Hackfest 2023 - Back to the Future

Alex is the Technical Director at Kroll's Offensive Security - Cyber Risk group. After 7 years of hands-on penetration testing, Alex is responsible for research and development of tools, techniques, skills and methodologies for the team of Kroll's pen testers.

Ali Maredia is a security engineer, working on enterprise security architecture and developing security tools. Prior to that, he worked as a security engineer in the financial industry, specializing in threat intelligence. With a background in software engineering, Ali holds a bachelor's degree from the University of Texas at Austin. His interests include CTFs and teaching programming to underprivileged youth.

Amir Gharib is a senior security researcher at Microsoft. His main responsibility is to improve Microsoft’s detection capabilities across different workloads by researching novel attacks and detection mechanisms. As part of his role, he leverages events and signals from a variety of workloads and products to develop high-fidelity detection that can be used to disrupt attacks automatically. In the past, he was a technical manager at PwC performing incident response, threat hunting, and detection engineering. Furthermore, he worked with IBM Qradar to develop UEBA solutions for users and entities. He currently holds GCFA certification and a Master of Computer Science (MCS) degree specialized in cybersecurity. He has published and presented at several international conferences and journals. His publications have received more than 600 citations in recent years. Outside of work, he enjoys spending time with his family (plus his dog) and friends. He is currently training toward his private pilot license (PPL).

Andréanne Bergeron has a Ph.D. in criminology from the University of Montreal and works as a cybersecurity researcher at GoSecure. Acting as the social and data scientist of the team, she is interested in online attackers’ behaviors. She is involved in the infosec community as the VP engagement and outreach for Northsec. Her experience as a speaker includes BlackHat USA, DefCon, BSides Montreal, NorthSec, CypherCon and Human Factor in Cybercrime among others.

Andrew is a computer scientist with over fifteen years of experience in endpoint security and related competencies. Andrew joined CrowdStrike in 2015 and currently serves as Vice President of Field Engineering.

Co-fondatrice de l'association cybercitoyen.org et co-autrice du livre On Vous Trompe.
J'aspire à rendre accessible le contenu en cybersécurité et à augmenter la littératie numérique du grand public afin de combattre la désinformation, les violences technologiques et les fraudes en ligne.

Cheryl Biswas is a Strategic Threat Intel Specialist with a major bank in Canada. She has experience with security audits and assessments, privacy, DRP, project management, vendor management and change management. Cheryl engages in the security community as a conference speaker and volunteer, mentors, and champions women and diversity in Cyber Security as a founding member of the "The Diana Initiative".

Chris Carlis is an unrepentant penetration tester with an extensive background in network, wireless and physical testing. Across his career, Chris has worked to expand the value offensive testing provided via open communication and goal driven engagements. These experiences lead Chris to co-found Dolos Group with a focus on Red/Purple Teaming, security education and training. Additionally, Chris has presented at a variety of conferences, including Thotcon, Hushcon, Hackfest, FS-ISAC, and various B-Side events. He is a perennial volunteer at the Thotcon conference in his native Chicago and helps to organize multiple Chicagoland “BurbSec” information security monthly gatherings.

Christophe Reverd a occupé des postes de direction dans les opérations de cybersécurité (centre des opérations de cybersécurité, réponse aux incidents de criminalistique numérique, renseignement sur les cybermenaces, chasse aux cybermenaces, gestion des actifs et des vulnérabilités, tests d'intrusion) avant de diriger la fonction sécurité (RSI) pour Quincaillerie Richelieu Ltée (TSX:RCH) dont les opérations de distribution s'étendent en Amérique du Nord.

Titulaire d’une maîtrise en administration, concentration gouvernance, audit et sécurité des technologies de l'information (TI) de l’Université de Sherbrooke, Christophe est également détenteur de certifications professionnelles en gestion de la sécurité de l’information (CISSP-ISSMP), audit TI (CISA), gouvernance TI (CGEIT), risque TI (CRISC), MITRE ATT&CK (SOC, CTI, AE, THDE, PTM) et infonuagique (Microsoft Azure).

Sa passion à promouvoir les technologies émergentes a pris une nouvelle dimension par son implication en éducation où il a inculqué les meilleures pratiques en tant que chargé de cours en gouvernance des TI à l’École de gestion pendant dix ans et en cyber sécurité au Centre de formation des TI (CEFTI) de la Faculté des Sciences de l’Université de Sherbrooke, parallèlement à son parcours professionnel.

