{"schedule": {"version": "0.7", "base_url": "https://cfp.hackfest.ca/hf2022/schedule/", "conference": {"acronym": "hf2022", "title": "HF 2022 - Call for Papers", "start": "2022-10-29", "end": "2022-10-30", "daysCount": 2, "timeslot_duration": "00:05", "days": [{"index": 1, "date": "2022-10-29", "day_start": "2022-10-29T04:00:00-04:00", "day_end": "2022-10-30T03:59:00-04:00", "rooms": {"Track 1": [{"id": 119, "guid": "3f81bbfd-7803-518a-b891-f96219049b26", "logo": "", "date": "2022-10-29T09:00:00-04:00", "start": "09:00", "duration": "00:50", "room": "Track 1", "slug": "E8QHL7", "url": "https://cfp.hackfest.ca/hf2022/talk/E8QHL7/", "title": "Avoir les bleus dans un monde rouge", "subtitle": "", "track": "Defensive", "type": "Regular talk", "language": "fr", "abstract": "En premi\u00e8re partie, une discussion sur la n\u00e9cessit\u00e9 d'avoir des joueurs dans le Blue Team ; ensuite, quelques conseils de carri\u00e8re \u00e0 partager, des le\u00e7ons apprises au fil du temps.", "description": "**Chapitre 1**: Tout le monde veut \u00eatre un \u201chacker\u201d, faire des pentests, faire partie du Red Team. Mais il faut bien qu\u2019il y aient des joueurs du c\u00f4t\u00e9 du Blue Team aussi, sinon\u2026les cyber-m\u00e9chants vont gagner ! On explore le travail, les d\u00e9fis, les connaissances et les comp\u00e9tences requises pour jouer dans cette \u00e9quipe.\r\n\r\n**Chapitre 2**: Ici, je vous fais part de quelques conseils, trucs et astuces pour avancer votre carri\u00e8re (peu importe dans quelle \u00e9quipe vous voulez jouer !) Les gens qui commencent en cybers\u00e9curit\u00e9 se posent souvent la question \"Que dois-je faire pour avancer ma carri\u00e8re\" - je vous partage donc mes exp\u00e9riences et le\u00e7ons.", "recording_license": "", "do_not_record": false, "persons": [{"id": 213, "code": "BWSKXG", "public_name": "Jacques Sauve", "biography": "Jacques est un v\u00e9t\u00e9ran de 30 ans des technologies de l\u2019information. Il a \u00e9t\u00e9 chef d\u2019entreprise pendant 24 ans, \u00e0 la t\u00eate d\u2019une firme de consultation qui se sp\u00e9cialisait dans la gamme de produits Novell. Son \u00e9quipe et lui ont desservit des clients \u00e0 travers l\u2019Am\u00e9rique du nord, allant de la tr\u00e8s petite PME jusqu\u2019\u00e0 la grande entreprise. Il a travaill\u00e9 avec des syst\u00e8mes d\u2019exploitation NetWare, Linux, Windows, des solutions de courriel, de collaboration, de gestion d\u2019identit\u00e9s, de s\u00e9curit\u00e9, et autres services d\u2019infrastructure r\u00e9seau. Maintenant, apr\u00e8s une absence de 6 ans du Qu\u00e9bec, ayant v\u00e9cu et travaill\u00e9 en Alberta et en Irlande, Jacques s\u2019est install\u00e9 en Estrie et se concentre maintenant sur la cybers\u00e9curit\u00e9 pour les PMEs, voulant aider celles-ci \u00e0 mitiger le risque d\u2019une cyberattaque.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 158, "guid": "4670def9-dc34-5fd3-a949-0ef6614253e7", "logo": "", "date": "2022-10-29T10:00:00-04:00", "start": "10:00", "duration": "00:50", "room": "Track 1", "slug": "YEHZY3", "url": "https://cfp.hackfest.ca/hf2022/talk/YEHZY3/", "title": "Purple Teaming - From Silos to Heroes", "subtitle": "", "track": "Offensive", "type": "Regular talk", "language": "en", "abstract": "Red always wins\u2026 when we work in silos! In this talk, we\u2019ll share our journey through the evolution of internal Purple Team exercises, from the typical project-based approach to a continuous synergy with several teams. Taking inspiration from OODA loop, SOC operations and publicly available tools (Mitre ATT&CK, Vectr, git), we\u2019ll share stories and, we hope, some words of wisdom.", "description": "Lorem ipsum dolor sit amet, consectetur adipiscing elit. In eget diam accumsan nunc hendrerit mattis. Sed sodales non orci nec tempus. Pellentesque blandit vitae purus eget pulvinar. Aliquam erat volutpat. Cras aliquam cursus arcu et tincidunt. Suspendisse in convallis odio. Curabitur sit amet libero sed dui maximus maximus vitae ut ligula. Nulla ornare orci justo. Phasellus vitae fringilla nisi. Maecenas dignissim diam non imperdiet egestas. Sed arcu justo, laoreet id tristique sit amet nullam.", "recording_license": "", "do_not_record": false, "persons": [{"id": 220, "code": "Z3NVK7", "public_name": "Martin Dub\u00e9", "biography": "Martin spends his day meeting in the day and in his basement in the evening. Passionate about the field of Hacking for 15 years, he has an interest in technical challenges, in particular malware development, evasion of defense controls and process automation. He was involved as a Challenge Designer in the CTF of Hackfest for 7 years and NorthSec for 1 year. Currently, Martin leads a large Ethical Hacker department where he strives to innovate every day so that offensive security talents are better used today.", "answers": []}, {"id": 250, "code": "LMNG39", "public_name": "Dany Lafreni\u00e8re", "biography": "Dany spends his working days and some \u2026 learning and thinking about IT security and ways to improve every aspect of its day-to-day operations and how it can evolve to match the rapidly changing environment. From 20 years plus experience in the field of IT, including the last 9 in security defense, he was in the front seat, about 8 years ago, when Sec IT got mainstream as threats got real, real fast. Currently, Dany, with a dedicated and passionate group of people, is SOC Manager where he aims to provide the means for his team to meet today\u2019s and tomorrow\u2019s challenges.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 136, "guid": "d698e562-bed9-50f7-bf41-96957c1da454", "logo": "", "date": "2022-10-29T11:00:00-04:00", "start": "11:00", "duration": "00:50", "room": "Track 1", "slug": "NJPK8G", "url": "https://cfp.hackfest.ca/hf2022/talk/NJPK8G/", "title": "Savoir n\u00e9gocier et se vendre", "subtitle": "", "track": "Research", "type": "Regular talk", "language": "fr", "abstract": "Karolynn Boulet, alias Kar0BF la recruteure du Serveur vous donne des trucs et astuces sur l'art de la n\u00e9gociation et comment bien se vendre\r\n\r\nLes sujets \u00e9labor\u00e9s seront : \r\n- Comment bien se vendre\r\n- La n\u00e9gociation pr\u00e9embauche\r\n- La n\u00e9gociation annuelle\r\n- D\u00e9terminer sa valeur sur le march\u00e9", "description": "Introduction (Qui suis-je et o\u00f9 on peut me trouver) 5 min\r\n\r\n- D\u00e9terminer sa valeur sur le march\u00e9 (10 min)\r\nComment s'y prend-on pour d\u00e9terminer sa valeur ? \r\nVers quelles sources peut-on se tourner pour avoir une id\u00e9e g\u00e9n\u00e9rale ?\r\nTout prix vient avec des choix et parfois, des sacrifices. Lesquels serez-vous pr\u00eats \u00e0 faire ?\r\n\r\n- Comment bien se vendre (10 min): \r\nson expertise (nich\u00e9e, g\u00e9n\u00e9rique)\r\nses connaissances (du domaine, du produit, de la technologie)\r\nSans oublier, sa personnalit\u00e9 (Des qualit\u00e9s, \u00e7a se vend, mais de la bonne fa\u00e7on!)\r\n\r\n- La n\u00e9gociation pr\u00e9embauche (10 min):\r\n\u00c9tablir la liste de nos requis non n\u00e9gociable. \r\nSoulever les points sur lesquels vous \u00eates ouvert \u00e0 la n\u00e9gociation\r\nDes clauses, on peut en ajouter ? \r\n\r\n- La n\u00e9gociation annuelle (10 min)\r\nBilan de votre apport aux projets/performances de l'\u00e9quipe et/ou entreprise\r\nFaites-vous une \u00e9valuation avant qu'on vous \u00e9value\r\nOn ne donne pas d'ultimatum, mais on n'\u00e9duque personne \u00e0 nous sous-payer\r\n\r\nP\u00e9riode de questions (5 min)", "recording_license": "", "do_not_record": false, "persons": [{"id": 229, "code": "DW3DHZ", "public_name": "Karolynn Boulet", "biography": "Salut moi c'est Karolynn, mais Karo c'est bien OK, m\u00eame si on ne se connait pas encore! \r\n\r\nJ'ai d\u00e9but\u00e9 ma carri\u00e8re en recrutement il y a 4 ans. R\u00e9cemment, j'ai fait le grand saut : J'ai troqu\u00e9 ma stabilit\u00e9 d'emploi pour nourrir mon r\u00eave d'entrepreneurial et j'ai donc fond\u00e9 ma propre agence de recrutement en Technologies de l'information.\r\n\r\nExtravertie, optimiste et fonceuse. D\u00e9j\u00e0 ces trois mots me d\u00e9crivent tr\u00e8s bien. J'ajouterais \u00e0 cela, curiosit\u00e9, \u00e9coute et organisation. J'aime en apprendre sur les gens, \u00e9changer et partager des connaissances. \r\n\r\nCe qui me pla\u00eet le plus dans ma carri\u00e8re en recrutement TI, c'est le c\u00f4t\u00e9 o\u00f9 tout est toujours en constante \u00e9volution. Chaque jour, quelque chose de nouveau apparait et ce sont de nouvelles connaissances. Mon esprit a besoin d'\u00eatre nourri de d\u00e9fis, de nouveaut\u00e9s et de diversit\u00e9. \r\n\r\nJe m'int\u00e9resse aux gens. \u00c0 leurs histoires, leurs parcours et ce qui fait qu'ils sont des personnes uniques. \r\nLa communication a toujours \u00e9t\u00e9 ma pr\u00e9cieuse alli\u00e9e et j'aspire \u00e0 toujours la solliciter!", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 124, "guid": "c2be4a8b-9de5-5720-bf83-a9f3e29522c9", "logo": "", "date": "2022-10-29T13:30:00-04:00", "start": "13:30", "duration": "00:50", "room": "Track 1", "slug": "9ZBHBD", "url": "https://cfp.hackfest.ca/hf2022/talk/9ZBHBD/", "title": "Pourquoi et comment financer une startup en cybers\u00e9curit\u00e9 via le capital de risque.", "subtitle": "", "track": "Threat Intelligence / OSINT", "type": "Regular talk", "language": "fr", "abstract": "L'industrie d\u00e9borde d'histoires de startup de cybers\u00e9curit\u00e9 s'\u00e9tant appuy\u00e9es sur le capital de risque pour financer leur croissance. Malheureusement, peu de ces histoires ont eu lieu au Qu\u00e9bec, ce qui a pour effet de limiter les ressources et l'aide disponible localement pour s'y lancer. Cette conf\u00e9rence vise \u00e0 d\u00e9mystifier ce monde et \u00e0 fournir une base \u00e0 tout expert local voulant se lancer \u00e0 l'aventure.", "description": "Au cours de cette conf\u00e9rence ax\u00e9e vers la communaut\u00e9 locale, nous plongerons tout d'abord dans un cours acc\u00e9l\u00e9r\u00e9 sur les fonds d'investissements, tant pour les cat\u00e9goriser qu'expliquer leur raison d\u2019\u00eatre, leur fonctionnement ainsi que leur structure interne. Nous aborderons ensuite la r\u00e9alit\u00e9 op\u00e9rationnelle d'une compagnie financ\u00e9e par le capital de risque et tenterons de toucher \u00e0 plusieurs sujets sensibles ou m\u00e9connus tel que les concepts de contr\u00f4le de l'entreprise, de partage des parts, des obligations envers les investisseurs et de la valorisation de celle-ci. Finalement, nous terminerons avec une portion sur la cr\u00e9ation d'une nouvelle entreprise de cybers\u00e9curit\u00e9 et des diff\u00e9rents \u00e9l\u00e9ments obligatoires pour obtenir un potentiel de financement ainsi que de comment d\u00e9marcher les investisseurs dans notre domaine.", "recording_license": "", "do_not_record": false, "persons": [{"id": 219, "code": "9UCSL9", "public_name": "Gabriel Tremblay", "biography": "Ancien expert en s\u00e9curit\u00e9 offensive, Gabriel est le co-fondateur de l'\u00e9v\u00e9nement NorthSec qu'il \u00e0 pr\u00e9sid\u00e9 pendant plus de 7 ann\u00e9es ainsi que le co-fondateur et ex-CEO de Delve Labs, une startup montr\u00e9alaise appliquant l'intelligence artificielle \u00e0 la d\u00e9tection de vuln\u00e9rabilit\u00e9s et l\u2019analyse comportementale des r\u00e9seaux informatiques vendue en septembre 2020 \u00e0 la compagnie am\u00e9ricaine Secureworks. Il occupe maintenant un poste de direction au sein de cette entreprise et continue de supporter l'innovation et l\u2019entrepreneuriat local par le biais de pr\u00e9sentations et d'interventions cibl\u00e9es dans le milieu en plus d'offrir de l'accompagnement \u00e0 certaines startup locales.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 134, "guid": "efc4ce08-3d4b-5875-8d0a-03966223a0ad", "logo": "", "date": "2022-10-29T14:30:00-04:00", "start": "14:30", "duration": "00:50", "room": "Track 1", "slug": "HUAZFN", "url": "https://cfp.hackfest.ca/hf2022/talk/HUAZFN/", "title": "Office Under Siege: Understanding, Discovering, and Preventing Attacks Against M365", "subtitle": "", "track": "Defensive", "type": "Regular talk", "language": "en", "abstract": "Microsoft 365 is one of the most useful tools in the enterprise today, but to attackers it's both the popular initial access point and the treasure trove of information. Let's discuss the most popular attack methods, ways of detecting them, and the strategies and tools available to defend the M365 environment.", "description": "Microsoft 365 (AKA Office 365) has enjoyed an explosive popularity in recent years, fueled by many factors, including cloud migration, proliferation of remote work, and COVID-19 lockdowns. More and more of companies' important communications and resources now reside in this ecosystem, and naturally the attackers are training their sights on it with growing frequency.