2024 | 2023 | 2022 | 2021 | 2020 | 2019 | 2018 | 2017 | 2016 | 2015 | 2014 | 2013 | HackUS

2024

A difficult financial situation for a lot of cybersecurity companies complexified the planification of NorthSec 2024. Efforts from all volunteers allowed the event to take place at Marché Bonsecours in its traditional grand fashion.

The Capture-The-Flag event outgrew the usual rooms and was expended to a multi-floor experience. A "Blue Team" track was also introduced for the CTF.

Competition

Theme: PhilWell Corp

What initially was intended as a pentesting company retreat focused on wellbeing drastically shifted course when the pentesters found themselves unexpectedly shrunk down and inserted into the body of Philip Wellington, the CISO of their primary client. Now, against their wishes, they must navigate and interact with the intricate biological systems of the human body in an attempt to enhance Mr. Wellington's condition. Led by their team leader and receiving enigmatic guidance from Brian, the CEO of the PhilWell corporation, the participants are tasked with the mission of understanding the diverse systems comprising the human body in order to facilitate Mr. Wellington's improvement.

Top 3

• 1^st: Hubert Hackin''
• 2^nd: cold_root
• 3^rd: Phreaks 2600

Conference

Talks

• KEYNOTE: Technical Analysis Past, Present, and Future - Insights from a Reverse Engineering Perspective by Sergei Frankoff
• Reverse-Engineering Nim Malware: Or a brief tale of analyzing the compiler for a language I had never used by Alexandre Côté
• Finding signals in the noise: Why write exploits when attackers share them for free? by Ron Bowes
• What's New is Old - Parallels of OWASP's Top 10 for LLMs and Web Applications by Logan MacLaren
• Insert coin: Hacking arcades for fun by Ignacio Navarro
• Hardware Hacking Curiosity by Adrien Lasalle
• Crowdsourced DDoS Attacks Amid Geopolitical Events by Zaid Osta
• Will the real attribution please stand up? by Alexis Dorais-Joncas and Greg Lesnewich
• Ebury, 10 years in: The evolution of a sophisticated Linux server threat by Marc-Etienne M.Léveillé
• Browser is the new LSASS by Charles F. Hamilton (Mr.Un1k0d3r)
• Scrutiny Debugger - Debug, test and configure embedded softwares through instrumentation by Pier-Yves Lessard
• BEWARE of Infosec Influencers by W. Garrett Myler
• I will look for you and I will find you: OSINT on publicly shared pictures by Patricia Gagnon-Renaud
• Under the Radar: How we found 0-days in the Build Pipeline of OSS Packages by François Proulx and Benoit Cote-Jodoin
• Redefining Digital Security: A New Approach for IPV Victims by Corinne Pulgar
• UnRegister Me - Advanced Techniques for hunting and securing user registration vulnerabilities. by Priyank
• With Great gAIn Comes Greater Security Issues - When ML Frameworks' Scale for Growth Incorporates Security Risks to Users' Cloud Accounts by Berenice Flores
• GraphRunner and Defending Your Microsoft Tenant by John Stoner
• Cyber Incident Command System: A Firefighter's Approach to Managing Cyber Incidents by AJ Jarrett
• Heartbleed, ten years later by Louis Melançon
• Jupyter Jetpack: Automating Cloud Threat Hunting by Kai Iyer
• Simplified Malware Evasion - Entropy and other Techniques by Will Summerhill
• Real or fake? Tools to fight online disinformation by Christian Paquin
• API: Alternate Pathway to Injection by Fennix
• Unveiling the OT Threat Landscape by Camille Felx Leduc and Thomas Poinsignon Clavel
• Double Trouble: Unmasking Twin Phishing Campaigns Targeting E-commerce and Travel Sites by Mangatas Tondang (@tas_kmanager)

