 On est là sur Twitch.tv, mais on est sur la slide avec moi qui parle. Hello everyone and welcome to this online Nordsec AMA session. Today, well, I'm Emile, co-VP CTF, and today I have with me Serge Olivier, president of Nordsec. I have Laurent, David and Joé, challenge designers this year. I have Mathieu, VP of training. I have Florentia and Hugo, which are VP of conference. And I have Jonathan Marcel or Discord Ninja, which will all be presenting different parts of the Nordsec organization. I will be going over all the artwork that our team has been cooking through the year. And I hope this will get you excited for the upcoming edition of Nordsec in two weeks. Before we jump in, please open our Discord channel and the AMA portion will be happening in there. Please ask all your questions in general and please mention who the question is directed to. You can also say that the question is just directed to anyone. But if you have someone in particular that you would like to ask a question to, please mention it. So without further ado, I would like to introduce Serge Olivier, which will start the presentations. Serge Olivier, you appear to be muted. Of course, technology. So welcome everyone, take two. It's a pleasure for me to host, well not to host, but to be able to present some information about what Nordsec is. What are the values behind Nordsec and what you can expect from this event this year. There's a lot of stuff that we will cover. We'll try to cover it quickly so that we can collect the questions right after. So as you can see, the conference will be held on May 20, 21st. During the day, there's a ton of stuff that Florence and Hugo will tell you about. Then we'll hold the legendary CTF that will start on Friday evening until Sunday afternoon. And then there will be the training sessions which are used to be held before the event. Now they will be held after the event this year. So please, you can switch slide. Thank you. So, well I'm going to first introduce what is the event. Then Jonathan Marcel, which is our guru and one of our, clearly our MVP this year, is going to present what you can expect from the stream and the online venue that is this core this year. Then we'll talk about the competition, what to expect in such a competition, because that's quite unique and I know for a fact that for many people this can be intimidating, especially if it's your first CTF competition. Then we're going to talk about what to expect for the training sessions, the conference workshop. We will talk about our badge, which is making a lot of noise this year. It's a very beautiful piece of design. We will then discuss the shop very quickly, what you can find over there. And then a short discussion about sponsors and why they matters. And if you want to be a sponsor, what are the steps you can do? You can go forward. So, Nordsec has been ranked one of the top 10 security event in the world from this website called InfoSec Conferences. This is an honor and it's something that we believe is more and more true. And we will probably eventually go to the top five and eventually top one conference in the world. I have no doubt about that. We are also a non-profit organization from the community, from the community for the community. This is very important and we're going to see that in the next slide. So, Nordsec started in 2013 by a bunch of people who were really into CTF competitions, so Capture the Flight competition, and they were doing these competitions in international, they were participating in international competitions, and they came up with the idea, well, we have a bunch of awesome people in Montreal, very talented InfoSec professionals and practitioners, and they came up with the idea, why don't we make the hardest CTF possible a competition that you cannot win? And so this idea that started very slowly at Montreal University called ATS, gathered a bunch of people, and quickly it gained traction and became bigger and bigger and bigger, and now we are 2,500, 2,000 participants. And I forgot what I wanted to say at this slide. So, basically, Nordsec is an event that is really gathering together the community of Montreal, trying to make talent shine, and InfoSec conferences are extremely important events. This is because I'm having a brain freeze right now. InfoSec conferences are extremely important events because they allow you to explore technology, how it works, how it should work, how it shouldn't work especially, and these events should definitely be, I'm sorry, can we cut? I'm having the hardest time of my life right now. No worries. I think what you were saying is, networking is super important in these events. They allow you to meet other people, to go beyond just the title and the description. These things allow you to go beyond just what a job description is, but meet the people behind it, get training, get to know information behind it. I think that's what you're conveying, right? Yeah, definitely. And it's also a field that's very broad and very difficult to get into. There's a lot of different angles in. You can get into security through reverse engineering. You can get into it through more of a risk management angle. And it's very difficult to start and evolve a career. And it's also, I think, a very interesting domain in general because a lot of both technical, social, economic, all kinds of problems intersect in security. And so having a quality event where people can further their careers and also get a whole lot of, a whole lot more context for their personal interests in the field is really important. I would also add, just to, Hello, you are muted. Yeah, was that live? Which just said. Okay. Okay, so I'm really sorry. Okay, I'm going to take over where I left. So I want really to stress out the importance of cyber info sec event and the field of information security because it really brings something that is extremely important. It is our relation to technology. That technology should be something that is accessible, that is explorable. And we should really be able to have this space where people can exchange about knowledge, what you can do with it, and how you can leverage technology to achieve whatever you want to do. Okay, thank you. So from this point started, that started in 2013, the event grew more and more each year. It is now the largest event in Canada that is organized by a non-profit. It is 100% volunteer run. We have about 70% that works all year long. Lots of them work thousands of hours without any doubt. It is absolutely insane