Saturday, November 1, 2025

Sunday, November 2, 2025

FPV, first person view operstion of radio controlled vehicles.typically aircraft, is an exciting, technical,.nuanced hobby. Its roots are built on open source, community, and innovation, and as such many of the core technologies are open source. But when operating radio controlled aircraft, the risk to people, property, and safety is significant, and making sure that you do this safely, securely, and with proper awareness.failsafes, and safeguards in place is important. This talk with cover the hobby, skills, technologies, regulations, certifications, tactics and techniques of safe operation of RC aircraft, and some applications of them in various industries and relationships to security and safety.

Bio: "Mike has done a lot of things as a day job, and has a lot of hobbies, but if you asked him what he wants to do, he'll probably respond with "finish Septerra Core". One day, Mike... One day."

Learn to build AI applications with enhanced security, implementing best practices for secure and responsible AI development. In this session, Gavin will walk through the OWASP Top 10 for Large Language Model (LLM) applications — and cover the most critical security risks associated with AI systems. As the author of two of the OWASP top 10, he’ll share lessons from his work in penetration testing, practical ways these risks show up in real-world environments, and strategies to mitigate them.

Bio: "Gavin Klondike is the principle security consultant at GlitchSecure, and an independent researcher specializing in penetration testing and AI. He is the former head of demos and workshops for the AI Village and the lead author for two of the OWASP Top 10 for LLM Applications. He is also the founder of the YouTube channel NetSec Explained, where he shares intermediate to advanced level network security topics in an easy-to-understand way. He is dedicated to sharing his knowledge with the next generation of cybersecurity professionals, to help them level up their skills. His current research focus is in finding ways to address the cybersecurity skills gap, by utilizing AI/ML to augment the capabilities of existing security resources."

Anycast isn’t just for DNS root servers anymore, it can be a powerful tool for making internal services highly available, resilient, and faster. "Based on true events", we’ll follow the presenters dive deep down the Anycast rabbit-hole: from routing protocols, thru various real-world failure scenarios and situations. We’ll explore how a single IP can be served from multiple locations, seamlessly shifting traffic when things go wrong, and scaling sideways.

Bio: "Theodore Baschak is a network guru specializing in large networks, routing, and automation. With expertise in BGP, FreeRADIUS, and Linux-based infrastructure, he helps ISPs and enterprises design resilient, high-availability systems. Passionate about networks and problem-solving, Theodore brings practical experience in bridging traditional networking with modern tooling."

Security policies often deal with networking incorrectly, inefficiently, expensively, and even hazardously due to a lack of knowledge and/or understanding. I can't fix it all in one talk, but I can try... I'll explain a baseline of how it's supposed to work, cover common ways things can be broken, and where to apply Hanlon's Razor. Last year, I started at layer 1, and this year I'll continue up the stack!

Bio: "Engineering drop-out, Circuit designer, Programmer, LAN Admin, DBA, Tech Support Manager, Software Architect, Product Manager, Network Operator, Network Architect, Conference Organizer, Amateur Musician, Autistic + ADHD. I speak multiple tech dialects and can translate between groups."

Back in the day, stealing a car meant hotwiring it (at least in the movies I've seen). That was until some kids changed the game with some USB cables and viral TikTok's. The “Kia Boys” made headlines, but they also opened a conversation about how modern cars are basically computers on wheels… and not always secure ones. In this talk, we’ll take a joyride through the wild world of automotive cybersecurity. From keyless entry hacks and CAN bus chaos to infotainment systems that do way more than play music, you’ll learn how today’s vehicles are vulnerable in ways most drivers never imagine. We’ll also peek under the hood of how automakers try to defend against these threats (spoiler: it’s complicated), and why standards like ISO/SAE 21434 are the new seatbelts for your car’s software. And if there's time we’ll look ahead to the future of connected and autonomous vehicles, where the risks will grow to even higher stakes. Whether you’re a hacker, a car enthusiast, or just someone who wants to know if their ride is secretly plotting against them, this talk is your pit stop for all things vehicular and vulnerable.

