A community-run cybersecurity event offering world-class talks, trainings & a 48-hour, on-site capture-the-flag competition. Every May in Montréal since 2013 🇨🇦 Publications en français et en anglais.
NorthSec 2026 speaker lineup is here ...and it's our best yet!
31 talks & workshops. Two days in Montréal. Tickets going fast (get yours by April 1st to secure a badge and a t-shirts). 👇
𝗧𝗮𝗹𝗸𝘀:
• Guillaume Valadon & Gaetan — Private Key Leaks in the Wild: Insights from Certificate Transparency
• Philippe Pépos Petitclerc — A systematic approach to evading antivirus software
• Émilio Gonzalez — Increasing detection engineering maturity with detection as code
• François Labrèche — A Needle in a Haystack: Identifying an Infostealer Attack Through Trillions of Events in a Large-scale Modern SOC
• Wietze — Trust me, I'm a Shortcut - new LNK abuse methods
• Reza Sharifi — Internet Blackout 2026 in Iran — Next-Level Internet Censorship: A Technical Breakdown of Techniques and Tactics
• Andrew Buchanan, Max CM & Connor Laidlaw — Commit, Push, Compromise: Attacking Modern GitHub Orgs
• Dirk-jan Mollema & Sanne Maasakkers — Researchers vs. Threat Actors in Cloud Attacks
• Jeremy Miller — Measuring AI Ability to Complete Long Cybersecurity Tasks
• Manu Jose — The Merchant of Venice: Trading Latency for Security at Scale
• Joshua Prager & Ben Schroeder — Mapping Deception Solutions with BloodHound OpenGraph
• Christian Paquin — Doxxing-proof authentic digital media: trust the asset, protect the source
• Robbe Van Roey — Hacking Browsers: The Easy Way
• Ron Bowes — Adventures in Process Injection (How I Accidentally Built a Debugger - Again!)
• Xavier Facélina — Le futur s'invente avant-hier
• Charl-Alexandre Le Brun & Simon Lachkar — The OpenGraph diary: Attack path management applied to Ansible
• François Proulx — Living Off The Pipeline: Defensive Research, Weaponized
• Pierre-Nicolas Allard-Coutu — Stolen Laptops: Defeating DMA Countermeasures
• Philippe Marchand — Cybermenaces géopolitiques au Canada: État des lieux et perspectives stratégiques
• Kristine Barbara — From Experts to Everyone: Democratizing Threat Modeling at Ubisoft
• Chirag Savla — When Serverless Becomes a Foothold: Abusing Azure Function Apps in Modern Cloud Environments
• Brad Edwards — APTL: An Open Source Agentic Purple Team Lab
• Maxime Arquilliere & Coline C — Sold to the highest bidder: the escalation of ADINT from geolocation tracking to intrusion vector
• Sébastien Dudek — Hacking 5G: From Radio Security to the APIs
𝗪𝗼𝗿𝗸𝘀𝗵𝗼𝗽𝘀:
• Logan Maclaren & Lewis Moore — Command & Conquer: A hands-on C2 primer for aspiring Red & Blue teamers
• Santiago Abastante — AWS Security - The Purple Team Way
• Faan Rossouw — Agentic AI for Threat Hunting
• Ben Gardiner — Hardware RE: a gentle intro
• Tammy Harper — The Ransomware Negotiation Lab
• Mark El-Khoury — DIY Continuous Security: Practical Security Engineering
• Ashley Manraj & Philippe Dugré (zer0x64) — Breaking and Hardening the Cloud: Advanced Hooking and Shellcoding in a Hardened Environment