Clément is a passionate speaker and technical security expert, specializing in security testing, offensive security and ethical hacking. Currently technical team leader for security testing and offensive security practice at Bell Canada, he is driven by an unwavering passion for security and hacking. Clément has carried out numerous assignments and assessments for clients in various sectors such as banking, finance, government, services, industry and energy. Endowed with an insatiable curiosity and unfailing tenacity, Clément is a passionate hacker who constantly seeks to understand the architecture and fundamentals of the technologies that come his way.

Damien Bancal est un expert en cyber intelligence français. Il est connu pour son travail dans le domaine de la sensibilisation à la sécurité informatique. Depuis plus de 30 ans, il évangélise sur toutes les questions liées à la protection des données personnelles.

Damien Bancal est le fondateur des sites Internet Zataz.ca, datasecuritybreach.fr et veillezataz.com. Il y partage des informations sur les fuites de données, les failles de sécurité à corriger et les cyberattaques.
Son objectif principal est d'alerter, informer et éduquer les utilisateurs sur les menaces liées à la cybercriminalité.

Auteur de 16 livres, il a travaillé 1 an à Montréal et pour une quarantaine de média de part le monde.
Il a adore la poutine !

Dmitriy Beryoza is a Senior Security Researcher with Vectra AI, working on threat detection in the cloud and on-prem networks.

Before that he was a penetration tester and secure software development advocate at IBM. He has been a software developer for many years, before switching to security full-time.

Dmitriy presented talks at security conferences such as DEF CON Cloud Village, HackFest, BSides, and others.

His interests include reverse engineering, secure software development, and CTF competitions.

Don Mallory has over 30 years of experience in enterprise IT, primarily in critical infrastructure, specializing in operations, data storage, disaster recovery, and security for critical infrastructure. Professionally, Don is a Senior Security Analyst in the healthcare sector. He has been involved in various volunteer activities including C3X as a builder and mentor, co-organizer of Hak4Kidz Toronto and the Latow Photographer's Guild at the Art Gallery of Burlington, where he teaches traditional wet darkroom photography.

Eric M. Gagnon est un professionnel de la cybersécurité hautement expérimenté avec plus de 15 ans d'expertise. Actuellement en poste en tant que Conseiller Principal et Opérateur Red Team au sein de l'équipe ETTIC chez Desjardins, et il enseigne le "Piratage Éthique et Contre-Mesure" au CCNB. Il se spécialise dans le Threat Hunting, la réponse aux incidents, l'enquête numérique, la sécurité offensive et la gestion des vulnérabilités. Détenteur de certifications dans multiples domaine de la cybersécurité, notamment OSCP, OSCE, GBFA, et GCFA, Éric apporte une riche connaissance en matière de défense et d'attaque, ainsi qu'une passion pour encourager la collaboration entre les équipes. Avec sa vaste expérience et son état d'esprit collaboratif, il se consacre à garantir la sécurité et la résilience des organisations face aux cybermenaces.

Félix est un opérateur Red Team chez Desjardins et il est passionné d'informatique, de sécurité et de défis. C'est avec la DCI (Délégation des compétitions en informatique) qu'il a participé à plusieurs CTF tout au long de son parcours académique à l'ÉTS. Entre les certifications en sécurité et le travail, Félix a commencé une chaîne YouTube orientée sur la sécurité, le Homelabing et le réseautage. Ce projet le passionne et il a pour but de partager des connaissances avec les gens qui ont une passion, comme lui, pour l'informatique.

Gabrielle Botbol is a Pentester at Desjardins, the largest financial cooperative in North america. With a deep focus on the banking industry, Gabrielle specializes in exploring mobile applications and API.
Gabrielle is an avid blog writer who advocates for access to education for all. In addition, she has a large following on social media, where she shares many educational resources about technical training and many other cyber topics.
She actively contributes to various organizations as a member of their Advisory Board, such as APIsec University. She is a speaker and trainer at global events and prestigious universities, like Blackhat, APIsecure, Apidays, Bsides, Owasp, Cuny University, Toronto University…
With her contributions to the community, Gabrielle has been the recipient of multiple prestigious awards. Among them, she was honored as one of the Top 20 women in cybersecurity in Canada, Pentest Ninja at WSCJ, Educator of the Year at AYA, Top Influencer in Cybersecurity by IFSEC Global, and Woman Hacker of the Year by CSWY.

