“AIkido: Unleashed power in your Command & Control”
Joel Gámez Molina;
Regular Talk
AIkido is the new revolution of your favourite Command & Control: Kitsune. It suggests commands, detects privesc opportunities and executes complex tasks completely autonomously, without relying on paid APIs or registrations. Work locally or over the Internet, speak to it in any language and watch it move through the graphical interface, as if it were a real "Red Team Operator". Ask AIkido for anything, go get your popcorn... and enjoy the show!
“Backdooring OpenSSH”
EvilMog;
Regular Talk
In this talk learn how OpenSSH can be backdoored through AuthorizedKeysCommands, TrustedCAKeys, and other techniques learned from Red Teaming at security competitions. Learn how to defend yourself and use these techniques to enhance your security.
“Beyond Red vs. Blue: Elevating Your Security with Practical Purple Teaming”
Will Summerhill;
Regular Talk
Is your security testing keeping pace with modern adversaries? It's time to break down the silos between your red and blue teams and build a unified, capability-driven defense. This session provides key insights for enhancing your security posture through purple teaming from lessons learned during years of consulting experience. We'll share critical lessons from the field on how to evolve your exercises from simple assessments to powerful capability-building workshops. Learn from concrete examples on how to effectively improve purple team exercises, increase collaboration, perform gap analysis, and level up your entire security posture.
“Comment rédiger une BONNE politique sur l'IA?”
Jean-François Nadeau;
Regular Talk
Le sujet de l'intelligence artificielle est une tendance et technologie assez présente aujourd'hui pour prétendre à prendre place dans la collection des politiques des entreprises. Elle entre en compétition avec les dernières politiques comme l'utilisation acceptable des technologies, la sécurité de l'information ou les appareils mobiles.
Est-ce que l'intelligence artificielle mérite sa propre politique? Certainement! Comment y arriver en tant que professionnel de la sécurité de l'information?
“Entre épée et bouclier : la voie stoïcienne du cyberdéfenseur”
Jacques Sauve;
Regular Talk
Un talk inspirant qui fusionne cybersécurité défensive et philosophie stoïcienne : accepter l’inévitable, se préparer à la résilience, et rester calme face à l’incident.
“Mastering Bash for Hackers: Extreme Command-Line Power”
Kirils Solovjovs;
Workshop - 240 minutes
Bash isn’t just an interface to your daily laptop - it’s a weapon. In this hands-on workshop, we’ll push bash beyond its typical use, leveraging it for hacking, data processing, automation, and real-world security applications. Whether you’re crafting exploits, analyzing massive datasets, or automating reconnaissance, this session will equip you with the skills to turn bash into your ultimate hacking tool.
“Meshtastic Attacktastic”
Dave "Heal" Schwartzberg;
Regular Talk
Meshtastic excels in emergencies and off-grid communication but can falter when adversaries exploit vulnerabilities. This open-source platform enables decentralized, long-range communication via LoRa-based mesh networks, ideal for remote or crisis scenarios. However, it also introduces security risks, including physical attacks, privacy leaks, poor key management, and susceptibility to jamming. This talk analyzes Meshtastic’s encryption and authentication mechanisms, highlighting potential compromises and demonstrating how attackers can exploit these flaws. We'll provide technical breakdowns, simulated attack scenarios, and real-world case studies, equipping attendees with actionable insights to secure their mesh networks effectively. Whether you're a hobbyist exploring off-grid communications or a security expert assessing decentralized systems, you'll leave armed with the knowledge and strategies to protect your Meshtastic devices. Join us to explore the critical vulnerabilities within mesh network security and learn how to fortify these powerful yet potentially fragile systems.