to be part of this group. When we are running on site, we have about 150 volunteers. This is quite massive, in my opinion, and it is absolutely beautiful to see. The event is constantly sold out since 2013. As we said earlier, we have four days of highly technical trainings. These trainings are held for cyber security professionals primarily, but we also started to open the scope and the reach of these trainings to more kind of communities. And we also have this legendary CTF that sparkled the event. So basically the mindset, and it is actually something that I wanted to say at the previous slide before my brain froze, this organization is really driven by a mindset of unreasonable growth and experimental testing. So we want to do what we can, not just what we can, but what people believe we cannot do. And I think you can switch slides now. So we also are driven by very strong values. We have a code of conduct that we enforce thoroughly. I would say that above all, respect for everyone with any regards to who they are, what they do, what they believe in. And the event is organized by the community, for the community, and this is extremely important. It's something we want to bring forth. It's the feeling of belonging in the community. We are as most of people that are in the agriculture driven by extreme curiosity, creativity and so I wrote an un quenchable thirst for knowledge, but we could also summarize it by grit and the willingness to do things that are thought impossible. And of course, and for absolute basic human dignity reason, we have a strong inclusivity and diversity opinions. I don't know if that's a proper sentence, but it's something that is extremely important for the people of Nordsek. And another thing that is important is that information security is hard and that's a super important message. Information security is hard. It is because technology is complex, becoming more and more complex and it is hard. Hacking is hard, but we believe it is learnable and it's something that requires collaboration and knowledge sharing between people. And so to us, learning and sharing the knowledge takes absolute precedence over vanity and over technical, what's this word in English, but over technical prowess. So in Nordsek, what we want to foster is an environment where we can share, where we can have fun, where we can do crazy stuff, where we can organize crazy stuff and have the mean to do it and where we can learn from each other. And if you have questions, you can of course go see our Code of Conduct. Next slide, please. So now I don't see the numbers, but these statistics, which are not extremely important for this presentation, but you can switch, we don't have time for that. What is great with online events is that we can extend our reach. So usually the attendance of Nordsek is of course mainly based in Montreal. We have more and more people travelling from around the world coming to the event, either to present or to participate in the conference or the CTF. But being an online event this year, we can extend our reach and the thing that we noticed. So this year we're going to have many people from Europe, from Asia, from Africa. And this is something we're extremely proud of and that we hope will help bring us toward our goal of being in the top and for the conferences in the world. And winning the Nordsek CTF has been known now to be a feat of renown. So being in the top five, the top three or the top one place in the CTF is something that is recognized by the Infosek industry. So as most Infosek conferences, as most events like that, the main value is the network of people that you can create there, the people you can meet. So of course there are a bunch of events spread out throughout the week when it's in person. So we have a legendary hacker geo-party held by the legendary Olivier Bilodeau. We also have a conference party held in the arcade bar which is very cool. There's also a bunch of networking cocktails and dinners, especially around the training sessions. This year everything will be on discord so you can expect lots of action over there. The hacker geo-party is going to be held there and I think it's going to be fun. I think it's not going to be a waste of time to have yet another online Infosek conferences. So if you want to get involved and I swear it looks much more fun than the way I'm explaining it to you right now because I have the stage fright, first you can make some noise. So participate in the event, meet some people, get yourself heard. You can win the CTF is the best way to become a challenge designer and a lot of people would like to be a challenge designer because it is a very desirable position in life, I think. So the best way to become a challenge designer is either to become friend with the group of people or to win the CTF. But it is a difficult job and it is highly rewarding. It's highly rewarding, thank you. So you can visit nsec.io slash team, there is a button if you want to become a volunteer. It is a very great group of human being that I feel extremely proud to be part of. So nsec now because of the great work of the past president has a large attendance and group of followers and in order to leverage that well we leverage this large attendance in order to pass some communications that we believe are important. For example this year you probably have seen the initiative do we look like hackers to raise awareness to the image of the hacker that is usually negative we absolutely believe it shouldn't be the case. We also have a bunch of outreach initiatives which has the goal to increase diversity in the field of cyber security. One example of that is the Black Hoodie training or workshop that we will be co-hosting with the Black Hoodie organization this year at nsec. And this is reverse engineering training held by women for people that identify themselves as women. So please register to this training if it is the case and please don't if it's not the case. We also started doing a bit of awareness with our partners by communicating some security definitions CDF warm-ups and a bunch of these things and you can expect to see more of that in the future. So without further ado I will pass the mic to Jonathan. Thank you very much. So actually I didn't know if I had to do the stream part of it so I don't know the slides so I would have to learn it with you guys but I just wanted to say that I'm kind of ninja meaning that I'm being the scenes right now there's Seb that is trying to do something with the stream because