Talk Schedule

Charles F. Hamilton (Mr.Un1k0d3r) Director, KPMG Canada

Charles Hamilton is a Red Teamer, with more than ten years of experience delivering offensive testing services for various government clients and commercial verticals. In recent years, Charles has focused on covert Red Team operations against complex and secured environments. These operations have allowed him to hone his craft at quietly navigating a client's network without detection. Since 2014, he is the founder and operator of the RingZer0 Team website, a platform focused on teaching hacking fundamentals. The RingZer0 community currently has more than 40,000 members worldwide. Charles is also a prolific toolsmith and speaker in the Infosec industry under the handle of Mr.Un1k0d3r.

Greg Hatcher , White Knight Labs

Greg has a background in Army Special Forces and teaching Windows internals at the NSA. He also led a 3-man red team for CISA that specialized in attacking America’s critical infrastructure. He authored and teaches WKL’s flagship course, Offensive Development, at Wild West Hackin’ Fest and virtually on the Antisyphon platform. Greg is passionate about C programming for the Windows operating system and abusing Active Directory. Greg is an active member of the following organizations: Cloud Security Alliance, the Right Place, American Corporate Partners, West Michigan Technology Council. He regularly appears in the news discussing cyber warfare and the impact of Chinese APTs on America's critical infrastructure. Greg has the following certifications: GXPN, GCPN, CRTP, CISSP, GWAPT, and GSEC.

John Stigerwalt , White Knight Labs

John has worked as blue teamer, vCISO, developer, senior penetration tester, and red team lead. John served as the F-Secure red team lead for the western hemisphere. He has led long‐term red team engagements in highly complex Fortune 500 companies. He has worked together with Microsoft to increase kernel security for the Windows operating system. He has led training at BlackHat, DerbyCon, and Wild West Hackin’ Fest. He is the author WKL’s Advanced Red Team Operations course (ARTO). John has the following certifications: OSCP, OSCE, CRTP (Certified Red Team Professional), CRTE (Certified Red Team Expert), and SLAE (Assembly Language and Shellcoding). John is known as one of the most talented offensive cyber security experts in the world and can do whatever is asked of him on a computer.

Manish Rohilla Principal Security Consultant, NotSoSecure

Manish is involved in day-to-day Penetration Testing for a broad range of NotSoSecure clients, which includes infrastructure and web application Penetration Testing. Typically, clients are Fortune 500 companies and major organisations based in Europe and the US. Client work tends to be carried out in a small team of usually three highly collaborative NotSoSecure Security Consultants, although some work that he involved with is done solo depending on the size of the project. Manish developed an interest in Computer Science at college, beginning with programming and .Net, moving on to networks and Cybersecurity. This led to university studies and a degree in Electronics & Communications Engineering and in 2018 a Masters in Cybersecurity. Before joining NotSoSecure, he worked in Digital Forensics, which involved extracting artifacts from systems that had been used in a criminal activity. In his spare time, he keeps his skills and industry knowledge up-to-date, undertaking various items of personal research in Penetration testing, Cloud Security and DevSecOps. He has also participated in various Conferences like Black Hat, Bsides and Local Null Chapters.

Tim Tomes (Lanmaster53) Burp Suite Master, PractiSec

Application Security Engineer with extensive experience in the information technology and security industries. Experience ranges from software development to full-scope penetration testing (red teaming) as both a technician and leader for both the United States Military and private industry. Currently specializing in application security as a trainer and practitioner of web application penetration testing and secure software development.

Dekel Paz ,

Security Researcher with over 15 years of experience in Cybersecurity and software development. I’ve been on both sides of the fence – leading Offensive and Defensive security teams in the past.

Sagie VP Research, ZeroNetworks

Sagie is a defensive security researcher, leading the Zero-Labs team as VP of Research @ Zero Networks. With a bachelor's in Electrical-Engineer, Sagie started out designing and breaking-up communication schemas in the Intelligence unit of the military. After his service, Sagie went on to perform research on diverse topics, introducing new attacks techniques such as the "man-in-the-cloud" attacks and supply chain compromises against container developers. In recent years, Sagie is focused on research that delivers practical solutions to security teams, mainly in the form of open source security tools.

Charlie Bromberg (Shutdown) Head of Pentest Service Line, Capgemini

Creator of The Hacker Recipes and Exegol. Creator or contributor to many other projects. Leading ethical hacking offerings for Capgemini France. Passionate about Active Directory.