\r\n\r\nIn this presentation we will start with an introduction of M365 and AAD environments, and describe the most popular attack methods that hackers employ when exploiting them. We will then continue with discussion of facilities available to enterprises to help identify and investigate malicious activity, and wrap up about strategies for preventing and responding to attacks.", "recording_license": "", "do_not_record": false, "persons": [{"id": 11, "code": "CKSUDS", "public_name": "Dmitriy Beryoza", "biography": "Dmitriy Beryoza is a Senior Security Researcher with Vectra AI, working on threat detection in the cloud and on-prem networks. Before that he was a penetration tester and secure software development advocate at IBM. He has been a software developer for many years, before switching to security full-time. Dmitriy holds a Ph.D. in Computer Science, and OSCP, CISSP, CCSP and CEH certifications. His interests include reverse engineering, secure software development, and CTF competitions.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 123, "guid": "e9048ce4-65c5-532a-9b17-2be1ef38aff9", "logo": "", "date": "2022-10-29T15:30:00-04:00", "start": "15:30", "duration": "00:20", "room": "Track 1", "slug": "3TUPKU", "url": "https://cfp.hackfest.ca/hf2022/talk/3TUPKU/", "title": "La SeQCulture du Service: Comment j\u2019ai appris \u00e0 ne plus m\u2019en faire et aimer les produits.", "subtitle": "", "track": "Research", "type": "Speed Talk", "language": "fr", "abstract": "Dans notre quotidien, en tant qu\u2019experts en infosec, nous utilisons tous divers produits de cybers\u00e9curit\u00e9 (FW, SIEM, EDR, XDR, TI, VM, NGAV, SASE, CASB, CSPM, SOAR, BBQ, WTF) parfois par dizaine afin de prot\u00e9ger nos entreprises et clients. Pourtant, lorsque nous pensons \u00e0 notre carri\u00e8re, le r\u00e9flexe de beaucoup d\u2019entre nous est de nous projeter comme pentester, reverser, architectes, analystes et autres fonctions de service dans des compagnies prestigieuses. Alors que d\u2019autres pays utilisent leur(s) talent(s) afin de construire les produits de demain qui leur permettent de dominer le march\u00e9 de la cybers\u00e9curit\u00e9 et de d\u00e9cider de la direction du changement, nous (au Qu\u00e9bec) tardons \u00e0 prendre ces initiatives et \u00e0 faire partie de cette sc\u00e8ne internationale\u2026\r\n\r\nMais qu\u2019est-ce qu\u2019un produit? Comment sont-ils cr\u00e9\u00e9s? Comment pourrait-on se r\u00e9approprier ce talent localement et changer notre perspective centr\u00e9e sur le service?\r\n\r\nDans cette pr\u00e9sentation (non-technique) nous aborderons ces sujets afin de d\u00e9mystifier comment les produits d\u2019infosec sont g\u00e9n\u00e9ralement construits, ce qu\u2019est la gestion de produit (product management), qu\u2019est-ce qui fait qu\u2019un produit est bon ou mauvais, et comment comment adopter une vision de r\u00e9solution de probl\u00e8mes pour changer votre perspective sur les solutions \u00e0 vos d\u00e9fis d\u2019infosec.", "description": "Voici le plan global de pr\u00e9sentation, sujet \u00e0 de l\u00e9ger changements entre maintenant et l\u2019\u00e9v\u00e9nement:\r\n\r\n- Intro / Bio\r\n\r\n- Quelques m\u00e9triques comparatives. (Deux pays, deux r\u00e9alit\u00e9s)\r\n\r\n- On s\u2019en torche-tu ? (Pourquoi du produit)\r\n\r\n- C\u2019est quoi un produit anyways ? (Comment ne pas se m\u00e9langer)\r\n\r\n- Chercher le trouble. (Mod\u00e8le d'identification de produit)\r\n\r\n- Exercice en gang. (Exercice appliqu\u00e9 avec la foule, identifions des segments, des probl\u00e8mes et trouvons des solutions)\r\n\r\n- Mot de la fin / key takeaways.", "recording_license": "", "do_not_record": false, "persons": [{"id": 216, "code": "98KDYJ", "public_name": "Pierre-David Oriol", "biography": "Pierre-David has more than 15 years of experience in cybersecurity, with a strong technical background in software engineering for security products, payment, smart cards and cryptographic key management systems.\r\n\r\nHe is also known as one of the key original NorthSec members, where he created the infamous Smart Card track for three consecutive years, including some very unique cryptographic challenges. He is also the founder of the conference part of the event and acted as a VP Conference until he assumed the presidency of NorthSec '18 and '19 (yay COVID).\r\n\r\nIn his professional life, after multiple years of working in security architecture, he joined a local security product startup in 2016 named Delve where he led the product efforts, and today continues to work at the intersection of product, vision and cybersecurity, at Secureworks on the Taegis platform.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 126, "guid": "982e727d-c648-59d4-9a0f-8112ec287ea8", "logo": "", "date": "2022-10-29T16:00:00-04:00", "start": "16:00", "duration": "00:20", "room": "Track 1", "slug": "NJEC73", "url": "https://cfp.hackfest.ca/hf2022/talk/NJEC73/", "title": "Comment tirer avantage du MITRE ATT&CK Framework", "subtitle": "", "track": "Defensive", "type": "Speed Talk", "language": "fr", "abstract": "Plusieurs solutions de s\u00e9curit\u00e9 int\u00e8grent petit \u00e0 petit le MITRE ATT&CK Framework afin d\u2019entre autres, classifier les attaques. Quelles pourraient \u00eatre les autres utilit\u00e9s\u2009? Serait-il possible d\u2019am\u00e9liorer la couverture de surveillance, de d\u00e9couvrir certains angles morts, enrichir les renseignements sur certaines menaces\u2009? Lors de cette s\u00e9ance, nous ferons un survol du MITRE ATT&CK Framework et verrons de quelle fa\u00e7on il peut b\u00e9n\u00e9ficier aux diff\u00e9rentes organisations.", "description": "1. Page de garde et pr\u00e9sentation du conf\u00e9rencier (~1 min)\r\n3. Section expliquant les raisons qui ont men\u00e9 \u00e0 la cr\u00e9ation de cette pr\u00e9sentation (sans s'y limiter) (~2 min)\r\n- Enjeu pour les organisations \u00e0 structurer et prioriser leurs d\u00e9tections/alertes\r\n- Vision globale sur la couverture de surveillance parfois difficile\r\n- L'utilisation d'un framework/standard facilite le partage d'information entre les organisations\r\n4. Qu'est-ce que le MITRE ATT&CK Framework (~12 min)\r\n- Historique\r\n- Diff\u00e9rentes matrices (Focus sur celle \"enterprise\")\r\n- Explications concernant les tactiques/techniques/sous-techniques\r\n- Explications concernant les Mitigations/Detections (Survol de certaines d\u00e9tections - source de donn\u00e9es requises afin de d\u00e9montrer concr\u00e8tement la valeur de ces \u00e9l\u00e9ments)\r\n- Exemple de d\u00e9tails disponibles sur certains groupes d'attaquants.\r\n5. Comment certains outils se servant du MITRE ATT&CK Framework (EDR, NDR, SIEM, etc.) (~4 min)\r\n- Identifier des angles morts potentiels \u00e0 l'aide du framework\r\n- Risque et priorit\u00e9 selon les tactiques et techniques utilis\u00e9s ainsi que le positionnement dans les tactiques. (Reconnaissance ou d\u00e9j\u00e0 \u00e0 une \u00e9tape d'impact?)\r\n6. Conclusion (~1 min)", "recording_license": "", "do_not_record": false, "persons": [{"id": 222, "code": "J8B7SF", "public_name": "Jean-Francois Brouillette", "biography": "La carri\u00e8re de Jean-Fran\u00e7ois a d\u00e9but\u00e9 dans la gestion de syst\u00e8mes informatiques il y a un peu plus d\u2019une dizaine d\u2019ann\u00e9es avant de se sp\u00e9cialiser en cybers\u00e9curit\u00e9. Il a pass\u00e9 quelques ann\u00e9es \u00e0 agir \u00e0 titre de consultant (KPMG Egyde) et \u00e0 r\u00e9pondre \u00e0 des situations de crises \u00e0 travers le monde dans des organisations d\u2019envergures lors de cyberattaques. Jean-Fran\u00e7ois s\u2019est ensuite joint \u00e0 l\u2019\u00e9quipe de la Banque Nationale du Canada afin d\u2019appuyer leur \u00e9quipe de cyberd\u00e9fense et aider \u00e0 faire progresser la pratique de r\u00e9ponse aux cyberincidents. Sa motivation a toujours \u00e9t\u00e9 de contribuer, en utilisant ses comp\u00e9tences, \u00e0 pr\u00e9venir les cyberattaques et de compliquer, le plus possible, la vie des cybercriminels.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 161, "guid": "4b9539b2-511a-5a12-9f9c-3e610efd0db4", "logo": "", "date": "2022-10-29T16:30:00-04:00", "start": "16:30", "duration": "00:50", "room": "Track 1", "slug": "VBCDR3", "url": "https://cfp.hackfest.ca/hf2022/talk/VBCDR3/", "title": "Kubernetes Security: Attacking and Defending K8s Clusters", "subtitle": "", "track": "Research", "type": "Regular talk", "language": "en", "abstract": "This presentation aims to talk about different attack scenarios leveraging Kubernetes clusters. We'll dig deeper into an attack scenario using real-world applications to demonstrate different ways attackers and malicious users can use to exploit your cluster and the applications running on it. But first, we\u2019ll give an overview of Kubernetes and its architecture, covering the main components from the Control Plane and the Worker Nodes. Then, we'll use the K8s Threat Matrix, and the MITRE ATT&CK for Containers published this year to discuss the Tactics, Techniques, and Procedures to demonstrate the Recon, Exploitation, and Post-Exploitation phases. After that, we'll provide some best practices for securing your cluster based on the scenarios and the CIS Benchmarks for Kubernetes. We'll show how to use Role-based access control (RBAC) for Access Control, to enable audit logs for security and troubleshooting, and we'll set up some network policies to avoid communication between pods and prevent any lateral movement from attackers.", "description": "\u200bIntroduction to Kubernetes\r\nOutline of K8s Architecture\u200b \r\nControl Plane\r\nKube API Server\r\nKube Controller Manager\r\netcd\r\nKube Scheduler\r\nCloud Controller Manager\r\nWorker Nodes\r\nkubelet\r\nkube-proxy\r\nCRE (Container Runtime Engine)\r\n MITRE ATT&CK \u200b\r\n- K8s Threat Matrix \u200b\r\n- MITRE ATT&CK for Containers \u200b(and K8s)\r\n- K8s ATT&CK Scenario & Flow\u200b\r\nAttacking K8s\u200b\r\n- Recon / Initial Access\u200b\r\n- Exploitation / Execution\r\n- Post-Exploitation / Persistence\u200b\r\nDefending K8s\u200b\r\n- API Server\u200b\r\n- CIS Benchmark\u200b\r\n- Image Scanning\u200b\r\n- Runtime Protection\u200b\r\n- Network Policy\u200b\r\n- Pod Security Policy (PSP)\u200b - Deprecated\r\n- PSP Alternatives\u200b\r\n- Audit Logs", "recording_license": "", "do_not_record": false, "persons": [{"id": 249, "code": "LPQCA7", "public_name": "Magno Logan", "biography": "Magno Logan works as an Information Security Specialist for Trend Micro. He specializes in Cloud, Container, and Application Security Research, Threat Modelling, and DevSecOps. In addition, he has been tapped as a resource speaker for numerous security conferences around the globe.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 139, "guid": "0a0c59b0-69ed-5b63-b831-2285bfb6bc31", "logo": "", "date": "2022-10-29T17:30:00-04:00", "start": "17:30", "duration": "00:20", "room": "Track 1", "slug": "GWWJGZ", "url": "https://cfp.hackfest.ca/hf2022/talk/GWWJGZ/", "title": "Clustering Malware Activity: How We Do Attribution", "subtitle": "", "track": "Threat Intelligence / OSINT", "type": "Speed Talk", "language": "en", "abstract": "Attributing a new campaign or malware to a known group is not an exact science. The skills it requires and the considerations surrounding it aren't given nearly as much importance as the technical aspects of malware analysis in training and discussions. Yet, it is often the part that will garner the most attention from journalists and the general public. Proper attribution can add great value to a report; helping organizations relate new activity to their threat model and providing researchers and law enforcement with the means to link clusters of activity. When done wrong, however, it can undermine the credibility of the field and generate undue alarm. Since researchers base their attribution on available material, incorrect links can lead future efforts astray and create lasting confusion.", "description": "In this presentation, we will first explain how we do attribution using technical artifacts -- such as code similarity and tool reuse --, infrastructure, TTPs, and socio-political factors like victimology. We will use concrete examples from previous research to illustrate how these indicators can be used, or misused, to cluster activity. We will discuss the relative merits and reliability of these indicators along with how they can be combined to arrive at a more accurate conclusion.\r\n\r\nAs we go along, we'll cover the pitfalls associated with each of them, with examples of how we can get it wrong. We'll also bring up other obstacles encountered when doing attribution including the varying definitions of certain groups between various researchers, along with tool sharing and so-called \"umbrella groups\" that encapsulate multiple sub-groups.\r\n\r\nThe presentation will conclude with a discussion of the importance of documenting the reasons and confidence level associated with such claims. We will briefly touch on the larger ethical and social considerations that surround this issue to encourage researchers to be rigorous when attributing threats and evaluating claims from external reporting.", "recording_license": "", "do_not_record": false, "persons": [{"id": 232, "code": "XZTDEB", "public_name": "Alexandre C\u00f4t\u00e9 Cyr", "biography": "Alexandre C\u00f4t\u00e9 Cyr is a malware researcher at ESET in Montreal with a focus on APTs. He also contributes to [WeLiveSecurity](https://www.welivesecurity.com/author/acotecyr/) where he has written about TA410 and Mustang Panda.