Parlez-vous le Hacking?


We have several really good infosec cons going on here in Canada. One of these is Hackfest, billed as the “largest hacking event in Canada”, and is held in la belle province, Quebec. which celebrated their 8th year. With the feel of DefCon, but at a much smaller scale, Hackfest invites the true spirit of exploration and hacking. Talks are diverse, concepts are challenging, and people are really friendly. But what Hackfest has become reknowned for is its CTF. I got to do my first CTF here this year, at a Saturday night party that was more fun than any I’ve been to in ages. Everyone was having a great time, playing together, enjoying the music and light show. Hats off to you, Hackfest!


Hackfest also features outstanding training courses – the kind that are really hard to get. I’m not there yet, but this year they had an intense Corelan course and yes, people were developing exploits within 2 days.

Then there were the talks. Where do I begin? Chris NIckerson brought it with his talk on Adversarial Simulation. The industry needs reform, and he outlined a ground-breaking, earth-shaking plan on how to get us where we need to be. To move beyond colours in a crayon box.  It’s about selling integrity with the service, actually making security happen even when it’s hard.  I talk about getting people out of their silos and collaborating – Chris and his compadres actually wrote the plan. Big things are in store, if we are willing to listen to some of the brightest and most experienced minds out there. img_20161105_163814010

My friend Stephanie Carruthers, #Sn0ww, enthralled (yes!) a roomful of attendees with how to do OSINT really well. She operates her own consulting business and advises clients on social engineering, vishing, phishing and some other dark arts.


@Renderman and pal, Murdoch Monkey, gave the talk everyone was talking about with “Hacking the Internet of Dongs.”  Because really, was there a better time and place to do this? How much fun can you have on a Saturday afternoon 😉

And I had the pleasure of giving a talk on revamping Blue Teaming with my buddy Haydn Johnson. There’s nothing like a shot of whiskey before giving a 10:00 am talk. We built it from a webinar we had given for Dark Reading on how to do effective IT threat security analysis. We delved into some of our favourite things: data, monitoring, data, context; more data, the enhanced cyber kill chain and the OODA loop. It was a fantastic experience and deserves its own post. See the prezzie at

Then, at 11:00 I got to talk about some of my favourite things in A Stuxnet for Mainframes. Yes! 2 talks at Hackfest. Poutine, sight seeing  – it all went by too quickly. But, there’s always next year. A bientot!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s