Gabrielle Verreault, a bioethics student at Université de Montréal's School of Public Health, is concentrating on the societal and health impacts of digital technologies and AI. Her master's research-creation delves into the Montreal Declaration for Responsible AI Development, with a story being published by Atelier 10. This publication, paired with a teaching guide, aims to educate on AI ethics engagingly.

Since February 2022, Gabrielle has been aiding Ukraine from Canada, Poland, and Ukraine amidst Russia's invasion. Her experiences have shaped her doctoral project on civil mobilization via modern technologies. By examining initiatives like the IT army, cybersecurity, and drones, she's capturing the values and motivations of civilians opposing Russia. _
Gabrielle Verreault, étudiante en bioéthique à l'École de santé publique de l'Université de Montréal, se concentre sur les impacts sociétaux et sanitaires des technologies numériques et de l'IA. Sa recherche-création de maîtrise porte sur la Déclaration de Montréal pour un développement responsable de l'IA, dont le récit est publié par Atelier 10. Cette publication, jumelée à un guide d'enseignement, vise à éduquer sur l'éthique de l'IA de façon engageante.

Depuis février 2022, Gabrielle aide l'Ukraine depuis le Canada, la Pologne et l'Ukraine au milieu de l'invasion russe. Ses expériences ont façonné son projet de doctorat sur la mobilisation civile via les technologies modernes. En examinant des initiatives telles que La IT Army, la cybersécurité et les drones, elle s'intéresse aux valeurs et aux motivations des civils qui s'opposent à la Russie.

Jacques est un vétéran de 30 ans des technologies de l’information. Il a été chef d’entreprise pendant 24 ans, à la tête d’une firme de consultation qui se spécialisait dans la gamme de produits Novell. Son équipe et lui ont desservit des clients à travers l’Amérique du nord, allant de la très petite PME jusqu’à la grande entreprise. Il a travaillé avec des systèmes d’exploitation NetWare, Linux, Windows, des solutions de courriel, de collaboration, de gestion d’identités, de sécurité, et autres services d’infrastructure réseau. Maintenant, après une absence de 6 ans du Québec, ayant vécu et travaillé en Alberta et en Irlande, Jacques s’est installé en Estrie et se concentre maintenant sur la cybersécurité pour les PMEs, voulant aider celles-ci à mitiger le risque d’une cyberattaque

James is currently a security advisor at an insurance company in Montreal. He has worked in the field of both offensive and defensive security. His interest in information security initially developed through video games. Subsequently, he decided to pursue this path by studying Computer Science with a focus on infosec. Along the way, James has obtained various certifications such as OSCP, CISSP, CBBH, etc. He also has a strong interest in game hacking, also known as "Gamepwn". This is a relatively lesser-known area within the broader context of information security, and James aims to bring this topic to a wider audience.

La carrière de Jean-François a débuté dans la gestion de systèmes informatiques il y a un peu plus d’une dizaine d’années avant de se spécialiser en cybersécurité. Il a passé quelques années à agir à titre de consultant (KPMG Egyde) et à répondre à des situations de crises à travers le monde dans des organisations d’envergures lors de cyberattaques. Jean-François s’est ensuite joint à l’équipe de la Banque Nationale du Canada afin d’appuyer leur équipe de cyberdéfense et aider à faire progresser la pratique de réponse aux cyberincidents. Sa motivation a toujours été de contribuer, en utilisant ses compétences, à prévenir les cyberattaques et de compliquer, le plus possible, la vie des cybercriminels.

Troutman is an Internet "Old Timer." His first online experiences involved a paper TTY with a 300 bps acoustic coupler modem in 1982. A user of the Internet and UNIX since 1987, he has been tasked with building and running Internet infrastructure off and on since the early '90s. He has held a wide variety of senior roles at various regional ISPs, telcos, and cable companies, as well as founding a few of them. He is most often found roaming the countryside as a freelance consultant, solving problems for a wide variety of organizations, with a focus on Internet infrastructure and broadband. His volunteer activities include Director of the regional Internet Exchange for Maine and Northern New England (NNENIX.NET), board member for the Maine Technology Users Group (MTUG.ORG), and Director of Operations for the Skytalks Village at DEF CON (Skytalks.info and defcon.org).

