2024 | 2023 | 2022 | 2021 | 2020 | 2019 | 2018 | 2017 | 2016 | 2015 | 2014 | 2013 | HackUS

2024

Competition

Theme: PhilWell Corp

!!null ""

Top 3

• 1^st: Hubert Hackin''
• 2^nd: cold_root
• 3^rd: Phreaks 2600

Conference

Talks

• KEYNOTE: Technical Analysis Past, Present, and Future - Insights from a Reverse Engineering Perspective par Sergei Frankoff
• Reverse-Engineering Nim Malware: Or a brief tale of analyzing the compiler for a language I had never used par Alexandre Côté
• Finding signals in the noise: Why write exploits when attackers share them for free? par Ron Bowes
• What's New is Old - Parallels of OWASP's Top 10 for LLMs and Web Applications par Logan MacLaren
• Insert coin: Hacking arcades for fun par Ignacio Navarro
• Hardware Hacking Curiosity par Adrien Lasalle
• Crowdsourced DDoS Attacks Amid Geopolitical Events par Zaid Osta
• Will the real attribution please stand up? par Alexis Dorais-Joncas and Greg Lesnewich
• Ebury, 10 years in: The evolution of a sophisticated Linux server threat par Marc-Etienne M.Léveillé
• Browser is the new LSASS par Charles F. Hamilton (Mr.Un1k0d3r)
• Scrutiny Debugger - Debug, test and configure embedded softwares through instrumentation par Pier-Yves Lessard
• BEWARE of Infosec Influencers par W. Garrett Myler
• I will look for you and I will find you: OSINT on publicly shared pictures par Patricia Gagnon-Renaud
• Under the Radar: How we found 0-days in the Build Pipeline of OSS Packages par François Proulx and Benoit Cote-Jodoin
• Redefining Digital Security: A New Approach for IPV Victims par Corinne Pulgar
• UnRegister Me - Advanced Techniques for hunting and securing user registration vulnerabilities. par Priyank
• With Great gAIn Comes Greater Security Issues - When ML Frameworks' Scale for Growth Incorporates Security Risks to Users' Cloud Accounts par Berenice Flores
• GraphRunner and Defending Your Microsoft Tenant par John Stoner
• Cyber Incident Command System: A Firefighter's Approach to Managing Cyber Incidents par AJ Jarrett
• Heartbleed, ten years later par Louis Melançon
• Jupyter Jetpack: Automating Cloud Threat Hunting par Kai Iyer
• Simplified Malware Evasion - Entropy and other Techniques par Will Summerhill
• Real or fake? Tools to fight online disinformation par Christian Paquin
• API: Alternate Pathway to Injection par Fennix
• Unveiling the OT Threat Landscape par Camille Felx Leduc and Thomas Poinsignon Clavel
• Double Trouble: Unmasking Twin Phishing Campaigns Targeting E-commerce and Travel Sites par Mangatas Tondang (@tas_kmanager)

Workshops

• Examen radioamateur Compétence de Base / Amateur Radio Basic Competency Exam
• Prevent First, Detect Second: An Open-Source Approach par Dekel Paz and Sagie
• Mastering Exegol par Charlie Bromberg (Shutdown) and Mathieu Calemard du Gardin (Dramelac)
• Toolbox for reverse engineering and binary exploitation par Marc-André Labonté
• How crypto gets broken (by you) par Ben Gardiner
• Machine Learning For Security Professionals: Building And Hacking ML Systems par Sagar Bhure
• Reversing Rust Binaries: One step beyond strings par Cindy Xiao
• Exploiter Ansible WorX et tout le reste par Simon Lacasse and Charl-alexandre Le Brun