Mathieu Calemard du Gardin (Dramelac) Red Teamer,

Red Teamer and co-creator of Exegol

Marc-André Labonté ,

Marc-andre Labonte was a system administrator for more than a decade at the McGill Genome Center while it was known as the McGill University and Genome Quebec Innovation Center. There, he took part in the design, deployment, operation and maintenance of the data center as it went through multiple upgrade cycles to accommodate ever powerful high throughput genome sequencers coming to market.

Then, he joined the ETTIC team at Desjardins in 2016 as infrastructure penetration tester. Currently doing vulnerability research on IOT devices, he also presented "Automated contact tracing experiment on ESP Vroom32" workshop at NSEC in 2021. His work is motivated by curiosity and a strong sense of personal privacy in a world of connected devices and data hungry organizations.

Ben Gardiner , Yellow Flag Security Inc.

Mr. Gardiner is an independent consultant at Yellow Flag Security, Inc. presently working to secure commercial transportation at the NMFTA and connected transportation with TMNA. With more than ten years of professional experience in embedded systems design and a lifetime of hacking experience, Gardiner has a deep knowledge of the low-level functions of operating systems and the hardware with which they interface. Prior to YFS Inc., Mr. Gardiner held security assurance and reversing roles at a global corporation, as well as worked in embedded software and systems engineering roles at several organizations. He holds a M.Sc. Eng. in Applied Math & Stats from Queen’s University. He is a DEF CON Hardware Hacking Village (DC HHV) and Car Hacking Village (CHV) volunteer. He is GIAC GPEN certified and a GIAC advisory board member, he is also chair of the SAE TEVEES18A1 Cybersecurity Assurance Testing TF (drafting J3061-2), contributor to several ATA TMC task forces, ISO WG11 committees, and a voting member of the SAE Vehicle Electronic Systems Security Committee. Mr. Gardiner has delivered workshops and presentations at several world cybersecurity events including the Cybertruck Challenge, GENIVI security sessions, Hack in Paris, HackFest and DEF CON main stage.

Sagar Bhure Senior Software Engineer, F5

Sagar Bhure is a highly accomplished Security Researcher with a proven track record of excellence in his research on security. He is a filed patent holder with the US for his innovative work on ML and Security and has published several papers on the subject in top-tier journals. He currently leads various projects at OWASP, including the prestigious "ML Security Top 10" , an OWASP flagship project. Sagar has spoken at several industry-leading international conferences, including Hack in Paris, BlackHat, OWASP, and APISecure. He is regarded as a respected thought leader in the cybersecurity community, frequently invited to speak at conferences and workshops on topics related to offensive and defensive security. Sagar’s engaging presentations have helped to educate security professionals with cutting-edge research and tools to strengthen their security toolkits.

Cindy Xiao Senior Security Researcher, CrowdStrike

Cindy Xiao is a security researcher who works primarily on malware reverse engineering, in support of cyber threat intelligence reporting. Cindy enjoys learning from other security practitioners (both offensive and defensive), developing tools to help with analysis, and mentoring others.

Simon Lacasse Pentester,

Simon Lacasse travaille comme testeur d'intrusions chez Desjardins, avec un focus sur des tests organisationels orientés par objectifs. Il est très intéressé par la sécurité web et d'infrastructure. Équipé d'une formation en ingénierie logicielle, il aime créer ses propres outils pour résoudre les différents défis qu'il rencontre. Lorsque possible, il aime redonner à la communauté en faisant de ses outils des logiciels libres. Simon est également un ancien membre du club de sécurité informatique de Polytechnique Montréal, PolyHack/PolyHx.

(Bio de Charl-Alexandre en attente.)

Charl-alexandre Le Brun Penetration Tester, Desjardins

Je suis un passionné de l'informatique, ce domaine est ma passion et mon métier. Je fais des tests d'intrusion depuis quelques années et sur le côté j'aime entreprendre des recherches ou des projets. Que ce soit identifié des vulnérabilités ou construire des outils, je vais toujours suivre ma curiosité.

Aditi Lead Application Security Engineer,

Aditi Bhatnagar is a curious and pragmatic security engineer who like making and breaking stuff. While application security holds most of her focus today, she's equally fond of her previous encounters with cloud security, android security research and magical world of wireless communication. She has previously worked as a Core Engineer building features for end point security products at Microsoft. Through her initiative, Infinite Hacks, she is spreading cyber awareness. She has conducted trainings and initiated discussions on cybersecurity, digital rights, and techno-sociology. She’s an avid blogger and publishes posts on cybersecurity, ethical hacking, and several aspects of the evolving relationship between humans and technology on her website.