Workshops

• Examen radioamateur Compétence de Base / Amateur Radio Basic Competency Exam
• Prevent First, Detect Second: An Open-Source Approach by Dekel Paz and Sagie
• Mastering Exegol by Charlie Bromberg (Shutdown) and Mathieu Calemard du Gardin (Dramelac)
• Toolbox for reverse engineering and binary exploitation by Marc-André Labonté
• How crypto gets broken (by you) by Ben Gardiner
• Machine Learning For Security Professionals: Building And Hacking ML Systems by Sagar Bhure
• Reversing Rust Binaries: One step beyond strings by Cindy Xiao
• Exploiter Ansible WorX et tout le reste by Simon Lacasse and Charl-alexandre Le Brun

Event Video

Event Photos

2023

NorthSec's 10 years aniversary edition (if you count from 0). NorthSec 2023 was held at Marché Bonsecours. The conference was livestreamed on YouTube and the CTF was in-person only with a strong comeback of the physical tracks.

The event featured a "History of NorthSec" museum, full scale community room, and a Daft Punk tribute party.

Competition

Theme: The Corporation

In this dystopian future, the Corporation reigns supreme, with the entire populace relegated to drone-like roles in dreary office settings. Among them is employee 120875ABAB, who, discontented with their boring life, resolves to delve deeper into the inner workings of this colossal corporate entity. Seizing an opportunity during a scheduled maintenance of GOD, the Global Operations Directory monitoring everyone's activities, they, along with their own various personas, uncover secrets suggesting that the Corporation is merely a front for a mysterious arcane organization.

Top 3

• 1^st: cold_root
• 2^nd: Hubert Hackin'
• 3^rd: OK1OK

Conference

Talks

• KEYNOTE: Empowering Security with Generative AI: Fundamentals and Applications of GPT models by Roberto Rodriguez
• KEYNOTE: Scams: a generative AI use case by Jeff Yates
• Tracking Bumblebee’s Development by Suweera De Souza
• Abusing GitHub for fun and profit: Actions and Codespaces Security by Magno Logan
• (Windows) Hello from the other side by Dirk-jan Mollema
• Broken links - Behind the scenes of Supply Chain breaches by François Proulx
• Evasion as a Red Teamer by Charles F. Hamilton (Mr.Un1k0d3r)
• The quantum clock is ticking… get ready! by Christian Paquin
• gRPC security with less effort by Ashley Manraj
• Human versus Machine: The Level of Human Interaction in Automated Attacks Targeting the Remote Desktop Protocol by Andreanne Bergeron
• Roll for Stealth: Evading AV/EDR Entropy Checks by Mike Saunders
• Willy Wonka and the Detection Factory: Detection Engineering without Alert Fatigue by Rémi Langevin and Émilio Gonzalez
• From On-Premises to Cloud: A Comprehensive Analysis of SAP Security Issues by Vahagn and Arpine Maghakyan
• Behind the Scenes in GitHub Bug Bounty by Logan MacLaren
• Infrastructure as Code, Automation, and Testing: The Key to Unlocking the Power of Detection Engineering by Olaf Hartong
• Privacy through the lens of code by Suchakra Sharma
• Checkmate: using game theory to study the evolution of ransomware by Vicky Desjardins
• Burp Suite Pro tips and tricks, the sequel by Nicolas Grégoire
• Thwarting Malware Analysis: Integrating Established and Novel Techniques by Guillaume Caillé
• Asylum Ambuscade: Crimeware or cyberespionage? by Matthieu Faou
• To the moon and back: How we found and exploited a series of critical vulns in an RPC server by Ron Bowes
• Vulnérabilités des réseaux overlays VxLan dans les datacenters. by mdovero
• Roses are red, violets are blue, S4U bamboozles me, U2U too by Charlie Bromberg (Shutdown)
• Password Audit Cracking in AD: The Fun Part of Compliance by Mathieu Saulnier
• Deception for pentesters by Laurent Desaulniers
• Too Anonymous To Prosecute? Survey And Interviews on Shadow Phones by David Décary-Hétu and Melanie Théorêt
• Profiling Risky Code using Machine Learning by zunaira zaman
• Democratizing (cyber) warfare and the battle for Ukraine. Tactics, techniques and methods for effective offensive cyber operations. by Sarah Kraynick
• Practical exploitation of cryptographic flaws in Windows by Yolan Romailler and Sylvain Pelissier