\r\n\r\nHe completed his Bachelor's degree in computer science at UQAM in 2021. Alexandre has previously presented at [Botconf](https://www.botconf.eu/wp-content/uploads/2022/05/Botconf2022-19-FaouCoteCyr.pdf) and CARO Workshop. He is an active member of Montreal's Infosec community and is involved in mentoring students getting started in the security field. \r\n\r\nHis interests include operating systems fundamentals and writing shell scripts to automate tasks that don't always need to be automated.\r\n\r\n---\r\n\r\nAlexandre C\u00f4t\u00e9 Cyr est chercheur en logiciel malveillant chez ESET \u00e0 Montr\u00e9al o\u00f9 il travaille principalement sur les APTs. Il contribue aussi \u00e0 [WeLiveSecurity](https://www.welivesecurity.com/author/acotecyr/) o\u00f9 il a \u00e9crit \u00e0 propos de TA410 et Mustang Panda.\r\n\r\nAlexandre a termin\u00e9 son baccalaur\u00e9at en informatique \u00e0 l'UQAM en 2021. Il a pr\u00e9c\u00e9demment pr\u00e9sent\u00e9 \u00e0 [Botconf](https://www.botconf.eu/wp-content/uploads/2022/05/Botconf2022-19-FaouCoteCyr.pdf) et CARO. Il est un membre actif de la communaut\u00e9 Infosec de Montr\u00e9al and s'implique \u00e0 mentorer des \u00e9tudiant.e.s qui d\u00e9butent dans le domaine de la s\u00e9curit\u00e9 informatique.\r\n\r\nIl s'int\u00e9resse aux principes des syst\u00e8mes d'exploitation et aime \u00e9crire des scripts shell pour automatiser toute sorte de t\u00e2ches (qui n'ont pas n\u00e9cessairement besoin d'\u00eatre automatis\u00e9es).", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 142, "guid": "c53fbc40-e6f0-5a20-a07e-5d586d8c1a4a", "logo": "", "date": "2022-10-29T19:00:00-04:00", "start": "19:00", "duration": "02:00", "room": "Track 1", "slug": "TZHJHF", "url": "https://cfp.hackfest.ca/hf2022/talk/TZHJHF/", "title": "Podcast La French Connection - \u00c9pisode 0x0214 - LIVE", "subtitle": "", "track": "Offensive", "type": "2h workshop", "language": "fr", "abstract": "Joignez-vous \u00e0 nous pour cette tradition annuel du Podcast en direct lors de la 1ere soir\u00e9e du Hackfest!\r\nOpinions, actualit\u00e9s, poutine et assur\u00e9ment quelques d\u00e9rapages seront au rendez-vous pour discuter de tout ce qui entour la s\u00e9curit\u00e9 de l'information!", "description": "La French Connetion (https://securite.fm)\r\n\r\nRejoignez-nous ici en direct le samedi 29 octobre \u00e0 19h00 EST\r\nYouTube URL: \u00e0 venir/\u00e0 venir/\u00e0 venir/\u00e0 venir/\u00e0 venir/\u00e0 venir/\u00e0 venir/\u00e0 venir/\u00e0 venir/\u00e0 venir/\u00e0 venir/\u00e0 venir/\u00e0 venir/\u00e0 venir/\u00e0 venir/\u00e0 venir/\r\n\r\nSujets couverts:\r\n- Retour sur Journ\u00e9e 1 du Hakfest 2022\r\n- Retour sur l'ann\u00e9e 2022\r\n- Give me ransomware, loads of ransomware\r\n- Cybers\u00e9curit\u00e9 du gouvernement du Qu\u00e9bec\r\n- Nouvelles infosec\r\n- Recrutement en s\u00e9curit\u00e9 informatique\r\n- La Friends Connection\r\n- Questions du public\r\n- Et plus encore!", "recording_license": "", "do_not_record": false, "persons": [{"id": 178, "code": "XVHXLZ", "public_name": "L'\u00e9quipe de La French Connection", "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}], "Track 2": [{"id": 138, "guid": "2b626906-cebe-5cd2-ac27-49288db155a4", "logo": "", "date": "2022-10-29T09:00:00-04:00", "start": "09:00", "duration": "00:20", "room": "Track 2", "slug": "GCKBJA", "url": "https://cfp.hackfest.ca/hf2022/talk/GCKBJA/", "title": "Defrauding merchants like it\u2019s Y2K", "subtitle": "", "track": "Offensive", "type": "Speed Talk", "language": "en", "abstract": "In 2022, most of us have bought goods and services online or using mobile apps, for convenience, for safety (e.g., pandemic) or as a matter of personal preference. As mobile payments and integrations with third-party payment processors become more and more prevalent, common AppSec mistakes from the past reappear under new forms. Merchants who overlook security best practices and fail to secure their systems can be victims of fraud.\r\n\r\nIn this talk, we will cover some examples of payment APIs and mobile in-app purchases (e.g., with Apple Pay or Google Play Store) that fail to perform sufficient validation in ways that may have devastating financial and reputational impact to merchants. We aim to bring awareness to these often-overlooked issues and provide recommendations to avoid these vulnerabilities with real-world examples.", "description": "Classic attacks such as parameter and price manipulation have been widely known since the 2000\u2019s, if not before. What we have found from our client engagements and research is that sometimes, given the complexity involved with tokenized third-party payment processing or integrating mobile payment services (e.g., Apple Pay, Google Play Store), applications often overlook basic security best practice and become too trusting \u2013 allowing users to use fraudulent payment cards or to commit purchase fraud.\r\n\r\nThe following is a tentative agenda:\r\n\u2022\tA look back at history (2 minutes)\r\n\u2022\tUsing third-parties for payment (5 minutes)\r\n\u2022\tWhat can go wrong? (5 minutes)\r\n\u2022\tExamples (5 minutes)\r\n\u2022\tRemediation guidance (3 minutes)", "recording_license": "", "do_not_record": false, "persons": [{"id": 231, "code": "D3R8CY", "public_name": "Yuk Fai Chan", "biography": "Yuk Fai Chan\r\n\r\nPrincipal & Co-Founder, Proack Security Inc.\r\n\r\nYuk Fai is a Principal and Co-Founder of Proack Security Inc. He has over 12 years of proven experience advising clients on application security, vulnerability management, threat modelling, penetration testing, incident response, breach preparedness, and cyber security programs. He has also been the Co-Leader of the Open Web Application Security Project (OWASP) Toronto Chapter since 2011.\r\n\r\nCertifications:\r\n\u2022\tOffensive Security Certified Professional (OSCP)\r\n\u2022\tGIAC Certified Forensic Examiner (GCFE)", "answers": []}, {"id": 225, "code": "VUJ9KZ", "public_name": "Craig Barretto", "biography": "Principal & Co-Founder, Proack Security Inc.\r\n\r\nCraig is a Principal and Co-Founder of Proack Security Inc. He is an experienced security consultant & researcher who specializes in infrastructure and application penetration testing and threat and vulnerability management. He has extensive experience with mobile testing, specifically API and Android testing. In his spare time, he enjoys finding vulnerabilities in everyday household apps. \r\n\r\nCertifications:\r\n- Offensive Security Certified Professional (OSCP)\r\n- Certified Information Systems Security Professional (CISSP)\r\n- GIAC Web Application Penetration Tester (GWAPT)\r\n- Certified Ethical Hacker (CEH)", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 141, "guid": "8018eced-717d-5dd7-83bf-8b928ecce5b7", "logo": "", "date": "2022-10-29T09:30:00-04:00", "start": "09:30", "duration": "00:20", "room": "Track 2", "slug": "XWBVC9", "url": "https://cfp.hackfest.ca/hf2022/talk/XWBVC9/", "title": "Mon cheminement vers la s\u00e9curit\u00e9 (mon p\u00e8re m'a forc\u00e9)", "subtitle": "", "track": "Research", "type": "Speed Talk", "language": "fr", "abstract": "Dans cette pr\u00e9sentation, je vais vous parler de ce qui m'a amen\u00e9 \u00e0 m'int\u00e9resser \u00e0 la programmation et \u00e0 la s\u00e9curit\u00e9. Je vais commencer par mes premi\u00e8res exp\u00e9riences avec Scratch. Puis continuer jusqu'\u00e0 ma premi\u00e8re participation \u00e0 un CTF lors du iHack 2022.", "description": "* Pr\u00e9sentation de moi-m\u00eame et de mon p\u00e8re - 2 minutes\r\n* Programmation avec Scratch - 3 minutes\r\n* Snap Circuit - Au d\u00e9but avec mon fr\u00e8re et mon p\u00e8re, puis seul. J'ai aussi fait une pr\u00e9sentation \u00e0 l'\u00e9cole - 3 minutes\r\n* Advent of cyber - Try Hack Me - J'ai particip\u00e9 \u00e0 deux reprises. C'est amusant, mais tout en anglais - 3 minutes\r\n* iHack 2022 - 3 minutes\r\n * Int\u00e9r\u00eat pour les talks et le CTF beginner\r\n* UnitedCTF - Particip\u00e9 avec mon p\u00e8re. Des d\u00e9fis en fran\u00e7ais\r\n* \u00c9tat d'esprit des hackers (hacker mindset) - 3 minutes\r\n* Questions - 1 minute", "recording_license": "", "do_not_record": false, "persons": [{"id": 235, "code": "7GJFAC", "public_name": "William H-P", "biography": "Je m'appelle William et j'ai 10 ans. Je suis en 5e ann\u00e9e. Je suis en apprentissage de la s\u00e9curit\u00e9 et de la programmation.", "answers": []}, {"id": 236, "code": "HBRTTS", "public_name": "Eric Hogue", "biography": "D\u00e9veloppeur passionn\u00e9 par la s\u00e9curit\u00e9. J'\u00e9cris du code plein de trous de s\u00e9curit\u00e9, puis j'essaie d'hacker celui des autres.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 127, "guid": "81b0346b-7d00-5a43-a62a-dcbea4795d51", "logo": "", "date": "2022-10-29T10:00:00-04:00", "start": "10:00", "duration": "00:50", "room": "Track 2", "slug": "HUANTJ", "url": "https://cfp.hackfest.ca/hf2022/talk/HUANTJ/", "title": "Certification 101", "subtitle": "", "track": "Defensive", "type": "Regular talk", "language": "fr", "abstract": "Dans une carri\u00e8re en TI, les certification professionnelle sont autant aim\u00e9es que d\u00e9test\u00e9es. Je d\u00e9mystifie le domaine bas\u00e9 sur mon exp\u00e9rience. Apr\u00e8s des dizaines de certifications, mon exp\u00e9rience du domaine est excellente.", "description": "Dans une carri\u00e8re en TI, les certifications professionnelles sont autant aim\u00e9es que d\u00e9test\u00e9es. \r\n \r\nJe d\u00e9mystifie le domaine bas\u00e9 sur mon exp\u00e9rience. Apr\u00e8s des dizaines de certifications, mon exp\u00e9rience du domaine est excellente.\r\n J'explique ce qu'est une certification, pourquoi en faire, pourquoi elles sont d\u00e9test\u00e9es/aim\u00e9es, laquelle choisir. Je parle de comment le processus se passe, etc.", "recording_license": "", "do_not_record": false, "persons": [{"id": 136, "code": "BME9ZP", "public_name": "Steve Lavoie", "biography": "Passionn\u00e9 d\u2019informatique sous toutes ses formes et autodidacte depuis la d\u00e9couverte de son Commodore 64, il y a d\u00e9j\u00e0 bien longtemps. Depuis les 20 derni\u00e8res ann\u00e9es, il travaille chez Microm\u00e9dica, qui est une firme de service informatique et de d\u00e9veloppement logiciels (Servicentre) \u00e0 Trois-Rivieres. Il y occupe diff\u00e9rents postes et il est toujours pr\u00eat \u00e0 relever un d\u00e9fi technologique. Son exp\u00e9rience large en infrastructure, r\u00e9seautique, programmation et s\u00e9curit\u00e9, l\u2019am\u00e8ne \u00e0 avoir plusieurs certifcation (VCP, VMCE, SSCP, GPEN, CISSP, CISM), actuellement il \u0153uvre \u00e0 titre de directeur des solutions TI, un r\u00f4le qui est compos\u00e9 d\u2019architecture de solutions, d\u2019implantations des solutions et de gestion de projet. Depuis quelques ann\u00e9es, il se pr\u00e9occupe particuli\u00e8rement de s\u00e9curit\u00e9 en PME, o\u00f9 que bien qu\u2019aussi cibl\u00e9 que les grandes entreprises, elles n\u2019ont pas les moyens de ceux-ci pour y arriver. \r\n\r\nIl a d\u00e9j\u00e0 \u00e9t\u00e9 conf\u00e9rencier pour l\u2019\u00e9v\u00e9nement SeQCure (SeQCure.org), au HackFest(Hackfest.ca) ainsi qu\u2019invit\u00e9 au podcast PolySecure (Polysecure.ca)", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 128, "guid": "4d90ed00-72db-5ce0-967a-904403b7805e", "logo": "", "date": "2022-10-29T11:00:00-04:00", "start": "11:00", "duration": "00:50", "room": "Track 2", "slug": "GXYK9F", "url": "https://cfp.hackfest.ca/hf2022/talk/GXYK9F/", "title": "You can CTF but can you Pentest", "subtitle": "", "track": "Offensive", "type": "Regular talk", "language": "en", "abstract": "Are you new or looking to get into the security field, specifically penetration testing? You have been told that doing CTFs are a good way to gain some skills.\r\n\r\nDoing a lot of CTFs and Boot to Root challenges give some required analytical and technical skills needed but it does skew a person's perspective about what is needed when they go into a penetration test for a client. So let us go over\r\nsome of the things that are different and might be jarring to a new penetration tester.", "description": "We will go over some of the good skills that doing CTFs can grow and help people who have only done CTFs prepare for some of the frustrations they may encounter if they decide to do penetration testing for clients. These points are meant to help reduce frustration, reduce feeling discouraged and improve success with\r\nreal world tests.\r\n\r\n\r\nSlide Layout\r\n- Types of CTF style challenges and explanation of skills they teach\r\n - Windows AD\r\n - Web Application\r\n - Boot to root\r\n\r\n- Some skills CTF styles challenges don't teach\r\n - Chaining thing together ( some CTFs dont have zero to full exploit\r\n path/ windows environment)\r\n - Coming out of the rabbit hole\r\n\r\n- Some downfalls of just doing CTF style challenges\r\n - People skills still need work\r\n - Rabbit hole mentality\r\n\r\n- Some realities of doing real engagements\r\n - Scope is a thing\r\n - Client expectations\r\n - Good documentation\r\n - Sometimes not everything is exploitable\r\n - Cleaning up after yourself\r\n\r\nWhat audience skill level are you targeting your talk for?\r\n----------------------------------------------------------\r\nThis talk is geared towards students, people looking to get into the security industry as well as people who are new to the industry and looking to expand their skills.\r\n\r\n\r\nWhat will the audience take away from your presentation and/or do you have a call to action for the audience?