Jonathan is part of NorthSec as a CTF challenge designer. He is passionate about Application Security and enjoys architecture analysis, code review, threat modeling and debunking security tools. Jonathan holds a bachelor's degree in Software Engineering from ETS Montreal and has 20 years of experience in Information Technology and Security.

Kirils Solovjovs is an IT policy activist, bug bounty hunter, and the most visible white-hat hacker in Latvia having discovered and responsibly disclosed or reported multiple security vulnerabilities in information systems of both national and international significance. He has extensive experience in social engineering, penetration testing, network flow analysis, reverse engineering, and the legal dimension.

He has developed the jailbreak tool for Mikrotik RouterOS, as well as created e-Saeima, helping the Latvian Parliament become the first parliament in the world that is prepared for a fully remote legislative process. He has spoken at many amazing conferences including Hack In The Box, Hack in Paris, TyphoonCon, MCH2022, 35C3, CONFidence, BalCCon, Nullcon, and of course Hackfest.

Geek humaniste. Luc a eu plusieurs vies mais sa carrière suit le même fil conducteur : service public, bien commun, protection de la vie privée et défense de la démocratie.

RSSI et expert en gouvernance de la sécurité de l'information le jour, père et co-fondateur de Crypto.Québec la nuit.

Ses intérêts sont le renseignement, la politique, la sécurité internationale, la technologie, la démocratie, le progrès, les droits de l'homme et l'astronomie. Il a notamment co-écrit deux livres sur la sécurité de l'information, qui ont été des best-sellers dans leurs catégories : "On vous voir" en 2018 ainsi que "On vous trompe" en 2022, tous deux publiés aux Éditions Trécarré.

MJ Banias is a journalist, podcaster, and senior intelligence analyst with Sapper Labs Group.

Red Team Manager and Crypto Enthusiast

Naeem Budhwani is a cyber defense consultant at Accenture’s Cyber Attack Simulation (CAS) practice. He was previously an associate in PwC Canada’s Cybersecurity & Privacy practice. Across these roles, Naeem has consulted for over a dozen clients, from boutique insurance firms looking to develop IR playbooks to multi-national technology giants undergoing an application security transformation. He is regarded as a Canadian subject matter expert in threat modeling, having been brought in to conduct executive interviews for Crown Corporations and provide large-audience technical application security training to financial institutions.

Naeem has also delivered guest lectures on application security at Seneca College and York University. He holds a bachelor’s in applied mathematics and computer science from the University of Western Ontario.

Sam Harper est un médecin de famille défroqué qui a découvert le journalisme après un détour en informatique.
Il est journaliste d'enquête pour Pivot, un média indépendant. Il a cofondé l'organisme Cyber Citoyen, un organisme qui fait de la vulgarisation et de la formation autour des enjeux de vie privée et de sécurité et qui accompagne les personnes victimes de violence technologique.

En tant que PDG du Groupe ISM situé au Canada. Le groupe ISM et Simon David Williams ont survécu à un cybercrime majeur et ont aujourd'hui contribué à 37 cybercrimes majeurs. L'objectif est d'aider l'industrie des TI à protéger et conscientiser les personnes de leur réseaux, avant, après et pendant une attaque active de Ransomware. Dans cette conférence, vous naviguerez sur le Darkweb et verrez comment sécuriser votre organisation et vous-même en apprenant comment les pirates publient et agissent dans un cybercrime et de quelle façon les Script-Kiddie les utilisent

Simon Lacasse works as a pentester at Desjardins, with a focus on company-wide objective-oriented security tests. He has a strong interest in web application and infrastructure security. With a background in software engineering, he enjoys making his own tools to solve the different problems at hand. When possible, he likes to give back to the community by making his tools public and open source. He is an alumni of the PolyHack/PolyHx cybersecurity club from Polytechnique Montreal.