Workshops

• Tokens, everywhere! by Dr Nestori Syynimaa
• Analyse dynamique de pilotes Windows by Marc-André Labonté
• An Introduction to Continuous Security Testing by Octavia Hexe and Harry Hayward
• Capture-The-Flag 101 by Olivier Bilodeau
• Introduction to Cryptographic Attacks by Matt Cheung
• Malware Reverse Engineering Workshop by Lilly Chalupowski
• Malware Morphology for Detection Engineers by Jared Atkinson and Jonathan Johnson
• Go reverse-engineering workshop by Ivan Kwiatkowski

Event Video

Event Photos

2022

The big return to in-person events. NorthSec 2022 was held at Marché Bonsecours. The conference was livestreamed on YouTube and the CTF was remote-first with an in-person option.

Competition

Theme: The Mycoverse

Ouyaya is a startup company that wants to ride on the current trends. They are about to release their flagship product, the Mycoverse. This mushroom-themed virtual universe is a platform for cryptocoin mining and NFT purchasing. However, they have been forced by the venture fund financing them to go through a security audit by a pentester firm. The participants will discover that behind the promises of technology advances is a shell for a company that never took security seriously, and that is even acting as a cover for a massive fraud in its Shiitakoin exchange.

Top 3

• 1^st: Paumd
• 2^nd: cold_root
• 3^rd: Hubert Hackin'

Conference

Talks

• KEYNOTE: What Lies Behind Canada’s Internet Regulation Reversal? by Michael Geist
• Obfuscation classification via Machine Learning by Yuriy Arbitman
• Public, verifiable, and unbiasable randomness: wassat? by Yolan Romailler
• MuddyWater: From Canaries to Turkeys by Vitor Ventura and Asheer Malhotra
• Formalizing the right to be forgotten: law meets crypto by Philippe Lamontagne
• 10 Things I wish I knew before my first incident by Caspian Kilkelly
• I thought writing a technical book was supposed to be fun?!! by Vickie Li
• The Risks of RDP and How to Mitigate Them by Olivier Bilodeau and Lisandro Ubiedo
• A snapshot of Doplik: Unwanted Software using serialized JavaScript bytecode as an anti-analysis technique by Léanne Dutil
• Jumping the air gap: 15 years of nation-state efforts by Alexis Dorais-Joncas and Facundo Munoz
• The road to BeyondCorp is paved with good intentions by Maya Kaczorowski and Eric Chiang
• Passive recon & intelligence collection using cyber-squatted domains by Rolland Winters
• Hook, Line and Sinker - Pillaging API Webhooks by Abhay Bhargav
• From the cluster to the cloud and back to the cluster: Lateral movements in Kubernetes by Yossi Weizman
• Privacy-friendly QR codes for identity by Christian Paquin
• Tell me where you live and I will tell your P@ssw0rd: Understanding the macrosocial factors influencing password’s strength by Andreanne Bergeron
• I am become loadbalancer, owner of your network by Nate Warfield

Workshops

• Web Application Firewall Workshop by Philippe Arteau
• Advanced Process Injection Techniques by Yash Bharadwaj
• Capture-The-Flag 101 by Olivier Bilodeau
• Reverse and bypass of modern Android runtime protections [FR] by Georges-Bastien Michel
• Fleet and osquery - open source device visibility by Guillaume Ross

Event Video

Event Photos

2021

A second year in lockdown mode. This time around we were more prepared. We even hosted a remote Hacker Jeopardy.

Competition

Theme: North Sectoria

We are in the Medieval period. For some reason unexplained, technology exists in this world. It is not as prevalent as it is in our world, but it is slowly taking more and more place.