Event Video

Event Photos

2023

Competition

Theme: La Corporation

Top 3

• 1^st: cold_root
• 2^nd: Hubert Hackin'
• 3^rd: OK1OK

Conference

Talks

• KEYNOTE: Empowering Security with Generative AI: Fundamentals and Applications of GPT models par Roberto Rodriguez
• KEYNOTE: Scams: a generative AI use case par Jeff Yates
• Tracking Bumblebee’s Development par Suweera De Souza
• Abusing GitHub for fun and profit: Actions and Codespaces Security par Magno Logan
• (Windows) Hello from the other side par Dirk-jan Mollema
• Broken links - Behind the scenes of Supply Chain breaches par François Proulx
• Evasion as a Red Teamer par Charles F. Hamilton (Mr.Un1k0d3r)
• The quantum clock is ticking… get ready! par Christian Paquin
• gRPC security with less effort par Ashley Manraj
• Human versus Machine: The Level of Human Interaction in Automated Attacks Targeting the Remote Desktop Protocol par Andreanne Bergeron
• Roll for Stealth: Evading AV/EDR Entropy Checks par Mike Saunders
• Willy Wonka and the Detection Factory: Detection Engineering without Alert Fatigue par Rémi Langevin and Émilio Gonzalez
• From On-Premises to Cloud: A Comprehensive Analysis of SAP Security Issues par Vahagn and Arpine Maghakyan
• Behind the Scenes in GitHub Bug Bounty par Logan MacLaren
• Infrastructure as Code, Automation, and Testing: The Key to Unlocking the Power of Detection Engineering par Olaf Hartong
• Privacy through the lens of code par Suchakra Sharma
• Checkmate: using game theory to study the evolution of ransomware par Vicky Desjardins
• Burp Suite Pro tips and tricks, the sequel par Nicolas Grégoire
• Thwarting Malware Analysis: Integrating Established and Novel Techniques par Guillaume Caillé
• Asylum Ambuscade: Crimeware or cyberespionage? par Matthieu Faou
• To the moon and back: How we found and exploited a series of critical vulns in an RPC server par Ron Bowes
• Vulnérabilités des réseaux overlays VxLan dans les datacenters. par mdovero
• Roses are red, violets are blue, S4U bamboozles me, U2U too par Charlie Bromberg (Shutdown)
• Password Audit Cracking in AD: The Fun Part of Compliance par Mathieu Saulnier
• Deception for pentesters par Laurent Desaulniers
• Too Anonymous To Prosecute? Survey And Interviews on Shadow Phones par David Décary-Hétu and Melanie Théorêt
• Profiling Risky Code using Machine Learning par zunaira zaman
• Democratizing (cyber) warfare and the battle for Ukraine. Tactics, techniques and methods for effective offensive cyber operations. par Sarah Kraynick
• Practical exploitation of cryptographic flaws in Windows par Yolan Romailler and Sylvain Pelissier

Workshops

• Tokens, everywhere! par Dr Nestori Syynimaa
• Analyse dynamique de pilotes Windows par Marc-André Labonté
• An Introduction to Continuous Security Testing par Octavia Hexe and Harry Hayward
• Capture-The-Flag 101 par Olivier Bilodeau
• Introduction to Cryptographic Attacks par Matt Cheung
• Malware Reverse Engineering Workshop par Lilly Chalupowski
• Malware Morphology for Detection Engineers par Jared Atkinson and Jonathan Johnson
• Go reverse-engineering workshop par Ivan Kwiatkowski

Event Video

Event Photos

2022

Competition

Theme: Le Mycoverse

!!null ""

Top 3

• 1^st: Paumd
• 2^nd: cold_root
• 3^rd: Hubert Hackin'