\r\n------------------------------------------------------------------------------\r\nThe audience will gain an understanding that CTF\u2019s are good for building certain technical skills but there are some drawbacks when trying to apply the same methodology in a professional environment.\r\n\r\nSome of the differences people may come across if they have only done CTFs and how to help them be aware of the differences so that it isn\u2019t too shocking.\r\n\r\nSome improvements that I would expect people to take away are helping them think about the other side of security engagements that they do not get exposed to during CTF style challenges so that when they come across them they aren't discouraged or put down by it.", "recording_license": "", "do_not_record": false, "persons": [{"id": 223, "code": "LKT3CJ", "public_name": "Stephen Hall", "biography": "Stephen has been in the industry for over 10 years being a consultant, ISO, breaker of things, builder for programs, finder of bugs, and builder of CTF challenges. He can often be found looking into the sky complaining about the clouds and why they make the decisions they do. He is often found wearing a Santa hat throughout the year.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 122, "guid": "d408bfff-303e-5e34-82f9-2078edd69cff", "logo": "", "date": "2022-10-29T13:30:00-04:00", "start": "13:30", "duration": "00:50", "room": "Track 2", "slug": "3QBWAB", "url": "https://cfp.hackfest.ca/hf2022/talk/3QBWAB/", "title": "8 strat\u00e9gies efficaces pour rater sa gestion de CyberCrise", "subtitle": "", "track": "Research", "type": "Regular talk", "language": "fr", "abstract": "8 strat\u00e9gies qui \u00e0 coup s\u00fbr vous feront rater votre gestion de crise \u00ab Cyber \u00bb! Marquer les esprits par l\u2019absurde, c\u2019est l\u2019objectif de cette conf\u00e9rence participative. De cette fa\u00e7on, vous serez pourquoi, 60% des entreprises ferment apr\u00e8s une cyberattaque. Vous ne pourrez plus dire que vous ne saviez pas !", "description": "Une conf\u00e9rence d\u00e9cal\u00e9e, surprenante et jamais vu in the world.\ud83e\udd14\r\n\r\nSur un ton d\u00e9cal\u00e9 et dr\u00f4le, Alexandre Fournier vous propose 8 fa\u00e7ons de saboter votre gestion de CyberCrise.\r\n\r\nOui vous avez bien lu... VOUS ALLEZ APPRENDRE COMMENT RATER VOTRE GESTION DE CYBERCRISE! \ud83d\ude31\r\n\r\n60 % des entreprises font faillite apr\u00e8s une cyberattaque... MAIS POURQUOI ?\r\n\r\n3 semaines d'arr\u00eat apr\u00e8s une cyberattaque... MAIS POURQUOI ?\r\n\r\n27% de chiffres d'affaires qui font Pchitttt envol\u00e9... MAIS POURQUOI ?\r\n\r\nVous allez vite le comprendre avec ces 8 strat\u00e9gies d'une efficacit\u00e9 redoutable pourquoi vous risquez de rater votre\r\nprochaine gestion de CyberCrise!\r\n\r\nAttention \u00e2me sensible ne venez pas voir cette conf\u00e9rence !", "recording_license": "", "do_not_record": false, "persons": [{"id": 217, "code": "UHNJCS", "public_name": "Fournier Alexandre", "biography": "Monsieur Fournier est un conseiller, formateur, conf\u00e9rencier sp\u00e9cialis\u00e9 en continuit\u00e9 des affaires, gestion de crise et simulation de crise ainsi qu\u2019en reprise informatique. Son expertise sp\u00e9cifique dans la gestion de crise, la reprise informatique et continuit\u00e9 des affaires lui permet de r\u00e9aliser de nombreux mandats pour le compte d\u2019entreprises priv\u00e9es et d\u2019organisations publiques et gouvernementales.\r\nTout au long de sa carri\u00e8re, il a mis en place plusieurs plans de continuit\u00e9 des affaires, de gestion de crise et de reprise informatique. Il a aussi r\u00e9alis\u00e9 plusieurs dizaines de simulations de crise principalement dans le domaine cyber. Il donne \u00e9galement des formations et des conf\u00e9rences \u00e0 l\u2019international.\r\nEn 2021, il a cr\u00e9\u00e9 en collaboration avec son \u00e9quipe, une s\u00e9rie de formations, de Bootcamp, d\u2019ateliers uniques et modernes fond\u00e9s sur les normes en vigueur. Les formations, les Bootcamp et les ateliers sont reconnus \u00e0 l\u2019international du fait de leurs tr\u00e8s grandes qualit\u00e9s et des gabarits imm\u00e9diatement utilisables mis \u00e0 disposition. Les formations et les Bootcamp ont d\u2019ailleurs recueilli plus de 95% de taux de satisfaction sur la derni\u00e8re ann\u00e9e.\r\nAvec plus de 30 ann\u00e9es d\u2019exp\u00e9rience dans les domaines de la continuit\u00e9 des affaires, de la gestion de crise et de la reprise informatique, monsieur Fournier est devenu une r\u00e9f\u00e9rence dans ce domaine tr\u00e8s sp\u00e9cialis\u00e9 qui compte tr\u00e8s peu d\u2019experts ayant une comp\u00e9tence transversale.\r\nMonsieur Fournier est aussi certifi\u00e9 iso22301.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 170, "guid": "51a57a57-06c0-574c-9c77-8b9b80cfa9a5", "logo": "", "date": "2022-10-29T14:30:00-04:00", "start": "14:30", "duration": "00:50", "room": "Track 2", "slug": "BNWR97", "url": "https://cfp.hackfest.ca/hf2022/talk/BNWR97/", "title": "La cybers\u00e9curit\u00e9 dans l'administration publique du Qu\u00e9bec", "subtitle": "", "track": "Defensive", "type": "Regular talk", "language": "fr", "abstract": "TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA", "description": "TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA TBA", "recording_license": "", "do_not_record": false, "persons": [{"id": 265, "code": "8SAAVE", "public_name": "Steve Waterhouse", "biography": "M. Steve Waterhouse a \u00e9t\u00e9 nomm\u00e9 le 1er janvier 2022 au poste de sous-ministre adjoint \u00e0 la s\u00e9curit\u00e9 de l\u2019information gouvernementale et \u00e0 la cybers\u00e9curit\u00e9 au sein du nouveau minist\u00e8re de la Cybers\u00e9curit\u00e9 et du Num\u00e9rique.\r\n \r\nFort d\u2019une carri\u00e8re militaire au cours de laquelle il a contribu\u00e9 \u00e0 la formation de soldats et d\u2019officiers aux armes de combats, jusqu\u2019\u00e0 devenir l\u2019un des premiers cybersoldats au Canada, M. Waterhouse compte de nombreuses ann\u00e9es d\u2019exp\u00e9rience dans la gestion de r\u00e9seaux informatiques; d\u2019abord au Quartier g\u00e9n\u00e9ral du Secteur du Qu\u00e9bec de la force terrestre et ensuite au r\u00e9seau M\u00e9tropolitain de la base de Montr\u00e9al. \r\n \r\nAu fil de son parcours, il est devenu premier Officier de S\u00e9curit\u00e9 des Syst\u00e8mes d\u2019Information de la base de Montr\u00e9al, puis du Coll\u00e8ge militaire royal de Saint-Jean dont il a refait l\u2019architecture informatique. \r\nPassionn\u00e9 et soucieux de donner au suivant, il n\u2019h\u00e9site pas \u00e0 partager son exp\u00e9rience militaire et d\u2019art oratoire aupr\u00e8s du mouvement jeunesse des cadets du Canada.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 165, "guid": "5e333d76-eecc-50a8-ade9-dc85ba11558b", "logo": "", "date": "2022-10-29T15:30:00-04:00", "start": "15:30", "duration": "00:50", "room": "Track 2", "slug": "Y7GHN7", "url": "https://cfp.hackfest.ca/hf2022/talk/Y7GHN7/", "title": "Le droit et la cybers\u00e9curit\u00e9 : qui est responsable quand un objet connect\u00e9 disjoncte ?", "subtitle": "", "track": "Defensive", "type": "Regular talk", "language": "fr", "abstract": "Cette pr\u00e9sentation portera non seulement sur le cadre juridique, mais \u00e9galement sur les impacts techniques pour les d\u00e9veloppeurs, ing\u00e9nieurs et entrepreneurs \u0153uvrant dans un cadre technologique en r\u00e9pondant \u00e0 des questions telles que : (1) Quelles sont les obligations des entreprises \u00e0 l\u2019\u00e9gard de leurs produits en termes de s\u00e9curit\u00e9 ? (2) Qu\u2019est-ce que ces obligations signifient pour les cycles de d\u00e9veloppement ? (3) Quelles sont les consid\u00e9rations en termes de conception, et comment s\u2019assurer qu\u2019elles soient prises en compte ? (4) Comment peut-on v\u00e9rifier la conformit\u00e9 avec des tests fonctionnels et non-fonctionnels quant aux produits ? (5) Qui est responsable lorsqu\u2019un produit ne rencontre pas les normes de s\u00e9curit\u00e9 et de conception technologique ? (6) Quelles sont nos pr\u00e9dictions pour les prochains mois ?", "description": "Au cours des derniers mois, plusieurs nouvelles l\u00e9gislations ont \u00e9t\u00e9 propos\u00e9es ou adopt\u00e9es quant \u00e0 la responsabilit\u00e9 juridique relatif aux produits, tel que les objets connect\u00e9s. Ces normes juridiques s\u2019appliquent tant \u00e0 la robustesse et la r\u00e9silience des produits, que de leurs algorithmes. Elles s\u2019articulent \u00e9galement, dans bien des cas, dans un contexte de droit de la consommation, et sont pr\u00e9curseurs d\u2019un nouveau courant l\u00e9gislatif visant \u00e0 tenir les entreprises responsables de leurs produits, incluant quant \u00e0 la conception de ceux-ci. Cette pr\u00e9sentation comportera plusieurs exemples techniques et dure environ 45 minutes.", "recording_license": "", "do_not_record": false, "persons": [{"id": 253, "code": "PCRMU3", "public_name": "Jean Loup P. G. Le Roux", "biography": "Jean Loup is a highly regarded global expert on cybersecurity. He has worked with Wall Street firms, Fortune 100 companies and Silicon Valley start-ups, as a strategic advisor and consultant. Mr. Le Roux is also an entrepreneur in his own right, having founded multiple companies worldwide. \r\n \r\nHis ability to get to the heart of business risk, coupled with his 15 years of experience in cybersecurity has shaped him into a seasoned authority with unmatched insight into this complex industry. Mr. Le Roux also has ample experience dealing with C-level challenges of large-scale organizations with domestic and international operations.\r\n\r\nHe is frequently invited to contribute to news outlets and speak at events. Having started out with a master\u2019s degree in computer science and a background in engineering, Mr. Le Roux found his first start-up in the aerospace field, for which he won the Thales Innovation Award for achievements in Critical Infrastructure Protection. Before that, he was involved in the Diplomacy and Defense sector, lending his skills to strengthen national security. \r\n\r\nOver the years, Mr. Le Roux has earned multiple credentials from the Department of Homeland Security, and industry certifications such as CISSP, CCSP, and ISO 27001 Lead Auditor. He has also had various teaching stints at the University of Washington (WA), St-Thomas University (FL), and the Polytechnique University of Montreal (QC). \r\n\r\nAt Henri & Wolf, Mr. Le Roux is now focusing on cloud security, emerging technologies, and privacy protection. He is also helping companies get certified against international standards through accredited schemes such as ISO.", "answers": []}, {"id": 254, "code": "9TDREZ", "public_name": "Vanessa Henri", "biography": "Vanessa est avocate en s\u00e9curit\u00e9 de l\u2019information et gouvernance des donn\u00e9es. Reconnue par Best Lawyers dans la cat\u00e9gorie \u00ab Ones to Watch \u00bb en 2021, elle est \u00e9galement active dans l\u2019industrie de la cybers\u00e9curit\u00e9. En 2020, elle a \u00e9t\u00e9 nomm\u00e9e parmi les femmes les plus influentes en cybers\u00e9curit\u00e9 par IT World Canada. En 2022, elle s\u2019est vu d\u00e9cerner le prix de \u00ab Women in Leadership \u00bb lors de la conf\u00e9rence \u00ab Canadian Women in Cybersecurity \u00bb. Avant de cofonder H&W, Vanessa a travaill\u00e9 dans comme Directrice de la conformit\u00e9 et D\u00e9l\u00e9gu\u00e9e \u00e0 la protection des donn\u00e9es personnelles dans une multinationale en cybers\u00e9curit\u00e9. Elle a pratiqu\u00e9 au priv\u00e9 dans une firme reconnue en technologies \u00e9mergentes.\r\nElle est certifi\u00e9e \u00ab Certified Data Protection Officer \u00bb et \u00ab Senior Lead Implementor ISO/IEC 27701 \u00bb. Elle poss\u00e8de une maitrise en droit de l\u2019Universit\u00e9 McGill et enseigne \u00e0 l\u2019universit\u00e9 St-Thomas en Floride. Elle participe \u00e0 plusieurs conseils d\u2019administration dans le cadre de mandats pro bono. Vanessa est fr\u00e9quemment cit\u00e9e dans les m\u00e9dias et contribue \u00e0 certains comme auteure.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 132, "guid": "33c85c0d-69f5-5d97-bfb8-c1be00dd33bc", "logo": "", "date": "2022-10-29T16:30:00-04:00", "start": "16:30", "duration": "00:50", "room": "Track 2", "slug": "S3VRYQ", "url": "https://cfp.hackfest.ca/hf2022/talk/S3VRYQ/", "title": "AWS sous attaque !", "subtitle": "", "track": "Defensive", "type": "Regular talk", "language": "fr", "abstract": "Jeff Borr est un conseiller en s\u00e9curit\u00e9 Cloud, fra\u00eechement embauch\u00e9 chez Bloggist, une entreprise de publication de contenu dont la plate-forme est h\u00e9berg\u00e9e sur AWS. \r\nAlors que Jeff est encore en train de remplir ses formulaires RH, son futur directeur rentre dans la pi\u00e8ce paniqu\u00e9 en lui indiquant que leur site s'est fait hack\u00e9 et qu'ils ont besoin de lui en urgence.\r\nSuivez Jeff lors de cette investigation fictive qui l'am\u00e8neront \u00e0 d\u00e9couvrir les failles de s\u00e9curit\u00e9 de leur compte AWS ainsi que les premi\u00e8res actions qu'il va devoir prendre en urgence afin de stopper l'attaquant.", "description": "Durant cette pr\u00e9sentation, le conf\u00e9rencier vous fera cheminer tout au long d'une investigation d'un incident r\u00e9aliste et repr\u00e9sentatif des attaques observ\u00e9es actuellement sur ce type d'environnement (AWS).