Location

About Us

iHack Ottawa is an immersive cybersecurity conference and capture-the-flag event hosted every summer in Ottawa. Each year we provide our valued attendees with hands-on workshops, villages, competitions, and talks covering a wide range of cybersecurity topics including forensics, reverse engineering, exploitation, and defense. Our goal is to ensure a fun, inclusive, safe, and vibrant learning environment for all our attendees in an effort to narrow the global cybersecurity skills gap the world is facing.


This year we are pleased to offer our attendees with access to 5 talks, 3 workshops, 3 villages, and an all-night international CTF!


Our Mandate

1. Foster the growth and development of Canada’s next generation of cyber-warriors.


2. Provide an immersive cybersecurity learning experience by complementing academic and government initiatives.


3. Champion the advancement of women and people of diverse backgrounds in cybersecurity careers.

Event Schedule - Register Now!

The moral of the story is, we're here on Earth to fart around. And, of course, the computers will do us out of that. And, what the computer people don't realize, or they don't care, is we're dancing animals. You know, we love to move around. And, we're not supposed to dance at all anymore.

Day 1
Lockpick Village
IoT Village
RFID Village
Workshops
Talks (Room 2200)
Lockpick Village (Room 3220)

If you can abide by these simple guidelines then members of the Ottawa LockSport Group would like to share with you the inner workings of locks, how lock picking works and give you a chance to try picking a variety of different types of locks.

- Never pick a lock you do not have permission to open
- Never pick a lock you depend on (like your front door)

The Ottawa Lock picking Enthusiasts (https://www.meetup.com/Ottawa-Lockpicking-Enthusiasts/) includes people with a wide range of careers/experiences but is predominately IT Professionals interested in understanding how things work. These skills may also prove invaluable for Penetration Testing and helping absent minded friends.

Lock picking is a very rewarding experience and in under and hour many people are able to master the techniques and get the thrill of opening some of the most common padlocks available. Other hands on training will include lock pinning, handcuffs and bypass tools

12:30 - 17:00
T
Session logo
Reception

Food and drinks will be available.

17:00 - 17:45
Session logo
iHack International CTF

The Capture the Flag (CTF) event is an international competition that challenges individuals to think outside the box. This year's CTF features challenges in multiple tracks such as Forensics, Reverse Engineering, Exploitation, Cryptography and more! All you need is a WiFi enabled laptop and an unbreakable spirit!

17:45 - 03:00
HackFest Communications Inc. avatar
Session logo
ISE IoT Village (Room 3202)

IoT Village, created by ISE, delivers advocacy for and expertise on security advancements in Internet of Things devices. IoT Village hosts demonstrations by expert security researchers who dissect real-world exploits and vulnerabilities, and hacking contests consisting of off-the-shelf IoT devices.

At iHack, IoT Village will be hosting two demonstrations about IoT Security, as well as offering a selection of off-the-shelf devices that participants can interact with to learn the basics of IoT hacking. A Laptop is required for full participation.

12:30 - 17:00
Trevor Huffy avatar
Patrick Ross avatar
Trevor Stevado avatar
Session logo
Reception

Food and drinks will be available.

17:00 - 17:45
Session logo
iHack International CTF

The Capture the Flag (CTF) event is an international competition that challenges individuals to think outside the box. This year's CTF features challenges in multiple tracks such as Forensics, Reverse Engineering, Exploitation, Cryptography and more! All you need is a WiFi enabled laptop and an unbreakable spirit!

17:45 - 03:00
HackFest Communications Inc. avatar
Session logo
RFID Village (Room 3201)

RFID Village, organized by security consulting and research firm Loudmouth Security, presents an overview of the security landscape for commonly used RFID technologies in access control and payment/ticketing systems. Using our tools and equipment, participants can get hands on experience reading and cloning RFID tags, and physically interact with common RFID access control systems. This is lock-picking for the digital age. No laptop required for participation.

12:30 - 17:00
Trevor Huffy avatar
Trevor Stevado avatar
Session logo
Reception

Food and drinks will be available.

17:00 - 17:45
Session logo
iHack International CTF

The Capture the Flag (CTF) event is an international competition that challenges individuals to think outside the box. This year's CTF features challenges in multiple tracks such as Forensics, Reverse Engineering, Exploitation, Cryptography and more! All you need is a WiFi enabled laptop and an unbreakable spirit!