Simon Nolet ,

Sergei Frankoff Director, OpenAnalysis Inc

Sergei is a co-founder of OpenAnalysis Inc, and part of the team behind UnpacMe. When he is not reverse engineering malware Sergei is focused on building automation tools for malware analysis, and producing tutorials for the OALABS YouTube channel. With over a decade in the security industry Sergei has extensive experience working at the intersection of incident response and threat intelligence.

Marc-André Labonté ,

Marc-andre Labonte was a system administrator for more than a decade at the McGill Genome Center while it was known as the McGill University and Genome Quebec Innovation Center. There, he took part in the design, deployment, operation and maintenance of the data center as it went through multiple upgrade cycles to accommodate ever powerful high throughput genome sequencers coming to market.

Then, he joined the ETTIC team at Desjardins in 2016 as infrastructure penetration tester. Currently doing vulnerability research on IOT devices, he also presented "Automated contact tracing experiment on ESP Vroom32" workshop at NSEC in 2021. His work is motivated by curiosity and a strong sense of personal privacy in a world of connected devices and data hungry organizations.

Pier-Yves Lessard Embedded AI software engineer,

Embedded software engineer working at NXP semiconductor on embedded AI optimization for the automotive industry. Past experience in EV/motor control software. Author of 2 (relatively) widely used open source library dedicated to ECU communications and the main developer of Scrutiny Debugger, a project soon to be released. Father of two who develops open source stuff between 21h and 00h

Adrien Lasalle Pentester - Netrunner,

Formerly a firefighter in France 🇫🇷 🚒, I decided to pursue my passion for IT and especially offensive cybersecurity. Now a Pentester in Montreal 🇨🇦 for almost 3 years and an active member of HackersWithoutBorders North America, I am gradually specializing in internal and network intrusion testing.

Sharing our passion for this field, whether for awareness or education, is an important mission for me!

Feel free to contact me to discuss cyber or anything else over a beer :D 🍻

Ignacio Navarro Ethical Hacker, N/A

Ignacio Navarro, an Ethical Hacker and Security Researcher from Cordoba, Argentina. With around 6 years in the cybersecurity game, he's currently working as an Application Security. Their interests include code analysis, web application security, and cloud security. Speaker at Hackers2Hackers, Security Fest, BSides, Diana Initiative, Hacktivity Budapest, 8.8, Ekoparty. @Ignavarro1

Sergei Frankoff Director, OpenAnalysis Inc

Sergei is a co-founder of OpenAnalysis Inc, and part of the team behind UnpacMe. When he is not reverse engineering malware Sergei is focused on building automation tools for malware analysis, and producing tutorials for the OALABS YouTube channel. With over a decade in the security industry Sergei has extensive experience working at the intersection of incident response and threat intelligence.

Alexandre Côté Malware Researcher, ESET

Alexandre is a malware researcher at ESET since 2021. Working with the Montreal team, his research is focused on tracking APT groups and their toolsets.

He has previously presented about APTs and attribution at Botconf, Sleuthcon, Hackfest, and BSidesMTL. He is also involved in mentoring students getting started in infosec. His interests include operating systems fundamentals, writing shell scripts to automate tasks that don't always need to be automated, and brewing beer.

Marc-Etienne M.Léveillé Senior Malware Researcher, ESET

Marc-Etienne is a malware researcher at ESET since 2012. He specializes in malware attacking unusual platforms, whether it’s fruity hardware or software from south pole birds. Marc-Etienne focused his research on the reverse engineering of server-side malware to discover their inner working and operation strategy. His research led to the publication of the Operation Windigo white paper that won Virus Bulletin’s Péter Szőr Award for best research paper in 2014. He presented at multiple conferences including RSAC, FIRST, 44con, CARO and Linuxcon Europe. When he’s not one of the organizer, he loves participating in CTF competitions like a partying gentleman. Outside the cyberspace, Marc-Etienne plays the clarinet and read comics.

