie de 2020
Darren Chin

Darren is the Principal Consultant responsible for the Cyber Security team of CDW Canada’s Risk Advisory Services practice. He is a seasoned Management Consultant and Information Security professional with over 20 years’ experience in Information Technology operations, architecture, design, audit, and security management. During his tenure at CDW Canada/Scalar Decisions/eosensa, he has formed world-class cybersecurity testing and vulnerability management teams; servicing clients in the Financial, Health Care, and Technology sectors. Darren graduated from the University of Waterloo with a Bachelor of Applied Science in Electrical Engineering. He holds CCISO, CISSP, CISA, CIPP/C, ISO27001 LA certifications.

  • Making a High Performing Pentest Team From Scratch
Denys Desfosses
  • L'Insécurité de l'Internet des objets
Dmitriy Beryoza

Dmitriy is a Senior Security Researcher at Vectra AI. He spent over 25 years of his life building software before realizing that breaking it is much more fun.

Dmitriy is passionate about all things security, with particular interest in reverse engineering, binary exploitation, secure software development, cloud and network threat detection, and CTF competitions.

  • All Software is Open Source: An Introduction to RE
Don Mallory

Don Mallory has over 25 years of experience in enterprise IT, primarily in critical infrastructure, specializing in operations, data storage, disaster recovery and security for critical infrastructure. Professionally, Don is a Senior Security Analyst in the healthcare sector. He is also involved in various volunteer activities including C3X as a builder and mentor, co-organizer of Hak4Kidz Toronto and the Latow Photographer's Guild at the Art Gallery of Burlington, where he teaches traditional wet darkroom photography.

Bronwyn Mallory has over 15 years of experience with parents, teachers, siblings and peers. She is passionate about privacy, security, and dance. Bronwyn has performed artistically at the Hamilton Art Gallery, Hamilton Place and Dusk Dances, and war-walks her neighbourhood when not advising peers about their risky practices online.

  • You Shared What? Seriously?!
Enrico Branca

Enrico Branca is an experienced researcher with specialist knowledge in Cyber security. He has been working in information security for over a decade with experience in software security, information security management, and cyber security R&D. He has been trained and worked in various roles during his career, including Senior Security Engineer, Security Architect, Disaster Recovery Specialist, Microsoft Security Specialist and others, and his current role as Independent Researcher in Cyber Intelligence.

  • Chatty documents: OSINT data from document mapping
Franck - CTF Lead
  • CTF Ceremony
Harshit Agrawal

Harshit Agrawal (@harshitnic) is currently working as a Radio and Telecom Security Researcher. He is enthusiastic about Signal Intelligence, Electronic Warfare, and Telecom Security. He presented his research paper at International conferences like RSAC USA, HITB Cyberweek, ICS Security Singapore, Hack In Paris, HITB Amsterdam, Securityfest Sweden, Nanosec Malaysia, CISO Platform Virtual Summit, Sacon Conference Bangalore, and DakotaCon USA. Previously he was President of the CSI Chapter and Vice President for Entrepreneurship cell at MIT, where he also headed the team of security enthusiasts which gave him a good insight into cyber-security and increased his thirst to explore more in this field. He is a Programmer, Researcher, and Believer! He believes in providing something out of the box!

  • Workshop on Radio Frequency Signals Security
Jamie Sanbower

Jamie Sanbower, is a Global Principal Security Architect @ Cisco. Jamie is currently a technical leader and member of numerous advisory and working groups focused on Zero Trust, Secure Access Services Edge(SASE) and multidomain security architectures. He has been with Cisco since 2010 and has developed, designed, implemented and operated enterprise network and security solutions for a wide variety of large clients. Jamie is a distinguished speaker and is the author of many technical publications, including Integrated Security Technologies and Solutions Volume I and II. Jamie hold various industry certifications, including CCIE #13637 in Security, Enterprise Infrastructure, and Enterprise Wireless. Prior to Cisco, Jamie had various roles including: director of the cyber security practice, senior security consultant and senior network engineer.

  • Demystifying Zero Trust Architecture
Jayson E. Street

Jayson E. Street is an author of the "Dissecting the hack: Series". Also the DEF CON Groups Global Ambassador. Plus the VP of InfoSec for SphereNY. He has also spoken at DEF CON, DerbyCon, GRRCon and at several other 'CONs and colleges on a variety of Information Security subjects.
*He was a highly carbonated speaker who has partaken of Pizza from Beijing to Brazil. He does not expect anybody to still be reading this far but if they are please note he was chosen as one of Time's persons of the year for 2006.

  • The Spoon Problem with: Life, Hacking & InfoSec
Jean-Philippe Racine

Grâce à ses 19 années d’expérience dans le secteur des TI et à ses nombreuses certifications et formations, M. Racine possède plus de 15 ans d’expérience dédiée à la cybersécurité. Ayant commencé sa carrière du côté technique de la sécurité informatique, il a rapidement évolué dans les volets tactiques et stratégiques de la sécurité. Entrepreneur depuis 2009, Jean Philippe Racine est désormais propriétaire de l'entreprise Groupe Cyberswat, qui contribue, année après année, à protéger l'information la plus critique des entreprises. Finalement, M. Racine détient une maîtrise en administration, option gouvernance, audit et sécurité des TI. Il s’est également spécialisé en obtenant plusieurs certifications, dont celle de CISA, de CISSP ainsi que le CCSK de Cloud Security Alliance.