Bio: "Robert Ingram is a tech enthusiast with a passion for cybersecurity and enterprise software. He began his journey in the Business Information Technology program at Red River College, where he interned as a cybersecurity analyst for the provincial government. Following graduation, he worked in databases, developed a mobile app and did IT consulting for Winnipeg non-profits. He is currently finishing a Computer Science degree and works as a Subject Matter Expert in enterprise software systems. His interests include military intelligence, artificial intelligence, and the evolving intersection of operating systems and emerging technologies. Outside of work, Robert enjoys running, admiring the Lexus IS350, and caring for his pet tree frog."

"But David", you protest, "you already talked about LLMNR poisoning last year!" Not so! I talked last year about mDNS, which uses multicast to resolve names link-locally. This is LLMNR, which uses multicast to resolve names link-locally. Completely different. This year we'll get less theoretical and more practical, and examine two common (and commonly-paired) techniques in a red-teamers toolkit: LLMNR Poisoning and NTLM Relaying. We'll poison LLMNR (inter alia) to masquerade as everybody, wait for one of those lines to hook a fish, and then relay their authentication to our targets. Very technologically advanced fish, these. After going through those technical details and showing a demo or two, we'll also get to my customer's favourite question, which is "How do we stop you from doing this to our network again?", and I'll discuss common mitigation techniques.

Bio: "David Dyck is a Manitoban (born, raised, educated, and remained) penetration tester and redteamer, and leads that team at Security Resource Group (SRG). He majored in Computer Science and in Linguistics, and will never shut up about the latter. Professionally, he has experience in networking and in system administration before moving into security. In his free time, he enjoys wandering around forests, around parks, or down the road to visit the cows grazing at the end of the street. When it's raining, you might find him in a shed working on a project, or back at his desk capturing flags with his CTF team. "

When we talk about AI workflows, most people focus on the exciting parts; models, prompts, and results. But in this talk, we will discuss MCP servers. The middleman that connects AI to the tools and data it needs to get work done. These servers bootstrap workflows, orchestrate tools, and quietly act as the gatekeepers of your AI stack. And as with any gatekeeper, a lack of understanding leaves you unaware of who else may be passing through. In this session we will create an MCP server and integrate it with a real-world tool like Jira to show how easy it is to configure custom AI workflows into existing systems. Along the way, we’ll highlight some security concerns that turn “Making Compromise Possible” from a joke into a real risk. You’ll leave with a clearer understanding of MCP servers, their role in AI pipelines, the security implications they introduce, and practical steps you can take to keep your workflows secure.

Bio: "Hey, I’m Nathan - I spend my days securing cloud environments, chasing down CI/CD issues, and arguing with engineering teams all while sprinkling LGTM across way too many PRs. I thrive on curl-ing APIs, debugging stack-traces, all while contemplating whether awk or sed is truly superior. Outside of the nerdy stuff, I play games like Rocket League, train BJJ with my buddies, and hang out with my wife."

Syndicate: Inside the Life of a RaaS Affiliate is not your usual threat actor retrospective; it’s a psychological profile in three acts. We begin with the life of a skid (script kiddie): the copy-paster, the stealer-log dopamine chaser, the clout addict living in Telegram chats and cracked panels. Their world is a blur of fake flexes and small wins; high on illusion, tethered to someone else’s payload. Then we move to the mid-tier: ransomware operators negotiating ransoms between bites of cold noodles, barely holding their teams together, clashing over OPSEC and loyalty, and falling prey to the same scams they run. They operate in constant motion; spinning up infra, recycling brands, running Telegram polls to pick the next target. There’s no hierarchy, just reputation, vibes, and whoever controls the wallet. Finally, we look at the syndicate tier: Conti, LockBit, BlackBasta. Where KPIs matter more than skill. Where HR processes are more dangerous than intrusion vectors. Where recruitment, churn, and burnout mirror SaaS startups; except the product is extortion, and trust is everything. This talk draws from leaked playbooks, chat logs, and recruitment docs to unpack how affiliates function not just tactically, but structurally and socially. Attendees will leave with a renewed lens on how ransomware-as-a-service scales, and the human cost that powers it; not just threat actors, but labor inside an economy of deception.