Conference

Talks

• KEYNOTE: What Lies Behind Canada’s Internet Regulation Reversal? par Michael Geist
• Obfuscation classification via Machine Learning par Yuriy Arbitman
• Public, verifiable, and unbiasable randomness: wassat? par Yolan Romailler
• MuddyWater: From Canaries to Turkeys par Vitor Ventura and Asheer Malhotra
• Formalizing the right to be forgotten: law meets crypto par Philippe Lamontagne
• 10 Things I wish I knew before my first incident par Caspian Kilkelly
• I thought writing a technical book was supposed to be fun?!! par Vickie Li
• The Risks of RDP and How to Mitigate Them par Olivier Bilodeau and Lisandro Ubiedo
• A snapshot of Doplik: Unwanted Software using serialized JavaScript bytecode as an anti-analysis technique par Léanne Dutil
• Jumping the air gap: 15 years of nation-state efforts par Alexis Dorais-Joncas and Facundo Munoz
• The road to BeyondCorp is paved with good intentions par Maya Kaczorowski and Eric Chiang
• Passive recon & intelligence collection using cyber-squatted domains par Rolland Winters
• Hook, Line and Sinker - Pillaging API Webhooks par Abhay Bhargav
• From the cluster to the cloud and back to the cluster: Lateral movements in Kubernetes par Yossi Weizman
• Privacy-friendly QR codes for identity par Christian Paquin
• Tell me where you live and I will tell your P@ssw0rd: Understanding the macrosocial factors influencing password’s strength par Andreanne Bergeron
• I am become loadbalancer, owner of your network par Nate Warfield

Workshops

• Web Application Firewall Workshop par Philippe Arteau
• Advanced Process Injection Techniques par Yash Bharadwaj
• Capture-The-Flag 101 par Olivier Bilodeau
• Reverse and bypass of modern Android runtime protections [FR] par Georges-Bastien Michel
• Fleet and osquery - open source device visibility par Guillaume Ross

Event Video

Event Photos

2021

Competition

Theme: North Sectoria

!!null ""

Top 3

• 1^st: Paumd
• 2^nd: HubrETS Hackin''
• 3^rd: Skiddies as a Service

Conference

Talks

• KEYNOTE: You're not an idiot par Ange Albertini
• KEYNOTE: Privacy Without Monopoly: Beyond Feudal Security par Cory Doctorow
• Security Metrics That Matter par Tanya Janca
• Full Circle Detection: From Hunting to Actionable Detection par Mathieu Saulnier
• Unmasking the Cameleons of the Criminal Underground: An Analysis From Bot To Illicit Market Level par David Décary-Hétu
• Repo Jacking: How Github usernames expose 70,000 open-source projects to remote code injection par Indiana Moreau
• Data Science way to deal with advanced threats. par Igor Kozlov
• Damn GraphQL - Attacking and Defending APIs par Dolev Farhi
• Building CANtact Pro: An Open Source CAN Bus Tool par Eric Evenchick
• Burnout: Destabilizing Retention Goals and Threatening Organizational Security par Chloé Messdaghi
• Blurred lines - The mixing of APTs with Crimeware groups par Warren Mercer and Vitor Ventura
• Forensicating Endpoint Artifacts in the World of Cloud Storage Services par Renzon Cruz
• See Something, Say Something? The State of Coordinated Vulnerability Disclosure in Canada’s Federal Government par Stephanie Tran , Florian Martin-Bariteau and Yuan Stevens
• Bypassing advanced device profiling with DHCP packet manipulation par Ivica Stipovic
• Just Add More LEDs: NSec 2018 and 2019 Badge Mods par Ben Gardiner
• Hacking K-12 school software in a time of remote learning par Sam Quinn
• Request Smuggling 101 par Philippe Arteau
• CrimeOps of the KashmirBlack Botnet par Ofir Shaty and Sarit Yerushalmi
• dRuby Security Internals par Addison Amiri and Jeff Dileo
• AMITT Countermeasures - A Defensive Framework to Counter Disinformation par and Sara-Jayne Terp
• Critical Vulnerabilities in Network Equipment: Past, Present and Future par Pedro Ribeiro
• Authentication challenges in SaaS integration and Cloud transformation par Evelyn Lam
• Social bots: Malicious use of social media par Marie-Pier Villeneuve-Dubuc
• Cryptography Do's and Don't in 2021 par Mansi Sheth
• How to harden your Electron app par Mitchell Cohen

