Hackfest 2020

“Ransomware : la plaie de 2020” Damien Bancal · Speed Talk (20 minutes) · French

Avec des milliers d'entreprises piégées par un ransomware en 2020, les cyberattaques à l'encontre de petites et grandes entreprises auront impacté le business des victimes... mais pas que ! Les employés, clients, familles se retrouvent, dans la grande majorité des cas, dans les mains de pirates.

“Introducing OWASP TimeGap Theory” Abhi M Balakrishnan · Regular talk (50 minutes) · English

Race conditions in web applications. They are hard to find and more challenging to exploit. OWASP TimeGap Theory is a free and open-source CTF for learning how-to-find and how-to-exploit race conditions.

You will get tools, tips, and tricks to find and exploit TOCTOU issues.

“Behavior & Reputation based filtering reloaded” Philippe Humeau & Thibault Koechlin · Regular talk (50 minutes) · English

Did you know that, every day across the Internet, each IP address is scanned hundreds of times? Or that more than 2,000 attacks are perpetrated, stealing 1.4 million personal records? That’s right, every single day! Today, there may be a way to rebalance the odds and protect our resources.

“Automatisation de la sécurité dans AWS” Cédric Thibault · Regular talk (50 minutes) · French

Alors que l'infrastructure se codifie de plus en plus dans les environnements Cloud, la sécurité amorce la même tendance. L'automatisation et la sécurité "as a code" offrent aujourd'hui des moyens efficaces de compenser en partie le manque de ressources humaines spécialisées et surtout d'améliorer …

“Fireside Talk: Cheating in games” Marc-André Bélanger · Regular talk (50 minutes) · English

This fireside talk will propose an open discussion from both an offensive and defensive perspective on the topic of Game Cheating. When i joined back the Entertainment industry from the Financial one, i found there's alot of similarities in both the motivation and techniques used.

Marc-André Bélang…

“How Crypto Gets Broken (by you)” Ben Gardiner · Workshop (4 hours) · English

This is an introduction to crypto: building blocks, protocols and attacks on them. We cover: encoding vs encryption, hashes, ‘classic’ crypto, stream ciphers, block ciphers, symmetric crypto, asymmetric crypto, has attacks, classic crypto attacks, stream cipher attack, block cipher attack models, E…

“Prévention et détection de fraude en Télécom” Véronique Meunier · Regular talk (50 minutes) · French

Prévention et détection de fraude en Télécommunications: un monde qui se rapproche de plus en plus des crimes informatiques.
Aperçu général de la problématique, des types de fraude et de l'impact de la fraude en télécommunications.
Qu'est-ce que la fraude en télécommunications.
Quelles sont les ar…

“Lightspeed SQL Injections” Ruben Ventura · Regular talk (50 minutes) · English

This presentation will focus on private and new optimized SQL injection exploitation methods.

New private tools that exploit Blind SQL Injection vulnerabilities will be released. These ones are much more faster than the existing free and commercial tools
out there because the private ones use moder…

“You Shared What? Seriously?!” Don Mallory · Regular talk (50 minutes) · English

This is that conversation which needs to happen between a parent and their teenage child about the challenges of growing up in an increasingly connected world. We will discuss many privacy and security related decisions and experiences, and the differing perspectives on each. The reality is we don’…

“Trust, but Verify: Maintaining Democracy In Spite” Allie Mellen · Regular talk (50 minutes) · English

In this session, we’ll discuss how Russia has influenced worldwide elections using cyberwarfare and how countries have fought back. We’ll understand the natural asymmetry between how countries are able to respond, and how they have changed their approach since 2016.

“Advanced fuzzing workshop” Antonio Morales · Workshop (2 hours) · English

In this workshop, I will cover some advanced fuzzing techniques and tricks for finding bugs in real modern software. I will show you how to improve your fuzzing workflow, using a methodology that can be easily applied to your software projects.

The workshop has a practical orientation so that atten…

“Fantastic Cloud Shadow Admins and where to find” Asaf Hecht · Regular talk (50 minutes) · English

Cloud adoption is on the rise and so is the risk of having Shadow Admins. In this session, we will explore Azure’s IAM and the dark permissions and roles, where Cloud Shadow Admins hide. We will demonstrate how an attacker can escalate privileges using those unintended admin users and how you can d…

“Workshop on Radio Frequency Signals Security” Harshit Agrawal · Workshop (2 hours) · English

The session will introduce audiences to the world of RF analysis, As we introduce each new attack, we will draw parallels to similar wired exploits, and highlight attack primitives that are unique to RF. During the session, we'll walk through wireless sniffing, spoofing, cloning, replay, and DoS a…

“XFS: The Protocol behind ATM Jackpotting” Alexandre Beaulieu · Regular talk (50 minutes) · English

10 years ago, Barnaby Jack famously showed the world that ATMs could be jackpotted. Has the ATM security landscape changed since? Is this type of attack still possible? How difficult is it really to perform? As it turns out, all that is required in 2020 to successfully jackpot an ATM is intermediat…

“Peek-a-Boo: A Game with Threat Actors&Researchers” Shyam Sundar Ramaswami · Regular talk (50 minutes) · English

Threat actors have always played the game of emotions. Fear is the emotion they are using right now to lure users to click on an email or manipulate them to install an application. In the last four months, cyber criminals have used fear as their main weapon to compromise users by using pandemic-rel…

“All Software is Open Source: An Introduction to RE” Dmitriy Beryoza · Regular talk (50 minutes) · English

Commercial software is full of dark secrets - embedded keys and passwords, hidden backdoors, security vulnerabilities... But with companies guarding proprietary source code, is there any hope of discovering and rectifying them?