This is a challenge to the elites in place. While their status was previously granted by bloodline, these tools are making the merchant caste take a greater place in the world since they quickly learned how to take advantage of it, while the royalty is left behind, thinking this is all wizardry they don’t understand.

To solve this situation, the regency has appointed its court Wizard: someone that can advise the crown on technology issues. The participants are followers of the Wizard: tech apprentices with some connections to the guilds, who are looking to take advantage of their position to place their pawns on this new chessboard and create new alliances.

Top 3

• 1^st: Paumd
• 2^nd: HubrETS Hackin''
• 3^rd: Skiddies as a Service

Conference

Talks

• KEYNOTE: You're not an idiot by Ange Albertini
• KEYNOTE: Privacy Without Monopoly: Beyond Feudal Security by Cory Doctorow
• Security Metrics That Matter by Tanya Janca
• Full Circle Detection: From Hunting to Actionable Detection by Mathieu Saulnier
• Unmasking the Cameleons of the Criminal Underground: An Analysis From Bot To Illicit Market Level by David Décary-Hétu
• Repo Jacking: How Github usernames expose 70,000 open-source projects to remote code injection by Indiana Moreau
• Data Science way to deal with advanced threats. by Igor Kozlov
• Damn GraphQL - Attacking and Defending APIs by Dolev Farhi
• Building CANtact Pro: An Open Source CAN Bus Tool by Eric Evenchick
• Burnout: Destabilizing Retention Goals and Threatening Organizational Security by Chloé Messdaghi
• Blurred lines - The mixing of APTs with Crimeware groups by Warren Mercer and Vitor Ventura
• Forensicating Endpoint Artifacts in the World of Cloud Storage Services by Renzon Cruz
• See Something, Say Something? The State of Coordinated Vulnerability Disclosure in Canada’s Federal Government by Stephanie Tran , Florian Martin-Bariteau and Yuan Stevens
• Bypassing advanced device profiling with DHCP packet manipulation by Ivica Stipovic
• Just Add More LEDs: NSec 2018 and 2019 Badge Mods by Ben Gardiner
• Hacking K-12 school software in a time of remote learning by Sam Quinn
• Request Smuggling 101 by Philippe Arteau
• CrimeOps of the KashmirBlack Botnet by Ofir Shaty and Sarit Yerushalmi
• dRuby Security Internals by Addison Amiri and Jeff Dileo
• AMITT Countermeasures - A Defensive Framework to Counter Disinformation by and Sara-Jayne Terp
• Critical Vulnerabilities in Network Equipment: Past, Present and Future by Pedro Ribeiro
• Authentication challenges in SaaS integration and Cloud transformation by Evelyn Lam
• Social bots: Malicious use of social media by Marie-Pier Villeneuve-Dubuc
• Cryptography Do's and Don't in 2021 by Mansi Sheth
• How to harden your Electron app by Mitchell Cohen

Workshops

• Introduction to fuzzing by Dhiraj Mishra
• DIY Static Code Analyzer: Building your own security tools with Joern by Suchakra Sharma and Vickie Li
• Atomic Red Team Hands-on Getting Started Guide by Carrie Roberts
• Capture-The-Flag 101 by Olivier Bilodeau
• Reversing Android malware for the Smart and Lazy by Axelle Apvrille
• Automated contact tracing experiment on ESP Vroom32 by Marc-andre Labonte
• How Crypto Gets Broken (by you) by Ben Gardiner
• Kubernetes Security 101: Best Practices to Secure your Cluster by Magno Logan

Event Video

Event Photos

2020

Due to the COVID-19 pandemic, in less than 3 months, we turned our in-person event to a free remote conference, transitionned our on-site CTF into an online one and honored our training sessions remotely.

Competition

Theme: Severity High

The participants were high school students that are bound together as a hacker clique. Teenagers, with teenagers concerns, but using the modern cybertechnology arsenal to do whatever they want. Working to increase their reputation and impress others, but mainly, just having fun and performing small mischiefs.