Marc-Etienne est chercheur en logiciels malveillants chez ESET depuis 2012. Il se spécialise dans les logiciels qui ciblent les plateformes inhabituelles, comme les ordinateurs avec des pommes ou des pingouins. Durant les dernières années, Marc-Etienne s'est concentré sur la rétro-ingénierie de logiciels malveillants s'attaquant aux serveurs, à la fois pour comprendre leurs fonctionnements et comment ils sont utilisés. Ses recherches ont mené à la publication du rapport Operation Windigo qui s'est mérité le prix Péter Szőr Award à Virus Bulletin pour meilleur rapport de recherche en 2014. Il a présenté à de multiples conférences incluant RSAC, FIRST, 44con, CARO Workshop et Linuxcon Europe. Quand il n'est pas dans le comité organisateur, il aime participer à des compétitions de sécurité (CTF) comme un gentilhomme en fête. En dehors du cyberespace, Marc-Etienne joue de la clarinette et lit des bandes dessineés.

Alexis Dorais-Joncas APT Research Manager, Proofpoint

Alexis Dorais-Joncas is the Senior Manager of Proofpoint’s APT research team, where he and his team of threat researchers and intelligence analysts focus on tracking the most elusive state-sponsored threat actors and ensuring Proofpoint customers are protected against these persistent attackers. Prior to joining Proofpoint, Alexis led ESET’s Montreal-based R&D branch office for over 10 years, where his team focused on malware research, network security and targeted attacks tracking. Alexis is an established speaker on current cyberthreats, having spoken in front of diverse audiences at events such as Northsec, Bluehat, Botconf, First CTI, Sector and Rightscon. He has also been quoted in several security and technical media such as Wired, ITWorldCanada and Ars Technica, with broadcast appearances on Radio-Canada and Skynews. Alexis holds an M. Sc. in Electrical Engineering from the University of Sherbrooke in Canada.

Greg Lesnewich ,

Greg Lesnewich is a Senior Threat Researcher at Proofpoint, focused on identifying, tracking, detecting, and disrupting malicious activity linked to North Korea and Russia. Greg has a background in threat intelligence, incident response, and managed detection, previously working at Recorded Future, Leidos, and NCFTA, with experience in developing methods of tracking espionage and state-sponsored activity. Greg enjoys the topics of weird forensic artifacts, measuring malware similarity, YARA, and infrastructure tracking.

Pierre-Marc Bureau ,

Charles F. Hamilton (Mr.Un1k0d3r) Director, KPMG Canada

Charles Hamilton is a Red Teamer, with more than ten years of experience delivering offensive testing services for various government clients and commercial verticals. In recent years, Charles has focused on covert Red Team operations against complex and secured environments. These operations have allowed him to hone his craft at quietly navigating a client's network without detection. Since 2014, he is the founder and operator of the RingZer0 Team website, a platform focused on teaching hacking fundamentals. The RingZer0 community currently has more than 40,000 members worldwide. Charles is also a prolific toolsmith and speaker in the Infosec industry under the handle of Mr.Un1k0d3r.

Laurent Desaulniers ,

Will Summerhill Senior Security Consultant, Mandiant

Will Summerhill is a senior security consultant with Mandiant Canada on the Proactive team performing red teams, purple teams, and penetration testing assessments. He has been in offensive security consulting for over 7 years and has 10 years of information security experience combined. He teaches red teaming classes to clients and taught a penetration testing course at the post-grad college level.

Philippe Arteau ,

François Proulx Senior Product Security Engineer, BoostSecurity.io

François is a Senior Product Security Engineer for BoostSecurity, where he leads the Supply Chain research team. With over 10 years of experience in building AppSec programs for large corporations (such as Intel) and small startups he has been in the heat of the action as the DevSecOps movement took shape. François is one of founders of NorthSec and was a challenge designer for the NorthSec CTF.

Benoit Cote-Jodoin Senior Product Security Engineer, BoostSecurity.io

Benoît Côte-Jodoin is a Senior Product Security Engineer at BoostSecurity researching software supply chain security. Former active CTF player, he now designs challenges for the NorthSec CTF competition.

Fennix ,

Pronouns: he/him

I'm a lifelong hacker and avid selfhoster/homelabber who works a day job pentesting. On the side, I build CTF challenges and occasionally even go outside to see the world.

Logan MacLaren Senior Product Security Engineer, GitHub

Logan is a Senior Product Security Engineer at GitHub where he focuses on the success of their Bug Bounty program. When not hacking on GitHub itself, Logan can be found doing security research focused on open source projects, or learning and refining new skills with CTF challenges!