\r\nAu travers de cette investigation fictive, une revue des contr\u00f4les de s\u00e9curit\u00e9 natifs et de leur importance sera effectu\u00e9e. Des outils additionnels Open-Source, utiles dans le cadre d'une investigation, seront \u00e9galement pr\u00e9sent\u00e9s \u00e0 cette occasion. \r\nLes th\u00e8mes suivants seront abord\u00e9s : s\u00e9curit\u00e9 r\u00e9seau, journalisation, r\u00e9action automatis\u00e9e, d\u00e9tection d'intrusion, abus de privil\u00e8ges.\r\n\u00c0 l'issue de cette pr\u00e9sentation, les spectateurs auront b\u00e9n\u00e9fici\u00e9 d'une d\u00e9monstration de l'importance de plusieurs contr\u00f4les et de la diff\u00e9rence entre un environnement AWS renforc\u00e9 et un environnement \"vanille\".", "recording_license": "", "do_not_record": false, "persons": [{"id": 19, "code": "CAPJ9J", "public_name": "C\u00e9dric Thibault", "biography": "Associ\u00e9 chez KPMG et vice-pr\u00e9sident principal de KPMG-Egyde, C\u00e9dric Thibault est titulaire d\u2019un Msc. en s\u00e9curit\u00e9 informatique, et poss\u00e8de plusieurs certifications (CISSP, CCSK, AWS 6x, Terraform, GCSA) relatives \u00e0 la cybers\u00e9curit\u00e9 et au Cloud. \r\nPassionn\u00e9 par les enjeux de s\u00e9curisation des environnements infonuagiques, C\u00e9dric est plus particuli\u00e8rement sp\u00e9cialis\u00e9 sur AWS et sur la mise en oeuvre de strat\u00e9gies DevSecOps. \r\n\r\nSa phrase pr\u00e9f\u00e9r\u00e9e est : Never stop to learn !", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 150, "guid": "98d8c430-f303-5f51-a3a1-1453453857eb", "logo": "", "date": "2022-10-29T17:30:00-04:00", "start": "17:30", "duration": "00:20", "room": "Track 2", "slug": "ABP3CQ", "url": "https://cfp.hackfest.ca/hf2022/talk/ABP3CQ/", "title": "Les interventions polici\u00e8res sur les facilitateurs du crime", "subtitle": "", "track": "Threat Intelligence / OSINT", "type": "Speed Talk", "language": "fr", "abstract": "Les efforts coordonn\u00e9s pour fermer les march\u00e9s illicites en ligne et arr\u00eater leurs participants se sont jusqu\u2019\u00e0 maintenant av\u00e9r\u00e9s inefficaces. Les op\u00e9rations polici\u00e8res ont perturb\u00e9 les milieux criminels en ligne, mais seulement pendant une courte p\u00e9riode. L\u2019objectif de cette \u00e9tude est de d\u00e9crire et de comprendre les impacts d\u2019une r\u00e9cente intervention polici\u00e8re qui adopte une approche diff\u00e9rente, soit de viser l\u2019un des principaux facilitateurs des activit\u00e9s illicites sur le darkweb. L\u2019analyse de 2841 messages publi\u00e9s sur des forums de discussion a permis d\u2019\u00e9tudier les perceptions des participants relatives aux m\u00e9canismes de pr\u00e9vention situationnelle \u00e0 l\u2019oeuvre dans la fermeture de ce facilitateur, DeepDotWeb, et de comprendre comment ils s\u2019y sont adapt\u00e9s. Les r\u00e9sultats indiquent que les interventions ayant le potentiel d\u2019augmenter les efforts et les risques associ\u00e9s \u00e0 la navigation sur le darknet, et qui peuvent en m\u00eame temps diminuer les b\u00e9n\u00e9fices du crime, sont possiblement plus efficaces que n\u2019importe quelle fermeture de march\u00e9 unique pour perturber les activit\u00e9s illicites \u00e0 long terme. La pr\u00e9sentation se termine par une discussion sur les d\u00e9veloppements potentiels pour les op\u00e9rateurs de service qui sont dans une zone grise de l\u00e9galit\u00e9.", "description": "Les march\u00e9s illicites sur le darkweb et les tentatives de contr\u00f4le par les forces de l\u2019ordre: les march\u00e9s illicites sur le darkweb ont \u00e9t\u00e9 la cible de nombreuses op\u00e9rations polici\u00e8res coordonn\u00e9es \u00e0 l\u2019international. La majeure partie des interventions polici\u00e8res s\u2019est concentr\u00e9e sur la fermeture des march\u00e9s et l\u2019arrestation de leurs administrateurs. Ces op\u00e9rations de longue haleine, d\u2019une part, peinent \u00e0 ralentir la croissance du nombre d\u2019utilisateurs, du volume des transactions et des revenus g\u00e9n\u00e9r\u00e9s. D\u2019autre part, la pression exerc\u00e9e par les forces de l\u2019ordre aurait incit\u00e9 les participants \u00e0 renforcer la s\u00e9curit\u00e9 de leurs activit\u00e9s illicites en ligne.\r\n\r\nLes infrastructures qui facilitent les activit\u00e9s des march\u00e9s illicites en ligne: l\u2019\u00e9conomie souterraine criminelle en ligne repose en partie sur des sites web ind\u00e9pendants qui facilitent leurs op\u00e9rations. La plateforme DeepDotWeb, cr\u00e9\u00e9e en 2013 par un groupe d\u2019experts en relations publiques, est un exemple particuli\u00e8rement \u00e9loquent de facilitateur de transactions illicites ayant lieu sur le darkweb.\r\n\r\nLa pr\u00e9vention situationnelle sur Internet: la fermeture de DeepDotWeb par les forces de l\u2019ordre s\u2019apparente \u00e0 de la pr\u00e9vention situationnelle. Cette th\u00e9orie, que certains auteurs ont d\u00e9j\u00e0 appliqu\u00e9e au domaine cyber propose de comprendre la pr\u00e9vention de la criminalit\u00e9 \u00e0 travers la r\u00e9duction des opportunit\u00e9s criminelles. Cette approche part du principe que les d\u00e9linquants sont des acteurs rationnels et que leurs choix et leurs d\u00e9cisions sont influenc\u00e9s par les caract\u00e9ristiques pr\u00e9sentes dans leur environnement imm\u00e9diat.\r\n\r\nM\u00e9thodologie: nous avons d\u2019abord identifi\u00e9 des forums de discussion de langue anglaise o\u00f9 les participants des march\u00e9s illicites sur le darkweb sont actifs en utilisant des moteurs de recherche et des r\u00e9pertoires de sites web ; 14 forums ont \u00e9t\u00e9 rep\u00e9r\u00e9s, dont une majorit\u00e9 (8) se trouve sur le darknet. Dans les 14 forums, le mot cl\u00e9 \u00ab DeepDotWeb \u00bb ainsi que son abr\u00e9viation \u00ab DDW \u00bb ont \u00e9t\u00e9 recherch\u00e9s de m\u00eame que des mots cl\u00e9s ayant une port\u00e9e plus large, tels que \u00ab takedown \u00bb, \u00ab shutdown \u00bb, \u00ab bust \u00bb, \u00ab seize \u00bb, \u00ab darknet \u00bb, \u00ab DNM shutdown \u00bb, \u00ab feds \u00bb et \u00ab police \u00bb. L\u2019analyse th\u00e9matique a \u00e9t\u00e9 choisie pour analyser les messages en raison de sa capacit\u00e9 \u00e0 identifier les th\u00e8mes r\u00e9currents dans les donn\u00e9es.\r\n\r\nPr\u00e9sentation des r\u00e9sultats autour de deux th\u00e8mes qui ont chacun 3 sous-th\u00e8mes: 1) m\u00e9canismes de pr\u00e9vention situationelle et; 2) r\u00e9ponse des participants aux m\u00e9canismes de pr\u00e9vention situationelle.\r\n\r\nDiscussion: nos r\u00e9sultats montrent, dans un premier temps, que la fermeture de DeepDotWeb a men\u00e9 \u00e0 une augmentation des efforts n\u00e9cessaires pour pratiquer des activit\u00e9s illicites sur le darknet en limitant les acc\u00e8s et en restreignant la disponibilit\u00e9 des ressources et de l\u2019information pour y naviguer. Cet \u00e9v\u00e8nement a \u00e9galement engendr\u00e9 une augmentation des risques externes, mais principalement internes \u00e0 l\u2019\u00e9cosyst\u00e8me, et, indirectement, une r\u00e9duction des b\u00e9n\u00e9fices potentiels pour les vendeurs et les administrateurs des march\u00e9s. Dans un deuxi\u00e8me temps, nos r\u00e9sultats mettent en lumi\u00e8re diff\u00e9rentes r\u00e9ponses des utilisateurs du darknet \u00e0 cette perturbation. L\u2019augmentation des risques semble occuper une place importante dans le sch\u00e9ma de pr\u00e9vention situationnelle appliqu\u00e9 au darknet, car cet aspect est directement ou indirectement li\u00e9 \u00e0 presque tous les autres. Les propos des participants ont permis de constater que le processus principal par lequel la fermeture de DeepDotWeb, comme strat\u00e9gie de pr\u00e9vention situationnelle, a perturb\u00e9 le darknet est une augmentation des efforts par le contr\u00f4le des acc\u00e8s et des ressources, ce qui a caus\u00e9 une augmentation des risques internes. Pour cette raison, l\u2019utilisation de strat\u00e9gies de pr\u00e9vention situationnelle qui augmenteraient les efforts et les risques pour les d\u00e9linquants tout en r\u00e9duisant leurs b\u00e9n\u00e9fices potentiels semble \u00eatre une avenue int\u00e9ressante pour les forces de l\u2019ordre impliqu\u00e9es dans la r\u00e9gulation du darknet.", "recording_license": "", "do_not_record": false, "persons": [{"id": 243, "code": "8VFBWH", "public_name": "David D\u00e9cary-H\u00e9tu", "biography": "Professeur David D\u00e9cary-H\u00e9tu est titulaire d'un doctorat en criminologie de l'Universit\u00e9 de Montr\u00e9al (2013). Il a d'abord travaill\u00e9 comme maitre assistant de recherche \u00e0 l'\u00c9cole des sciences criminelles de l'Universit\u00e9 de Lausanne avant d'occuper son poste actuel de professeur agr\u00e9g\u00e9 \u00e0 l'\u00c9cole de criminologie de l'Universit\u00e9 de Montr\u00e9al. Les principaux int\u00e9r\u00eats de recherche de Prof. D\u00e9cary-H\u00e9tu portent sur les impacts de la technologie sur la criminalit\u00e9. Gr\u00e2ce \u00e0 son approche novatrice bas\u00e9e sur les grands et les petits ensembles de donn\u00e9es, ainsi que sur l'analyse de r\u00e9seaux sociaux, le Prof. D\u00e9cary-H\u00e9tu \u00e9tudie comment les d\u00e9linquants adoptent et utilisent les technologies et comment ces choix fa\u00e7onnent la r\u00e9gulation de la d\u00e9linquance ainsi que l\u2019\u00e9tude des d\u00e9linquants par des chercheurs. Le Prof. D\u00e9cary-H\u00e9tu dirige le Darknet and Anonymity Research Center (DARC) qui a \u00e9t\u00e9 financ\u00e9 par le John R. Evans Leaders Funds de la Fondation canadienne pour l'innovation. Son \u00e9quipe collecte et \u00e9tudie les donn\u00e9es de tous les types de d\u00e9linquants qui utilisent des technologies d'anonymat telles que le darkweb, les cryptomonnaies et le cryptage. Le Prof. D\u00e9cary-H\u00e9tu a re\u00e7u du financement d\u2019organismes subventionnaires publics et priv\u00e9s op\u00e9rant aux niveaux local, provincial, f\u00e9d\u00e9ral et international. Il a publi\u00e9 dans des revues acad\u00e9miques de premier plan et est r\u00e9guli\u00e8rement invit\u00e9 dans les m\u00e9dias pour commenter les \u00e9v\u00e9nements r\u00e9cents. Le Prof. D\u00e9cary-H\u00e9tu est impliqu\u00e9 dans de nombreux partenariats et initiatives dont Open Criminology, la revue Criminologie, la Division of Cybercrime de l'American Society of Criminology et le Human-Centric Cybersecurity Partnership.", "answers": []}], "links": [], "attachments": [], "answers": []}]}}, {"index": 2, "date": "2022-10-30", "day_start": "2022-10-30T04:00:00-04:00", "day_end": "2022-10-31T03:59:00-04:00", "rooms": {"Track 1": [{"id": 129, "guid": "13bd37ea-1a71-5ecd-9da6-81f98d4d258c", "logo": "", "date": "2022-10-30T09:00:00-04:00", "start": "09:00", "duration": "00:50", "room": "Track 1", "slug": "BYPFV9", "url": "https://cfp.hackfest.ca/hf2022/talk/BYPFV9/", "title": "Up Close & Personnel", "subtitle": "", "track": "Offensive", "type": "Regular talk", "language": "en", "abstract": "You work hard to defend against internet based threats but how prepared are you when the attacker is on the literal doorstep? This session will provide a better understanding of the onsite attack surface and some of the more common, practical attack techniques that can result in a difficult to detect network compromise. Attendees will gain a better understanding of the role of Information Security as it pertains to Physical Security and be better equipped to identify gaps in their defenses before they are exploited.", "description": "Title/Bio Slides - Indicating the presentation an providing brief professional background \r\n\r\nTalk Topic Slide - Discussing the issue presented, listing areas that will be covered, setting framework for the audience.\r\n\r\nPerimeters - Discuss the onsite perimeter types and the difference between attacker and defender understanding of perimeters\r\n-Wireless Perimeters \r\n-Physical Perimeters\r\n-Social Engineering Perimeters \r\n\r\nRisk - Discuss the attacker's approach to risk in relation to executing onsite attacks.\r\n\r\nAttacks - Cover the attacks available against the different perimeters\r\n-Wireless Client\r\n-Wireless Infrastructure\r\n-Other wireless devices\r\n-Bypassing Physical Controls\r\n-Defeating Physical Controls\r\n-In-person Social Engineering\r\n\r\nHybrid Attacks - Leveraging multiple tools and techniques to execute a complete attack.\r\n\r\nRemediation - Suggestions, warnings of common pitfalls and a call to action.\r\n\r\nQ&A/Exit Slides \r\n\r\nMajority of the time is spent on the different attacks, followed by understanding the onsite attacker mindset", "recording_license": "", "do_not_record": true, "persons": [{"id": 224, "code": "ERHSTX", "public_name": "Chris Carlis", "biography": "Chris Carlis is an unrepentant penetration tester with an extensive background in network, wireless and physical testing. Across his career, Chris has worked to expand the value offensive testing provided via open communication and goal driven engagements. These experiences lead Chris to co-found Dolos Group with a focus on Red/Purple Teaming, security education and training. Additionally, Chris has presented at a variety of conferences, including Thotcon, Hushcon, Hackfest, FS-ISAC, and various B-Side events. He is a perennial volunteer at the Thotcon conference in his native Chicago and helps to organize multiple Chicagoland \u201cBurbSec\u201d information security monthly gatherings.