Workshops

• Introduction to fuzzing par Dhiraj Mishra
• DIY Static Code Analyzer: Building your own security tools with Joern par Suchakra Sharma and Vickie Li
• Atomic Red Team Hands-on Getting Started Guide par Carrie Roberts
• Capture-The-Flag 101 par Olivier Bilodeau
• Reversing Android malware for the Smart and Lazy par Axelle Apvrille
• Automated contact tracing experiment on ESP Vroom32 par Marc-andre Labonte
• How Crypto Gets Broken (by you) par Ben Gardiner
• Kubernetes Security 101: Best Practices to Secure your Cluster par Magno Logan

Event Video

Event Photos

2020

Competition

Theme: Severity High

!!null ""

Top 3

• 1^st: HubrETS Hackin"
• 2^nd: Les Gentils Pirates
• 3^rd: CLICKESTI

Conference

Talks

• Practical security in the brave new Kubernetes world par Alex Ivkin
• AMITT - Adversarial Misinformation Playbooks par Octavia Hexe and Sara-Jayne Terp
• Unicode vulnerabilities that could byͥte you par Philippe Arteau
• IOMMU and DMA attacks par Jean-Christophe Delaunay
• Designing Customer Account Recovery in a 2FA World par Kelley Robinson
• Defending Human Rights in the Age of Targeted Attacks par Etienne Maynier
• High speed fingerprint cloning: myth or reality? par Vitor Ventura and Paul Rascagnères
• Regions are types, types are policy, and other ramblings par bx
• Look! There's a Threat Model in My DevSecOps par Alyssa Miller
• The Path to Software-Defined Cryptography via Multi-Party Computation par Prof. Yehuda Lindell
• Stay quantum safe: future-proofing encrypted secrets par Christian Paquin
• Dynamic Data Resolver IDA plugin – Extending IDA with dynamic data par Holger Unterbrink

Workshops

• Finding the Needle in the Needlestack: An Introduction to Digital Forensics par Emily Wicki
• Capture-The-Flag 101 par Olivier Bilodeau
• Offensive Cloud Security Workshop par Xavier Garceau-Aranda
• Advanced Binary Analysis par Alexandre Beaulieu

Event Video

2019

Competition

Theme: Neurosoft

!!null ""

Top 3

• 1^st: Goats
• 2^nd: Hubert Hackin
• 3^rd: paumd

Conference

Talks

• Wajam: From a Start-up to Massive Spread Adware par Hugo Porcher
• A good list of bad ideas par Laurent Desaulniers
• The (Long) Journey To A Multi-Architecture Disassembler par Joan Calvet
• Fixing the Internet's Auto-Immune Problem: Bilateral Safe Harbor for Good-Faith Hackers par Chloé Messdaghi
• Cache Me If You Can: Messing with Web Caching par Louis Dion-Marcil
• Safer Online Sex: Harm Reduction and Queer Dating Apps par Norman Shamas
• Making it easier for everyone to get Let's Encrypt certificates with Certbot par Erica Portnoy
• Hacking Heuristics: Exploiting the Narrative par Kelly Villanueva
• What is our Ethical Obligation to Ship Secure Code? par Elissa Shevinsky
• M33tfinder: Disclosing Corporate Secrets via Videoconferences par Yamila Vanesa Levalle
• T1: Secure Programming For Embedded Systems par Thomas Pornin
• Post-Quantum Manifesto par Philippe Lamontagne
• Trick or treat? Unveil the “stratum” of the mining pools par Emilien Le Jamtel and Ioana-Andrada Todirica
• KEYNOTE: Where Do We Go From Here? Stalkerware, Spouseware, and What We Should Do About It par Eva Galperin
• xRAT: Monitoring Chinese Interests Abroad With Mobile Surveillance-ware par Apurva Kumar and Arezou Hosseinzad-Amirkhizi
• DNS On Fire par Paul Rascagnères and Warren Mercer
• One Key To Rule Them All - ECC Math Tricks par Yolan Romailler
• Threat hunting in the cloud par Jacob Grant and Kurtis Armour
• Using Geopolitical Conflicts for Threat Hunting - How Global Awareness Can Enable New Surveillanceware Discoveries par Kristin Del Rosso
• KEYNOTE: Cybersecurity vs the world par Matt Mitchell
• Welcome to the Jumble: Improving RDP Tooling for Malware Analysis and Pentesting par Émilio Gonzalez and Francis Labelle
• Post-Quantum Cryptography: today's defense against tomorrow's quantum hackers par Christian Paquin
• Call Center Authentication par Kelley Robinson
• Mainframe Hacking in 2019 par Philip Young
• The SOC Counter ATT&CK par Mathieu Saulnier

