Editor's Picks
Best Talks at NorthSec 2025
Hand-picked from in-depth reviewer verdicts — the top 9 talks from this conference. Skip the noise, find the signal.
-
1
Weaponizing XSS: Cyberespionage tactics in webmail exploitation
Matthieu Faou
ESET Senior Malware Researcher Matthieu Faou presented two years of research into XSS exploitation in on-premises webmail applications — Roundcube, MDaemon, Zimbra, and Horde. The research identified two zero-day vulnerabilities (CVE-2023-5631 in Roundcube, CVE-2024-11182 in…
0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway MUST SEE ★★★★★ -
2
A Pirate's Guide to Snake Oil and Security
HD Moore
HD Moore, creator of Metasploit and now principal at runZero, dissects the vulnerability management industry with two decades of hard-won credibility. He demonstrates that most commercial vuln scanners cover fewer than half of known vulnerabilities in controlled tests, that…
0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway MUST SEE ★★★★★ -
3
A Tabletop As Big As the World
Wendy Nather
Wendy Nather, one of the most experienced incident response practitioners in the field, uses the NorthSec 2025 closing keynote to argue that tabletop exercises are systematically underdesigned — too narrow in scope, too polite in scenario construction, and too rarely…
0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway MUST SEE ★★★★★ -
4
Living Off the Pipeline: From Supply Chain 0-Days to Predicting the next XZ-like attacks
François Proulx
François Proulx, VP of Security Research at Montreal-based BoostSecurity, presents a systematic taxonomy of CI/CD attack vectors, a live walk-through of vulnerable GitHub Actions workflow patterns, and the architecture of two internal tools — Package Supply V3 and Package…
0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway STRONG ACCEPT ★★★★☆ -
5
Nice to meet you! That will be 20 million please
David Décary-Hétu
David Décary-Hétu, criminologist at the University of Montreal, presents the first large-scale qualitative analysis of ransomware negotiation transcripts: 195 conversations comprising roughly 6,300 messages exchanged between 23 ransomware groups and their victims, sourced from…
0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway MUST SEE ★★★★★ -
6
One certificate to rule them all: the story of a Chinese-nexus botnet
Amaury-Jacques Garçon
Sequoia CTI analyst Amaury-Jacques Garçon presented a two-year investigation into a Chinese-nexus Operational Relay Box (ORB) network that grew to approximately 70,000 compromised devices. The investigation began from a single shared self-signed TLS certificate observed across…
0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway STRONG ACCEPT ★★★★☆ -
7
Stolen Laptops - A brief overview of modern physical access attacks
Pierre-Nicolas Allard-Coutu
Pierre-Nicolas Allard-Coutu, senior penetration tester at Bell Canada's STIRT team, delivers a fast-paced, technically detailed breakdown of how modern laptops are compromised in physical access ("stolen laptop") scenarios. Encryption at rest alone is not sufficient protection…
0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway STRONG ACCEPT ★★★★☆ -
8
Exploring Azure Logic Apps and Turning Misconfigurations into Attack Opportunities
Chirag Savla, Raunak Parmar
Chirag Savla and Raunak Parmar of White Knight Labs methodically map the attack surface of Azure Logic Apps — Microsoft's low-code workflow automation service — demonstrating how Logic App Contributor permissions, exposed webhook URLs, misused managed identities, storage…
0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway STRONG ACCEPT ★★★★☆ -
9
Enhancing Identity Credential Privacy with Zero-Knowledge Proofs
Christian Paquin
Mobile driver's licenses and digital identity credentials are rolling out across North America, but existing standards like SD-JWT and mDL still leave a critical gap: every credential presentation leaks a unique digital fingerprint that issuers and data brokers can use to track…
0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway MUST SEE ★★★★★