2025 Horaire | 13 septembre | Bibliothèque et Archives nationales du Québec
8:30AM | Doors open
9:00AM – 9:05AM | Mot d’ouverture
9:05AM – 12:00AM | Workshop « The Bug Hunter’s Methodology »
9:05AM – 9:30AM | Reconnaissance furtive : méthode, contraintes, et exécution sans bruit
Jonathan Nomed
9:30AM – 9:55AM | The Overlooked Playground: An Attacker’s Journey Through GCP
Clément Cruchet
9:55AM – 10:20AM | Graph All The Things: The Birth of Hound
Mathieu Saulnier
10:20AM – 10:45AM | PAUSE CAFÉ
10:45AM – 11:10AM | Emmerdissement, Érosion de plateforme… et si on en parlait?
Samuel B. G.
11:10AM – 11:35AM | Developing Your Own Local LLM (GenAI) for Cybersecurity GRC
Lee Yang Peng
11:35AM – 12:00PM | Agentic Access: OAuth Gets You In. Zero Trust Keeps You Safe
NIck Taylor
12:00PM – 1:10PM | LUNCH
1:10PM – 4:25PM | Workshop « Windows Forensics for Insider Threat«
1:10PM – 1:35PM | Tinker Tailor LLM Spy: Investigate & Respond to Attacks on GenAI Chatbots
Allyn Stott
1:35PM – 2:00PM | Securing the Generative AI Pipeline from Data Ingestion to Model Inference
Ikhtear Bhuyan
2:00PM – 2:25PM | Proactive Bias Mitigation Against AI’s Unseen Vulnerabilities in Cybersecurity
Mina Movahedi
2:25PM – 2:50PM | AI in CTFs: How to Use AI Effectively Without Falling Down the Rabbit Hole?
Jie Wu & Pulkit Garg
2:50PM – 3:20PM | PAUSE CAFÉ
3:20PM – 3:45PM | Attribution of cyber operations: does it really matter?
Alexis Dorais-Joncas
3:45PM – 4:10PM | Tor sous contrôle : Vers une identification fiable des flux anonyme
Nabil Diab
4:10PM – 4:35PM | How Tor Works
David Goulet
4:35PM – 4:40PM | Mot de clôture
4:40PM – 8:00PM | Cocktail & hommage à Michel Cusin
2025 Horaire ― Programme préliminaire détaillé
Samuel B. G.
Emmerdissement, Érosion de plateforme… et si on en parlait?
Cette conférence propose une exploration critique du phénomène d’érosion de plateforme, cette dégradation progressive et systémique des services, logiciels et environnements technologiques que nous utilisons au quotidien. S’inspirant des dynamiques observées dans l’univers de la cybersécurité, la présentation établit un parallèle entre les comportements des fournisseurs de services technologiques et ceux des maliciels : établissement de la persistance, mouvements latéraux, cloisonnement progressif des environnements, et logique extractive des données. Le modèle économique, la gestion interne, les décisions opérationnelles ou encore les impératifs de cybersécurité sont autant de facteurs qui justifient – ou masquent – cette transformation des plateformes en écosystèmes fermés.
À travers des exemples concrets du domaine, la conférence affine les réflexes de l’auditoire pour reconnaître les signes précurseurs d’une érosion en cours ou à venir. Elle questionne aussi notre propre responsabilité : nous investissons, consommons, et parfois, cliquons. L’utilisateur devient à la fois victime et moteur de cette dynamique. Mais au-delà du constat, la conférence ouvre un espace de discussion autour des solutions viables, accessibles et humaines : création de regroupements, promotion de services réparables et durables, modèles de consommation éthiques et souveraineté des données. Une hypothèse est avancée : celle d’une coexistence harmonieuse entre usagers et fournisseurs, fondée sur la transparence, la coopération, et la résilience collective.
Enfin, cette session est une invitation à la participation active, au débat, à la remise en question. Car si l’érosion est persistante, les mécanismes de remédiation existent; encore faut-il vouloir, collectivement, les activer. Ceci peut mener jusqu’à la création d’un Village DEF CON!