we're asking him live to cue this, cue that So a big shout out to Sebastien Ducat who was doing all the streaming stuff for this year I haven't touched anything I did the stuff last year when Emile was awesome Emile is still going to be the face of Northsake, right Emile? You're still going to go ahead and talk? So Seb go ahead and add Emile in the scene and good luck. So basically I think this is a documentation that I did last year about the post mortem of what happened with the streams so we had a lot of people actually watching because on average viewer were over 300 but we also did stream all night for maybe 48 hours for the CTF and then it started also during the week with the conference so the peak viewer were almost up to let's say 600 people and the hour watch which is the thing that you have to look because it's not just that oh there's one view it's like how many hours basically people have put at looking at the stream last year was over 10,000 so this is awesome with the size of the event it means that a lot of people were watching and in the amount of you it's over 6,000 I'm guessing that this is mostly maybe one person coming in it depends because the staff varies a lot if you look at the graph right there I don't know if I can touch it if you look at the graph you see the first thing is like a conference and then there's a dip because it's like the first night I think after the CTF and then it goes all in and then it goes slower up until the Sunday until the end event where everybody tune in so that's basically what we had on Twitch last year I believe that we're going to stream both in let's assume tenuous cast on YouTube and Twitch so you'll be able to choose which platform you want to be in next slide please cause I don't know what it is yeah exactly what I was saying you see I came all prepared I know exactly what I'm doing so no it's good it's good go back to that one we're not there yet so whoa whoa whoa two forward good job Seb by the way I'm still waiting on email to be added into that scene and I'm not seeing you working so this year it's on YouTube and Twitch like I said and so if you follow right now the YouTube channel and hit the small bell the same goes with Twitch you'll get a notification when we go online the streams I think I asked Seb yesterday started just a little bit before so you'll have like mostly kind of a heads up and then you'll be able to have a look at what is going on and so normally we don't want to do two things like that because it splits the community in half right because you're half of the viewer will be on YouTube the other half will be on Twitch maybe some of them are biased cause I don't know and so oh I'm gonna be so hard with Seb I need next slide soon and so because of that I think the choice that we did this year was oh he's almost there the choice that we did this year was to go with Discord as the main platform for interaction so it means that we're basically going to more so lock down the chat on Twitch and on YouTube so that way you guys will be able to interact so email if you want to jump in right now and say what do we plan to do with the stream and Discord before I jump into Discord yeah I can talk a bit about what we're planning on doing on stream this year so obviously there's going to be a bunch of surprises I don't want to spoil everything but we are planning on streaming through the event this year just like we did last year there is going to be a live stream showing the scoreboards and all the success that you guys are having during the CTF but of course we're going to have also special segments where we try to talk with people from the community also bringing some folks and maybe recap some of the highlights during the weekend we also might have some special guest that will be coming back this year so watch out for a potential Saturday evening classic coming back awesome so let's jump with the next one big thanks email I guess we'll see everyone after the presentation cause we're a few in the calls right now I don't know if we've seen it but I'm not the only one with surgeon email there's other people on webcam so full leads during the Q&A you guys will have to we'll get to interact with them so Discord has a virtual venue it's basically what you need to think about is that because we're still online this year we're just replacing most of the logistics that you see on Discord replace most of the logistics that normally you'll see in a normal venue you know you go in rooms and stuff like that and we're just going to do it on Discord so if you go to next slide cause apparently those are mine and I don't even remember what it is so the features of Discord if you don't know what Discord is it's a website slash application that you can download right now using this link and seg.io as Discord will give you a link there's a button that literally gives you a link in order to join the website and then just come into our server so we're going to use this for chat and voice during the conference the training and the CTF format this year and so it means that we have like a bunch of let's say chat rooms but also you have voice rooms voice rooms they're not using they're not use that much but there's always a few people that are either chatting for fun or drunk that are there and might talk if you join one the odds that the first person who joins the other one will just trickle in I guess I'm going to do that as much as I can and I'm going to also try to motivate the other staff members so that they can do that so that we can interact a lot with people we also have some private sections for you guys and so if you register and pay for the CTF there's some places where only you will have access to you'll be able to get in touch like much closer to the challenge designer and everybody than if you weren't registered because we're like that's one of the things that you can get when you go on an onsite event that by the way that used to be at that thing so it is not a lot not a lot there's a few channels there but you will see it on your register on the let's say Friday for the CTF the conference we actually did the same this morning for the workshop so if you are into the workshop will give you a thing will give you access to like a special section for that the training will be the same as well the training will be and I think the workshop as well we're using another platform I believe it's zoom and but all the chat and all the stuff that we want to retain will be in discord again in other private channels and during