Workshops

• Deserialization: RCE for modern web applications par Philippe Arteau
• Red Teaming Workshop par Charles F. Hamilton
• Introduction to appliance reverse engineering par Olivier Arteau
• Container Security Deep Dive par Yashvier Kosaraju
• Reversing WebAssembly Module 101 par Patrick Ventuzelo
• Threat Modeling par Jonathan Marcil
• Introduction to Return Oriented Programming par Lisa Aichele
• Leveraging UART, SPI and JTAG for firmware extraction par Marc-andre Labonte
• Hunting Linux Malware for Fun and Flags par Marc-Etienne M.Léveillé
• Using angr to augment binary analysis workflow par Alexander Druffel and Florian Magin
• Capture-The-Flag 101 par Olivier Bilodeau
• Intro to badge soldering par Martin Lebel
• 64-bit shellcoding and introduction to buffer overflow exploitation on Linux par Silvia Väli
• Breaking smart contracts par Maurelian and Shayan Eskandari
• Sponsor event par
• From Bitcoins Amateurs to Experts: Fundamentals, grouping, tracing and extracting bulk information with open-source tools par Masarah Paquet-Clouston

Event Video

Event Photos

2018

Competition

Theme: Space

!!null ""

Top 3

• 1^st: Goats
• 2^nd: Hubert Hackin
• 3^rd: Golden TickETS

Conference

Talks

• A Journey into Red Team par Charles Hamilton
• Stupid Purple Teamer Tricks par Laurent Desaulniers
• Quick Retooling with .NET Payloads par Dimitry Snezhkov
• Ichthyology: Phishing as a Science par Karla Burnett
• Logic against sneak obfuscated malware par Thaís aka barbie Moreira Hamasaki
• Binary analysis, meet the blockchain par Mark Mossberg
• Invoke-DOSfuscation: Techniques FOR %F IN (-style) DO (S-level CMD Obfuscation) par Daniel (DBO) Bohannon
• Non-Crypto Constant-Time Coding par Thomas Pornin
• Smart contract vulnerabilities: The most interesting transactions on the Ethereum blockchain par Sarah Friend and Jon Maurelian
• Not the Droid You're Looking For: Evading Vulnerability Exploitation Through Secure Android Development par Kristina Balaam
• Cell Site Simulators From the Ground Up par Yomna Nasser
• Exploits in Wetware par Robert Sell (Creep)
• Data Breaches: Barbarians in the Throne Room par Dave "gattaca" Lewis
• Surprise Supplies! par Paul Rascagnères and Warren Mercer
• Prototype pollution attacks in NodeJS applications par Olivier Arteau
• What are containers exactly and can they be trusted? par Stéphane Graber
• Only an Electron away from code execution par Silvia Väli
• KEYNOTE: How to Think (About Complex Adversarial Systems) par Eleanor Saitta
• The Blackbear project par Marc-André Labonté
• From Hacking Team to Hacked Team to…? par Filip Kafka
• Video game hacks, cheats, and glitches par Ron Bowes
• Tightening the Net in Iran par Mahsa Alimardani
• Brain Implants & Mind Reading par Melanie Segado
• One Step Before Game Hackers -- Instrumenting Android Emulators par Wan Mengyuan (Nevermoe)
• Homeward Bound: Scanning Private IP Space with DNS Rebinding par Danny Cooper and Allan Wirth
• Getting ahead of the elliptic curve par Martijn Grooten
• Source code vulnerability research and browser exploitation par Jean-Marc Leblanc
• Python and Machine Learning: How to use algorithms to create yara rules with a malware zoo for hunting par Sebastien Larinier