Berenice Flores Senior Security Consultant, Bishop Fox

As a senior penetration tester at Bishop Fox, Berenice focuses on application security and cloud penetration testing (AWS). In the past year, Berenice has worked in security research against frameworks in the cloud. Berenice holds many cybersecurity certifications including Offensive Security Certified Professional (OSCP), Off-Sec Web Assessor (OSWA) and Offensive Security Wireless Professional (OSWP). When she's not finding bugs, Berenice enjoys attending hacking conferences and collecting stickers, pins and token coins.

François Labrèche ,

Christian Paquin Principal Research Software Engineer, Microsoft

I’m cryptography and security engineer at Microsoft Research where I aim to bring new research innovations closer to reality. My work focuses lately on privacy-preserving identity, post-quantum cryptography, and content origin and authentication (especially surrounding the work of the C2PA in which I’m a member of the technical working group). Prior to joining Microsoft I was a crypto developer at Zero Knowledge Systems developing a TOR-precursor mixnet and the Chief Security Engineer at Credentica.

Patricia Gagnon-Renaud Cybersecurity Analyst — Ethical Hacking, GoSecure

Patricia Gagnon-Renaud is a Cybersecurity Analyst in the Ethical Hacking team at GoSecure. She has a bachelor's degrees in IT engineering, is a licensed engineer, and more recently, has become a Certified Information Systems Security Professional (CISSP). Her interests include social engineering, physical security, lockpicking and urbanism.

W. Garrett Myler Owner / Consultant, Enclave Defense

W. Garrett Myler, owner of Enclave Defense and proud U.S. Air Force Reservist, has over a decade of experience supporting threat intelligence and cyber operations within the U.S. Department of Defense - from strategic to tactical levels of operation. He has traveled the world performing vulnerability assessments on industrial control systems (ICS) supporting critical infrastructure. Mr. Myler is an experienced and engaging cybersecurity instructor and presenter and has trained professionals and addressed audiences from around the world. He is a CISSP, GIAC Certified Forensic Analyst, an ISA 62443 certified "expert", and has a Masters of Science in Digital Forensics and Cyber Investigation. Mr. Myler is honored to fill the roles of husband to his wife Julie and father to their five children.

Octavia Hexe ,

Octavia is an independent security researcher. They have worked in security engineering, purple team, adversary emulation roles, and as a volunteer with non-profits countering disinformation.

Alexandre Côté Malware Researcher, ESET

Alexandre is a malware researcher at ESET since 2021. Working with the Montreal team, his research is focused on tracking APT groups and their toolsets.

He has previously presented about APTs and attribution at Botconf, Sleuthcon, Hackfest, and BSidesMTL. He is also involved in mentoring students getting started in infosec. His interests include operating systems fundamentals, writing shell scripts to automate tasks that don't always need to be automated, and brewing beer.

Ron Bowes Lead Security Researcher, GreyNoise Intelligenc

Ron Bowes is a Lead Security Researcher on the GreyNoise Labs team, which tracks and investigates unusual--typically malicious--internet traffic. His primary role is to understand and track the big vulnerabilities of the day/week/month/year; often, that means parsing vague vendor advisories, diff'ing patches, reconstructing attacks from log files, and--most complex of all--installing and configuring enterprise software. When he's not at work, he runs the BSides San Francisco Capture the Flag contest, is a founder of The Long Con conference in Winnipeg, maintains a personal blog, and continues his question to finish every game in his Steam library.

Logan MacLaren Senior Product Security Engineer, GitHub

Logan is a Senior Product Security Engineer at GitHub where he focuses on the success of their Bug Bounty program. When not hacking on GitHub itself, Logan can be found doing security research focused on open source projects, or learning and refining new skills with CTF challenges!

Ignacio Navarro Ethical Hacker, N/A

Ignacio Navarro, an Ethical Hacker and Security Researcher from Cordoba, Argentina. With around 6 years in the cybersecurity game, he's currently working as an Application Security. Their interests include code analysis, web application security, and cloud security. Speaker at Hackers2Hackers, Security Fest, BSides, Diana Initiative, Hacktivity Budapest, 8.8, Ekoparty. @Ignavarro1

Adrien Lasalle Pentester - Netrunner,

Formerly a firefighter in France 🇫🇷 🚒, I decided to pursue my passion for IT and especially offensive cybersecurity. Now a Pentester in Montreal 🇨🇦 for almost 3 years and an active member of HackersWithoutBorders North America, I am gradually specializing in internal and network intrusion testing.

