obilodeau

Learning about color mapping and LUT (cube files) and trying all sorts of ffmpeg tricks to make bland videos look good at 2 am..

Yup, it's about @nsec.io and trying to leverage cool video shots that we were given for free, but they were raw...

Then you realize a phone does a lot of work for you...

Flare Launches Identity Exposure Management to Combat 50 Million Weekly Breached Identities and Stop Account Takeovers in Seconds New solution enables organizations to detect, validate, and remediate leaked credentials and active sessions - before attackers strike.

I worked on a thing at work. One small cog in a huge team effort. www.newswire.com/news/flare-l...

Anatomy of a Billion-Download NPM Supply-Chain Attack A massive NPM supply chain attack has compromised foundational packages like Chalk, affecting over 1 billion weekly downloads. We dissect the crypto-stealing malware and show you how to protect your p...

Still, this is a great wake-up call! A more polyglot payload could have done a lot of damage! Desktop, browsers, CI/CD, servers, etc.

Caveat: Spent 25 minutes on this. I didn't deobfuscate myself, I might be wrong.

Ref used for analysis: jdstaerk.substack.com/p/we-just-fo.... 3/3

Browser extensions with broad privileges that would bundle an affected dependency could be dangerous but even then there are some limitations in where the code needs to run by the browser extension context. 2/3

Quick analysis of today's chalk / npm supply chain story.

It requires the `window` object so it needs to be deployed and run in a browser. It means front-end projects would only be affected if the site itself was a cryptocurrency website. CLI projects unaffected. 1/3

📸 𝗟𝗲𝘀 𝗽𝗵𝗼𝘁𝗼𝘀 𝗼𝗳𝗳𝗶𝗰𝗶𝗲𝗹𝗹𝗲𝘀 𝗱𝗲 𝗡𝗼𝗿𝘁𝗵𝗦𝗲𝗰 𝟮𝟬𝟮𝟱 𝘀𝗼𝗻𝘁 𝗱𝗶𝘀𝗽𝗼𝗻𝗶𝗯𝗹𝗲𝘀! • 𝗢𝗳𝗳𝗶𝗰𝗶𝗮𝗹 𝗡𝗼𝗿𝘁𝗵𝗦𝗲𝗰 𝟮𝟬𝟮𝟱 𝗣𝗵𝗼𝘁𝗼𝘀 𝗔𝗿𝗲 𝗢𝘂𝘁!

Revivez les meilleurs moments de NorthSec avec notre album photo officiel! ⚓️

photos.app.goo.gl/bMCHe366jdP1...

My advice for people who are applying to big conference for abstracts are: imagine that your reviewer is under a deadline of less than twelve hours and they are deeply deeply angry.
Write to impress that person, but write the talk you'd be proud to give.

I don't know.. I mean I pay for the no ads streaming package. Getting ads before calls sounds terrible!

Link please?

A table full of stickers and infosec schwag

Here is all the cool stuff I brought back from @bsideslv.org, @blackhatofficial.bsky.social and @defcon.bsky.social. Was thrilled to do the trio! Chrono order: Sponsor at BSides LV, speaking at BlackHat USA and DEFCON. I wasn't even trying to bring stuff back, it just happened! 🙏 cool people I met!

In an era of youth unemployment because of AI (seniors have the job + cuts), I have to say that it sounds like a nice way to create tight bonds in a society.

From the article:
> Seventy-four percent of those surveyed embraced mandatory service it for public health support service, such as working with seniors or in hospitals.

That doesn't sound bad at all.

I see what you mean but Switzerland, Sweden and Norway have it, I believe. I'm not for it but these left-leaning countries have it. It all depends on how it's implemented.

I caught up on a lot of tasks tonight, but I still haven’t written my post–HackerWeek LinkedIn update or caught up on the NorthSec Slack and emails 🙃

Met @malwarejake.bsky.social in real life! Glad I got to talk to him about Estelle and I recent work on stealer logs with incident response use cases

Look at this nice hardware badge! Real filament tubes!

Talk to me if you see me and I'll give you something if you wear NorthSec gear, promise you will submit a talk (or sponsor) or join our Discord. I have NorthSec badges (2024, 2025), t-shirts and proudly Canadian produce.

Table full of hacker loot

Author of post showing his face with some of the loot

Free give-aways all week during Hacker Summer Camp!

I'll be at the Flare booth during @bsideslv.org, I'll be roaming around and giving a talk at @blackhatofficial.bsky.social (brag) and I'll also be roaming around + giving a talk at @defcon.bsky.social (brag).

Come and see me. Let's chat! Cheers

Opening up ‘Zero-Knowledge Proof’ technology to promote privacy in age assurance Today, we open sourced our Zero-Knowledge Proof (ZKP) libraries, fulfilling a promise and building on our partnership with Sparkasse to support EU age assurance.

🔐 This could reshape privacy engineering. Google open-sourced their zero-knowledge proof (ZKPs) age verification libraries on Jul 3 called "Longfellow" letting you prove you're 18+ without revealing birthdate, name, or any PII.

blog.google/technology/s... (1/8) 🧵

Missing the NorthSec community already? We made you a starter pack to help you quickly find us on Bluesky!

Saw someone missing from this starter pack? Let us know!

go.bsky.app/JZeo2ad

A pop-up that says: Microsoft Entra ID Exposed Credential Verification is now available!

A dream come true: I wrote POC-level code that I thought would be a good addition to our platform, and someone rewrote it and integrated it. We are now protecting more customers automatically with it!

Now onto the next POC!

Wow!

Another law enforcement takedown announced today. Operation Deep Sentinel targeted the Archetyp darknet forum (drug). These takedown videos keep getting better! Go watch: operation-deepsentinel.com

Black Hat Black Hat

I have two student tickets to give away for BlackHat USA as part of their student scholarship program: www.blackhat.com/us-25/speake.... Let me know if you are interested.

Quick 60 seconds summary of the assembly process of for the lever of the slot machine Northsec 2025 Slot Machine Mech Assembly [Preview]

Wanted to show a snippet of how I made the mechanical component of the #Northsec 2025 slot machine for the CTF www.youtube.com/watch?v=WCLc...

Estelle Ruellan and I were accepted at BlackHat USA!!

"Hackers Dropping Mid-Heist Selfies: LLM ldentifies Information Stealer Infection Vector and Extracts loCs"

Couldn't be happier sharing what we did on a worldwide stage!

p.s.: picture of us celebrating from Botconf after our talk today
#BHUSA

NorthSec is delivered. It was an incredible edition! Great keynotes, our best party so far and our world-class in-person CTF scenario and huge set of diverse and accessible challenges were a great success!

I didn't take much photos, I'll report back later. ✈️🇫🇷 to botconf now! 😅

Quite a few SAO to solder and collect this year at Northsec 😍 See you Thursday

A big room full of road cases of gear ready to be deployed to run our crazy 2 day conference followed by an even crazier 48 hour CTF

80+ volunteers have worked on this all year. It's time for another NorthSec and it's going to be epic!

NorthSec 2025 May 10th – 18th, 2025

Forget about the waitlist! 😎 You can once again buy tickets for the CTF. 🤩💫

Hurry up, the limit to buy tickets is may 12th! This edition will be our biggest to date, be it in physical tracks, number of challenges and integration with the scenario. ⛴️⚓

tickets.nsec.io/2025/

#ctf #nsec2025 #infosec