Top 3

• 1^st: HubrETS Hackin"
• 2^nd: Les Gentils Pirates
• 3^rd: CLICKESTI

Conference

Talks

• Practical security in the brave new Kubernetes world by Alex Ivkin
• AMITT - Adversarial Misinformation Playbooks by Octavia Hexe and Sara-Jayne Terp
• Unicode vulnerabilities that could byͥte you by Philippe Arteau
• IOMMU and DMA attacks by Jean-Christophe Delaunay
• Designing Customer Account Recovery in a 2FA World by Kelley Robinson
• Defending Human Rights in the Age of Targeted Attacks by Etienne Maynier
• High speed fingerprint cloning: myth or reality? by Vitor Ventura and Paul Rascagnères
• Regions are types, types are policy, and other ramblings by bx
• Look! There's a Threat Model in My DevSecOps by Alyssa Miller
• The Path to Software-Defined Cryptography via Multi-Party Computation by Prof. Yehuda Lindell
• Stay quantum safe: future-proofing encrypted secrets by Christian Paquin
• Dynamic Data Resolver IDA plugin – Extending IDA with dynamic data by Holger Unterbrink

Workshops

• Finding the Needle in the Needlestack: An Introduction to Digital Forensics by Emily Wicki
• Capture-The-Flag 101 by Olivier Bilodeau
• Offensive Cloud Security Workshop by Xavier Garceau-Aranda
• Advanced Binary Analysis by Alexandre Beaulieu

Event Video

2019

In 2019, we moved the conference to the Science Centre were we hosted two tracks of talks and four tracks of workshops.

Competition

Theme: Neurosoft

The theme was the neurosoft brain implant: Hackers uncover the grim aftermath of an unregulated cerebral implant that took the world by storm.

Top 3

• 1^st: Goats
• 2^nd: Hubert Hackin
• 3^rd: paumd

Conference

Talks

• Wajam: From a Start-up to Massive Spread Adware by Hugo Porcher
• A good list of bad ideas by Laurent Desaulniers
• The (Long) Journey To A Multi-Architecture Disassembler by Joan Calvet
• Fixing the Internet's Auto-Immune Problem: Bilateral Safe Harbor for Good-Faith Hackers by Chloé Messdaghi
• Cache Me If You Can: Messing with Web Caching by Louis Dion-Marcil
• Safer Online Sex: Harm Reduction and Queer Dating Apps by Norman Shamas
• Making it easier for everyone to get Let's Encrypt certificates with Certbot by Erica Portnoy
• Hacking Heuristics: Exploiting the Narrative by Kelly Villanueva
• What is our Ethical Obligation to Ship Secure Code? by Elissa Shevinsky
• M33tfinder: Disclosing Corporate Secrets via Videoconferences by Yamila Vanesa Levalle
• T1: Secure Programming For Embedded Systems by Thomas Pornin
• Post-Quantum Manifesto by Philippe Lamontagne
• Trick or treat? Unveil the “stratum” of the mining pools by Emilien Le Jamtel and Ioana-Andrada Todirica
• KEYNOTE: Where Do We Go From Here? Stalkerware, Spouseware, and What We Should Do About It by Eva Galperin
• xRAT: Monitoring Chinese Interests Abroad With Mobile Surveillance-ware by Apurva Kumar and Arezou Hosseinzad-Amirkhizi
• DNS On Fire by Paul Rascagnères and Warren Mercer
• One Key To Rule Them All - ECC Math Tricks by Yolan Romailler
• Threat hunting in the cloud by Jacob Grant and Kurtis Armour
• Using Geopolitical Conflicts for Threat Hunting - How Global Awareness Can Enable New Surveillanceware Discoveries by Kristin Del Rosso
• KEYNOTE: Cybersecurity vs the world by Matt Mitchell
• Welcome to the Jumble: Improving RDP Tooling for Malware Analysis and Pentesting by Émilio Gonzalez and Francis Labelle
• Post-Quantum Cryptography: today's defense against tomorrow's quantum hackers by Christian Paquin
• Call Center Authentication by Kelley Robinson
• Mainframe Hacking in 2019 by Philip Young
• The SOC Counter ATT&CK by Mathieu Saulnier

