HF 2021 - Call for Papers

“De la fiction à la réalité, retours d’expériences d’une équipe de réponses aux incidents” Bruno PHILIPPE, Jordan MICHALLET · Regular talk (50 minutes) · French

Retours d'expériences réelles d'une équipe de réponse à incident confrontée, au quotidien, à des incidents de sécurités et cela dans plusieurs compagnies. Nous évoquerons principalement les cas des attaques par rançongiciel, leur méthode, les impacts, etc.

“Threat modeling: Field guide to staying ahead of the bad guys” sdussault · Regular talk (50 minutes) · English

Whether you are a builder or a defender, keeping your applications secure grows increasingly hard as they increase in number and complexity, especially without a proper game plan. This talk aims to explore a solution in Threat Modeling, a process that enables developers and security professionals …

“House of Heap Exploitation” Maxwell Dulin, ging3r · 3h or 4h workshop (4 hours) · English

Heap exploitation is an incredibly powerful tool for a hacker. As exploit mitigations have made exploitation more difficult, modern exploit development has moved to the heap. However, heap exploitation is a subject that has evaded many people for years for one reason: they focus on the techniques i…

“World War Three: Battle of the Bots” inversecos · Regular talk (50 minutes) · English

Botnets and DDoS, these words are never too far apart. However, DDoS is just the tip of the iceberg for what botnets are actually used for in the cybercrime community. Money talks - and botnets are the supply side of cybercrime that drive multiple different campaigns like phishing, exploit kit deli…

“Metasploit 101” Amiran Alavidze, Dan Reimer · 3h or 4h workshop (4 hours) · English

Want to learn the world’s most popular penetration testing framework but never had the time? This intensive workshop is your chance to get up to speed with Metasploit and go from zero to hero in 4 hours!

Please carefully check the prerequisites below!!!

“Crypto 101: How Crypto Gets Broken (by you)” Ben Gardiner · 3h or 4h workshop (4 hours) · English

This is an introduction to crypto: building blocks, protocols and attacks on them. We cover: encoding vs encryption, hashes, ‘classic’ crypto, stream ciphers, block ciphers, symmetric crypto, asymmetric crypto, has attacks, classic crypto attacks, stream cipher attack, block cipher attack models, E…

“Request Smuggling Workshop” Philippe Arteau · 2h Workshop (2 hours) · English

Load balancers and proxies, such as HAProxy, Varnish, Squid and Nginx, play a crucial role in website performance, and they all have different HTTP protocol parser implementation. HTTP Request Smuggling (HRS) is an attack abusing inconsistencies between the interpretation of requests’ ending by HTT…

“1-click to infiltrate your org via vulnerable VS Code extensions” Raul Onitza-Klugman, Kirill Efimov · Regular talk (50 minutes) · English

Attackers have looked all around for means to compromise organizations through developers: malicious 3rd party packages, leaked credentials, unpatched vulnerabilities, and more. But the place that has become the new threat laid under their nose: the IDE.

“I'm Not A Doctor, I Just Play One On HTTP: Vulnerabilities in HL7 FHIR” Zachary Minneker · Regular talk (50 minutes) · English

In a modern hospital, protocols are required to allow different departments to communicate to each other. HL7's FHIR is the next generation of the most widely used of these protocols. This talk is about the form of the protocol, vulnerabilities and CVEs discovered during research into the protoco…

“L'importance d'un cadre de conformité en PME” Steve Lavoie · Regular talk (50 minutes) · French

Les cadres normatifs peuvent faire peur aux gestionnaires de PME qui y voient surtout d'importantes dépenses pour la mise en place. De plus, en PME, les techniciens sont souvent des généralistes sans formation spécifique en cybersécurité. L'utilisation d'un cadre de normatif permet de se remettre …

“Décrocher son stage ou sa première expérience en TI” Karolynn · Regular talk (50 minutes) · French

Après avoir accompagnée plusieurs personnes dans la recherche de leur première expérience ou stage, j'ai constaté que souvent, les ''entry level'' ne savent pas forcément quelle est la marche à suivre et surtout, qui sont les donneurs de stages.

“Développer une culture de la sécurité de l'information” Steve Waterhouse · Regular talk (50 minutes) · French

Est-il réaliste que les entreprise de toutes tailles sauront s'adapter et appliquer une gestion plus saine de l'informaiton avant la mise en oeuvre de la loi 64 ? Il reste moins de 2 ans....

“Hacking with Physics” Hrishikesh Somchatwar · Regular talk (50 minutes) · English

It is undeniable that sensors are the backbone for any IoT, smart devices or Industrial Control Systems and have been playing an important role in the technology world. They play a major role in taking inputs from the surrounding and giving output to the respective systems.
But what if these sensor…

“Ready...Set...Secure all the COVID vaccines!” Daniel Bardenstein · Regular talk (50 minutes) · English

This talk will provide an inside peak from the U.S.' efforts to secure the research, development, and distribution of the COVID-19 vaccines, including the tools & methodologies used to rapidly secure the end-to-end vaccine creation, as well as the current state of security of the vaccine supply…

“Ransomware Hunt and Incident Response” Mehtap Erdogan · Regular talk (50 minutes) · English

Ransomware attacks are sudden and one click away. For this reason, we should assume that ransomware attack will occur and be prepared for handling ransomware incident.

