Talk Schedule

May 15 2025

Day 1
(EDT)
Doors open and Registration - Thursday/Jeudi

đŸ„ ☕ đŸ„Ż 🧃 DĂ©jeuner grĂące Ă  Google // Breakfast sponsored by Google 🧃 đŸ» đŸ„€ RafraĂźchissements offerts toute la journĂ©e par Corsek // Refreshments offered all day by Corsek

Google

Corsek

(EDT)
Opening Ceremony
  • Hugo Genesse

  • Pascal Fortin CyberEco

Beginner
(EDT)
A Pirate's Guide to Snake Oil and Security
  • HD Moore

Medium
(EDT)
Living Off the Pipeline: From Supply Chain 0-Days to Predicting the next XZ-like attacks
  • François Proulx

Nose bleed
Nice to meet you! That will be 20 million please
  • David DĂ©cary-HĂ©tu UniversitĂ© de MontrĂ©al

Beginner
(EDT)
Salesforce Snafus: Unveiling and Exploiting Security Misconfigurations Using Commonly Used Widgets
  • Jessa Riley Gegax Surescripts LLC

Medium
Exploring MSIX Threat Landscape​
  • Teruki Yoshikawa NTT Security Holdings

  • Syogo Hayashi

Nose bleed
(EDT)
Discussion: AppSec Q&A
  • HD Moore

  • François Proulx

  • Jessa Riley Gegax Surescripts LLC

Nose bleed
UNO Reverse Card: Exposing C2 Operators Through Their Own Logs
  • Estelle Ruellan Flare

Medium
(EDT)
Red Team Road Rage: Weaponizing Vulnerable Drivers to Blind EDR
  • Jake Mayhew White Knight Labs

Medium
One certificate to rule them all: the story of a Chinese-nexus botnet
  • Amaury-Jacques Garçon Sekoia.io

Medium
(EDT)
Executing shellcode without changing memory permission in .NET
  • Charles F. Hamilton (Mr.Un1k0d3r)

Medium
Weaponizing XSS: Cyberespionage tactics in webmail exploitation
  • Matthieu Faou ESET

Medium
(EDT)
Social Engineering for Physical Pentesting Assignments
  • Dorota Kozlowska Black Hills Information Security

Beginner
Linux and IoT malware analysis with r2ai
  • Axelle Apvrille Fortinet

Beginner
(EDT)
From Security to Safety: Navigating the Ethics of AI as Red Teamers and Penetration Testers
  • Jeremy Miller OffSec (Offensive Security)

Beginner
Discussion: Malware Q&A
  • Axelle Apvrille Fortinet

  • Matthieu Faou ESET

  • Alex Perotti

  • Amaury-Jacques Garçon Sekoia.io

Beginner
(EDT)
Discussion: Red Team Q&A
  • Jake Mayhew White Knight Labs

  • Charles F. Hamilton (Mr.Un1k0d3r)

  • Laurent Desaulniers

  • Dorota Kozlowska Black Hills Information Security

  • Jeremy Miller OffSec (Offensive Security)

Medium
The Evolution of Malware Distribution Through Ghost Networks
  • Antonis Terefos Check Point Software Technologies

Medium
(EDT)
Stolen Laptops - A brief overview of modern physical access attacks
  • Pierre-Nicolas Allard-Coutu Bell Canada

Medium
(EDT)
Enregistrement de podcast PolySécure
  • Nicolas-Loic Fortin

Beginner
(EDT)
Lightning Talks
(EDT)
Thursday Party // Party du jeudi

Excursion sur TikiSec Island qui prendra une tournure festive grùce à la présence de Barbada de Barbades, artiste montréalaise reconnue pour son approche inclusive, sa présence chaleureuse et sa passion pour la culture.

À quoi vous attendre durant l'excursion :

  • Animation musicale et humour par Barbada
  • Jeux gĂ©ants et concours de limbo, totalement optionnels, mais toujours amusants Ă  observer (ou Ă  essayer).
  • Performance de tambours caribĂ©ens de Trinidad et Toboco
  • Danseur et jongleur de feu
  • Cocktails thĂ©matiques Ă  saveur tropicale, incluant des options sans alcool

N'oubliez pas votre tenue Aloha Hacker Chic (optionel) : chemises hawaïennes, colliers de fleurs, jupes de hula et lunettes fumées.Nous avons hùte de vous y retrouver lors de l'excursion.

Party thématique / Themed party!

May 16 2025

Day 2
(EDT)
Doors open and Registration - Friday/Vendredi

đŸ„ ☕ đŸ„Ż 🧃 Breakfast sponsored by Google // DĂ©jeuner gracieusetĂ© de Google

Google

(EDT)
Opening 2nd day / Ouverture 2e jour

NorthSec 2025 continues!

  • Hugo Genesse

  • Andreanne Bergeron

Beginner
(EDT)
A Tabletop As Big As the World
  • Wendy Nather 1Password

Medium
(EDT)
Why preventing phishing is so difficult, and what we can do about it
  • Michael Joyce

Medium
Noise Pollution is Damaging Your SOC: Prevent IoCs From Turning Into Indication of Cacophony
  • Joey D Canadian Centre for Cyber Security (Cyber Centre)

Medium
(EDT)
When the threat actor lives under your roof: Fighting Technological Violence in Domestic Abuse Cases
  • CatherineDG Cyber Citoyen

Beginner
Oops, I Hacked It Again: Tales and disclosures
  • Ignacio Navarro N/A

Beginner
(EDT)
Vulnerability Haruspicy: Using Woo To Confirm Your Biases
  • Tod Beardsley runZero

Beginner
Exploring Azure Logic Apps and Turning Misconfigurations into Attack Opportunities
  • Raunak Parmar White Knight Labs

  • Chirag Savla White Knight Labs

Medium
(EDT)
runZero video

Vidéo de notre partenaire runZero // Sponsored video by runZero

runZero

(EDT)
Enhancing Identity Credential Privacy with Zero-Knowledge Proofs
  • Christian Paquin Microsoft Research

Beginner
(EDT)
Exploiting the not so misuse-resistant AES-GCM API of OpenSSL
  • FĂ©lix Charette

Medium
(EDT)
How not to do ML: Showing the Negative Impact of Improper CVE Feature Selection in a Live Exploit Prediction Model
  • François LabrĂšche Sophos

Medium
(EDT)
Uplevel your security program with AI
  • Aditi Bhatnagar Offgrid Security

Beginner
(EDT)
Discussion: ML Q&A
  • Logan MacLaren GitHub

  • Aditi Bhatnagar Offgrid Security

  • François LabrĂšche Sophos

Medium
(EDT)
Persƍna Theory: Infiltration and Deception of Emerging Threat Groups
  • Tammy Harper Flare

Medium