the CTF every team will have their own private channel so you'll be able to chat just with your team voice and text and we're going to provide like the discord server for that we actually paid for it so the video sharing quality as you see right now because this is my webcam in it it's basically full HD while it was HD before so it's a bit better the way we manage all that because that's a lot right because we need to manage accesses and stuff we did some magic stuff with the CTF but mostly we have flag bot that gives roles and also validate some stuff before they have it so right now there's a warm up and there's the badge that is already running but you're badge yet and you want to work on the badge because it's not part of the CTF but it's still a super awesome badge that I have right there and it's a super big screen sub can you do big screen so I don't know if there's slide about badges but oh nice I'm so proud of it and I'm like yeah so in this thing there's flags right but because the CTF is not live yet I think that you're going to validate your flag for the badge ready to see if you find something good or not is we have flag bot that is in discord so as you are doing that you're being giving roles and stuff if there's any green people because you will see there's a green color for the badges please hit up general because we want to see your nick right now and we might show you on stream if you want to say hi but you will have kind of this tree crest that goes with it so that's what we offer to you for the magnifique price of maybe 60 bucks so it's good we're going to have fun during the event we're going to also manage a let's say support a support let's say system no a ticket system ok you know like you're having problems during your CTF and you want to reach an admin right in the past we used to be on Slack and at everyone and then everybody will yell at you or you ask a question and nobody sees it this year what we've done is that we have Elbot who's going to manage for you request so you can request from Elb and you have a Nordic staff slash a challenge designer so a real human being that will just come and join and so yes we are interacting with bots it's robots all over the place but at some point in every request you'll get a human being that will just ear come chat voice with you or just go in the text and next slide please just to add on to that the goal is really to try to retrieve the experience of having a on-site experience where you actually the designer comes to your table and talk to you right this is something we lost last year we found that was really important within the CTF portion of Norsak and this is why we're doing this this year excellent thank you Amino's voice that is not being shown on stream right now because Seb is not fast enough ok so I'm just trolling right because it's such a lot of pressure when you're doing the things live and me and Emile last year we spent dozen and dozen of hours doing that thing and so I'm just trolling a little bit ok so the discord features like I said if you click on somebody's nickname you'll be able to see what the hell they have been doing so if they are staff you will see by the way all the staff are blue so it should be easy to identify who staff and who is not and if you click on any nickname right now there's not that many people in chat but if I say hey in general if you click on my nickname you will see that I'm an admin moderator and all that stuff so there's roles you have to learn how it is there's also secret roles that you can get mostly with flag bot if you just chat with people left and right you might be able to discover some of course if you do the badge and also the warm up if you don't know about the warm up basically check out twitter or send a like a pound sign help into flag bot or just text flag bot and it will tell you where to look for the warm up the warm up is basically some really really basic let's say challenges that you can do before the event just to get used with discord and flag bot and just get you in the mood right now we have I don't have the exact count so let's do maths live so right now there's 30 people that has completed the warm up and for a big let's say total of 90% that has actually participated so this is awesome we also kind of did it by the way because I didn't plug it well enough if you're not on discord right now there's a url on the top right of this stream that is insect.io slash discord and join right now you'll be able to do the warm up you'll be able to see I don't know what the people are doing with the badge there's a channel for that and so yeah so those are the rules a lot of them are useful are meaningful but a lot of them are not like if you see a bagel it's just because we had a bug in discord at some point that we needed to fix and the solution was a bagel because bagels bagels jcakes mas Linux has cf Donc, le CTF est généralement une compétition de 40 heures. Cette année, nous allons avoir 20 équipes. C'est une grande CTF quand vous comparez à d'autres CTFs. Nous pensons que nous sommes les plus grands. Et chaque année, nous avons un scénario qui change. Nous avons une route CA, Nous avons une année, nous avons des annonces des Nations Unies, nous avons des bécuries, des bécuries dans votre cerveau, nous avons plusieurs, nous avons une hôpitalerie de l'année dernière. Donc, le premier shout-out à Eric pour tous les scénarios. Je pense que ça ajoute beaucoup de compétition. Et par rapport à ce type de défis que vous avez, sur le prochain slide, quand possible, sur le prochain slide, vous trouverez que nous avons beaucoup de défis, beaucoup de défis, il y a des web, nous avons beaucoup de web, crypto pour tous les fans, Stegano-Graphy pour tous les gens qui aiment ce type de choses, Reverse Engineering, nous avons Trivia, nous avons un grand fan de Trivia, de plusieurs types. Donc, nous avons beaucoup de sujets. L'année dernière, nous avons Data Science, c'était un grand succès. Forensics est toujours un grand succès. Donc, vous avez beaucoup, vous avez un grand range de défis, comme l'année dernière, vous avez le BGP Poison, si vous aimez ce type de choses. Donc, il y a beaucoup de types de défis, c'est pour tout le monde. Le niveau de skill, quand nous avons des défis qui sont plus aimés aux gens qui commencent, nous avons essayé d'avoir des défis qui sont vraiment, vraiment difficiles. L'idée est qu'on veut être un classiste du monde, CTF. Donc, si vous venez, ce CTF vous devraient vous faire profiter. C'est le type de choses où