Bio
Samuel est le fondateur de Systèmes Securitech, du groupe DCG514 de Montréal et a récemment lancé une osbl qui a pour but de rassembler des passionés de cybersécurité et de technologies derrière une lentille d’accessibilité universelle; s’engageant contre des phénomènes tels que l’érosion de plateforme.
Allyn Stott
Tinker Tailor LLM Spy: Investigate & Respond to Attacks on GenAI Chatbots
It’s coming, and you aren’t ready—your first generative AI chatbot incident. GenAI chatbots, leveraging LLMs, are revolutionizing customer engagement by providing real-time, automated 24/7 chat support. But when your company’s virtual agent starts responding inappropriately to requests and handing out customer PII to anyone that asks nicely, who are they going to call? You.
You’ve seen the cool prompt injection attack demos and may even be vaguely aware of preventions like LLM guardrails; but are you ready to investigate and respond when those preventions inevitably fail? Would you even know where to start? It’s time to connect traditional investigation and response procedures with the exciting new world of GenAI chatbots.
In this talk, you’ll learn how to investigate and respond to the unique threats targeting these systems. You’ll discover new methods for isolating attacks, gathering information, and getting to the root cause of an incident using AI defense tooling and LLM guardrails. You’ll come away from this talk with a playbook for investigating and responding to this new class of GenAI incidents and the preparation steps you’ll need to take before your company’s chatbot responses start going viral—for the wrong reasons.
Why this talk?
You will learn a brand-new approach to investigating and responding to generative artificial intelligence (GenAI) chatbot incidents. There has been lots of content from the community extensively discussing attacks and protections surrounding GenAI and Large Language Models (LLMs). But there is a lack of research and content that approaches this new technology from the incident response point-of-view.
Key Takeaways:
1. A crash course specifically tailored for incident responders in GenAI-powered LLM chatbots, the threat landscape, and defenses.
2. Practical methods to investigate and respond to GenAI chatbot anomalies, suspicious activities, and incidents.
3. Ready-to-implement incident response playbooks and preparation steps tailored for GenAI systems.
Bio
Allyn Stott is a senior staff engineer at Airbnb where he works on the InfoSec Technology Leadership team. He spends most of his time working on enterprise security, threat detection, and incident response. Over the past decade, he has built and led detection and response programs at companies including Delta Dental of California, MZ, and Palantir. He received his Master’s in High Tech Crime Investigation from The George Washington University as part of the Department of Defense Information Assurance Scholarship Program. Red team tears are his testimonials. Allyn has previously presented at Black Hat (Europe, Asia, MEA), Kernelcon, The Diana Initiative, Blue Team Con, Swiss Cyber Storm, SecretCon, Texas Cyber Summit, and over 20 different BSides around the world. His most recent talks are The Fault in Our Metrics: Rethinking How We Measure Detection & Response and How I Learned to Stop Worrying and Build a Modern Detection & Response Program. In the late evenings, after his toddler ceases all antics for the day, Allyn writes a semi-regular, exclusive security newsletter that you can subscribe to at meoward.co.
Nabil Diab
Tor sous contrôle : Vers une identification fiable des flux anonyme
Le réseau Tor, synonyme d’anonymat en ligne, introduit des défis majeurs en matière de sécurité opérationnelle. Lors de la gestion de plusieurs incidents de sécurité, nous avons constaté l’usage malveillant de Tor pour exfiltrer des données, contacter des serveurs C&C ou négocier des rançons, ce qui entraîne souvent une perte de temps critique pour les équipes de réponse en traquant des circuits éphémères impossibles à identifier. Cette technique d’évasion de la défense n’est pas nouvelle et est bien connue des équipes de cyberdéfense et des éditeurs de logiciels de sécurité. Des cas d’usage existent, des règles de détection également, mais globalement, leur fiabilité est souvent trop faible pour être exploitées activement.
L’objectif de cette présentation est de rentrer dans le sujet de l’amélioration de la fiabilité de l’identification de ces flux dans un réseau d’entreprise, pour mettre en place une stratégie de supervision efficace, voire de prévention.