Sharing our passion for this field, whether for awareness or education, is an important mission for me!

Feel free to contact me to discuss cyber or anything else over a beer :D 🍻

Zaid Osta Cyber Threat Intelligence Analyst, Flare

Zaid Osta is a Cyber Threat Intelligence Analyst at Flare, and his primary role involves the collection, research, and analysis of the latest cyber threats.

Alexis Dorais-Joncas APT Research Manager, Proofpoint

Alexis Dorais-Joncas is the Senior Manager of Proofpoint’s APT research team, where he and his team of threat researchers and intelligence analysts focus on tracking the most elusive state-sponsored threat actors and ensuring Proofpoint customers are protected against these persistent attackers. Prior to joining Proofpoint, Alexis led ESET’s Montreal-based R&D branch office for over 10 years, where his team focused on malware research, network security and targeted attacks tracking. Alexis is an established speaker on current cyberthreats, having spoken in front of diverse audiences at events such as Northsec, Bluehat, Botconf, First CTI, Sector and Rightscon. He has also been quoted in several security and technical media such as Wired, ITWorldCanada and Ars Technica, with broadcast appearances on Radio-Canada and Skynews. Alexis holds an M. Sc. in Electrical Engineering from the University of Sherbrooke in Canada.

Greg Lesnewich ,

Greg Lesnewich is a Senior Threat Researcher at Proofpoint, focused on identifying, tracking, detecting, and disrupting malicious activity linked to North Korea and Russia. Greg has a background in threat intelligence, incident response, and managed detection, previously working at Recorded Future, Leidos, and NCFTA, with experience in developing methods of tracking espionage and state-sponsored activity. Greg enjoys the topics of weird forensic artifacts, measuring malware similarity, YARA, and infrastructure tracking.

Marc-Etienne M.Léveillé Senior Malware Researcher, ESET

Marc-Etienne is a malware researcher at ESET since 2012. He specializes in malware attacking unusual platforms, whether it’s fruity hardware or software from south pole birds. Marc-Etienne focused his research on the reverse engineering of server-side malware to discover their inner working and operation strategy. His research led to the publication of the Operation Windigo white paper that won Virus Bulletin’s Péter Szőr Award for best research paper in 2014. He presented at multiple conferences including RSAC, FIRST, 44con, CARO and Linuxcon Europe. When he’s not one of the organizer, he loves participating in CTF competitions like a partying gentleman. Outside the cyberspace, Marc-Etienne plays the clarinet and read comics.

Marc-Etienne est chercheur en logiciels malveillants chez ESET depuis 2012. Il se spécialise dans les logiciels qui ciblent les plateformes inhabituelles, comme les ordinateurs avec des pommes ou des pingouins. Durant les dernières années, Marc-Etienne s'est concentré sur la rétro-ingénierie de logiciels malveillants s'attaquant aux serveurs, à la fois pour comprendre leurs fonctionnements et comment ils sont utilisés. Ses recherches ont mené à la publication du rapport Operation Windigo qui s'est mérité le prix Péter Szőr Award à Virus Bulletin pour meilleur rapport de recherche en 2014. Il a présenté à de multiples conférences incluant RSAC, FIRST, 44con, CARO Workshop et Linuxcon Europe. Quand il n'est pas dans le comité organisateur, il aime participer à des compétitions de sécurité (CTF) comme un gentilhomme en fête. En dehors du cyberespace, Marc-Etienne joue de la clarinette et lit des bandes dessineés.

Charles F. Hamilton (Mr.Un1k0d3r) Director, KPMG Canada

Charles Hamilton is a Red Teamer, with more than ten years of experience delivering offensive testing services for various government clients and commercial verticals. In recent years, Charles has focused on covert Red Team operations against complex and secured environments. These operations have allowed him to hone his craft at quietly navigating a client's network without detection. Since 2014, he is the founder and operator of the RingZer0 Team website, a platform focused on teaching hacking fundamentals. The RingZer0 community currently has more than 40,000 members worldwide. Charles is also a prolific toolsmith and speaker in the Infosec industry under the handle of Mr.Un1k0d3r.