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 135, "guid": "43f17124-c294-5a66-8fa0-1657b8127b23", "logo": "", "date": "2022-10-30T10:00:00-04:00", "start": "10:00", "duration": "00:50", "room": "Track 1", "slug": "HYJSSL", "url": "https://cfp.hackfest.ca/hf2022/talk/HYJSSL/", "title": "Purple RDP: Red and Blue Tradecraft around Remote Desktop Protocol", "subtitle": "", "track": "Offensive", "type": "Regular talk", "language": "en", "abstract": "Remote Desktop Protocol (RDP) is the de facto standard for remoting in Windows environments. It grew in popularity over the last couple of years due to the pandemic. In addition to system administrators, many remote workers are now relying on it to perform duties on remote systems. RDP is secure when well deployed but, unfortunately, that\u2019s rarely the case and thus clicking through warnings is common. We have spent the last 3 years working on and reimplementing parts of RDP in PyRDP, our open-source RDP library. This presentation is about what we have learned and can be applied to attack and defend against RDP attacks.\r\n\r\nFrom an attacker\u2019s perspective, we will cover conventional RDP attacks such as Monster-in-the-Middle (MITM) of RDP connections, capture of NetNTLMv2 hashes and techniques to bypass conventional defense mechanisms such as Network Level Authentication (NLA). Case in point: Did you know that by default all clients allow server-side NLA downgrades right now? Additionally, we will present scenarios where RDP is used to lure targets by sending specifically crafted \u201c.rdp\u201d files via phishing and performing client-side exploitation. This will enable us to understand and identify the risks with RDP.\r\n\r\nFrom the Blue Team\u2019s perspective, we will provide techniques and tools to detect all attacks showcased previously. Additionally, we will demonstrate the risks of using 3rd party RDP clients. Finally, we will provide playbooks to install hardened RDP configurations for both clients and servers through GPO and to deploy a corporate-wide RDP public key infrastructure (PKI): the most efficient way of getting rid of most of the RDP attacks for good.", "description": "* Intro to RDP (protocol layers, security), 5m\r\n* Attack: MITM RDP, 15m\r\n * Risks/Impact (clipboard and file stealing, session takeover with video demo)\r\n * How to detect it?\r\n * Mitigation: Network Level Authentication (NLA)\r\n * How does NLA work?\r\n * Attacks on NLA: downgrade, client redirection to non-NLA, NLA Bypass\r\n * Details about NLA Bypass, more on mitigation later\r\n* Attack: Net-NTLMv2 Hash Capture, 5m\r\n * Protocol details that make it possible\r\n * How to crack it\r\n * Just how bad it is: hash stolen before certificate prompt, case opened with Microsoft\r\n * Mitigation advice\r\n* Mitigation: Certificates with RDP, 5m\r\n * Using Let\u2019s Encrypt: Defensively and Attackers\r\n * Corporate deployment\r\n* Attack: Credential theft, 5m\r\n * Special case: server is compromised, lateral movement or priv esc through clients\r\n * Extract plaintext passwords from memory\r\n* Mitigation: Restricted Admin, Remote Credential Guard and Smart Card, 3m\r\n * How do they work\r\n * Which applies in which context\r\n* Attack: Rogue RDP, 3m\r\n * Sending .rdp files preconfigured to a rogue RDP service prepared for client-side exploitation\r\n * Stealing credentials, dropping files (DLL sideloading)\r\n * Mitigation: Block .rdp files\r\n* Risk: How badly is attacked an exposed RDP today?, 1m\r\n * Numbers from our honeypots\r\n* Mitigation: Hardened RDP configuration, 3m\r\n * Powershell and/or GPO playbooks for secure client and server configuration\r\n * Instructions for Domain PKI", "recording_license": "", "do_not_record": false, "persons": [{"id": 228, "code": "8U3EV9", "public_name": "Olivier Bilodeau", "biography": "Olivier Bilodeau is leading the Cybersecurity Research team at GoSecure. With more than 12 years of infosec experience, he enjoys luring malware operators into his traps, writing tools for malware research and vulnerability research. Olivier is passionate communicator having spoken at several conferences including BlackHat, Defcon, Botconf, NorthSec, Derbycon, and HackFest. Invested in his community, he co-organizes Montr\u00e9Hack, a monthly workshop focused on hands-on CTF problem solving, and NorthSec, a large non-profit conference and CTF based in Montreal.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 131, "guid": "51bd38f1-d9d7-51af-8822-23a91444fc1e", "logo": "", "date": "2022-10-30T11:00:00-04:00", "start": "11:00", "duration": "00:50", "room": "Track 1", "slug": "U8GQS9", "url": "https://cfp.hackfest.ca/hf2022/talk/U8GQS9/", "title": "AppSec - The missing link", "subtitle": "", "track": "Defensive", "type": "Regular talk", "language": "en", "abstract": "Achieving the **\u201cShift Left\u201d** transformation is the goal of many organizations when it comes to application security. To do so, important amounts of efforts and money are spent to include security activities in the **CI/CD** pipeline. Such activities are often considered as both the starting point and the target of the shift left transformation. In fact, security activities in the **CI/CD** are just a portion of an organization journey to achieve the shift left. Indeed Secure Software Development Practices **(SSDLC)** as well are an important portion of that journey but there are other key aspects which are less often considered.\r\n\r\nIn this talk we will present prerequisites, dependencies and outcomes of security activities integration in CI/CD organizations faces during their **shift left** journey. We will focus on the importance of development and security practices outside of the normal scope of SSDLC. In other words, what should be considered aside pure AppSec practices in the road to success of the **shift left** journey.", "description": "**Introduction: (5 min)**\r\n\r\nSection brief:\r\n\r\nLaying out the context and purpose of the talk.\r\n\r\nSection topics:\r\n\r\n- Speaker presentation\r\n\r\n- Purpose and context of the talk\r\n\r\n- Presentation plan\r\n\r\n**Prequisistes: (20 mins)**\r\n\r\nSection brief:\r\n\r\nExplore the relation between having a mature development practices and the ability to include security activities in it.\r\n\r\nSection topics:\r\n\r\n- Coding Practices \r\n \r\n The relation between having good general coding practices and the deployment of static analysis tools (SAST) in the CI/CD. Examples of coding practices: shared libraries, standard development project structure and code quality standards.\r\n\r\n- Testing Practices\r\n\r\n The relation between having good general testing practices and the deployment of dynamic analysis tools (DAST) in the CI/CD. Examples of testing practices: data backup & restore, configurable features and negative testing.\r\n\r\n- Release Practrices\r\n\r\n The relation between having good general release practices and the deployment of security gates in the CI/CD. Examples of releases pratices: automated releases notes, releases artifacts management and release blocking. \r\n\r\n**Dependencies: (10 mins)**\r\n\r\nSection brief:\r\n\r\nExplore the relation between having mature processes and having the ability to manage the security defects efficiently.\r\n\r\nSection topics:\r\n\r\n- Vulnerability management:\r\n \r\n The relation between having a good vulnerability management processes and the management of security defects. Example of vulnerability management: internal vulnerability database, automated triage rules and vulnerability resolution recipe.\r\n\r\n- Defect grooming and handling:\r\n\r\n The relation between having a good defect grooming process and the management of security defects. Example of defect grooming: defect to task mapping, time to resolution tracking, bug prioritization and efforts planning.\r\n\r\n**Outcomes: (10 mins)**\r\n\r\nSection brief:\r\n\r\nExplore the relation between having having ressources to support security in CI/CD and the success of the **shift left**.\r\n\r\nSection topics:\r\n\r\n- AppSec Op team:\r\n \r\n The relation between providing support of the security activites in the CI/CD and maintenance of the shift left velocity. Example of support: tools integration issues, tools evolution and tools execution support.\r\n\r\n- Funding\r\n\r\n The relation between having a recurrent budget for security activites in the CI/CD and maintenance of the shift left velocity.\r\n\r\n**Conclusion: (5 min)**\r\n\r\nSection brief:\r\n\r\nSummary of the presentation content, statement of the underlying message and opening to continue the shift left journey\r\n\r\nSection topics:\r\n\r\n- Wrap up\r\n\r\n- Opening", "recording_license": "", "do_not_record": false, "persons": [{"id": 226, "code": "JZSENE", "public_name": "Fran\u00e7ois Lajeunesse-Robert", "biography": "TBC", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 130, "guid": "c29ec2bc-5bc1-5b97-87ca-d7d7b7e0df0b", "logo": "", "date": "2022-10-30T13:30:00-04:00", "start": "13:30", "duration": "00:50", "room": "Track 1", "slug": "ZAWBMP", "url": "https://cfp.hackfest.ca/hf2022/talk/ZAWBMP/", "title": "The good, bad, and ugly of responsible disclosure", "subtitle": "", "track": "Defensive", "type": "Regular talk", "language": "en", "abstract": "As a security researcher, it is a herculean task not to wonder and poke at many of the apps we interact with on a daily basis. Platforms in industries such as banking, education, social media, security, document management, IoT, and healthcare are riddled with security vulnerabilities that go undetected for months or even years. While hackers have the luxury of exploiting these vulnerabilities under the guise of anonymity, white hats and cybersecurity researchers are often faced with resistance or are flat-out ignored when trying to responsible disclose vulnerabilities. \r\nIn this talk, I will discuss the pains of responsible disclosure and bug bounty programs and how companies should rethink how they handle disclosed vulnerabilities from researchers. The aim is to bring awareness to often overlooked and misunderstood issues and provide solutions that encourage healthy responsible disclosure interactions.", "description": "For the past 3 years, I have conducted several research projects and participated in HackerOne and Bug Crowd programs to identify and responsible disclosure vulnerabilities in everyday applications. Interactions with cyber defense teams have been both positive and negative, including being threatened with legal action, having bugs immediately closed by managed triage teams who do not understand the attack vector or platforms they are responsible for, and having reported vulnerabilities left exposed for months or even years. \r\n\r\nThe following is a tentative agenda:\r\n- Introduction (5 minutes)\r\n- Responsible Disclosure (15 minutes)\r\n - Why do it?\r\n - How to do it?\r\n - The Criminal Code\r\n - Real life examples (Staples, IOT)\r\n- Bug Bounty Programs (20 minutes)\r\n - The good and bad\r\n - Manage or unmanaged\r\n - Issues with CVSS for criticality\r\n - Real life examples \r\n - Right to disclosure\r\n- Summary of guidance and conclusion (5 minutes)\r\n- Questions (5 minutes)", "recording_license": "", "do_not_record": false, "persons": [{"id": 225, "code": "VUJ9KZ", "public_name": "Craig Barretto", "biography": "Principal & Co-Founder, Proack Security Inc.\r\n\r\nCraig is a Principal and Co-Founder of Proack Security Inc. He is an experienced security consultant & researcher who specializes in infrastructure and application penetration testing and threat and vulnerability management. He has extensive experience with mobile testing, specifically API and Android testing. In his spare time, he enjoys finding vulnerabilities in everyday household apps. \r\n\r\nCertifications:\r\n- Offensive Security Certified Professional (OSCP)\r\n- Certified Information Systems Security Professional (CISSP)\r\n- GIAC Web Application Penetration Tester (GWAPT)\r\n- Certified Ethical Hacker (CEH)", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 118, "guid": "2253c8b6-fbcd-5dfa-af39-6cc1b20e5dd8", "logo": "", "date": "2022-10-30T14:30:00-04:00", "start": "14:30", "duration": "00:50", "room": "Track 1", "slug": "9ELQ3L", "url": "https://cfp.hackfest.ca/hf2022/talk/9ELQ3L/", "title": "Un Hacking Workflow? VsCode, Git, Terraform et Malware Dev", "subtitle": "", "track": "Offensive", "type": "Regular talk", "language": "fr", "abstract": "En tant que testeur \u00e9thique ou op\u00e9rateur red/purple team, on pr\u00e9f\u00e8re normalement effectuer des t\u00e2ches techniques plut\u00f4t que r\u00e9diger des rapports dans Word ou cr\u00e9er des pr\u00e9sentations PowerPoint. Il y a 1 an, notre \u00e9quipe a chang\u00e9 vers une approche DevOps. Cette conf\u00e9rence va me permettre de vous montrer les changements qu'on a r\u00e9alis\u00e9s. !SPOILER ALERT!, on n'utilise plus **Word** et **PowerPoint**, que du **Markdown**. La r\u00e9daction de rapport et la cr\u00e9ation de pr\u00e9sentation sont enti\u00e8rement r\u00e9alis\u00e9es dans VSCode. On utilise des plug-ins pour que le tout soit r\u00e9alisable. Je vais vous faire part des plug-ins qu'on utilise en plus de notre plug-in maison.