Bio: "Tammy is a Senior Threat Intelligence Researcher and Certified Dark Web Investigator at Flare, where she tracks ransomware affiliates, fraud ecosystems. She’s also an admin and researcher for RansomLook, an open-source project mapping ransomware infrastructure and leak sites. Her work sits at the intersection of operational threat intel and underground culture, blending technical depth with behavioural insight. Tammy shares her research through Flare briefings, webinars, podcasts, and threat intel blogs. Outside of work, she’s into ambient techno, matcha, street and nature photography, hiking, and amateur astronomy with a soft spot for weird particles and black hole physics. She plays tennis and badminton to stay grounded."

AV/EDR evasion is a complex and ever evolving game. While operational evasion - getting your payload executed and staying running - is complex and seemingly always getting harder, there are some surprisingly low-tech approaches to getting your payload on disk and at least executing. You have to stay hidden along the entire operation, but these simple techniques can help you get your foot in the door. We'll discuss techniques that cause some EDR to ignore your payload all together, as well as techniques that can help deter detections when you're running, including dealing with malware analysis sandboxes.

Bio: "Mike Saunders is Red Siege Information Security’s Principal Consultant. Mike has over 25 years of IT and security expertise, having worked in the ISP, banking, insurance, and agriculture businesses. Mike gained knowledge in a range of roles throughout his career, including system and network administration, development, and security architecture. Mike is a highly regarded and experienced international speaker and trainer with notable cybersecurity talks at conferences such as DerbyCon, Circle City Con, WWHF, and NorthSec, in addition to having more than a decade of experience as a penetration tester. You can find Mike’s in-depth technical blogs and tool releases online and learn from his several offensive and defensive-focused SiegeCasts. He is the lead Red Team Operator for Red Siege Information Security."

This talk is about DDoS; It includes the basics of what it is ( different types of ), and goes over some mitigation techniques. This talk is structured as an introduction to the subject, the content is fairly wide rather than very deep.

Bio: "Rob lives on a forested property outside of Winnipeg MB Canada with his wife, his dog, and many musical instruments. He has a background in computer science, and runs a small public network (AS62752) using OpenBSD."

In large organizations with complex identity structures, it can be easy to lose track of who is authorized to access a service. In a University environment, for example, a person may be a student, a staff member, and a faculty member at the same time. If such a person is dismissed from employment, they remain in the system as a student, which can cause security issues if access to employee-related systems, processes, and data is retained. This talk discusses why and how we achieved automated Google and Entra ID group membership management using the open-source software system Grouper.

Bio: "Dan Nygard - Software Engineer at NDSU since 2022, specializing in Identity and Access Management. He is currently part of a working group that prepares and conducts federated security incident response exercises, and is active in the broader higher education IAM community. Jeff Gimbel - Senior Security Analyst, been in the security realm at NDSU since the Blaster/Welchia wars of 2003. Have been a reluctant Google and Office 365 Admin for many years, and works to secure the data of the students, staff, and faculty of NDSU."

Storm is a cross-platform peer-to-peer messaging application based on the bramble protocols. This presentation will assert the importance of anonymous and secure communication, and outline how the bramble protocols provide anonymity, security, and integrity guarantees while exchanging messages using The Onion Router.