vous avez shown votre skill, vous avez shown vos expériences. Ce que j'ai pensé serait être des défis très simples pour nos défis des défis difficiles et insérenant. Oui, c'est un type de training. Qu'est-ce que le challenge vous ressemble? Si vous n'avez jamais fait un CTF, qu'est-ce que vous avez fait dans votre vie? Le challenge est de trois parties. La première partie est la description. Donc, dans notre cas de discours, vous allez avoir la description. Hey, my friend, I found this EXC, I wondered if you could write a correct me. Perhaps that would help, something like this. So, it basically tells you what to do and sometimes also how to submit the flag. So, if the flag has a certain format or if the flag has something special or if there are hints that we need to share, well, these type of things would be in the description. In a few moments, David will share his tricks how he won several times Nordsec and things that would make how to improve on your team. But one a hint I can strongly recommend you is to read the descriptions. If you don't read it, sometimes you can lose so many time trying to find the right format or just reading the description can go a really long way in order to improve your CTF game. Then, once you've had a description the second part of the challenge is actually doing the challenge being solving it either with tools, with teamwork or with creative solutions. And the last part is you had, there's a robot called Asgard where you submit your flag and you're told whether or not it's good. If it's good, then you get points, congrats, otherwise keep trying. So, that's basically a challenge at a very high level. Now, what makes a good challenge or a philosophy behind it is what to do should be very clear. When you're facing a challenge what should you do should be very easy to understand. I need to get the flag that's behind this web page predicted by a password. Now, how to do it could be very, very complex depending like maybe it's yet another Rohammer challenge or Spectre attack that you need to do or perhaps something like it could be very, very difficult. But the intent is way more that it should be clear what to do but how it can be very difficult. Now, for challenges the first thing is there should be no guessing. We do not expect you to be mind readers. So, if I have a path slash stop secret slash QWERTY slash something there's no way you can guess it. We'll give a hint. Check the source code. We'll have a robot.txt. We'll let you know in the description but there should be no guessing as part of the challenge. If you need to guess, then we are doing something wrong. Dumb brute force is never the solution. For example, one year we had a capture challenge and some people tried brute forcing forever and that doesn't work. Smart brute forcing might be possible but what that I mean is for example, sometimes there was a challenge on a pin where you had to brute force a pin locally and that takes less than a minute no problem. But we had a team two years ago who rented a very large cluster on Amazon to try to crack some challenge and you're spending money for no reason. Same idea, the tool should confer no advantages. The reason being not all students are working not all participants are working sometimes you have students so we do not require IDAPRO we do not require any special tools. Having tools should not provide you any advantages or at least commercial tools should offer you no more advantages than others. Like running Nessus our our challenges will lead you nowhere and this is not the type of thing that we would recommend would work. So basically these are how we design our challenges. So David you're up. Thank you Laha, that was really great information and I think that it will help people to understand better what kind of challenge they are in the Nordsek. I'm quite excited for my full t-shirt right now but I'm wearing the Goats t-shirts from our team so as you may know I'm from the Goats team I've been playing with the team since 2018 and yeah so during past CDF we experienced some tips and things that can help you to build a good team and also be prepared for a great CDF. So right now I'm going to share some tips that are more aligned with winning the CDF because there is two types of CDF you can go to the CDF and just have fun and just talking with people and just having fun and trying to solve challenges but there is also another type of attending to the CDF is when you want to win so there is some kind of difference there. So firstly you want to have a strong communication between your team what we have found in our team is that trying to share all the information between those challenges so like trying to have a spreadsheet where you can list all the challenges and you can put an update or a status on this challenge so you can share this information with your team and just realize that oh ok this challenges has been solved so I will not waste time on it. The platform we are using it's really simple I think we are using Google Drive with Doc with some table where we were sharing some information between those challenges but you know there is other kind of platform you can use not notions or discord I've seen other teams using discord that was really interesting they were creating like a text channel and a voice channel for each of the challenges so that can help because you can share all the information between those The second point is assign specific role to everyone so make sure to add at least some people in the category expert so that you need some people that are like expert in web for example reverse engineering, forensics or cryptography so at that time since the CTF was on site so there was like 8 players there were at least 4 to 5 category experts and the other members was all around expert so you need people that will be focused on specific challenges like web etc and all around people will try to solve as much as they can and get the points on any kind of challenges or just shadow some people and trying to solve trivia challenges for example we added a third point which is Google expert researchers because there are some people that are I don't know what they do but they are more like voodoo and they do some tricks by research by doing some research on google and they are really good at this and that can help your team to get some information that you need like papers or black at slide or things like that so when you are looking for a specific vernerity you can ask someone else in your team that is really good for