17:45 - 03:00
HackFest Communications Inc. avatar
Session logo
CAN Signal Extraction from OpenXC with Radare2 (Room 3224)

There’s lots of intro-level material on using radare2. I wanted to do intermediate level how-to. I’ve previously also looked at the open firmware and since it had an open source component it is a good place to start for both 1) not violating any terms and 2) fact-checking reverse engineering work.

OpenXC builds its firmware – for both the open and proprietary builds – using JSON data structures which define the CAN signals. These definitions are akin to the CAN database files (.dbc) files. Reverse engineering of the open openXC builds (as an educational exercise) reveals that it is a straightforward matter to identify and extract the CAN signal definitions from the binary. Attendees will learn: What are dbc files? How to load raw binaries into r2 (ARM in particular)? How to pretty-print data structures using r2? The exposition of machine code in the talk will be via the free radare2 RE tool.

Requirements:
- Attendees should bring their own laptop; with radare2 installed from git

12:30 - 13:30
Ben Gardiner avatar
Session logo
A Gentle Introduction To Fuzzing (Room 3228)

Fuzzing could be summed up as a testing method feeding random inputs to a program. Where a more traditional approach to testing relies on manual design of tests based on known assumptions, fuzzing bring an automated mean of creating test cases. Although a single test generated by a fuzzer is unlikely to find any defaults, millions of them in quick iterations makes it very likely to trigger unexpected behaviours and crashes. With the rise of smarter fuzzers, fuzzing has become an efficient and reliable way to test most edge cases of a program and makes it possible to cover very large programs that would require otherwise a large amount of effort from manual reviewing and testing. The low amount of manual intervention required to setup a modern smart fuzzer dismiss any pretexts a developer or security research might have to not fuzz its project. If you aren't fuzzing, the bad guys will (and find all the bugs that comes with it).

This workshop aims to introduce the basic concepts of fuzzing to the participants and to enable them to make fuzzing a critical step of their testing process. The class is going to start with a quick introduction about the concepts of fuzzing, why they should do it and some benefits other organizations have gain from it. The workshop will then move on to a hands-on approach on how to set up AFL and run it against a program and how to interpret the outputs. Most of the exercise will turn around a sample program with intentional bugs and gotchas, and once the participants will have an understanding of the basis, they will be walked through real world scenarios. Finally, a time will be allocated at the end for the participants to fuzz a project of their choice with the assistance of the presenters.

Requirements:
For a better experience participants must:
- Bring their own laptops with a working Docker installation. Docker will be used to give a proper AFL working environment to all participants. No support will be provided for participants running AFL outside of the provided Docker image. We might be able to provide remote environments through ssh. In any case, it is likely to be slow and suboptimal to quickly find crashes with AFL.
For a better experience we encourage participants to:
- Have a basic knowledge of C and common C vulnerabilities (Buffer Overflow, Format String, etc). The workshop won’t cover the exploitation of found crashes, but it might be more helpful to understand why those crashes happen and what can be done from them.
- Command-line knowledge, particularly how to build a program with gcc from the command-line interface.

13:30 - 16:00
David Manouchehri avatar
Jean-marc Le Blanc avatar
Session logo
CAN Signal Extraction from OpenXC with Radare2 (Room 3224)

There’s lots of intro-level material on using radare2. I wanted to do intermediate level how-to. I’ve previously also looked at the open firmware and since it had an open source component it is a good place to start for both 1) not violating any terms and 2) fact-checking reverse engineering work.

OpenXC builds its firmware – for both the open and proprietary builds – using JSON data structures which define the CAN signals. These definitions are akin to the CAN database files (.dbc) files. Reverse engineering of the open openXC builds (as an educational exercise) reveals that it is a straightforward matter to identify and extract the CAN signal definitions from the binary. Attendees will learn: What are dbc files? How to load raw binaries into r2 (ARM in particular)? How to pretty-print data structures using r2? The exposition of machine code in the talk will be via the free radare2 RE tool.

Requirements:
- Attendees should bring their own laptop; with radare2 installed from git

16:00 - 17:00
Ben Gardiner avatar
Session logo
Reception

Food and drinks will be available.

17:00 - 17:45
Session logo
iHack International CTF

The Capture the Flag (CTF) event is an international competition that challenges individuals to think outside the box. This year's CTF features challenges in multiple tracks such as Forensics, Reverse Engineering, Exploitation, Cryptography and more! All you need is a WiFi enabled laptop and an unbreakable spirit!