I work as a Cyber Threat Hunt Analyst at Microsoft where I take proactive and iterative approach to research, hunt, and remove advanced threats that evade existing security solutions in Azure infrastructure. I focus on external adversaries (APT) and engage with threat intelligence to validate the existence of APT through research and hunt of Indicators of Compromise (IoCs), exploratory analysis of Tactics, Techniques, and Procedures (TTPs) and vectors, and discovery and analysis of potential adversary activity. I also conduct deep dive analysis into internal adversaries (Red Team)attacks to determine Breach Paths and respond to confirmed deconflictions of Red Team activitythrough penetration test research and purple operations, such as Incident Reponse tabletop exercises. I also review detections and work on visualizing and operationalizing threats for future operations and correlation analysis. I was recently recognized as the Cyber Security Women Influencer of the Year by BSides I have mentored several Cyber Security aspirants, to guide and assist in their development of cybersecurity skills, personality development, technical guidance, and career guidance. I am committed to promoting diversity and inclusion in Cyber Security, which has led to accolades such as being recognized as the Cybersecurity Women Influencer of the Year by BSides, being nominated for the SANS Difference Makers Award, being recognized as India Philanthropies CSR Champion by Microsoft, and being awarded the Women Leader in InfoSec Scholarship by Nullcon.

PDG d’INFOSECSW,
Ancien SMA à la sécurité de l’information et à la cybersécurité du Québec au MCN,
Chroniqueur média en cybersécurité et
Chargé de cours à l’Université de Sherbrooke

'est au cours de sa carrière militaire au sein du Royal 22e Régiment que le Capt(ret) Steve Waterhouse a troqué son arme contre un clavier et est devenu l'un des premiers cyber-soldats au Canada. Après avoir travaillé à la formation de soldats et d'officiers aux armes de combat, Steve a ensuite travaillé à la mise en place des premiers réseaux administratifs militaire au QGSQFT, à la base de Montréal et au Collège militaire royal de Saint-Jean avec les Forces armées canadiennes, ainsi qu'à la mise en œuvre de pratiques modernes de cybersécurité comme premier Officier de Sécurité des Systèmes d’information (OSSI). Il continue à partager sa passion et son expérience en tant que chargé de cours à l'Université de Sherbrooke dans le cadre du microprogramme de maîtrise en sécurité de l’information - volet prévention. Il est invité à apporter son expérience et son expertise aux commissions de la Chambre des communes du Canada et à l'Assemblée nationale du Québec et est fréquemment sollicité dans les médias canadiens pour commenter les questions de cybersécurité. M. Waterhouse a aussi été le premier sous-ministre-adjoint à la sécurité gouvernementale et à la cybersécurité du ministère de la cybersécurité et du numérique du Québec jusqu’au début 2023.

Wendy is a software developer interested in the intersection of cybersecurity and data science. She’s involved in the NASA Datanauts program and participated in the SANS Women’s Academy, earning GIAC GSEC, GCIH, and GCIA certifications. She has masters degrees in computer science and library and information science from the University of Illinois.

Prior to working full time on OpenSecurityTraining2 (ost2.fyi), Xeno worked at Apple designing architectural support for firmware security; and code auditing firmware security implementations. A lot of what he did revolved around adding secure boot support to the main and peripheral processors (e.g. the Broadcom Bluetooth chip.) He led the efforts to bring secure boot to Macs, first with T2-based Macs, and then with the massive architectural change of Apple Silicon Macs. Once the M1 Macs shipped, he left Apple to pursue the project he felt would be most impactful: creating free deep-technical online training material and growing the newly created OpenSecurityTraining 501(c)(3) nonprofit.

Yaniv Miron - While finding interest in computers, networks and cyber security from a young age he worked as a security consultant and researcher for years. He holds a CISO certification from The Israeli Institute of Technology in addition to certifications as Certified Expert Penetration Tester (CEPT), Certified Reverse Engineering Analyst (CREA), Certified SCADA Security Architect (CSSA) and Win32 Exploit Development. Mr. Miron found 0-days in Microsoft products, Oracle products and others and have reported and credited for these issues. he is a worldwide speaker in hacking and security conferences as BlackHat, HackFest, Power Of Community, Confidence, IL.Hack and Hacker Halted. Mr. Miron is an entrepreneur and inventor with years of experience managing startups, turning startups from an idea to a fully working solution. LinkedIn profile: https://www.linkedin.com/in/yanivmiron/

Émilio travaille dans une blue team d'une grande organisation canadienne. Il aime participer à des CTFs et créer des défis pour introduire les gens à des aspects défensifs de la cybersécurité. Il co-organise MontréHack, un atelier de CTF mensuel à Montréal. Vous le croiserez en ville, se promenant en trottinette électrique, rêvant d'un monde plus résilient, où la voiture n'est pas une nécessité pour les déplacements quotidiens.