research that can help the third point is trying to manage your time as much as you can so trying to be aligned with your team so if your teams comes up at 9 am to start the CTF like try to start the CTF at 9 am with them I've seen with other teams like people come up at 9 am and then they left for a break for a four hour break and on the next day they don't show up and on the last day they are there so if you want to win a CTF you have to make sure to be consistent on the time because solving challenges will ask you a lot of time some challenges can be solving like one hour but other challenges can be solving like 8 hours or you can take days so make sure to manage your time so make sure to sleep and eat correctly one thing that is funny is that when we did the CTF on site we were having someone who was responsible for ordering lunches so basically this guy was responsible to order lunch for every teammate in the team so that was very funny alright so I think we can go on the next slide yeah I'm the lucky oh I think I have another slide oh sorry can I add something drink maté if it's available to you drink maté you can also eat croissant because you might have croissant or you should find croissant if you are not on site the NorthSexCTF oh do you spell maté please spell maté for us thank you very much can you give a bit of insight of what is that drink maybe some people does not know so maté is an ancient drink coming from South America that has some special property and that has swept the market a few years ago and is now taking hold of the market in Montreal so maté maté is a brand that is coming from the Montreal Underground team and that we particularly like at NorthSexCTF disclaimer it might make you act weird after 3 days yeah it's a really good drink alright so I'm gonna share some quick tips we had over the years so make sure to read the rules read the rules can make you between a team that win and a team that will not win so it's really important make sure to do that because you don't want to attack like domain that are not in scope or just like don't brute force like as good and things like that so it's just a waste of time try to read past CTF write ups and try to read also research from designers that can help you to understand what kind of challenge you can find and just to be prepared to the CTF keep an eye always keep an eye to discourse discourse can be updated like every I don't know 15 minutes 10 minutes depending on the situation because this course discourse is a platform where all the challenges are shared so if there is an issue on a challenge on the discourse it will be updated so there will be some message saying like oh the challenge is broken or there is a fix there or there is a hint for example so try to be try to look at discourse and if you have any information regarding a new update on discourse try to share it with your team know your tools really important and don't come at the CTF without your tools so make sure you have everything installed before starting the CTF because a lot of people can't come at the CTF and they start to install everything and that's that's just a waste of time first and it's not it's not really the goal here and the last point if you're stuck try to ask help so go in your team and just ask help to your colleague and try to you know just don't be stuck on a challenge so on like 2 or 3 hours try to just so anyway I hope you will have fun can you provide a bunch of examples of tools that people could prepare in advance very broad overview for example make sure for sure like make sure to have at least one virtual machine where you can have like if your house is on windows for example I try to have at least one virtual machine with Linux I will suggest like for people starting CTF I will suggest just install Kali Linux where you have like most of the hacking tools already installed on the virtual machine so that's a way to go have the burbs installed to be ready to solve some web challenges yeah so Laurent do you have any other tools that you have in mind right now well having a scripting languages be it pearl for the older amongst us or python or go or having one way to script things would be very helpful having guide installed or or iDEPRO or some ways to do reverse string please update it these type of things might be helpful one year we had a team who installed backtracks or Kali before before Kali for the whole CTF they learned a lot but all they did was install Kali perhaps have your operating system ready that would be helpful as well I guess if I may add another tool that would be useful to download ahead take a look at Flair VM it's a fire eye that's making that the only trick with Flair VM is that it's so bloated that it will take you maybe 24 hours to get your VM ready so don't do it during the CTF good advice yeah good advice so yeah I hope you have fun and I think the first objective of the Nordsek is one learning and have fun right so regarding the IT infrastructure this year well every year at Nordsek the infrastructure is isolated which means that you can break your own challenges but nobody else than you can break your own challenges so you will not have someone from your team deleting flags or anything cause you have your own system for your team and while this is super nice this creates lots of IT infrastructure challenges because you understand that say we have 150 challenges times 20 teams plus rotting, plus the servers some challenges of more than one servers we have windows, we have so many things then of course that means we need to have a pretty large infrastructure so the bulk of it is running on LXD 4.4 we now have way more we add one firewall now we have five firewalls every year there is either a fire alarm or a electricity problem or something so we plan for these type of events now we have everything with BGP so if there is a node that drops we should in theory be much more resilient and that's basically what we have for our infrastructure right now so for those who are interested if I may add our IT lead Stéphane Graber is every year doing a presentation after the fact of what are the interesting things to know about the infrastructure so every year we go bigger and bigger more and more things happen and there are always interesting events I think there were a bunch of kernel bugs that were found during the first few events of the CTF that's something that is quite interesting so Stéphane is a legend of the local scene and he is of course busy with the rest of the team right now to