Workshops

• Hacking APIs and the MEAN Stack with OWASP DevSlop par Nicole Becher and Tanya Janca
• A Gentle Introduction to Fuzzing par Israël Hallé and Jean-Marc Leblanc
• Wi-Fi Security par Mark El-Khoury
• Incident Response in the Age of Threat Intelligence with MISP, TheHive & Cortex par Raphaël Vinot and Saâd Kadhi
• Botnet Tracking and Data Analysis Using Open-Source Tools par Masarah Paquet-Clouston and Olivier Bilodeau
• Capture-The-Flag 101 par Olivier Bilodeau , Laurent Desaulniers and Charles Hamilton
• IoT Firmware Exploitation par Aaron Guzman
• Hands-on Modern Access Control Bypassing par Vikram Salunke
• Orange is the new Hack - Introduction to Machine Learning with Orange par Philippe Arteau

Event Video

Event Photos

2017

Competition

Theme: Rao’s Rigged Elections

!!null ""

Top 3

• 1^st: Hack Toute
• 2^nd: RPISEC
• 3^rd: SomeRandomName

Conference

Talks

• Playing Through the Pain: The Impact of Dark Knowledge and Secrets on Security and Intelligence Professionals par Richard Thieme
• Attacking Linux/Moose Unraveled an Ego Market par Olivier Bilodeau and Masarah Paquet-Clouston
• Backslash Powered Scanning: Implementing Human Intuition par James Kettle
• BearSSL: SSL For all Things par Thomas Pornin
• Data Science Tools and Techniques for the Blue Team par Shawn Marriott
• Murder Mystery – How Vulnerability Intelligence is Poisoning your Information Security Program par Gordon MacKay
• How Surveillance Law was Expanded in Canada, What the Media has Reported, and What’s Next par Chris Prince
• Creating an Internet of (Private) Things—Some Things for Your Smart Toaster to Think About par Ian Douglas
• Pentesting: Lessons from Star Wars par Adam Shostack
• Hack Microsoft Using Microsoft Signed Binaries par Pierre-Alexandre Braeken
• Hacking POS PoS Systems par Jackson Thuraisamy and Jason Tran
• Don’t Kill My Cat par Charles F. Hamilton
• Stupid RedTeamer Tricks par Laurent Desaulniers
• Abusing Webhooks for Command and Control par Dimitry Snezhkov
• Modern Reconnaissance Phase by APT – Protection Layer par Paul Rascagneres
• Deep Dive into Tor Onion Services par David Goulet

Workshops

• Introduction to Assembly Language and Shellcoding par Charles F. Hamilton and Peter Heppenstall
• Automating Detection, Investigation and Mitigation with LimaCharlie par Maxime Lamothe-Brassard
• Script Engine Hacking For Fun And Profit par Jean-Marc Le Blanc and Israël Hallé
• Cracking Custom Encryption – An Intuitive Approach to Uncovering Malware’s Protected Data par Pavel Asinovsky and Magal Baz

Event Video

Event Photos

2016

Competition

Theme: Marcus Madison’s Bakery

!!null ""