Workshops

• Deserialization: RCE for modern web applications by Philippe Arteau
• Red Teaming Workshop by Charles F. Hamilton
• Introduction to appliance reverse engineering by Olivier Arteau
• Container Security Deep Dive by Yashvier Kosaraju
• Reversing WebAssembly Module 101 by Patrick Ventuzelo
• Threat Modeling by Jonathan Marcil
• Introduction to Return Oriented Programming by Lisa Aichele
• Leveraging UART, SPI and JTAG for firmware extraction by Marc-andre Labonte
• Hunting Linux Malware for Fun and Flags by Marc-Etienne M.Léveillé
• Using angr to augment binary analysis workflow by Alexander Druffel and Florian Magin
• Capture-The-Flag 101 by Olivier Bilodeau
• Intro to badge soldering by Martin Lebel
• 64-bit shellcoding and introduction to buffer overflow exploitation on Linux by Silvia Väli
• Breaking smart contracts by Maurelian and Shayan Eskandari
• Sponsor event by
• From Bitcoins Amateurs to Experts: Fundamentals, grouping, tracing and extracting bulk information with open-source tools by Masarah Paquet-Clouston

Event Video

Event Photos

2018

In 2018, we added one track to the conference. Additionally, our training sessions outgrew Marché Bonsecours and went to the Holiday Inn.

Competition

Theme: Space

The theme was space.

Top 3

• 1^st: Goats
• 2^nd: Hubert Hackin
• 3^rd: Golden TickETS

Conference

Talks

• A Journey into Red Team by Charles Hamilton
• Stupid Purple Teamer Tricks by Laurent Desaulniers
• Quick Retooling with .NET Payloads by Dimitry Snezhkov
• Ichthyology: Phishing as a Science by Karla Burnett
• Logic against sneak obfuscated malware by Thaís aka barbie Moreira Hamasaki
• Binary analysis, meet the blockchain by Mark Mossberg
• Invoke-DOSfuscation: Techniques FOR %F IN (-style) DO (S-level CMD Obfuscation) by Daniel (DBO) Bohannon
• Non-Crypto Constant-Time Coding by Thomas Pornin
• Smart contract vulnerabilities: The most interesting transactions on the Ethereum blockchain by Sarah Friend and Jon Maurelian
• Not the Droid You're Looking For: Evading Vulnerability Exploitation Through Secure Android Development by Kristina Balaam
• Cell Site Simulators From the Ground Up by Yomna Nasser
• Exploits in Wetware by Robert Sell (Creep)
• Data Breaches: Barbarians in the Throne Room by Dave "gattaca" Lewis
• Surprise Supplies! by Paul Rascagnères and Warren Mercer
• Prototype pollution attacks in NodeJS applications by Olivier Arteau
• What are containers exactly and can they be trusted? by Stéphane Graber
• Only an Electron away from code execution by Silvia Väli
• KEYNOTE: How to Think (About Complex Adversarial Systems) by Eleanor Saitta
• The Blackbear project by Marc-André Labonté
• From Hacking Team to Hacked Team to…? by Filip Kafka
• Video game hacks, cheats, and glitches by Ron Bowes
• Tightening the Net in Iran by Mahsa Alimardani
• Brain Implants & Mind Reading by Melanie Segado
• One Step Before Game Hackers -- Instrumenting Android Emulators by Wan Mengyuan (Nevermoe)
• Homeward Bound: Scanning Private IP Space with DNS Rebinding by Danny Cooper and Allan Wirth
• Getting ahead of the elliptic curve by Martijn Grooten
• Source code vulnerability research and browser exploitation by Jean-Marc Leblanc
• Python and Machine Learning: How to use algorithms to create yara rules with a malware zoo for hunting by Sebastien Larinier