Pier-Yves Lessard Embedded AI software engineer,

Embedded software engineer working at NXP semiconductor on embedded AI optimization for the automotive industry. Past experience in EV/motor control software. Author of 2 (relatively) widely used open source library dedicated to ECU communications and the main developer of Scrutiny Debugger, a project soon to be released. Father of two who develops open source stuff between 21h and 00h

W. Garrett Myler Owner / Consultant, Enclave Defense

W. Garrett Myler, owner of Enclave Defense and proud U.S. Air Force Reservist, has over a decade of experience supporting threat intelligence and cyber operations within the U.S. Department of Defense - from strategic to tactical levels of operation. He has traveled the world performing vulnerability assessments on industrial control systems (ICS) supporting critical infrastructure. Mr. Myler is an experienced and engaging cybersecurity instructor and presenter and has trained professionals and addressed audiences from around the world. He is a CISSP, GIAC Certified Forensic Analyst, an ISA 62443 certified "expert", and has a Masters of Science in Digital Forensics and Cyber Investigation. Mr. Myler is honored to fill the roles of husband to his wife Julie and father to their five children.

Patricia Gagnon-Renaud Cybersecurity Analyst — Ethical Hacking, GoSecure

Patricia Gagnon-Renaud is a Cybersecurity Analyst in the Ethical Hacking team at GoSecure. She has a bachelor's degrees in IT engineering, is a licensed engineer, and more recently, has become a Certified Information Systems Security Professional (CISSP). Her interests include social engineering, physical security, lockpicking and urbanism.

François Proulx Senior Product Security Engineer, BoostSecurity.io

François is a Senior Product Security Engineer for BoostSecurity, where he leads the Supply Chain research team. With over 10 years of experience in building AppSec programs for large corporations (such as Intel) and small startups he has been in the heat of the action as the DevSecOps movement took shape. François is one of founders of NorthSec and was a challenge designer for the NorthSec CTF.

Benoit Cote-Jodoin Senior Product Security Engineer, BoostSecurity.io

Benoît Côte-Jodoin is a Senior Product Security Engineer at BoostSecurity researching software supply chain security. Former active CTF player, he now designs challenges for the NorthSec CTF competition.

Corinne Pulgar Project manager, Lab2038

Corinne Pulgar brings a unique blend of technical expertise and social awareness to the field of digital security. With a Master's in Software Engineering from École de Technologie Supérieure (ETS) and a Bachelor's in Computer Science from Université du Québec à Montréal (UQAM), they possess a deep understanding of software development and security. They have shown a steadfast commitment to education through their contributions as a project manager and InfoSec at Lab2038 and a teaching assistant and lecturer at multiple institutions, including McGill University, ETS and UQAM. Her ability to translate complex technical concepts into accessible knowledge has made them a sought-after lecturer and mentor.

Corinne’s research, presented at conferences and published in journals, focuses on model-driven software engineering and DevOps, demonstrating their innovative approach to software development. Their work at the intersection of technology and inclusivity reflects their dedication to leveraging their technical expertise for social good, specifically in enhancing digital privacy and security for vulnerable groups. Their unique perspective, combining technical acumen with a passion for social impact, makes them an ideal speaker to address the critical issue of digital privacy in the context of IPV.

Priyank ,

As an offensive security engineer at Microsoft, Priyank's primary focus is conducting security exercises that emulate real-world threats impacting billions of users. He is well known for his expertise in identifying high-impact vulnerabilities and has shared his research openly through various industry conferences.

His forte is web/mobile application security assessments, network penetration testing and secure source code reviews. In the past, he has advised F500 brands and startups and does mobile and IoT related research in his spare time.

As a new parent, he is now (re)learning hacking from his toddler who defeats all the "restrictions" to limit their mobility.

Berenice Flores Senior Security Consultant, Bishop Fox

As a senior penetration tester at Bishop Fox, Berenice focuses on application security and cloud penetration testing (AWS). In the past year, Berenice has worked in security research against frameworks in the cloud. Berenice holds many cybersecurity certifications including Offensive Security Certified Professional (OSCP), Off-Sec Web Assessor (OSWA) and Offensive Security Wireless Professional (OSWP). When she's not finding bugs, Berenice enjoys attending hacking conferences and collecting stickers, pins and token coins.

John Stoner Security Strategist, Google Cloud

John Stoner is a Global Principal Security Strategist at Google Cloud and leverages his experience to improve users' capabilities in Security Operations, Threat Hunting, Incident Response, Detection Engineering and Threat Intelligence. He blogs on threat hunting and security operations and has built multiple APT threat emulations for blue team capture the flag events. John has presented and led workshops at various industry symposia including FIRST (CTI, Tech Colloquium), BSides (SF, Las Vegas), SANS Summits (DFIR, Threat Hunting, Cloud and SIEM), WiCyS, Way West Hacking Fest, AISA and DefCon Packet Hacking Village. He also enjoys listening to what his former teammates referred to as "80s sad-timey music."