La présentation sera structurée en quatre parties principales :
## 1 – Contexte et besoins opérationnels
Nous présenterons d’abord les origines de notre étude: un besoin client, celui de bloquer complètement l’accès au réseau Tor. L’étude de faisabilité réalisée a rapidement révélé que les outils classiques disponibles généraient d’importants effets indésirables.
## 2 – Comprendre les limites des solutions actuelles
Nous introduirons les concepts fondamentaux du réseau Tor afin de mieux comprendre pourquoi les solutions existantes et les flux CTI disponibles ne parviennent pas à identifier correctement les flux Tor sortants. Nous présenterons également les outils clés, en particulier les Tor Metrics, indispensables à notre approche.
## 3 – Méthode d’identification à haute fiabilité
Nous exposerons notre solution technique consistant à extraire des listes précises de nœuds Tor en fonction de critères spécifiques, ce qui permet de répondre efficacement aux besoins opérationnels en réduisant considérablement les faux positifs et effets de bord.
## 4 – Déploiement et utilisation pratique
Enfin, nous expliquerons comment exploiter concrètement les ressources que nous diffusons publiquement sur GitHub, en particulier des listes de nœuds Tor filtrées, afin de déployer des stratégies de détection et de prévention fines et efficaces.
Bio
Nabil Diab wears two hats at Alter Solutions. As Head of the CERT, he oversees the group’s SOC operations, incident response, vulnerability management, and cyber threat intelligence activities. Simultaneously, he serves as Managing Director of Alter Solutions Canada, leading the Montreal-based entity’s strategic growth and delivery. With eight years of cybersecurity experience, Nabil began his career in embedded security before moving into cyber threat intelligence, pentesting and then incident response for a global bank. Today, he combines that offensive-security background with a deep passion for the “blue” side of the eternal cat-and-mouse game between attackers and defenders. He thrives on the challenge of detecting adversaries, countering their evasion techniques, and continually raising the bar on defensive measures. Driven by the belief that there is always another way to outsmart an attacker, and another way for the attacker to adapt, Nabil is committed to spending many more years tracking the mouse and fortifying organizations against ever-evolving threats.
Jonathan Nomed
Reconnaissance furtive : méthode, contraintes, et exécution sans bruit
La reconnaissance réseau est l’une des phases les plus sous-estimées d’un engagement Red Team interne. Lorsqu’elle est exécutée avec imprécision ou automatisée sans discernement, elle devient plus facilement détectable. Dans un environnement surveillé qu’il s’agisse d’un réseau cloisonné, partiellement filtré, ou monitoré par un SIEM chaque paquet émis a un coût. L’objectif n’est plus de « scanner », mais d’observer, déduire et agir avec intention.
Cette conférence présente une méthodologie complète de reconnaissance furtive, pensée pour s’adapter aux environnements contraints . Elle ne s’appuie pas sur une attaque technique, mais sur une logique rigoureuse : n’émettre que lorsqu’un besoin est établi, ne rien présumer, et construire la cartographie du réseau par observation, élimination et corrélation progressive.
Le pipeline est divisé en cinq étapes strictes, reproductibles sur le terrain :
1. Capture passive: écoute directe des trames réseau présente sur le réseau. Aucun filtrage, aucune modification, aucune émission. L’outil capte ce qui est visible sans se signaler.
2. Analyse locale et classification : construction dynamique des hôtes en mémoire, détection d’anomalies (MAC/IP multiples, hôtes fantômes), inférence du rôle réseau (client, serveur, routeur), et repérage de sous-réseaux actifs.
3. Scan ARP furtif : envoi contrôlé, unicast uniquement, sans répétition. Les bursts sont espacés et configurables pour se fondre dans le trafic légitime.
4. Scan SYN conditionnel : (activable ou non) Ports restreints, cadence aléatoire, sans établissement de session. Objectif : affiner la classification, pas interagir.
5. Export structuré et minimaliste Résultats nettoyés, structurés et exportés en formats JSON, CSV et HTML, incluant un récapitulatif complet des éléments découverts (actifs, protocoles, systèmes). Aucun champ superflu, aucune donnée parasite : chaque information exportée est immédiatement exploitable pour alimenter une phase de pivot ou d’élévation.