Workshops

• Hacking APIs and the MEAN Stack with OWASP DevSlop by Nicole Becher and Tanya Janca
• A Gentle Introduction to Fuzzing by Israël Hallé and Jean-Marc Leblanc
• Wi-Fi Security by Mark El-Khoury
• Incident Response in the Age of Threat Intelligence with MISP, TheHive & Cortex by Raphaël Vinot and Saâd Kadhi
• Botnet Tracking and Data Analysis Using Open-Source Tools by Masarah Paquet-Clouston and Olivier Bilodeau
• Capture-The-Flag 101 by Olivier Bilodeau , Laurent Desaulniers and Charles Hamilton
• IoT Firmware Exploitation by Aaron Guzman
• Hands-on Modern Access Control Bypassing by Vikram Salunke
• Orange is the new Hack - Introduction to Machine Learning with Orange by Philippe Arteau

Event Video

Event Photos

2017

In 2017 we introduced a track of workshops running along the conference.

NorthSec gathered around 600 infosec professionals, students and enthusiasts that year.

Competition

Theme: Rao’s Rigged Elections

The theme was Rao’s Rigged Elections.

Top 3

• 1^st: Hack Toute
• 2^nd: RPISEC
• 3^rd: SomeRandomName

Conference

Talks

• Playing Through the Pain: The Impact of Dark Knowledge and Secrets on Security and Intelligence Professionals by Richard Thieme
• Attacking Linux/Moose Unraveled an Ego Market by Olivier Bilodeau and Masarah Paquet-Clouston
• Backslash Powered Scanning: Implementing Human Intuition by James Kettle
• BearSSL: SSL For all Things by Thomas Pornin
• Data Science Tools and Techniques for the Blue Team by Shawn Marriott
• Murder Mystery – How Vulnerability Intelligence is Poisoning your Information Security Program by Gordon MacKay
• How Surveillance Law was Expanded in Canada, What the Media has Reported, and What’s Next by Chris Prince
• Creating an Internet of (Private) Things—Some Things for Your Smart Toaster to Think About by Ian Douglas
• Pentesting: Lessons from Star Wars by Adam Shostack
• Hack Microsoft Using Microsoft Signed Binaries by Pierre-Alexandre Braeken
• Hacking POS PoS Systems by Jackson Thuraisamy and Jason Tran
• Don’t Kill My Cat by Charles F. Hamilton
• Stupid RedTeamer Tricks by Laurent Desaulniers
• Abusing Webhooks for Command and Control by Dimitry Snezhkov
• Modern Reconnaissance Phase by APT – Protection Layer by Paul Rascagneres
• Deep Dive into Tor Onion Services by David Goulet

Workshops

• Introduction to Assembly Language and Shellcoding by Charles F. Hamilton and Peter Heppenstall
• Automating Detection, Investigation and Mitigation with LimaCharlie by Maxime Lamothe-Brassard
• Script Engine Hacking For Fun And Profit by Jean-Marc Le Blanc and Israël Hallé
• Cracking Custom Encryption – An Intuitive Approach to Uncovering Malware’s Protected Data by Pavel Asinovsky and Magal Baz

Event Video

Event Photos

2016

In 2016 we introduced training sessions before the conference growing NorthSec into a whole week event. The NorthSec security festival was born. We also gave a badge to every conference and competition attendee.

In 2016, NorthSec gathered around 500 infosec professionals, students and enthusiasts.

Competition

Theme: Marcus Madison’s Bakery

The theme was the leaks around Marcus Madison’s Bakery.