prepare the CTF that is coming in two weeks so that's part of the reason tonight to explain to us what is to expect with respect to the infrastructure so if you have specific questions you can always contact us and this is exactly the goal of this session so I will then pass the mic to Matthew for the training session Hello everyone so I'm here to talk about the training sessions this is my first year as the VP of training we were able to make quite an awesome lineup for you guys so next slide please so this year we have Spectre Ups with their brand new training adversary tactics vulnerability research operator or VRO for the intimate people you might know Spectre Ups they are top notch I think all of our trainers are top notch this year my king is from Black Hills Infosec he is doing modern web app pen testing so I'll show you some things that are a little bit beyond the OWASP top 10 we have Falcon Force that's going to make a training about detection engineering so how to properly build some rules in your environment we have Forty North that's going to do a four day exploration so go in depth into how you build a good red team engagement and I've read some of their blog post and these guys are awesome, very elite we have the next one is about analyzing traffic and finding traces of malware if you have PCAPs in your network and you don't know what to do this is the training we have it's very good for defender but also for malware researcher and we have the two last trainings that are already complete unfortunately but we have the NCC group that is offering offensive cloud security and Charles Hamilton aka Mr. Unicoder that is providing a two day red team training that sold extremely quickly as well and so as Charles mentioned before we have four days of high quality training session given by the absolute best expert in their field and all of that at Canadian prices most of these training were at black at before it's also a good place to do some networking as our discord ninja told you earlier you'll have some private room that we called coffee table where you can go there between breaks and have a chat with both the staff and the other appoint the other attendees said can you remove that slide because I cannot read what I'm that's on the thank you so the past trainer includes other very famous people I'm not going to read them you can see the name right there if you want to register for one of our awesome training the address is just here and set up IO slash training sessions and if you have special means for training for next year we are happy to talk with you guys and try to bring the subject that actually matters to you and to your organization to help to grow we want to be the de facto training venue or everything and security related and I would say in the east time zone or in eastern America so that concludes what I had to tell you thank you very much next person please again if I may I'm sorry we are the de facto training resource in the eastern thank you that's just a detail minor detail ok it's me hi I am I am VP conference and we should also have Hugo but he's not on the screen who has joined me in helping me to organize the conference this year which is awesome and much appreciated so I want to talk about some of the decisions that we made around the conference this year can we go to the next slide alright so essentially I kind of doubt that there is anyone who is watching this stream who has not been to the conference but I'll just say this for the sake of being true to reality it's usually we have well in the past few years we've had a two year conference we're bringing together security experts from Montreal, around Montreal and all kinds of parts of the world it's a very useful event professionally where you learn through both talks and workshops lots of things that are useful to your job we've got lots of very technical topics and we try to be very pragmatic in the subjects that we choose we also have an independent committee that chooses all of the workshops and talks so it's it's something that we take pride in having a committee that evaluates everything very very neutrally and we try to make sure that we have a program that is a mix of different types of topics ranging from really very seriously hardcore specific technical stuff to open the mind to the broader possibilities of what InfoSec does and can do in society so I think this is not the latest version of the slides which is maybe a little bit of a problem this might be about to be a disaster alright that's fine we've had a good deal of imposition okay this is maybe about to look like a collage put together by a 5 year old fair warning but okay so essentially as I'm sure you all know we have spent the past year looking at our screens and while last year we put together a smaller conference very kind of last minute and it was still a very new thing to have an online conference at all I think this year it's safe to say it's a longer a new thing the novelty has worn off and while Nord second person is an event that people typically have their employer pay for and they you know they go and they spend their entire two days there they have their bagels, they have their croissants, they have their mate beer etc I think it's safe to say that that this year online is likely and so we cut up into essentially kind of mini-conferences. So we have a bunch of talks that are grouped by subject. It's two to four talks, and then they're followed by moderated discussions, which we're taking a little bit out of the, I don't know, success, I guess, of Discord and Clubhouse during the pandemic. I think there's a desire to have kind of slightly more live, more botanious conversations, and that's what we're trying to facilitate with the Q&A sections that you'll see in the conference schedule. So essentially, we've got days that go a little longer. We're going from now to about 7 p.m. We don't have a break because what is that in an online conference? And we've basically got the talks grouped into sections with a Q&A at the end, and we have special guests that will be coming to moderate those discussions, take questions from the audience, and also make sure that it's a lively chat. I will mention that our AV team is working hard on this. Sam's not here today, but he's doing an amazing job, some of the rest of his team. And I will also mention, as I watch, Seb struggle here a little bit, that one of the things about running an event online is that when you're in person, maybe you're running back and forth across