What is NorthSec?

NorthSec is a security conference in Montreal, QC, Canada that has been running since 2013. In addition to fantastic technical talks, awesome badges, and free beer (yes, really), they have one of the largest in-person CTF events on earth.

This year’s event saw ~1,500 attendees for the conference/talks, and 700+ for the in-person CTF event.

Somewhat unique, at least in my conference experience, much of the content in the talks at North Sec is highly technical. For example, one of the standing-room-only talks this year was by MrUn1k0d3r walking through better ways to avoid EDR/AV detection through understanding some of the subtleties of compiler optimization of otherwise obfuscated code (and I probably haven’t accurately outlined that as it’s new to me). Other talks included deep dives around malware groups, reverse engineering, red teaming, and some great tales of exploitation.

I also did a talk at this year’s event, though not technically focused.

The venue

NorthSec, this year, was on the upper and lower levels of Marche Bonsecours in Old Port, Montreal. This is a picturescue location, super close to many restaurants, hotels, and attractions. While it’s a bit of a pricey trip ($1500-2000 CAD for train/hotel/conference/food), it’s such a “full” trip that it feels worthwhile even if the conference isn’t your main focus.

The CTF

I was only able to attend the CTF for about 6 hours of its 48 hour runtime, but that was enough to take in a good amount of its scope.

This year’s event provided each team with their own domain, complete with hundreds of challenges across dozens of machines and every family of challenges you can think of.

I can’t share any details as the event is still going on, however I can share that I was only able to solve ~8 challenges in the few hours I was there, and they were primarily aimed at folks newer to the CTF world. I appreciate that nSec has these, despite being otherwise known for having some of the hardest challenges in any event.

I guess with a team of 60+ people building challenges they’re in a great spot to be able to cater to many skill levels!

My takeaways

I had opportunities to meet up with folks at the top of their field and learned a tremendous amount in the < 72 hours that I was in Montreal.

I attended talks about reverse engineering, privacy, red teaming, exploiting SaaS platforms, supply chain attacks, and investigations around ecrime/ransomware groups. I also had a chance to sit in on a CTF workshop where I picked up some great introductory skills for pwn challenges - an area that I’m otherwise a complete novice in.

The staff, attendees, and speakers were all wonderful to chat and collab with. I’ll definitely be back next year, and I hope to see you there too!