“Réseaux sociaux et vie privée: Les dangers et les bonnes pratiques à adopter” Julien Teste-Harnois · Speed talk (20 minutes) · French

Aujourd'hui, les réseaux sociaux font partie intégrante de notre vie quotidienne. Nous y partageons des moments de notre vie, des photos, des opinions et des informations personnelles. Mais savons-nous vraiment comment protéger notre vie privée sur ces plateformes ? Sommes-nous conscients des risqu…

“The Great Hotel Hack: Adventures in attacking hospitality industry” Etizaz Mohsin · Speed talk (20 minutes) · English

Ever wondered your presence exposed to an unknown entity even when you are promised for full security and discretion in a hotel? Well, it would be scary to know that the hospitality industry is a prime board nowadays for cyber threats as hotels offer many opportunities for hackers and other cybercr…

“How to Eat an Elephant – Security analytics and navigating organizational and technical complexity” Tim Allsopp · Regular talk (50 minutes) · English

In this talk, Tim Allsopp from TELUS will present his approach to the analytics and making the most of your organization's haystack of security control data via the TELUS Security Ecosystem Report. And with it, his view of how analytics can help the front-line practitioner inform and refine cyberse…

“The Legacy of Windows Enterprise Authentication: Are you safe from the "Man In The Middle"?” Tarl Bitz · Regular talk (50 minutes) · English

In this talk we will go through a common approach used in assessing Windows based enterprise implementations. It will describe the common security misconfigurations that adversaries positioned on the internal network can exploit to compromise authentication credentials and enumerate hosts within th…

“Defenders Guide to the Container Ecosystem” Joshua · 2h Workshop (2 hours) · English

Docker is one of the trending technologies that rules the IT ecosystem.
Many companies have started to adapt the usage of docker in their companies. While Docker offers a high level of scalability and portability, security can fall into the sidelines.Like many other technologies, it is not safe b…

“Signed, Sealed, Delivered: Abusing Trust in Software Supply Chain Attacks” Cheryl Biswas · Regular talk (50 minutes) · English

As Marc Andreesen so aptly noted “Software is eating the world”. Our technology-driven world increasingly relies on third party code, open source libraries and shared repositories. We don’t fully appreciate just how interconnected we are, and how that translates into software code dependencies. It …

“Le grand saut en Cybersécurité” Danny Boivin · Speed talk (20 minutes) · French

Comment faire le grand saut vers le domaine de la sécurité ? Les parcours possibles, les formations, les certifications, comment s’entrainer, mais surtout comment y avoir le Mindset pour ensuite survivre dans le domaine ? C’est ce que je vais traiter en parlant de mon parcours personnel et faisant …

“Security Tools 101: Tools of the Trade” Josh Galvez · Regular talk (50 minutes) · English

An introduction to 100 (more or less ^_- ) useful security related tools in 50 minutes. It will be quick, but just enough for you to say: "Oh, that's cool!"

“SQL Injection Is Still Alive: From a Mall's Interactive Terminal to AWS WAF Bypass” Marc Olivier Bergeron · Speed talk (20 minutes) · English

This presentation will dive into multiple SQL injections faced in the field and showcase spicy SQL injections that go from exploiting interactive display terminals of a mall center to AWS WAF bypass using a scientific notation parser bug in MySQL. In addition, we will be sharing techniques to help …

“The OKRs to driving growth, innovation and engagement” Darren Chin · Regular talk (50 minutes) · English

How are CDW Canada, Google and Intel accelerating growth, driving innovation, increasing coworker engagement, and fostering coordination? They are all using OKRs (Objective Key Results); a simple yet effective approach to achieve operating excellence.

Join Darren as he shares how OKRs are driving g…

“Table ronde sur l'éducation en matière de sécurité de l'information et vie privée” Serge Tremblay, Steve Waterhouse, Gabrielle Joni Verreault, Julie April, Luc Lefebvre · Regular talk (50 minutes) · French

Divers intervenants discuteront de ce que devrait avoir l'air l'éducation du numérique, en termes de sécurité informatique, vie privée et autres sujets reliés. L'idée provient de récentes mention de changements à faire dans le cours d'ÉCR et un intérêt pour enseigner la culture du numérique.

“Podcast - La French Connection LIVE (French)” L'équipe de La French Connection, Vanessa Henri, Steve Waterhouse, Guillaume Morissette, Patrick, Richer Dinelle, Jacques Sauvé, Damien Bancal · 3h or 4h workshop (4 hours) · French

Venez participer en direct avec l'équipe de La French Connection à une petite rétrospective de l'année. Le tout accompagné de nouvelles, discussions et d'opinions... dans un format UNIQUE... en vidéo!

“CTF Ceremony 2021” Hackfest CTF Team · Regular talk (50 minutes) · French

Discussion is in French, but slides will be in English! Prizes and summary of the CTFs (Casual, Beginner and Casual) will be discussed. The team will be presented along with the challenges.