6. Cette méthode est implémentée dans Zandoli, un outil développé en Go, sans dépendance externe, sans interface graphique, sans comportement implicite. Il peut être piloté par un fichier YAML unique, exécutable en live ou sur fichier PCAP, et structuré selon une architecture modulaire : sniffer, analyseur, scanner, exporteur.
Contrairement aux approches classiques qui lancent des requêtes avant d’analyser les réponses, Zandoli fonctionne à l’inverse : il commence par écouter, filtre ce qui a été vu, puis décide s’il est nécessaire de questionner.
Bio
Jonathan Nomed est un pentester spécialisé en reconnaissance réseau furtive, avec un double parcours en cybersécurité offensive et défensive. Deux années d’expérience en Blue Team dans un environnement SOC ont permis de développer une compréhension fine des mécanismes de détection, de la corrélation d’alertes et des chaînes de réponse à incident. Cette expertise défensive a été suivie de deux années en offensive, avec un focus opérationnel sur les phases internes d’engagement Red Team, en particulier la cartographie réseau sous contrainte. Auteur de Zandoli, un scanner réseau passif/actif entièrement écrit en Go, pensé pour être souverain, modulaire, reproductible et piloté via YAML. L’outil est conçu pour fonctionner sans dépendance externe, en environnement cloisonné ou surveillé, et permet une exécution discrète de la reconnaissance, avec export structuré exploitable immédiatement. A déjà présenté un talk à BSides Montréal en 2024. Développe et maintient ses outils en open source, avec une attention particulière portée à la documentation, à l’architecture logicielle et à la démonstration sur fichiers PCAP ou réseaux simulés.
Clément Cruchet
The Overlooked Playground: An Attacker's Journey Through GCP
This talk will present offensive operations within Google Cloud Platform (GCP) environments following the MITRE Framework and will offer a comprehensive exploration from an attacker’s perspective. Drawing upon past experiences, research, and an analysis of the latest techniques employed by threat actors within the GCP ecosystem, attendees will gain valuable insights into understanding GCP attack surface and securing their cloud infrastructure.
Throughout this presentation, we will start by presenting GCP structure/hierarchy and better understand specific IAM model within GCP, permissions, roles.
We will delve into aspects of reconnaissance and initial access methods specifically tailored for GCP environments. We will explore a spectrum of techniques, ranging from OAuth2-based phishing attacks and targeted spear phishing campaigns facilitated through external communication applications to the exploitation of service accounts and cloud components, all designed to procure an initial foothold within the GCP infrastructure.
Focusing on exploitation path and attack lifecycle within GCP Environment we will then present lateral movement techniques within GCP cloud components and resources, uncovering at the same time multiple persistence techniques and procedures, alongside opportunities for privileges escalation. This part of the talk will also present some IAM roles and permissions abuses using overprivileged primitives and predefined roles.
Following the presentation, the talk will delve into specific credential access techniques within GCP Environments, shedding light on the capabilities an attacker would be able to obtain within GCP.
The offensive demonstration will conclude with high-impact techniques like GCP Domain-Wide Delegation and the abuse of Google Workspace integrations. We will then pivot to the defender’s view, bringing the entire narrative together. The complete attack chain, from the first foothold to the final exfiltration, will be presented through attack path view, enabling defender to hilight and remediate quickly key steps of the attack, misconfigurations or cloud resources vulnerabilities. From this visualization, we will derive actionable best practices to secure, detect, and defend.
This talk will introduce TTP tailored for red team operators, penetration testers but also for security operation team to assess and monitor their GCP environments and identify misconfigurations within it.