17:45 - 03:00
HackFest Communications Inc. avatar
Session logo
Welcome to iHack Ottawa

Welcome to the iHack Ottawa cybersecurity conference and CTF. An overview of who we are, our mandate, the agenda for the day, and where things are happening will be covered.

12:00 - 12:30
Nadeem Douba avatar
Dan Craigen avatar
Session logo
CTF IRL

If you’ve participated in plenty of CTFs or read books and tutorials on security, you probably understand stack-based buffer overflows or SQL injections and you are looking for the next set of challenges. Well, life is a CTF. If you look around you there are plenty of “hackable” things and you think you’re “just not quite at that level yet” - that’s probably not true.

In this talk, I hope to inspire people, who are starting to join InfoSec community, to take the leap and use their skills to tackle real world problems. In this talk, we’ll discuss tips on bridging the gap from tutorial to real world application on various infosec subjects. I will also introduce some “slightly more than beginner” topics on binary exploitation as well as some of the mitigations put in place today. I will walk-through the tools and programs to help you CTF IRL.

I hope that listeners will be less intimidated to tackle real software or hardware and start their journey into cyber security.

12:30 - 13:30
Jean-marc Le Blanc avatar
Session logo
Cloud Native Security Explained

Have you ever wondered how security is different ‘in the cloud’? What does “Cloud Native” even mean? What is “Zero Trust”? Serverless? Just In Time (access management)? And how do we secure these things? This talk is a whirlwind intro to securing cloud computing with audience participation and discussions of various new cloud security tactics, in Azure.

Demo will include:
- Complete Azure Security Centre walkthrough
- Policy and compliance, including subscription coverage
- Resource Security Hygiene
- Azure Security Centre Recommendations
- Threat Protection, Alerts and Logging
- Applying Just in Time
- Forcing HTTPS on an app service

13:30 - 14:30
Tanya Janca avatar
Session logo
Hiveplots for Binary Analysis

Hive plots, first described by Krzywinski, Birol, Jones and Marra (please see http://www.hiveplot.com/) can be used to visualize hierarchical data along where the nodes have an ordering. This has been applied to genomes and source code bases. We demonstrate (via pretty pictures!) the application of hive plots to static- and dynamic- analysis of binaries. The scripts for creating the hiveplots are published on github: https://github.com/cloakware-ctf/idascripts. We examine hive plots of static-analysis CALL cross-references and show some alternate perspectives of binaries as well.

14:30 - 15:00
Ben Gardiner avatar
Session logo
The Whys & Hows Of Advanced Reverse Engineering For The IoT Age

Overview of advanced reverse engineering of modern semiconductor devices (including 7nm technology nodes), discussing the reasons why, methods and equipment for how and the biggest challenges that remain.

15:00 - 16:00
Chris Pawlowicz avatar
Session logo
Hostility and Conflict In Cyberspace

iHack presents a unique opportunity to test and polish your skills and use of your toolkits in the cyber domain. If you haven’t already, you will soon realize the impact of your actions and the responsibilities and accountabilities you carry. You will also need to know the difference between cyber-crime, cyber-espionage, cyber sabotage, and cyber warfare. You will likely also need to understand the laws in Canada and internationally that surround cyber and the challenges we have today surrounding this.

Canada works together with our allies to help defend and protect each other. Annually, NATO’s cyber live fire exercise called Locked Shields held in Tallinn, Estonia, brings together many experts from the allied countries. They practice to work together in cyber and other domains of warfare.

As Canadians, we are legalistic and tend to be precise with our actions. Our adversaries may not be. They will attempt to compromise us through all security domains (physical, technological, personnel, and emissions) and attempt to cause harm from all domains of warfare (air, land, sea, space, and now cyber) with little concern for collateral consequences.

Mr. Kushwaha will discuss these matters in greater detail and share some of his knowledge, experience, and research in the cyber domain.

16:00 - 17:00
Neal Kushwaha avatar
Session logo
Reception

Food and drinks will be available.

17:00 - 17:45
Session logo
iHack International CTF

The Capture the Flag (CTF) event is an international competition that challenges individuals to think outside the box. This year's CTF features challenges in multiple tracks such as Forensics, Reverse Engineering, Exploitation, Cryptography and more! All you need is a WiFi enabled laptop and an unbreakable spirit!

17:45 - 03:00
HackFest Communications Inc. avatar
Session logo

Our Partners

Our Sponsors

This website uses cookies. By continuing to browse you agree to this and Conferize's terms of service.