\r\n\r\nUne approche DevOps ne s'arr\u00eate pas l\u00e0. L'utilisation plus pouss\u00e9e de Gitlab est aussi une grosse partie du changement vers DevOps. Apr\u00e8s s'\u00eatre familiaris\u00e9 avec cet outil, on r\u00e9alise que Git est tr\u00e8s puissant et la courbe d'apprentissage est moins abrupte de ce que l'on peut croire. Git est en mesure d'am\u00e9lior\u00e9 grandement la gestion, la productivit\u00e9, l'avancement de nos t\u00e2ches ainsi que l'automatisation de plusieurs processus. Durant cette conf\u00e9rence, il sera question d'exemples concrets d'avant et d'apr\u00e8s l'utilisation de Git.\r\n\r\nSi je vous disais qu'il y a plus encore, me croiriez-vous? Ajouter Terraform, un Bot et LOKI \u00e0 tout cela pour avoir une recette gagnante.\r\n\r\nLOKI est le produit du *malware dev* d'un membre notre \u00e9quipe. LOKI est plus qu'important pour la r\u00e9alisation d'op\u00e9rations aux seins notre \u00e9quipe et je vous explique pourquoi.\r\n\r\nEn r\u00e9sum\u00e9, cette pr\u00e9sentation va vous permettre d'apprendre sur l'am\u00e9lioration de plusieurs processus qu'a r\u00e9alis\u00e9 une \u00e9quipe de 30 pirates \u00e9thiques et en esp\u00e9rant vous aider pour l'am\u00e9lioration des v\u00f4tres.\r\n\r\nLes sujets abord\u00e9s lors de la pr\u00e9sentation: VSCode, Markdown, Gitlab, Approche D\u00e9veloppeur (DevOps), Bot Keybase, Terraform et LOKI un projet de *malware dev*", "description": "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Phasellus egestas tellus rutrum tellus. Ut enim blandit volutpat maecenas volutpat blandit. Aliquet nec ullamcorper sit amet risus nullam eget. Eleifend mi in nulla posuere sollicitudin aliquam ultrices sagittis orci. Orci sagittis eu volutpat odio facilisis mauris sit amet massa. Sed vulputate odio ut enim. Enim ut sem viverra aliquet eget sit amet. Sit amet commodo nulla facilisi nullam vehicula ipsum a arcu. Risus sed vulputate odio ut enim. Etiam sit amet nisl purus in mollis nunc sed. Eget lorem dolor sed viverra. Lacus luctus accumsan tortor posuere ac ut consequat semper. Velit ut tortor pretium viverra suspendisse potenti. Imperdiet nulla malesuada pellentesque elit eget gravida cum sociis. Lacus laoreet non curabitur gravida arcu ac tortor dignissim convallis.\r\n\r\nFringilla urna porttitor rhoncus dolor. Quis ipsum suspendisse ultrices gravida dictum fusce. Magna eget est lorem ipsum dolor sit amet consectetur. Mollis aliquam ut porttitor leo. Ultrices neque ornare aenean euismod elementum nisi quis eleifend quam. Varius quam quisque id diam vel quam elementum pulvinar. Etiam tempor orci eu lobortis elementum nibh tellus molestie nunc. Sed ullamcorper morbi tincidunt ornare. Nulla porttitor massa id neque aliquam. Nunc aliquet bibendum enim facilisis gravida. Nec nam aliquam sem et. Commodo quis imperdiet massa tincidunt nunc pulvinar sapien et ligula. Eu feugiat pretium nibh ipsum consequat nisl. Non odio euismod lacinia at quis risus sed. Nisi porta lorem mollis aliquam ut porttitor leo a.\r\n\r\nAt auctor urna nunc id. Lacus viverra vitae congue eu. Felis eget velit aliquet sagittis. Lectus vestibulum mattis ullamcorper velit. Elementum pulvinar etiam non quam lacus suspendisse faucibus interdum posuere. Ac tortor dignissim convallis aenean et tortor at risus viverra. Sit amet tellus cras adipiscing. Nisl tincidunt eget nullam non nisi est sit amet facilisis. Quis auctor elit sed vulputate mi sit amet mauris. In pellentesque massa placerat duis ultricies lacus sed turpis tincidunt. Nulla facilisi cras fermentum odio eu. Neque convallis a cras semper auctor. Nunc scelerisque viverra mauris in aliquam sem fringilla ut. Vestibulum sed arcu non odio. Ullamcorper velit sed ullamcorper morbi tincidunt ornare.\r\n\r\nId interdum velit laoreet id donec ultrices tincidunt. Sagittis purus sit amet volutpat consequat. Nulla at volutpat diam ut venenatis tellus. Vitae auctor eu augue ut lectus arcu bibendum at. Eu mi bibendum neque egestas congue quisque egestas. Etiam tempor orci eu lobortis elementum. Est ultricies integer quis auctor elit sed. Nisi scelerisque eu ultrices vitae. Et malesuada fames ac turpis egestas sed tempus. Erat nam at lectus urna duis convallis convallis tellus.\r\n\r\nRisus pretium quam vulputate dignissim suspendisse in est ante in. Nunc sed id semper risus in hendrerit gravida. Velit scelerisque in dictum non consectetur a. Lobortis feugiat vivamus at augue eget arcu. Pellentesque eu tincidunt tortor aliquam nulla facilisi cras fermentum odio. Netus et malesuada fames ac turpis. Est velit egestas dui id ornare arcu odio ut. Dui vivamus arcu felis bibendum. Eleifend donec pretium vulputate sapien nec sagittis. Eu nisl nunc mi ipsum faucibus. Amet commodo nulla facilisi nullam vehicula ipsum. Lorem sed risus ultricies tristique nulla aliquet enim tortor. Rhoncus est pellentesque elit ullamcorper dignissim. Mauris ultrices eros in cursus turpis massa.", "recording_license": "", "do_not_record": false, "persons": [{"id": 212, "code": "RU8BEP", "public_name": "F\u00e9lix Lehoux", "biography": "F\u00e9lix est un op\u00e9rateur Red Team chez Desjardins et il passionn\u00e9 d'informatique, de s\u00e9curit\u00e9 et de d\u00e9fis. C'est avec la DCI (D\u00e9l\u00e9gation des comp\u00e9titions en informatique) qu'il a particip\u00e9 \u00e0 plusieurs CTF tout au long de son parcours acad\u00e9mique \u00e0 l'\u00c9TS. Entre les certifications en s\u00e9curit\u00e9 et le travail, F\u00e9lix a commenc\u00e9 une cha\u00eene YouTube orient\u00e9e sur la s\u00e9curit\u00e9, le Homelab et le r\u00e9seautage. Ce projet le passionne et il a pour but de partager des connaissances avec les gens qui ont une passion, comme lui, pour l'informatique.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 164, "guid": "fe06ac3d-20aa-522d-bb72-317c02e29d77", "logo": "", "date": "2022-10-30T15:30:00-04:00", "start": "15:30", "duration": "00:50", "room": "Track 1", "slug": "QWWTDB", "url": "https://cfp.hackfest.ca/hf2022/talk/QWWTDB/", "title": "Hackfest Closing Ceremony", "subtitle": "", "track": null, "type": "Regular talk", "language": "en", "abstract": "Discussion is in French, but slides will be in English! Prizes and summary of the CTFs (Classic, Beginner and Pro) will be discussed. The team will be presented along with the challenges.\r\nDiscussion is in French, but slides will be in English! Prizes and summary of the CTFs (Classic, Beginner and Pro) will be discussed. The team will be presented along with the challenges.", "description": "Discussion is in French, but slides will be in English! Prizes and summary of the CTFs (Classic, Beginner and Pro) will be discussed. The team will be presented along with the challenges.\r\nDiscussion is in French, but slides will be in English! Prizes and summary of the CTFs (Classic, Beginner and Pro) will be discussed. The team will be presented along with the challenges.\r\nDiscussion is in French, but slides will be in English! Prizes and summary of the CTFs (Classic, Beginner and Pro) will be discussed. The team will be presented along with the challenges.\r\nDiscussion is in French, but slides will be in English! Prizes and summary of the CTFs (Classic, Beginner and Pro) will be discussed. The team will be presented along with the challenges.\r\nDiscussion is in French, but slides will be in English! Prizes and summary of the CTFs (Classic, Beginner and Pro) will be discussed. The team will be presented along with the challenges.\r\nDiscussion is in French, but slides will be in English! Prizes and summary of the CTFs (Classic, Beginner and Pro) will be discussed. The team will be presented along with the challenges.\r\nDiscussion is in French, but slides will be in English! Prizes and summary of the CTFs (Classic, Beginner and Pro) will be discussed. The team will be presented along with the challenges.", "recording_license": "", "do_not_record": true, "persons": [{"id": 1, "code": "N97AYA", "public_name": "Patrick", "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}], "Track 2": [{"id": 137, "guid": "d946d3c8-28fb-5148-997b-652513a8f6d4", "logo": "", "date": "2022-10-30T10:00:00-04:00", "start": "10:00", "duration": "00:20", "room": "Track 2", "slug": "MZ7P9T", "url": "https://cfp.hackfest.ca/hf2022/talk/MZ7P9T/", "title": "Se fait hacker qui croyait hacker : L\u2019analyse des mots de passe des pirates informatiques", "subtitle": "", "track": "Research", "type": "Speed Talk", "language": "fr", "abstract": "Il a \u00e9t\u00e9 d\u00e9montr\u00e9 que l'environnement des utilisateurs influence les strat\u00e9gies de cr\u00e9ation de mots de passe. Adoptant une perspective d\u2019analyse de r\u00e9seau (au sens th\u00e9orique du terme), nous observons l'influence des pairs sur les choix de mots de passe. Plus pr\u00e9cis\u00e9ment, nous comparerons 2 bases de donn\u00e9es avec des mots de passe r\u00e9els qui ont \u00e9t\u00e9 divulgu\u00e9s sur Internet : la premi\u00e8re est un r\u00e9seau social (non d\u00e9linquant) et l'autre provient d'un forum de hackers (d\u00e9linquants). Des analyses de r\u00e9gression logistiques ont permises d'observer l'influence d'un r\u00e9seau de d\u00e9linquants sur les mots de passe des utilisateurs en incluant leurs caract\u00e9ristiques et la force de ceux-ci.\r\n\r\nLes r\u00e9sultats montrent qu'il existe une diff\u00e9rence entre les r\u00e9seaux concernant les strat\u00e9gies de cr\u00e9ation de mots de passe. Les utilisateurs d'un m\u00eame r\u00e9seau pr\u00e9sentent des comportements similaires mais sont diff\u00e9rents des autres r\u00e9seaux. Les individus qui partagent les m\u00eames int\u00e9r\u00eats sociaux semblent \u00eatre plus susceptibles d'utiliser les m\u00eames strat\u00e9gies de cr\u00e9ation de mot de passe. Les d\u00e9linquants ont tendance \u00e0 avoir un mot de passe plus fort et des caract\u00e9ristiques particuli\u00e8res comme l'utilisation de mots grossiers. Les explications possibles de ces r\u00e9sultats seront discut\u00e9es.", "description": "La premi\u00e8re partie de la pr\u00e9sentation introduira le sujet des mots de passe et l'importance d'approfondir les connaissances qui les entourent. (4 minutes)\r\n\r\nEn utilisant la litt\u00e9rature en recherche sur les mots de passe des utilisateurs, nous d\u00e9montrerons que l'environnement des utilisateurs influence les strat\u00e9gies de cr\u00e9ation de mots de passe. Ensuite, nous utiliserons cette perspective de r\u00e9seau pour expliquer l'analyse que nous avons effectu\u00e9e. (6 minutes)\r\n\r\nEnsuite, nous pr\u00e9senterons les r\u00e9sultats qui montrent qu'il existe une diff\u00e9rence entre les r\u00e9seaux concernant les strat\u00e9gies de cr\u00e9ation de mots de passe. (7 minutes)\r\n\r\nNous discuterons des raisons pour lesquelles le d\u00e9linquant aurait un mot de passe plus fort en int\u00e9grant une seconde analyse. Nous testons si leurs mots de passe plus forts sont dus aux connaissances num\u00e9riques des hackers ou \u00e0 la nature ill\u00e9gale/secr\u00e8te de l'action effectu\u00e9e sur le site Web. (8 minutes)", "recording_license": "", "do_not_record": false, "persons": [{"id": 230, "code": "H89NBP", "public_name": "Andreanne Bergeron", "biography": "Andr\u00e9anne Bergeron est chercheure en cybers\u00e9curit\u00e9 chez GoSecure. Elle travaille actuellement sur les strat\u00e9gies de cr\u00e9ation de mots de passe et l\u2019impact du r\u00e9seau social des utilisateurs. Elle a \u00e9galement obtenu son doctorat en criminologie \u00e0 l'Universit\u00e9 de Montr\u00e9al au cours duquel elle a re\u00e7u la prestigieuse bourse BESC Vanier. Andr\u00e9anne a pr\u00e9c\u00e9demment travaill\u00e9 comme coordinatrice du Darkweb and Anonymity Research Center dans lequel elle s'est sp\u00e9cialis\u00e9e dans les flux internationaux de drogue vendus sur les cryptomarch\u00e9s. Elle a contribu\u00e9 \u00e0 l'organisation de conf\u00e9rences r\u00e9gionales et internationales en tant que pr\u00e9sidente du Congr\u00e8s sur la Recherche en Enqu\u00eate Polici\u00e8re (CREP), membre du comit\u00e9 organisateur de la conf\u00e9rence annuelle du Society for Police and Criminal Psychology (SPCP) et comme directrice scientifique du Groupe d\u2019Analyse, Recherche et D\u00e9veloppement En Sources Ouvertes (GARDESO).", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 168, "guid": "1440eb13-ee7e-5eb8-afa9-911e68026e4f", "logo": "", "date": "2022-10-30T10:30:00-04:00", "start": "10:30", "duration": "00:20", "room": "Track 2", "slug": "XFYDQU", "url": "https://cfp.hackfest.ca/hf2022/talk/XFYDQU/", "title": "Colporteur ou usurpeur? Quand la vie te lance un CTF!", "subtitle": "", "track": "Threat Intelligence / OSINT", "type": "Speed Talk", "language": "en", "abstract": "En tant que nouveau propri\u00e9taire, comment des habilit\u00e9s acquises l'hors de CTF peuvent aider \u00e0 am\u00e9liorer notre soci\u00e9t\u00e9 et nous aider \u00e0 survivre contre les scams des colporteurs!", "description": "- (intro) Parcours professionel et CTF (2 min.)\r\n - Questce que je fais dans la vie\r\n - Int\u00e9ret g\u00e9n\u00e9ral en informatique et cybers\u00e9curit\u00e9\r\n- (context) Une maison et ses complications (2 min.)