  • Sécurisation des systèmes de vote électronique
Johnny Xmas

Johnny Xmas is a predominant personality in the Information Security community, most well-known for his work on the TSA Master Key leaks between 2014 and 2018. He has operated in nearly every realm of the Infosec vertical, from defensive engineering to penetration testing, industrial control security, and extensive personal research. He has been touring the world for nearly 20 years presenting and training on these as well as various other security and privacy concerns for nearly 20 years.

  • Urban Exploration - A COVID-Friendly Hacker Hobby
Marc-André Bélanger

Long term Hackfest attendee and speaker. Security professional since the gold rush of 2000. I've worked in the reatil, banking and entertainment industries.

  • Fireside Talk: Cheating in games
Martin Samson

Professionnel en sécurité de l’information, CGEIT, CISM et CRISC, monsieur Samson possède une vaste expérience dans les projets liés à la sécurité de l’information et en gestion de ressources, tant humaines que matérielles.

Monsieur Samson a collaboré à l’élaboration de programmes de sécurité de l’information numérique et cybersécurité chez différents clients. Il a participé, à titre de chargé de projet et d’architecte, à la gestion des risques en sécurité de l’information, basée sur les normes internationales telles que NIST Cyber Security Framework (CSF), NIST SP800-53, ISO 27001, 27002, 27005, PCI, et le cadre de référence COBIT. Il possède une expérience pratique en lien avec les exigences des lois applicables en sécurité.

Monsieur Samson est, depuis 2019, CISO et directeur principal, Cybersécurité, chez Lambda. En ce sens, il chapeaute l’ensemble de l’équipe cybersécurité Lambda, gère le développement et la relation d’affaires avec les clients en ce domaine, et gère la conduite des contrats confiés à Lambda.

  • L'Insécurité de l'Internet des objets
Michaël Giguère

Michaël Giguère étudie depuis 2017 au baccalauréat en cybersécurité à l’école Polytechnique de Montréal, où il consolide son parcours de victime et de survivant de cybercrimes avec sa passion de longue date pour l’informatique. En prenant parole dans les médias pour briser le tabou des hommes abusés sexuellement dans l’enfance, dès 2018, son chemin croise celui d’acteurs publics ayant à cœur la prévention de l’exploitation sexuelle des enfants sur Internet. C’est ainsi qu’il sera invité à présenter pour la première fois, en 2019, la conférence « De la cybervictimisation à la résilience » devant un public d’enquêteurs qui deviendront ses collègues le temps d’un stage à la Division des Enquêtes sur la Cybercriminalité de la Sûreté du Québec. Fier d’un parcours dont il a longtemps eu honte, les intérêts, les connaissances et l’expérience de la cybervictimisation que détient Michaël lui permettent aujourd’hui de jeter un regard très personnel et expérientiel sur la question des cyberviolences et de la survivance propres aux cybercrimes.

➡️ Site web : www.michaelgiguere.com
➡️ Courriel : [email protected]

  • De la cybervictimisation à la résilience : 12 clés
Nicholas Milot

Consultant en sécurité des informations chez Groupe CyberSwat

  • Sécurisation des systèmes de vote électronique
  • Cofondateur du Hackfest
  • Offensive Security Lead at LogMeIn
  • Podcast - La French Connection - LIVE
  • Hackfest Ouverture
  • Hackfest Opening
Philippe Arteau

Philippe is a security researcher working for GoSecure. His research is focused on Web application security. His past work experience includes pentesting, secure code review and software development. He is the author of the widely used Java static analysis tool OWASP Find Security Bugs (FSB). He built many plugins for Burp and ZAP proxy tools: Retire.js, Reissue Request Scripter, CSP Auditor and many others. Philippe has presented at several conferences including Black Hat Arsenal, SecTor, AppSec USA, ATLSecCon, NorthSec, and 44CON.

  • Template Injection in Action
Philippe Humeau & Thibault Koechlin

Philippe Humeau, the CEO of CrowdSec, graduated in 1999 as IT security engineer from EPITA (Paris, France).
He founded his first company at the same time and quickly oriented it towards penetration testing and high security hosting. He was also deeply involved in Magento’s community creation & animation in France and versed into eCommerce (wrote 4 books on the topic). The company (NBS) was sold in 2016 and Philippe founded CrowdSec in 2019, gathering all his experience to create a new Open-source security engine, based on both Reputation & Behavior to tackle the mass scale hacking problem.
LP or investor in several different companies, his crush is and will forever be IT security, SecOps and entrepreneurship.

