It took me a couple of listens but I finally got it

Submitted a talk about detection-as-code to the @nsec.io Call for Papers! You have until feb 2nd if you’re interested in submitting :)

🎅h0h0h0day CTF tickets are now on sale! 🎅

The idea is simple: Create a CTF challenge, send it to us, then solve other participant’s challenges in a festive ambiance!

🍕 and 🍺 offered thanks to NorthSec!

🎟️ h0h0h0dayctf2025.eventbrite.com/
📜 montrehack.ca/2025/12/16/h...

NorthSec 2025 - Wendy Nather - Keynote: A Tabletop As Big As the World YouTube video by NorthSec

🔗 Conférence complète/Full Talk: youtu.be/pq0NMN9HHOY
🎟️ Billets/Tickets NorthSec 2026: nsec.io

#NorthSec #cybersecurity #infosec

Learning about color mapping and LUT (cube files) and trying all sorts of ffmpeg tricks to make bland videos look good at 2 am..

Yup, it's about @nsec.io and trying to leverage cool video shots that we were given for free, but they were raw...

Then you realize a phone does a lot of work for you...

Flare Launches Identity Exposure Management to Combat 50 Million Weekly Breached Identities and Stop Account Takeovers in Seconds New solution enables organizations to detect, validate, and remediate leaked credentials and active sessions - before attackers strike.

I worked on a thing at work. One small cog in a huge team effort. www.newswire.com/news/flare-l...

Anatomy of a Billion-Download NPM Supply-Chain Attack A massive NPM supply chain attack has compromised foundational packages like Chalk, affecting over 1 billion weekly downloads. We dissect the crypto-stealing malware and show you how to protect your p...

Still, this is a great wake-up call! A more polyglot payload could have done a lot of damage! Desktop, browsers, CI/CD, servers, etc.

Caveat: Spent 25 minutes on this. I didn't deobfuscate myself, I might be wrong.

Ref used for analysis: jdstaerk.substack.com/p/we-just-fo.... 3/3

Browser extensions with broad privileges that would bundle an affected dependency could be dangerous but even then there are some limitations in where the code needs to run by the browser extension context. 2/3

Quick analysis of today's chalk / npm supply chain story.

It requires the `window` object so it needs to be deployed and run in a browser. It means front-end projects would only be affected if the site itself was a cryptocurrency website. CLI projects unaffected. 1/3

📸 𝗟𝗲𝘀 𝗽𝗵𝗼𝘁𝗼𝘀 𝗼𝗳𝗳𝗶𝗰𝗶𝗲𝗹𝗹𝗲𝘀 𝗱𝗲 𝗡𝗼𝗿𝘁𝗵𝗦𝗲𝗰 𝟮𝟬𝟮𝟱 𝘀𝗼𝗻𝘁 𝗱𝗶𝘀𝗽𝗼𝗻𝗶𝗯𝗹𝗲𝘀! • 𝗢𝗳𝗳𝗶𝗰𝗶𝗮𝗹 𝗡𝗼𝗿𝘁𝗵𝗦𝗲𝗰 𝟮𝟬𝟮𝟱 𝗣𝗵𝗼𝘁𝗼𝘀 𝗔𝗿𝗲 𝗢𝘂𝘁!

Revivez les meilleurs moments de NorthSec avec notre album photo officiel! ⚓️

photos.app.goo.gl/bMCHe366jdP1...

My advice for people who are applying to big conference for abstracts are: imagine that your reviewer is under a deadline of less than twelve hours and they are deeply deeply angry.
Write to impress that person, but write the talk you'd be proud to give.

I don't know.. I mean I pay for the no ads streaming package. Getting ads before calls sounds terrible!

Link please?

A table full of stickers and infosec schwag

Here is all the cool stuff I brought back from @bsideslv.org, @blackhatofficial.bsky.social and @defcon.bsky.social. Was thrilled to do the trio! Chrono order: Sponsor at BSides LV, speaking at BlackHat USA and DEFCON. I wasn't even trying to bring stuff back, it just happened! 🙏 cool people I met!

In an era of youth unemployment because of AI (seniors have the job + cuts), I have to say that it sounds like a nice way to create tight bonds in a society.

From the article:
> Seventy-four percent of those surveyed embraced mandatory service it for public health support service, such as working with seniors or in hospitals.

That doesn't sound bad at all.

I see what you mean but Switzerland, Sweden and Norway have it, I believe. I'm not for it but these left-leaning countries have it. It all depends on how it's implemented.

I caught up on a lot of tasks tonight, but I still haven’t written my post–HackerWeek LinkedIn update or caught up on the NorthSec Slack and emails 🙃

Met @malwarejake.bsky.social in real life! Glad I got to talk to him about Estelle and I recent work on stealer logs with incident response use cases

Look at this nice hardware badge! Real filament tubes!

Talk to me if you see me and I'll give you something if you wear NorthSec gear, promise you will submit a talk (or sponsor) or join our Discord. I have NorthSec badges (2024, 2025), t-shirts and proudly Canadian produce.

Table full of hacker loot

Author of post showing his face with some of the loot

Free give-aways all week during Hacker Summer Camp!

I'll be at the Flare booth during @bsideslv.org, I'll be roaming around and giving a talk at @blackhatofficial.bsky.social (brag) and I'll also be roaming around + giving a talk at @defcon.bsky.social (brag).

Come and see me. Let's chat! Cheers

Opening up ‘Zero-Knowledge Proof’ technology to promote privacy in age assurance Today, we open sourced our Zero-Knowledge Proof (ZKP) libraries, fulfilling a promise and building on our partnership with Sparkasse to support EU age assurance.

🔐 This could reshape privacy engineering. Google open-sourced their zero-knowledge proof (ZKPs) age verification libraries on Jul 3 called "Longfellow" letting you prove you're 18+ without revealing birthdate, name, or any PII.

blog.google/technology/s... (1/8) 🧵

Missing the NorthSec community already? We made you a starter pack to help you quickly find us on Bluesky!

Saw someone missing from this starter pack? Let us know!

go.bsky.app/JZeo2ad

A pop-up that says: Microsoft Entra ID Exposed Credential Verification is now available!

A dream come true: I wrote POC-level code that I thought would be a good addition to our platform, and someone rewrote it and integrated it. We are now protecting more customers automatically with it!

Now onto the next POC!

Wow!

Another law enforcement takedown announced today. Operation Deep Sentinel targeted the Archetyp darknet forum (drug). These takedown videos keep getting better! Go watch: operation-deepsentinel.com

Black Hat Black Hat

I have two student tickets to give away for BlackHat USA as part of their student scholarship program: www.blackhat.com/us-25/speake.... Let me know if you are interested.

Northsec 2025 Slot Machine Mech Assembly [Preview] Quick 60 seconds summary of the assembly process of for the lever of the slot machine

Wanted to show a snippet of how I made the mechanical component of the #Northsec 2025 slot machine for the CTF www.youtube.com/watch?v=WCLc...

Estelle Ruellan and I were accepted at BlackHat USA!!

"Hackers Dropping Mid-Heist Selfies: LLM ldentifies Information Stealer Infection Vector and Extracts loCs"

Couldn't be happier sharing what we did on a worldwide stage!

p.s.: picture of us celebrating from Botconf after our talk today
#BHUSA