\r\n - Achat d'une premi\u00e8re maison/inspection \r\n - Nouveau cartier, r\u00e9alit\u00e9 d'avoir une maison et les solicitations\r\n- (A new challenger) L'arriv\u00e9 des colporteur (2 min.)\r\n - Du porte a porte pour sauver du temps!\r\n - identification entreprise et L'approche aidante/de facilit\u00e9\r\n- (Let's the game begin) D\u00e9but du social engineering / Flags flags flags (8 min.)\r\n - Exploration en surface de l'entreprise\r\n - Conaissance g\u00e9n\u00e9rale\r\n - technique pour ins\u00e9curiser les cibles\r\n - OSINT de l'entreprise\r\n - Preuve \u00e0 l'appuis\r\n- (We solved it, whats now?) Aid\u00e9 la soci\u00e9t\u00e9? (4 min.)\r\n - Aid\u00e9 son cartier / contacter les autorit\u00e9s\r\n - Osint des personnes cl\u00e9s\r\n- (How to get better/outro) Les flags manqu\u00e9s? (2 min.)\r\n - Quoi v\u00e9rifi\u00e9 de plus la prochaine fois\r\n - technique de mes voisins!", "recording_license": "", "do_not_record": true, "persons": [{"id": 258, "code": "K7MUJR", "public_name": "Francois-Gabriel Auclair", "biography": "Si l'informatique \u00e9tait un gateau, le gla\u00e7age serait la cybersec, et la cerise de pouvoir pens\u00e9 out of the box pour venir \u00e0 ses... faim!\r\n\r\nYup! Tres creamy comme bio!\r\n\r\nJ'aime cuisiner/ BBQ, gamer, electronique/informatique, faire des ctf et prendre des chemins hors norme pour affronter des challenges; C'est plus long/difficile mais j'apprend plus en profondeur!", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 125, "guid": "112716b8-bf1d-56ad-83b3-e5ca63cd38bc", "logo": "", "date": "2022-10-30T11:00:00-04:00", "start": "11:00", "duration": "00:50", "room": "Track 2", "slug": "QTVZ3P", "url": "https://cfp.hackfest.ca/hf2022/talk/QTVZ3P/", "title": "EDR: Efficiently Defeating RedTeamers?", "subtitle": "", "track": "Offensive", "type": "Regular talk", "language": "en", "abstract": "This talk is covering some of the tricks and tools that can be used to successfully perform a red team engagement in a world where the EDR will do everything to stop you.", "description": "The talk is covering some interesting techniques that can be used to defeat the EDR in place, hide from it or simply ensure that your actions are not monitored by the solution in place.\r\n\r\nFrom abusing of the TrustedInstaller privilege to re-implementing your own LoadLibrary, we will understand how the current technique can be adapted to avoid detection in a real world red team scenario.\r\n\r\nGet ready to do some assembly, understand Windows Internal and understand what we are facing as red teamers.\r\nNo user-mode hooking, ETW and kernel callback will be able to stop you.", "recording_license": "", "do_not_record": true, "persons": [{"id": 221, "code": "MMCVYT", "public_name": "Mr.Un1k0d3r", "biography": "Charles Hamilton is a Red Teamer, with more than ten years of experience delivering offensive testing services for various government clients and commercial verticals. In recent years, Charles has focused on covert Red Team operations against complex and secured environments. These operations have allowed him to hone his craft at quietly navigating a client's network without detection. Since 2014, he is the founder and operator of the RingZer0 Team website, a platform focused on teaching hacking fundamentals. The RingZer0 community currently has more than 40,000 members worldwide. Charles is also a prolific toolsmith and speaker in the InfoSec industry under the handle of Mr.Un1k0d3r.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 133, "guid": "d5e89d2a-7b3f-50bb-a944-f667d2ad1941", "logo": "", "date": "2022-10-30T13:30:00-04:00", "start": "13:30", "duration": "00:50", "room": "Track 2", "slug": "WTNMZ8", "url": "https://cfp.hackfest.ca/hf2022/talk/WTNMZ8/", "title": "BLACKHAT: Hacking Using USB Rubber Ducky", "subtitle": "", "track": "Offensive", "type": "Regular talk", "language": "fr", "abstract": "Les ordinateurs font confiance aux humains. Les humains utilisent des claviers. D'o\u00f9 la sp\u00e9cification universelle - HID, ou Human Interface Device. L'USB Rubber Ducky - ressemble \u00e0 une cl\u00e9 USB innocente pour les humains abuse de cette confiance pour fournir des charges utiles puissantes, en injectant des frappes \u00e0 des vitesses surhumaines. Nous d\u00e9couvrirons ensemble les joies ducky script.", "description": "1- INTRODUCTION: Nous plantons le d\u00e9cor. On parle de tout ce qui est rogue pour les utilisateurs. Le z\u00e9ro trust\r\n2- PETITE HISTOIRE: Un dicton dit avant de comprendre notre pr\u00e9sent il faut comprendre notre pass\u00e9 En gros, nous parlerons du hacking dans le temps \u00e0 maintenant\r\n3- USB RUBBER DUCKY C\u2019EST QUOI: comment cette histoire existe aujourd'hui. Hack5\r\n\r\n// Le point 4 \u00e0 8 sont des d\u00e9monstrations pratiques\r\n\r\n4- NOTRE PREMIER SCRIPT: YOU HAVE BEEN HACKED \r\n5- OPEN WEB BROWSER & REDIRECT USER\r\n6- ADD ANOTHER USER ADMIN & RDP\r\n7- REVERSE SHELL, LES JOIES DU HACKING\r\n8- COMMENT SE PROTEGER ?", "recording_license": "", "do_not_record": false, "persons": [{"id": 227, "code": "PEPVDQ", "public_name": "Kevin MONKAM", "biography": "De formation d\u2019ing\u00e9nieur r\u00e9seaux et t\u00e9l\u00e9communications, Kevin MONKAM est un passionn\u00e9 de la S\u00e9curit\u00e9 des Syst\u00e8mes d\u2019Information. Il est membre du Eyes Cybersecurity Forum dans lequel il intervient sur divers sujets de la s\u00e9curit\u00e9 des SI.\r\nAujourd\u2019hui, il est conseiller principal en s\u00e9curit\u00e9 de l\u2019information au mouvement Desjardins.\r\nIl occupe \u00e9galement des fonctions d\u2019enseignant en temps partiel pour le Master 2 IUC (Institut universitaire de la c\u00f4te) qui est un master Fran\u00e7ais d\u00e9localis\u00e9 au Cameroun. Les mati\u00e8res enseign\u00e9es sont : S\u00e9curit\u00e9 des applications web (SAW), Audit de s\u00e9curit\u00e9 (ASI), Ethical Hacking (EH).\r\nFort de ses 7 ans d\u2019exp\u00e9rience en s\u00e9curit\u00e9 de l\u2019information c\u2019est un \u00ab g\u00e9n\u00e9raliste \u00bb de l\u2019informatique, avec une forte sp\u00e9cialisation dans la s\u00e9curit\u00e9 technique ainsi qu\u2019en gouvernance : analyse de risques (ISO27005, EBIOSRM), veille, sensibilisation, conformit\u00e9 ISO27001.\r\nPleinement engag\u00e9 dans la s\u00e9curit\u00e9 de l\u2019information, il participe aux comp\u00e9tions de type CTF est \u00e9galement actifs sur des projets de type : s\u00e9curit\u00e9 offensive (red team), sensibilisation, mesure de maturit\u00e9 SI, analyse de risques, audit ISO27001.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 167, "guid": "db064b93-1801-5d6c-9484-b637ef79af37", "logo": "", "date": "2022-10-30T14:30:00-04:00", "start": "14:30", "duration": "00:50", "room": "Track 2", "slug": "QPCMY8", "url": "https://cfp.hackfest.ca/hf2022/talk/QPCMY8/", "title": "La sensibilisation \u00e0 la cybers\u00e9curit\u00e9 comme outil de d\u00e9fense contre la d\u00e9sinformation en ligne", "subtitle": "", "track": "Threat Intelligence / OSINT", "type": "Regular talk", "language": "fr", "abstract": "L'impact de la d\u00e9sinformation en ligne sur la soci\u00e9t\u00e9 est ind\u00e9niable particuli\u00e8rement depuis le d\u00e9but de la pand\u00e9mie. Comment les principes de sensibilisation \u00e0 la cybers\u00e9curit\u00e9 peuvent nous fournir des pistes de solutions pour combattre la d\u00e9sinformation.", "description": "Intro : Pr\u00e9sentation du livre On Vous Trompe (5min) - des auteurs, background et expertises.\r\n\r\nM\u00e9sinformation VS d\u00e9sinformation - l'impact des technologies Deep Fakes sur l'information, l'usage des technologies d'automatisation dans les campagnes de d\u00e9sinformation \u00e0 grande \u00e9chelles, etc. (10 min)\r\n\r\nR\u00e9alit\u00e9s alternatives et conspirations : processus de biais cognitif, concept du Long Tail appliqu\u00e9 \u00e0 d'endoctrinement, le parall\u00e8le entre sombrer \"dans le terrier du lapin\" et tomber dans le panneau d'une arnaque en ligne (10 min)\r\n\r\nBig Data, vie priv\u00e9e et l'ing\u00e9nierie sociale comme outil de d\u00e9sinformations - les donn\u00e9es collect\u00e9es utilis\u00e9es pour cibler les vuln\u00e9rabilit\u00e9s (10 min) \r\n\r\nLes pistes pour authentifier l'information et se d\u00e9fendre en ligne (10 min) \r\n\r\nConclusion : Prot\u00e9ger nos proches (5 min)", "recording_license": "", "do_not_record": false, "persons": [{"id": 256, "code": "LLZRGH", "public_name": "Catherine Dupont-Gagnon", "biography": "DG pour l'organisme \u00e0 but non lucratif Crypto.Qu\u00e9bec et co-auteure du livre \"On vous trompe - Comprendre la m\u00e9sinformation, les mensonges et la manipulation en ligne\"", "answers": []}], "links": [], "attachments": [], "answers": []}], "Track Workshop": [{"id": 159, "guid": "1d13f238-fdc0-5522-a6ab-017b41ca86a3", "logo": "", "date": "2022-10-30T10:00:00-04:00", "start": "10:00", "duration": "02:00", "room": "Track Workshop", "slug": "RPSDNJ", "url": "https://cfp.hackfest.ca/hf2022/talk/RPSDNJ/", "title": "Web Application Firewall Workshop", "subtitle": "", "track": "Offensive", "type": "2h workshop", "language": "en", "abstract": "Web Application Firewalls usage is controversial in the field of application security. Some consider them useless since they are imperfect. Others consider them an interesting ally for virtual patching and for defense in depth. Beyond this debate, firewalls are a reality in several organizations to defend edge services. \r\n\r\nTesters may find the presence of such protection to be a drag on their security assessment. As these firewalls cannot always be disabled for testing, it is important to be able to quickly assess whether a circumvention method is possible. We have designed a workshop featuring different scenarios where a firewall is used to block certain attacks or features.", "description": "**Agenda**\r\n\r\nThe workshop will consist of 4 main bypass categories: \r\n - Syntax alternatives for table names, keywords and URLs. \r\n - Encoding (URL, Unicode, case mapping) \r\n - SQLi bypass (for mod_security and libinjection) \r\n - Switching protocol (WebSocket, H2C)\r\n\r\nFor each of the exercises, an in-depth explanation of the technique will be discussed. Then a demonstration application will be available to participants to apply their new knowledge.\r\n\r\nIn order to do the exercises, you will need Docker, Burp Suite Pro / OWASP ZAP and Python installed.", "recording_license": "", "do_not_record": false, "persons": [{"id": 41, "code": "C38SSJ", "public_name": "Philippe Arteau", "biography": "Philippe is a security engineer working for ServiceNow. His work and research are focusing on Web application security. His past work experience includes pentesting, secure code review and software development. He is the author of the widely used Java static analysis tool OWASP Find Security Bugs (FSB). He is also a contributor to the static analysis tool for .NET called Security Code Scan. He built many plugins for Burp and ZAP proxy tools: Retire.js, Reissue Request Scripter, CSP Auditor and many others. Philippe has presented at several conferences including Black Hat Arsenal, SecTor, AppSec USA, ATLSecCon, NorthSec, and 44CON.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"id": 171, "guid": "a9e227b9-ea27-5dc5-b8d9-e58e097910c9", "logo": "", "date": "2022-10-30T13:30:00-04:00", "start": "13:30", "duration": "01:30", "room": "Track Workshop", "slug": "3CDGNN", "url": "https://cfp.hackfest.ca/hf2022/talk/3CDGNN/", "title": "Introduction to NFT stealing", "subtitle": "", "track": "Offensive", "type": "2h workshop", "language": "en", "abstract": "Overview of NFT related tools and platforms alongside a step by step guide on how to steal an NFT.\r\n\r\nIn this presentation we will cover from a high point of view what constitutes an NFT, and we'll look at some tools/websites to manipulate them at the blockchain level.\r\n\r\nWe'll leave some time for participants to setup the Metamask wallet. If you want to pre-prepare go to https://metamask.io/ and setup the browser plugin in a isolated browser profile.", "description": "Fran\u00e7ais disponible sur demande.\r\n\r\nIn this presentation we will cover from a high point of view what constitutes an NFT, and we'll look at some tools/websites to manipulate them at the blockchain level.\r\n\r\nWe'll leave some time for participants to setup the Metamask wallet. If you want to pre-prepare go to https://metamask.io/ and setup the browser plugin in a isolated browser profile.\r\n\r\nWe'll end on a step by step guide on how to steal the NFT that you can follow along and just watch. While stealing the NFT is actually easier than understanding how to steal, we'll also look at the hints that lead to the \"exploitation\" path.", "recording_license": "", "do_not_record": false, "persons": [{"id": 257, "code": "MMM8EQ", "public_name": "Jonathan Marcil", "biography": "Jonathan is a board member of the OWASP Orange County chapter. Originally from Montreal, he is part of NorthSec CTF as a challenge designer. He is passionate about Application Security and enjoys architecture analysis, code review, threat modeling and debunking security tools. Jonathan holds a bachelor's degree in Software Engineering from ETS Montreal and has more than 18 years of experience in Information Technology and Security.", "answers": []}], "links": [], "attachments": [], "answers": []}]}}]}}}