Olivier Bilodeau

Cybersecurity Research Lead

Olivier Bilodeau Cybersecurity Research Lead, GoSecure

Olivier Bilodeau is leading the Cybersecurity Research team at GoSecure. With more than 10 years of infosec experience, he enjoys attracting embedded Linux malware, writing tools for malware research, reverse-engineering all-the-things and vulnerability research. Passionate communicator, Olivier has spoken at several conferences like BlackHat USA/Europe, Defcon, Botconf, SecTor, Derbycon, HackFest and many more. Invested in his community, he co-organizes MontréHack, a monthly workshop focused on applied information security, and NorthSec, Montreal's community conference and Capture-The-Flag.

Workshop: Capture-The-Flag 101

An introduction to Capture-The-Flag (CTF) with easy challenges and tips on how to approach them.

The objective of this workshop is to dive into Capture-The-Flag (CTF) competitions. First, by introducing participants to the basic concepts. Then, by helping them prepare for the upcoming NorthSec CTF, and, finally, evolve in their practice of applied cybersecurity.

We will have easy and medium CTF challenges in several categories (binaries, Web, exploitation, forensics) and we will give hints and solutions during the workshop.

This is meant to be for CTF first timers. Seasoned players should play NorthSec's official CTF.


  • a laptop
  • a programming language of choice (it's usually Python)
  • wireshark
  • a web assesment security tool (Burp, ZAP, Watobo, mitmproxy)
  • a disassembler / decompiler (Radare2, Binary Ninja, IDA Pro)
Participants should bring:

See Requirements section of the proposal

Participants must know or have:


Workshop: Leveraging DevOps Tools for Malware Research and Red Team

This workshop will get you started with containers and cloud orchestration as a cybersecurity person. You will get hands-on experience with vagrant, docker, docker-compose, ansible and terraform.

Everyone working with computers lately has heard of VMs, cloud orchestration and containers. That said, so many of us still do many things manually or use these technologies inefficiently. Let’s not allow the devs to have all the fun with DevOps (and its tools).

Virtual Machines can be effectively used to test exploits or contain development environments. Vagrant makes it easy to share these pre-built VMs, avoiding tedious "next, next, next" install procedures while supporting both Linux and Windows.

Containers changed the way we distribute applications and combine services together. Built on top of Linux namespaces, they enable us to deploy complex software in a reproducible manner no matter on which Linux distribution we deploy it. Additionally, using network namespaces manually is useful to isolate, bridge, route or firewall a single process or a process hierarchy.

Orchestration is the natural next step of automation. We describe entire fleets of systems in code and use tools to make sure that the current state of the infrastructure matches what the code says. Terraform leverages cloud APIs to deploy computing instances and other cloud resources. Ansible reads from Terraform’s inventory, connects to the instances, install software, copy files and perform the various tasks known as provisioning. Together they are a powerful combination, allowing the deployment of complex systems temporarily in a matter of a few minutes and then tear everything down when it is no longer required.

This workshop will be use case driven and each one will explore more advanced featuresets of the tools demonstrated.


Virtual Machines (VMs)

  • A very very brief intro to VMs
  • Tool: Vagrant
    • Use case: I need to try a Linux kernel exploit quickly
  • Tool: Malboxes
    • Use case: I need to do a quick investigation on this suspicious Word document
    • Use case: I need to run this Windows binary I don’t trust


  • A brief intro to Linux containers and network namespaces
  • Tool: lxd / lxc*
    • Use case: I need to try a userspace Linux exploit quickly
  • Tool: netns*
    • Use case: I want a single process on my host to use a VPN
  • Tool: docker + docker-compose
    • Use case: I need to run this Linux binary I don’t trust
    • Use case: I want to deploy a customized Cowrie Honeypot


  • A brief intro to Cloud Orchestration
  • Tool: Vagrant
    • Use case: I want to deploy a CTF environment (CTF scoring system + challenges)
  • Tool: Ansible*
    • Use case: I want to scan the Internet for USD $2.50
  • Tool: Terraform* + Ansible*
    • Use case: I want to deploy temporary infrastructure for a Red Team (C\&C and redirectors)

Due to the fast-paced nature of this workshop, no technical support will be provided. So make sure to install and test the following tools before we start:

Alternatively a Vagrant box (based on VirtualBox, which you will need) will be provided on site with all the tools pre-installed. Using this will require only Vagrant and VirtualBox installed and should work cross-platform.

*: These tools require Linux to run. Have a Linux host or VM ready with the tools preinstalled

†: Achieving these use cases will require a Digital Ocean account and will incur costs (should be less than USD $5 unless you forget to destroy your instances after the class). The code provided by the instructor should work with other cloud providers with minor adaptations.

Participants should bring:

See the prerequisite section of the workshop description.

Participants must know or have:

Familiar with a Linux command-line