Enter Reverse Engineering. With its powerful tools and techniques, you…

“Template Injection in Action” Philippe Arteau · Workshop (2 hours) · English

Template engines are libraries mainly used to design views for web applications. Their use helps simplify common design tasks for developers. However, their use may introduce new risks when they are used in an improper way. Template injection is a vulnerability class that has emerged in 2016. The e…

“Talos: Threats and Dual-Use Tools in the Landscape” William Largent · Regular talk (50 minutes) · English

Cisco's Talos team specializes in early-warning intelligence and threat analysis necessary for defending networks against the ever-changing threat landscape. In this talk we will cover how our team is built, look at some interesting threats and exploits -- take a look at the methods and techniques …

“Making a High Performing Pentest Team From Scratch” Darren Chin · Regular talk (50 minutes) · English

Starting with a single highly motivated co-op intern, Darren has spent the past number of years forming and developing the Cyber Security team for CDW’s Risk Advisory Services practice. He is passionate about Security and making the world a safer place, as well as, for those that he has had the pri…

“Chatty documents: OSINT data from document mapping” Enrico Branca · Speed Talk (20 minutes) · English

How difficult it is to acquire actionable intelligence if no active technique could be used? Our preliminary research aimed at finding relevant elements in the supply network of an entity, resulted in the discovery of hundreds of weak links and dozens of possible entry point. We found our technique…

“De la cybervictimisation à la résilience : 12 clés” Michaël Giguère · Regular talk (50 minutes) · French

À 13 ans et alors qu'il vivait les premiers instants du World Wide Web mainstream québécois, Michaël G. a été la cible de cyberprédateurs. Son parcours, de la cybervictimisation à la résilience, en passant par le système de justice, l’initiera à ce qui deviendra plus tard son nouveau domaine profes…

“Demystifying Zero Trust Architecture” Jamie Sanbower · Regular talk (50 minutes) · English

The buzz is there… Zero Trust, Gartner’s CARTA, Forrester’s Zero Trust Extended, Vendor X’s magical zero trust unicorn, etc; but what does any of this really mean to the security practitioner? In this session, I will provide clarity to all this noise, and discuss how a pure Zero Trust model was alw…

“Urban Exploration - A COVID-Friendly Hacker Hobby” Johnny Xmas · Speed Talk (20 minutes) · English

With North America famously leading the way in industrial production and technological innovation in its extremely short modern life, it has blasted full-force through many huge economic eras, leaving swaths of forgotten times in its wake. From the Cotton Belt to the Rustbelt, there is an ocean of …

“Red Team Results to Tangible Risk Management” Rohan Shanbhag · Speed Talk (20 minutes) · English

As much as red teams love to believe that every vulnerability they uncover poses an immediate and urgent high risk – it is often not the case. Furthermore, it is seen that red teams are great at providing technical solutions, but often also fail to consider the size, scale, and scope of their targe…

“Sécurisation des systèmes de vote électronique” Nicholas Milot, Jean-Philippe Racine · Regular talk (50 minutes) · French

Dans le contexte de la COVID-19, les gouvernements, les partis politiques, les entreprises privées et les OSBL désirent mettre en place le vote électronique rapidement. Inévitablement, des erreurs ont été commises où le seront bientôt... et les pirates n'attendent que ça!

En parallèle, que ce soit …

“L'Insécurité de l'Internet des objets” Denys Desfosses, Rémikya Hellal, Martin Samson · Regular talk (50 minutes) · French

Cette présentation débute avec une introduction de notre entreprise La Société-conseil Lambda suivie d’une brève définition de l’Internet des objets et des différents composants d’un objet connecté avant de rentrer dans le vif du sujet : L’Insécurité de l’Internet des objets. Nous soulèverons les p…

“Podcast - La French Connection - LIVE” Patrick · Workshop (2 hours) · French

Joignez-vous à nous pour cette tradition annuel du Podcast en direct lors de la 2e soirée du Hackfest!
Opinions, actualités, poutine et assurément quelques dérapages seront au rendez-vous pour discuter de tout ce qui entour la sécurité de l'information!

“Hackfest Ouverture” Patrick · Speed Talk (20 minutes) · French

Ouverture du Hackfest 2020

Après plusieurs mois à analyser la situation du Covid-19 au Québec, nous sommes heureux d’annoncer que le Hackfest 2020 sera officiellement en mode virtuel/remote/Covid-19 et que nous avons adaptés nos offres de partenariat en conséquence!

“Hackfest Opening” Patrick · Speed Talk (20 minutes) · English

Hackfest 2020 Opening

After several months of analyzing the Covid-19 situation in Quebec, we are happy to announce that Hackfest 2020 will officially be in virtual / remote / Covid-19 mode and that we have adapted our partnership offers accordingly!

“Conférence sur les perspectives d'emploi en cybersécurité” Steve Waterhouse · Speed Talk (20 minutes) · French

Lors de cette conférence, nous discuterons des perspectives d'emploi en sécurité de l'information et nous aborderons les profils de RSI, OSSI, CISO et les chemins pour s'y rendre. Il y a de longs chemins, de courts chemins ainsi nous verrons comment nous pouvons nous y prendre pour y arriver?

“The Spoon Problem with: Life, Hacking & InfoSec” Jayson E. Street · Regular talk (50 minutes) · English

It's the start of a new decade (please no arguing about that let's just say it is.) The best way to start it off right is with a delightful educational rant. One of the most asked questions I receive is, "How do I become a Hacker?" I've been asked this so many times I literally created a webpage, i…

“CTF Ceremony” Franck - CTF Lead · Regular talk (50 minutes) · French

CTFs Winners will be announced
Les gagnants CTFs seront annoncés