Bio
As a Cybersecurity Solution Consultant at Palo Alto Networks, Clément Cruchet helps organizations navigate the modern threat landscape. His focus is on shifting security from a reactive posture to a proactive one, providing the visibility and context needed to secure complex cloud and network environments against sophisticated threats. This approach is directly informed by his deep, hands-on experience across three critical security domains. His work in offensive security provides the crucial attacker’s mindset, understanding how adversaries exploit vulnerabilities. This is complemented by a strong foundation in network security, knowing how systems are architected and defended. Finally, his experience in incident response brings the invaluable perspective of handling a breach’s aftermath and understanding its true impact. This combination of red team, blue team, and architectural knowledge creates the holistic view needed to see the bigger picture. In this talk, Clément will apply this multi-faceted expertise to the GCP environment, demonstrating the full lifecycle of an attack and, more importantly, how to build a resilient, modern defense against it.
Jie Wu & Pulkit Garg
AI in CTFs: How to Use AI Effectively Without Falling Down the Rabbit Hole?
AI has become a game-changer in the security industry, reshaping our approach to solving challenges. For aspiring security professionals, participating in the Capture The Flag (CTF) competition is a great way to put your skills to the test and gain hands-on experience. In today’s AI-driven era, it’s increasingly common to rely on AI tools for problem-solving. However, it is crucial to remember that AI is not a substitute for critical thinking. We will discuss practical approaches for using AI effectively, whether you’re an experienced professional looking to level up or an aspiring professional learning security fundamentals.
In this talk, we will explore the dual nature of AI’s role in solving CTF challenges. We will discuss various scenarios where AI shines, while also discussing its limitations and pitfalls, particularly those that might lead you down a rabbit hole or create confusion. While AI has many use cases, it is essential to recognize when reliance on AI becomes counterproductive and where critical thinking takes the lead to conquer tougher challenges. We will share advice and tips drawn from our experience on how to use AI effectively, including strategies for evaluating AI-generated solutions and exploring alternative approaches to challenges. Our talk aims to share methods for using AI to elevate your skills further rather than substitute them.
By the end of this talk, you’ll gain practical techniques to help you navigate the complexities of AI when tackling CTF challenges. AI can act as your supportive co-pilot to level up your experience by helping you learn security concepts and provide guidance on where to start. While AI has tons of use cases, at the end of the day, it’s important to remember that it is just one tool in your toolkit that strengthens your problem-solving abilities. By finding the right balance when using AI, you’ll be better equipped with the necessary skills to help you excel in your next CTF competition and to support your cybersecurity journey.
Bio
Jie Wu is a Senior Security Engineer on the Infrastructure Security team at Shopify, where she focuses on security automation, IAM, threat detection, and compliance. She works closely with teams across the company to design scalable security solutions that enable secure development without slowing down innovation. Prior to joining Shopify, she worked at Bank of America, contributing to global cyber defense initiatives and vulnerability management. Jie brings a strong foundation in blue team operations and DevSecOps to solve security challenges at scale. Outside of her day-to-day role, Jie enjoys tackling CTF challenges and listening to podcasts to stay current with emerging security trends. She’s also deeply committed to mentoring and helping others launch successful careers in cybersecurity. She has spoken at BrainStation about building a career in security, sharing practical advice and insights with aspiring security professionals. Outside of security, Jie enjoys staying active through running, hiking, rowing, and playing soccer.
Pulkit Garg is a Security Engineer on the Infrastructure Security team at Shopify, specializing in cloud security, compliance, and supply chain security. He focuses on implementing security controls for multi-cloud environments and compliance initiatives. Previously, Pulkit worked on 5G network software solutions at a startup, gaining expertise in distributed systems and network architecture. He transitioned to cybersecurity through a security internship at Shopify, where he immersed himself in security fundamentals while contributing to projects. His dedication led to a recent transition to a full-time role. As someone new to security, Pulkit is committed to building his expertise day by day. He actively reads about current security landscapes, stays informed about emerging threats, and leverages his engineering background to suggest innovative solutions that bridge development and security practices. His journey demonstrates that career transitions into cybersecurity are achievable with dedication and the right opportunities. Outside work, Pulkit maintains balance through exercising, dancing, and exploring hiking trails across Canada.