Thibault, the CTO of CrowdSec, graduated from EPITECH, specializing in the security of IT systems & networks. He started his career at NBS in 2004, as an expert in penetration testing before being appointed Head of the offensive security team. He then became CISO by expanding his skills around defensive security before initiating the development of several open-source products and building teams with rare skills. He completed his ascent within the company through an operational partner role, leading the creation of the company's flagship product: Cerberhost. He took advantage of the takeover of NBS to reflect on what should be cybersecurity in the future, which led him to found CrowdSec in collaboration with Philippe Humeau.

  • Behavior & Reputation based filtering reloaded
Rohan Shanbhag

Cyber security consultant with over five years of information technology experience working with clients in energy, education, government, and financial services sectors.

  • Red Team Results to Tangible Risk Management
Ruben Ventura

Ruben Ventura [tr3w] got involved in the field of hacking and info-sec for around 17 years. He has worked performing pen-tests and security assessments for many international firms, governments and law-enforcement agencies from all around the world (also a bank). He has been presented as a speaker and trainer at many different conferences in his country of origin.

His interests include hacking, reverse engineering, meditation, music production, theoretical physics, psychology, lifting weights and coffee (lots).

  • Lightspeed SQL Injections
Rémikya Hellal

Rémikya Hellal: une jeune fille enjouée, rieuse, sympathique et enthousiaste. Sous le couvert d'une fille tranquille se cache une dompteuse de lion, curieuse et intéressée par tout ce qui touche la cybersécurité et l'IoT, soucieuse de remettre un travail de qualité, dure au travail et possédant un cœur de dragon. Ne vous y trompez pas, vous trouverez un adversaire féroce. Mais cette fougue porte aussi un souci d'aider les gens, de transmettre les connaissances qu'elle récolte chèrement. C'est pourquoi aujourd'hui, c'est une présentatrice toute rose qui partagera ses connaissances. C'est notre Pink-Hat.

Maître Yoda. (DD)

  • L'Insécurité de l'Internet des objets
Shyam Sundar Ramaswami

Shyam Sundar Ramaswami is a Lead Threat Researcher with Cisco Umbrella. Shyam is a two-time TEDx speaker, GREM certified malware analyst, Cisco Security Ninja black belt and a teacher of cyber security. Shyam has delivered talks for several conferences such as Black Hat (Las Vegas), Qubit Forensics (Serbia), Nullcon 2020 (Goa), Cisco Live (Barcelona), and for several universities and IEEE forums in India. Shyam has also taught “Advanced malware attacks and defenses” class in Stanford University’s cyber security program and runs a mentoring program called “Being Robin” where he mentors students all over the globe on cyber security. Shyam’s interviews have been published in leading websites like Zdnet and CISO MAG.

  • Peek-a-Boo: A Game with Threat Actors&Researchers
Steve Waterhouse

C’est au cours de sa carrière militaire avec le Royal 22e Régiment que le Capt(ret) Waterhouse a troqué le fusil au clavier pour devenir un des premiers cyber-soldat au pays. Après avoir travaillé à former soldats et officiers dans les armes de combat, il se voue à gérer les réseaux informatique du QGSQFT, puis le réseau Métropolitain de la base de Montréal. Par la suite, il devient premier Officier de Sécurité des Systèmes d’Information de la base de Montréal, et par la suite du Collège Militaire Royal de Saint-Jean où il refait l’architecture informatique. M. Waterhouse a poursuivi sa quête du savoir avec l’entreprise privée tout en partageant son expérience militaire et d’art oratoire avec le mouvement jeunesse des cadets du Canada à titre d’officier CIC et démarre son entreprise de service conseil: INFOSECSW. Il continue à partager sa passion et son expérience à titre de chargé de cours avec l’Université de Sherbrooke au microprogramme de 2e cycle en sécurité informatique - volet prévention et est invité à contribuer son expérience et expertise avec les comités de la Chambre des Communes du Canada et de l’Assemblée nationale à Québec (membre du conseil consultatif en cybersécurité) et est fréquemment sollicité par les médias d’information au pays afin de commenter les sujets de cybersécurité. Il détient plusieurs certifications technologique professionnelles et est un instructeur avec Cisco, CompTIA et CWNP. Il est aussi un Maître de plongée PADI

  • Conférence sur les perspectives d'emploi en cybersécurité
Véronique Meunier

Plus de 20 ans d'expérience en prévention, détection et mitigation de la fraude dans le domaine des Télécommunications. Elle a travaillé pour plusieurs types de transporteurs tels que Fonorola, Téléglobe (Tata Communications) et Vidéotron entre autres. Elle est présentement chez LogMeIn où elle développe son expertise du côté de la VoIP (voix sur IP).

  • Prévention et détection de fraude en Télécom
William Largent

William Largent is a threat researcher for Cisco Talos. William has over 19 years of experience in information security having previously worked for the Cisco IPS Signature team where he researched vulnerabilities and wrote signatures for Cisco security products. Previous to the Cisco IPS Signature team William worked for Cisco Remote Managed Services. William has three awesome kids and the world’s most patient wife.

  • Talos: Threats and Dual-Use Tools in the Landscape