Top 3

• 1^st: Hack Toute
• 2^nd: RPISEC
• 3^rd: SomeRandomName

Conference

Talks

• KEYNOTE: How Anonymous (narrowly) Evaded the Cyberterrorism Rhetorical Machine par Gabriella Coleman
• The New Wave of Deserialization Bugs par Philippe Arteau
• Applying DevOps Principles for Better Malware Analysis par Olivier Bilodeau and Hugo Genesse
• Practical Uses of Program Analysis: Automatic Exploit Generation par Sophia D’Antoine
• CANtact: An Open Tool for Automotive Exploitation par Eric Evenchick
• Bypassing Application Whitelisting in Critical Infrastructures par René Freingruber
• Inter-VM Data Exfiltration: The Art of Cache Timing Covert Channel on x86 Multi-Core par Etienne Martineau
• Analysis of High-level Intermediate Representation in a Distributed Environment for Large Scale Malware Processing par Eugene Rodionov and Alexander Matrosov
• Real Solutions From Real Incidents: Save Money and Your Job! par Guillaume Ross and Jordan Rogers
• Security Problems of an Eleven Year Old and How to Solve Them par Jake Sethi-Reiner
• Android – Practical Introduction into the (In)Security par Miroslav Stampar
• Hide Yo’ Kids: Hacking Your Family’s Connected Things par Mark Stanislav
• Law, Metaphor and the Encrypted Machine par Lex Gill
• Stupid Pentester Tricks par Laurent Desaulniers
• Not Safe For Organizing: The state of targeted attacks against civil society par Masashi Crete-Nishihata and John Scott-Railton

Event Video

Event Photos

2015

Competition

Theme: Rao’s intricate Kingdom

!!null ""

Top 3

• 1^st: Hack Toute
• 2^nd: 0k10k
• 3^rd: BUILDS_1

Conference

Talks

• KEYNOTE: Privacy, Surveillance & Oversight par Chris Prince - Office of the Privacy Commissioner of Canada
• Breaking PRNGs: A predictable talk on Pseudo Random Number Generators par Philippe Arteau
• 2 years of Montréhack: the local CTF training initiative par Olivier Bilodeau
• The Sednit Group: “Cyber” Espionage in Eastern Europe par Joan Clavet
• CHEKS, Complexity Science in Encryption Key Management par Jean-François Cloutier and François Gagnon
• Hopping on the CAN Bus par Eric Evenchick
• EMET 5.2 - armor or curtain? par René Freingruber
• Bitcoin: Putting the “pseudo” back in pseudonymous par Mathieu Lavoie
• DDoS: Barbarians At The Gate par Dave Lewis
• TextSecure: Present and Future par Trevor Perrin
• The Uroburos case: analysis of the tools used by this actor par Paul Rascagnères
• Object Oriented Code RE with HexraysCodeXplorer par Eugene Rodionov
• CTF or WTF? par Guillaume Ross
• Threat Modeling for the Gaming Industry par Robert Wood
• Why You Should (But Don’t) Care About Mainframe Security par Phil “Soldier of Fortran” Young
• Rosetta Flash And Why Flash Is Still Vulnerable… par Philippe Arteau
• Totally Spies! par Joan Clavet and Paul Rascagnères
• iOS App Analytics And Your Privacy par Guillaume Ross

Event Video

Event Photos

2014

Competition

Theme: Associated Nation Organization

!!null ""

Top 3

• 1^st: 0k10k
• 2^nd: Amish Security
• 3^rd: Cracks en Logarithmes

Event Video

Event Photos

2013

Competition

Theme: Onionotar

!!null ""

Top 3

• 1^st: Amish Overflow
• 2^nd: 0k10k
• 3^rd: 0dayETSploit

Event Video

Event Photos

HackUS

NorthSec est l'enfant spirituel de la compétition HackUS organisée à l'Université de Sherbrooke en 2010 et 2011. Le premier Hacker Jeopardy — dans le format que vous connaissez à NorthSec — s'est produit à HackUS en 2011 à partir d'une envie de pause et d'événement social pendant le CTF.