Lee Yang Peng
Developing Your Own Local LLM (GenAI) for Cybersecurity GRC
Bio
Lee Yang Peng (CISA, CISM, CRISC, OSCP) is a Senior Consultant at DACTA Global specialising in Governance, Risk, Compliance (GRC) services and VAPT services. He graduated from the National University of Singapore with a Bachelor of Computing (Information Security) with Honours (Distinction). Yang Peng has a very broad range of expertise with experience in Risk Assessments, Threat Modelling, Gap Assessments, Vulnerability Assessment, Penetration Testing, and Purple Teaming. His work has been presented to clients that range from senior managers and executives of large organisations.
Past Talks:
– Python Conference Asia-Pacific (PyCon APAC) 2015 (https://tw.pycon.org/
– Python Conference Singapore (PyCon SG) 2015 (https://pycon.sg/archive/
Ikhtear Bhuyan
Securing the Generative AI Pipeline from Data Ingestion to Model Inference
As generative AI systems mature from proof-of-concept to production-scale deployments, the security surface area expands dramatically across the entire AI/ML stack. This session provides a deep technical walkthrough of securing generative AI workloads—focusing on the integrity, confidentiality, and compliance of data pipelines and model operations in distributed environments.
We begin with securing data lineage and governance across heterogeneous storage backends, including Db2, NoSQL (e.g., MongoDB, Cassandra), vector databases (e.g., FAISS, Pinecone), and large-scale data lakes. We’ll explore schema tracking, data classification, and integration with data security posture management (DSPM) tools to map data provenance, enforce tokenization/encryption, and apply access policies at source and transformation layers.
Next, we examine data security mechanisms across the AI lifecycle—addressing risks in data preprocessing, feature engineering pipelines, and multi-tenant model training environments. This includes static and runtime Data Activity Monitoring (DAM) for structured, semi-structured, and unstructured data, as well as implementation of secure enclaves or confidential computing for privacy-preserving computation.
We’ll analyze how to secure model usage and API inference against sensitive data exfiltration and regulatory violations. This involves integrating AI firewalling, usage policy enforcement, context-aware rate limiting, and runtime inspection of model outputs for leakage of training data or proprietary knowledge.
The session will also cover continuous compliance monitoring aligned with ISO 42001, EU AI Act and emerging AI-specific standards. Topics include embedding telemetry hooks, integrity attestation, evidence collection, and audit log streamlining across model registries, CI/CD pipelines, and serving layers.
Finally, we address GenAI-specific threat vectors including prompt injection, model inversion, fine-tuning poisoning, and adversarial inference. Countermeasures such as differential privacy, output filtering, embedding space anomaly detection, and secure model release practices will be discussed in detail.
Participants will leave with prescriptive, architecture-driven approaches to building secure-by-design GenAI platforms—bridging the gap between MLOps and SecOps in modern AI deployments.
Bio
Ikhtear Bhuyan brings over 16 years of experience in the IT industry, with deep expertise in cybersecurity governance, risk management, and compliance. He has successfully developed and implemented security frameworks, policies, and procedures across multiple sectors, aligning with globally recognized standards and regulatory requirements such as ISO 27001, CIS Controls, PCI-DSS, HIPAA, and NERC-CIP. Ikhtear collaborates directly with clients across Canada to assess their security posture and deliver tailored solutions that strengthen cyber resilience. His work spans the full lifecycle of cybersecurity initiatives—from strategic planning and architectural design to implementation and operationalization. His core focus areas include Security Information and Event Management (SIEM), Security Operations Centers (SOC), data protection, AI Security, Quantum safe, and identity and access management (IAM). Ikhtear holds a Master of Science degree in Computer Science from the University of New Brunswick. He is also a certified IBM Security Specialist and has earned the Certified Cloud Security Professional (CCSP) designation from ISC². His practical experience and academic background make him a trusted advisor in building secure, scalable, and compliant IT environments.
NIck Taylor
Agentic Access: OAuth Gets You In. Zero Trust Keeps You Safe
AI agents are no longer experimental. Developers are already using them to query APIs, modify content, and chain services using emerging protocols like MCP (Model Context Protocol). The latest MCP specification introduces modern OAuth 2.1 authentication and support for Resource Indicators (RFC 8707), strengthening identity in agent-based systems.
