Father of two. Hacker. Cofounder @montrehack. Vice-President and Hacker Jeopardy @northsec_io. Love to teach and share. BlackHat, Defcon, SecTor speaker.
Some of you might have seen some badges with a "bandaid" SAO. There is a story behind that. The failure rate of the OLED screen was incredibly high this year. It lead to a overall badge defect rate of ~13%.
A symptoms was the screen showing garbage. A portion of the screen didn't like the i2c channel rise-time. (Pullups prepopulated on the screen). A solution was to add resistors in parallel as an SAO to tighten the rise-time. So we thought it would be cute to have little bandaid PCBs 🩹
We are thrilled to announce none other than HD Moore (creator of Metasploit) as our Thursday keynote! HDM embraced our theme and will discuss vulnerability management onboard NorthSec's CVSS Bonsecours. Make sure to be there! https://nsec.io/session/2025-a-pirates-guide-to-snake-oil-and-security.html
J'ai passé au podcast @polysecure pour parler des information stealer malware en français et c'était chouette. https://polysecure.ca/posts/episode-0x569.html#9440fb88
🎙️ Nouveau #podcast! J'ai discuté avec @obilodeau des "Information Stealers", ces malwares qui volent vos données en quelques secondes sans laisser de trace.
On y parle de mots de passe volés, cookies de session compromis et des dangers pour vos infos professionnelles.
🎧 Écoutez l'épisode:
🎧 Web: https://bit.ly/4kVe1N9
🎧 Spotify: https://spoti.fi/41XhLFd
🎧 YouTube: https://bit.ly/41UrTi5
I love the MontréHack community. New faces, familiar faces all willing to learn, hands on the keyboard. They are starting their *13 years* of *free* *monthly* cybersecurity challenge training sessions! Incredible!
@res260 :blobcatheart: I'm trying to spread as much empathy as I can in the NorthSec community but yes these are saddening times... I wish this is magnified by the new tangent of social media and that things will settle with time. Retour du balancier.
@res260 focus on what you have control over. Humanity is going to do just fine. This is temporary in the grand scheme of things. This video helped me a lot recently: https://youtu.be/LEENEFaVUzU?si=vdwM4uFDKwJqG532
Video from our SmhooCon talk last week: youtu.be/5YHcw-qj094?...
ShmooCon 2025 Day 2 Belay It! ...
C'est là qu'ça se passe! On a hâte d'être épatés par vos recherches en cybersécurité. 💙
Excited to announce my upcoming online training on RDP Interception next Tuesday! A two-hour session (11:00-13:00 EST) with lots of hands-on and demos. Register here: try.flare.io/academy/remo...
Join Our Live Cybersecurity Tr...
Next year, 2025, is the only square year most of us will see in our lifetimes (45 x 45). The last was 1936 (44 x 44), the next is 2116 (46 x 46)
The news publications about recent MOVEit hacks got details wrong. This threat actor "Nam3L3ss" is a hacktivist that repackages previous breaches putting the spotlight on content matching big brands orgs. He bragged about having ~42TB of data yesterday! Blog: https://flare.io/learn/resources/blog/moveit-repackaged-and-recycled/
@playlist39788 It also contains the "finito" string
Indicating how to report a vulnerability forcing going through a bug bounty program and its rules is, imho, plain wrong.
Always allow spontaneous and non binding reporting, not everyone wants (or can) submit to a bug bounty, while wanting to serve public interest.
@playlist39788 $ret.Count == 4
PowerShell is weird.
Given:
```
Function Get-Thing() {
Write-Output "I'm getting thing"
"Loose string"
42
return "finito"
}
$ret = Get-Thing
Write-Host $ret.Count
```
What is the value of $ret.Count here?
Lost deep into RDP territory tonight. Reading the CredSSP spec [MS-CSSP], I found hardcoded strings in the crypto by the spec. Not sure why but it's related to the RDP Encryption Oracle Remediation preventing an RDP RCE. Rabbit holes...
@awakecoding I followed the bot but I didn't see your message. I'm guessing this will work for the future ones.
I remember some time ago hearing a guy say he wouldn't go to a CTF if it wasn't free. I understand that. In my opinion, especially when it benefits our day to day work, this type of activity should be supported by the employer.
On the other hand, please understand *nothing is free*. If *you* don't pay, it's because companies agree to sponsor and *pay for you*. *If you want free events, it is your responsibility to ask your employers to support free events.*