Top 3

• 1^st: Hack Toute
• 2^nd: RPISEC
• 3^rd: SomeRandomName

Conference

Talks

• KEYNOTE: How Anonymous (narrowly) Evaded the Cyberterrorism Rhetorical Machine by Gabriella Coleman
• The New Wave of Deserialization Bugs by Philippe Arteau
• Applying DevOps Principles for Better Malware Analysis by Olivier Bilodeau and Hugo Genesse
• Practical Uses of Program Analysis: Automatic Exploit Generation by Sophia D’Antoine
• CANtact: An Open Tool for Automotive Exploitation by Eric Evenchick
• Bypassing Application Whitelisting in Critical Infrastructures by René Freingruber
• Inter-VM Data Exfiltration: The Art of Cache Timing Covert Channel on x86 Multi-Core by Etienne Martineau
• Analysis of High-level Intermediate Representation in a Distributed Environment for Large Scale Malware Processing by Eugene Rodionov and Alexander Matrosov
• Real Solutions From Real Incidents: Save Money and Your Job! by Guillaume Ross and Jordan Rogers
• Security Problems of an Eleven Year Old and How to Solve Them by Jake Sethi-Reiner
• Android – Practical Introduction into the (In)Security by Miroslav Stampar
• Hide Yo’ Kids: Hacking Your Family’s Connected Things by Mark Stanislav
• Law, Metaphor and the Encrypted Machine by Lex Gill
• Stupid Pentester Tricks by Laurent Desaulniers
• Not Safe For Organizing: The state of targeted attacks against civil society by Masashi Crete-Nishihata and John Scott-Railton

Event Video

Event Photos

2015

In 2015 we added a two-day conference to the event and gave a hardware badge per CTF team.

NorthSec gathered around 400 infosec professionals, students and enthusiasts that year.

Competition

Theme: Rao’s intricate Kingdom

The theme was the revolution against Rao’s intricate Kingdom.

Top 3

• 1^st: Hack Toute
• 2^nd: 0k10k
• 3^rd: BUILDS_1

Conference

Talks

• KEYNOTE: Privacy, Surveillance & Oversight by Chris Prince - Office of the Privacy Commissioner of Canada
• Breaking PRNGs: A predictable talk on Pseudo Random Number Generators by Philippe Arteau
• 2 years of Montréhack: the local CTF training initiative by Olivier Bilodeau
• The Sednit Group: “Cyber” Espionage in Eastern Europe by Joan Clavet
• CHEKS, Complexity Science in Encryption Key Management by Jean-François Cloutier and François Gagnon
• Hopping on the CAN Bus by Eric Evenchick
• EMET 5.2 - armor or curtain? by René Freingruber
• Bitcoin: Putting the “pseudo” back in pseudonymous by Mathieu Lavoie
• DDoS: Barbarians At The Gate by Dave Lewis
• TextSecure: Present and Future by Trevor Perrin
• The Uroburos case: analysis of the tools used by this actor by Paul Rascagnères
• Object Oriented Code RE with HexraysCodeXplorer by Eugene Rodionov
• CTF or WTF? by Guillaume Ross
• Threat Modeling for the Gaming Industry by Robert Wood
• Why You Should (But Don’t) Care About Mainframe Security by Phil “Soldier of Fortran” Young
• Rosetta Flash And Why Flash Is Still Vulnerable… by Philippe Arteau
• Totally Spies! by Joan Clavet and Paul Rascagnères
• iOS App Analytics And Your Privacy by Guillaume Ross

Event Video

Event Photos

2014

In 2014, NorthSec gathered around 300 infosec professionals, students and enthusiasts.

Competition

Theme: Associated Nation Organization

The theme was the Associated Nation Organization (ANO)

Top 3

• 1^st: 0k10k
• 2^nd: Amish Security
• 3^rd: Cracks en Logarithmes

Event Video

Event Photos

2013

For the first year of NorthSec, we were hosted at ÉTS University in Montreal

NorthSec gathered around 150 infosec professionals, students and enthusiasts that year.

Competition

Theme: Onionotar

The theme was Onionotar, a parody of a Certificate Authority

Top 3

• 1^st: Amish Overflow
• 2^nd: 0k10k
• 3^rd: 0dayETSploit

Event Video

Event Photos

HackUS

NorthSec is the spiritual child of the HackUS competition hosted at Université de Sherbrooke in 2010 and 2011. The first Hacker Jeopardy — in the format you are familiar with at NorthSec — happened at HackUS in 2011 from a desire to have a break and a social event during the CTF.