But authentication alone does not guarantee control. Once an agent is logged in, how do you govern what it is allowed to do? Without proper authorization controls, agents can access far more resources than they need, creating significant security risks.
This talk explores how to apply Zero Trust principles to agent workflows by combining open identity protocols with policy-aware infrastructure. You will see a demo of an MCP client interacting with a secured MCP server behind Pomerium, an open source identity-aware proxy that brings fine-grained access control to agent interactions. Beyond basic authentication, Pomerium evaluates per-request policies based on identity, route, and context, and can audit and block specific tool calls within the MCP protocol. It can even manage OAuth flows to upstream tools like Notion or Reddit, so agents never handle raw access tokens.
What you will learn:
- Why OAuth is necessary but not sufficient for agent security
- How to apply Zero Trust to developer tools and AI workflows
- A practical example of securing MCP servers with open source infrastructure
As AI agents become part of real-world developer workflows, open standards and secure defaults are key to building trust without adding friction. These security patterns apply beyond just AI systems to any automated tooling that needs controlled access to APIs and services.
Bio
Nick Taylor is a developer advocate at Pomerium, a zero trust, identity-aware proxy that secures access to internal apps and services without the need for a corporate VPN. He focuses on developer experience and community education around modern infrastructure, open source security, and Zero Trust principles. With over 20 years in web development and more than a decade of open source contributions, Nick has spent the last five years working professionally in open source at companies like OpenSauced, DEV (dev.to), and Netlify. Whether it’s through writing, code, or community building, his goal is always to help developers level up and ship faster—securely. Nick is also a seasoned content creator, often found live streaming tech topics ranging from full-stack development to AI tooling and Kubernetes security. He’s passionate about helping others get started and stay curious in tech. For more about Nick, here’s all the places you can find him online, https://nickyt.online.
Mina Movahedi
Proactive Bias Mitigation Against AI's Unseen Vulnerabilities in Cybersecurity
Artificial Intelligence (AI) has revolutionized cybersecurity by enhancing threat detection and response capabilities. However, the presence of bias in AI systems poses significant challenges, potentially undermining the accuracy and fairness of cybersecurity measures. This presentation explores comprehensive initiatives aimed at mitigating AI bias in cybersecurity.
We examine the root causes of bias, including biased training data and algorithmic design flaws, and discuss the implications of biased threat detection, such as false positives and negatives, through real-world examples. Additionally, we address the issues of targeted surveillance, where certain user groups might be disproportionately monitored, and data-driven vulnerabilities that can result from biased training data.
This research proposal addresses the critical imperative of mitigating bias in AI detections and mitigation techniques within cybersecurity. We contend that AI bias, acknowledged by 62% of surveyed organizations as influenced by cultural context, stems from unrepresentative data.
35% of businesses—and inherent human biases, leading to issues like higher error rates for minorities in facial analysis technologies. Crucially, AI’s ability to interpret emotions across cultures degrades significantly when models are transferred, a vulnerability cybercriminals exploit given diverse emotional expressions (e.g., direct English vs. metaphorical Arabic, exaggerated Western vs. subtle East Asian facial cues).
Additionally, this work highlights the interplay between AI bias and adversarial exploitation, illustrating how cyber attackers can manipulate biased security models to create vulnerabilities. To address these risks, the study underscores the importance of human oversight and continuous monitoring, ensuring AI-driven threat detection remains transparent, fair, and resistant to bias-based manipulations. By providing actionable solutions for AI bias mitigation, this research contributes to the broader effort of developing trustworthy, equitable, and effective cybersecurity technologies.
Join us to gain insights into the importance of AI bias, learn from practical examples, and discover how you can contribute to mitigate and address biases in your incident response processes.