Bio: "Bevan is a Winnipeg-based software developer with a passion for social freedom and open source software. He has several years of full stack development experience and is a self-hosting enthusiast using a computer cluster cobbled together from old laptops and SBCs and configured with NixOS. He has two honours bachelor's degrees, in Biochemistry and Computer Science. He engages in community organizing and studies politics, history, and economics for fun. Bevan's self-hosted personal website is https://stoic-development.xyz"

From ChatGPT wrappers to Vibe Coding, AI trends are changing software. This talk digs past the headlines and discusses the fundamental threats that applications are facing in a post-GenAI landscape. From the attackers, to the defenders, to the technologies themselves.

Bio: "Adam Krieger is a Principal Security Consultant with Online Business Systems. With a background in software development, cloud architecture, and distributed systems, and a certified CISSP, CSSLP, and CISA, he is driven to improve the way we build confidentiality, integrity, availability, and privacy into our applications. He works with teams and organizations of vastly different sizes to design, build, and verify security quality into their products."

This talk delves into the subtle and dark art of deanonymizing usernames. Whether you are tracking threat actors, CSAM distributors, or a broad range of criminal groups, attendees will learn about the tools of the OSINT trade that can reveal connections between seemingly disparate digital personas, often exposing the true identity behind accounts. The session will highlight the unique risks of username reuse, explore practical workflows for profiling targets across places and platforms, and introduce automated tools that streamline and visualize the complex process of mapping out digital footprints. What sets this session apart are the dark, strange, fun, and weird real-world stories and case studies that are interwoven throughout, showcasing how these methods have been used to trace criminals, disrupt illicit online networks, and aid in digital investigations. Through demonstrations and narratives, the audience will discover powerful new tools for their investigative arsenal but also experience some “digital detective work” in action.

Bio: "MJ Banias brings a decade of experience in OSINT and data analysis, running complex investigations as both a journalist and intelligence analyst. He has worked on numerous investigative projects, feature stories, and documentaries with outlets such as Sony Entertainment, VICE, VICE Studios, The History Channel, The Discovery Channel, Popular Mechanics, The Debrief, and Futurism. He has led research teams through investigations ranging from business intelligence, deanonymizing threat actors and child predators, monitoring geopolitical crises, collecting digital evidence for legal cases, and conducting threat assessments. He has spoken at conferences and led training on these topics both in Canada and abroad. "

Running good tabletops is critical for a modern security team and developing your incident response, but how can you build out a program when no-one on your team has done it before? Enter Backdoors and Breaches, a card game developed by Black Hills Information Security that can help guide your team through a tabletop session while keeping it fun and light. In this session, I will walk you through such a tabletop scenario using Backdoors and Breaches, giving you the skills to take this tool back to your own organization and make tabletops a regular, edifying, practice.

Bio: "QnlxIHpuYSBHZW5pdmYgcWJyZiBmcnBoZXZnbC4gVXIgdW5mIG9ycmEgcWJ2YXQgZnJwaGV2Z2wgdmEgaW5ldmJoZiBwbmNucHZnbCBzYmUgMTUgbHJuZWYgYWJqLCB2YSBuIGluZXZyZ2wgYnMgc3ZyeXFmLCBzZWJ6IHRiaXJlYXpyYWcgZ2IgcnFocG5ndmJhIGdiIHN2YW5hcHIsIG5hcSB2YSBndW5nIGd2enIsIHVyJ2YgeXJuZWFycSBuIHNyaiBndXZhdGYuIFl2eHIgZ3VyIHZ6Y2JlZ25hcHIgYnMgZ3VyIEstTCBjZWJveXJ6LiBCZSBqdWwgbGJoIGZ1Ymh5cSBhcmlyZSBuZ2dldm9oZ3IgZ2Igem55dnByIGp1bmcgcG5hIG9yIHJrY3ludmFycSBvbCBmZ2hjdnF2Z2wuCgpOY2NuZXJhZ3lsIGxiaCBueWZiIHFiIGZycGhldmdsLCB2cyBsYmggc3Z0aGVycSBndXZmIGJoZy4gSnJ5eS1xYmFyLiBQYnpyIGZyciB6ciBzYmUgbiB1di1zdmlyLg=="