AJ Jarrett Incident Response Director, DTCC

AJ Jarrett is the Incident Response Director for the Threat Management Center at DTCC. Prior to joining DTCC, AJ worked for over 15 years in various IT and cybersecurity roles including defense, compliance, assessments, and incident response. In addition to his work at DTCC, AJ is also an Adjunct Instructor at the Texas A&M Engineering Extension Service and volunteers with various educational initiatives to help bring cybersecurity knowledge to as many people as possible.

Louis Melançon ,

Titulaire d’une maîtrise en mobilisation et transfert des connaissances de l’Institut national de la recherche scientifique, Louis a toujours cherché à combiner son intérêt pour le transfert des connaissances à sa passion pour la recherche et l’impact des nouvelles technologies. Après avoir poursuivi ses études universitaires en s’intéressant à la vulnérabilité Heartbleed et son impact sur les pratiques de sécurité, Louis a collaboré avec plusieurs organismes de mobilisation des connaissances tels que Serene-risc et Research Impact Canada. Ayant récemment joint l’équipe du soutien à la recherche chez Ivado, cette présentation est l’occasion pour Louis de revisiter le sujet qui l’a passionné pendant des années.

Holder of a master's degree in knowledge mobilization from INRS, Louis has always sought to combine his interest in knowledge transfer with his passion for research and the impact of new technologies. After continuing his university studies focusing on the Heartbleed vulnerability and its impact on security practices, Louis collaborated with several knowledge mobilization organizations such as Serene-risc and Research Impact Canada. Having recently joined the research support team at Ivado, this presentation is an opportunity for Louis to revisit the subject that has fascinated him for years.

Kai Iyer Senior Security Engineer, EY Canada

Kai is a Senior Security Engineer at EY's Cyber Threat Management team and manages Applied Machine Learning and Security Engineering. He holds multiple certifications and has extensive knowledge in various domains, including Web-App Development, Data Science, Incident Response, DevSecOps and Purple Teaming. He is also an advocate for open source software and data privacy. He dreams of a world where no one clicks on phishing e-mails.

Will Summerhill Senior Security Consultant, Mandiant

Will Summerhill is a senior security consultant with Mandiant Canada on the Proactive team performing red teams, purple teams, and penetration testing assessments. He has been in offensive security consulting for over 7 years and has 10 years of information security experience combined. He teaches red teaming classes to clients and taught a penetration testing course at the post-grad college level.

Christian Paquin Principal Research Software Engineer, Microsoft

I’m cryptography and security engineer at Microsoft Research where I aim to bring new research innovations closer to reality. My work focuses lately on privacy-preserving identity, post-quantum cryptography, and content origin and authentication (especially surrounding the work of the C2PA in which I’m a member of the technical working group). Prior to joining Microsoft I was a crypto developer at Zero Knowledge Systems developing a TOR-precursor mixnet and the Chief Security Engineer at Credentica.

Fennix ,

Pronouns: he/him

I'm a lifelong hacker and avid selfhoster/homelabber who works a day job pentesting. On the side, I build CTF challenges and occasionally even go outside to see the world.

Camille Felx Leduc , Mandiant

Ms. Felx Leduc is an ICS Senior Security Consultant in Mandiant’s Canadian practice. As part of the ICS Services team, Camille supports clients with better securing their ICS networks, analyzes client networks for threats, and supports clients with strategic assessment, roadmap development, and initiative implementation, including Security Program Assessments, and threat modeling.

Thomas Poinsignon Clavel ,

Mangatas Tondang (@tas_kmanager) Security Researcher, Microsoft / Curated Intelligence

Tas has spent the last five years immersed in the worlds of threat hunting, detection engineering, and security research. Currently, he's making changes at Microsoft, specializing in cloud security research. Beyond his professional endeavors, Tas is a passionate contributor to the cybersecurity community, holding roles in the DFIR report and Curated Intelligence. He's also no stranger to the stage, having presented at various conferences around the globe, to name a few SANS Summits and DEF CON BTV. When he's not navigating the digital landscape, Tas enjoys the art of astrophotography and embarking on spontaneous adventures across the globe exploring landscapes and cuisines.