Bio
Mina Movahedi Shakib is a seasoned cybersecurity professional with over a decade of experience in the tech industry. Her foundation in wireless networking and cybersecurity, combined with her current role as a cyber threat investigator at Bell Canada’s Security Operations Center, makes her a vital asset in safeguarding digital landscapes. Mina thrives in the fast-paced world of threat detection, incident response, and security operations, always seeking innovative ways to advance security measures. Mina is not just about technical expertise; she is a dynamic speaker at numerous in-person and virtual cybersecurity conferences, including HackFest2024, LCL2025,CIS 2025, the Annual Cybersecurity Summit, and the WIT Global Summit. She is also deeply committed to mentorship, actively empowering women in technology and fostering the next generation of innovators. Passionate about exploring the intersection of cybersecurity and artificial intelligence, Mina believes in the transformative potential of AI-driven solutions to tackle real-world challenges, especially in enhancing security and efficiency.
Alexis Dorais-Joncas
Attribution of cyber operations: does it really matter?
Attribution of cyber operations: does it really matter? It depends on who’s asking. Based on real APT attack investigations made by Proofpoint researchers and attributed to Russia, Iran, North Korea and regions, we’ll demonstrate what details go into attribution work from the perspective of an email security vendor, why attribution can be useful for defenders and how Blue Teams can use it to better inform threat modeling and risk. We’ll define attribution, compare the concepts of attribution and Attribution and discuss how softer attribution elements should be paired with harder, more technical ones to get the best results. In closing, we will discuss potential pitfalls we’ve seen with attribution and even dare bring up the controversial topic of threat actor naming, Marketing gimmick, necessary evil, a little bit of both? Let’s find out.
Bio
Alexis Dorais-Joncas dirige l’équipe responsable de la recherche sur les attaques ciblées (APT) chez Proofpoint. Leur but : identifier et comprendre ces attaques pour protéger leurs clients contre ces attaquants dédiés et persistants. Avant de se joindre à Proofpoint, Alexis a été durant plus de 10 ans le directeur du centre de R&D montréalais de la firme ESET, dont le mandat était d’étudier les logiciels malveillants utilisés dans le cadre d’attaques ciblant ses clients.
David Goulet
How Tor Works
This talk will begin with an overview of how Tor works —perfect for newcomers and a useful refresher for everyone else. We’ll then showcase the latest technology and development progress the Tor network has seen in recent years. Special attention will be given to the motivations behind, and current state of, our new Rust implementation. Finally, we’ll talk about our newest software: a mobile VPN app for Android and iOS. This app lets you choose which applications use the Tor network — no device rooting required. All in all, expect a mostly technical deep dive into our technology. No fancy logos, no marketing nor any pie charts so please leave your buzzword bingo card at home.
Bio
David Goulet has been with the Tor Project for almost 15 years. He is part of the network team, which maintains the Tor network and its core software, such as the C implementation (tor) and the new Rust-based work in progress (Arti). He loves onions, gives garlic a chance, and sprinkles it all with scallions.
Mathieu Saulnier
Graph All The Things: The Birth of *Hound
BloodHound Community Edition V8 was dropped right before BlackHat and it learned new tricks! The most significant of them is OpenGraph which allows you to expand the Graph to map any Attack Path you come across in your Offensive Engagements or that you need to Defend internally. In this session we’ll see how to leverage OpenGraph to craft and customize your own Attack Graphs and the elements to include in a great submission to this Open Source Project. SalesForceHound, OktaHound, why not SAPHound? The only limit is your imagination (and maybe your coffee/Red Bull budget).
Bio
Mathieu Saulnier is a cybersecurity leader with 20+ years in Threat Research, Detection Engineering, Threat Hunting, and Incident Response. He has led diverse, global teams to success and shared his expertise on stages at Derbycon, SANS Summits, RSAC, SecTor, and BSides worldwide. A dedicated community mentor with DEF CON’s Blue Team Village and co-organizer of NorthSec, DEATHcon and SkiCon, Mathieu now serves as Product Manager for BloodHound Community Edition, empowering attackers and defenders to audit and secure complex environments.
Comité scientifique
Axelle Apvrille | Fortinet
Charles Hamilton | CYPFER
Dave Lewis | 1Password Julien Richard | Lastwall Networks
Masarah Paquet-Clouston | Université de Montréal Matthieu Faou | ESET
Mathilde Gay | BDC Pierre-Marc Bureau | Google Canada