the Saint-Pécien, but if something breaks, you can see it, whereas it's very stressful to be running something where the feedback is necessarily delayed by several minutes, and there's just a lot of things that can go wrong and you just never notice. For example, right now I could be talking and no one could be hearing it and I would really have no way to know. So, good times. So, I want to, yeah, just talk a little bit about the schedule. So, like I said, we have these blocks of kind of mini-conferences, if you will, starting with on Thursday, we have an appsec section with a discussion at the end. Then we have the next section at around noon is on platforms and misinformation. So, this includes a keynote by Corey Doctoral, which I think will be really fun and then a follow-up from last year is talk on misinformation and then we have something that's very local about Quebec election. So, I think that'll be super interesting. Then we're going to have ability research. This one again is a mix of technical and legal social topics, specifically with context in Canada. And then we have a section on detection engineering. And that is it for day one. So, as you can see, it's really, there's a lot of different things for everyone. We're starting with appsec, lots of really interesting stuff there, really current topics like GraphQL. And I think that'll be a really lively discussion around what's interesting right now on appsec, what have we seen also the last year. And then all the way through to detection engineering, taking a few pit stops through the sort of social subjects that are kind of adjacent to Infosec and Intersect. So, Friday schedule, we've got the first block on malware and politics, and you'll see a few names that we've had at the conference before and then you'll see some new folks there. Well, did my discord crash? Okay, no, there we are. Okay, cool. All right, this is going great. So, then we have cloud. And yeah, so basically we've got a discussion about various different parts, different techniques for and just subjects in cloud security followed again by a discussion. And then after that, in the afternoon, if we can go to the next slide perhaps, we will have a block on what it means to build good security teams. And a couple of different angles tackling that problem. And then finally, we will have a block on hardware. So, that'll include a talk that's specifically talking about some of the old insect badges, which you think is really cool. And in this section, there might actually be a few additional surprises. We'll see about that. After that, we've got the workshops. And unfortunately, I had a slide that was about the logistics of workshops. But hopefully I remember what I was trying to say there. Yeah, so workshops will be, okay, yes, I remember. We released the tickets for the workshops via Eventbrite earlier today. So they are available. They are in fact free. However, we ask that you buy for $0 a ticket through Eventbrite so that we can manage how many people are participating. And the reason for that is that each individual workshop presenter has, they like to run things a different way. The workshops can be structured very differently. And so in some cases, they would rather have a very small number of participants. In some cases, that number is larger. So we always get a lot of questions about this. Why is it capped? And in the physical space, it's a little bit more obvious. There are only so many chairs in that room and fire safety, as opposed to the thing. But in this case, it's more about what the format of the workshop can support. So one thing that we are going to do is we're going to, in some cases, stream the workshop to YouTube as well. Fingers crossed that actually works. But essentially, if you're not able to get a seat through Eventbrite, you will be able to watch, but not ask questions and participate in the activities via YouTube stream. So as for the content. Oh, yeah, see, this is my collage made by a child. It looks wonderful. Yeah, thank you. Yeah, let's just cover it. Let's just cover it up. So yeah, so again, we have a whole bunch of different workshops. Everything from Kubernetes, buzzing, we've got Atomic Red Team, we've got, we've actually got a workshop on how to break crypto, which is something that I've personally been trying to get for a while, so I'm excited about that. And then we also, I want to highlight two things. As I believe it was Salj mentioned, we have a Black Hoodie workshop on reverse engineering, which we're really excited about as well. And then I also want to highlight the automated contact tracing experiment workshop, which, and the reason I want to highlight it, well, there are two reasons, one is that I think is really cool and unique. It's very, it's both sort of very specific in the technologies it's using and it's also very, you know, current and relevant as a subject, sort of crosses over between a lot of the things we like at Norsak, but the logistical reason I'm highlighting it is that if you want to participate, you need to get gear. So that is all linked on the website, it is linked in Eventbrite. So if you want to participate, go shopping right now. I think that is it for me. Happy to answer questions and as always go check out the website and check out the schedule, get your tickets on Eventbrite. Thanks a ton. Cool. You have an amazing capacity to improvise, not as I did earlier, but I will try to get better over time and go along with the rest of the slides. I will try to... I may have forgotten 15 important things and made several wrong things, so don't even worry about it. We will communicate them in some way, at some points. So I will race through the still important slides that we have left, but I see the time flying and probably that people are already a bit bored of listening to us. But feel free to start asking questions. I think Emile is starting to collect them if there are any. And so, Badge Life, it's something that has been part of the Nordsek DNA for a while right now and not only Nordsek DNA, but the Infosec Conference scene worldwide. It's something that is extremely important and beautiful. Badge Life is the celebration of hardware hacking. And hardware hacking is the idea that you can really explore technology, but not only on a software level, but on a hardware level. And you can create and design things at will. So the idea is that we create these small, like smart devices, if you may. And we try to make them so that you can interact with them. And ideally, you can hack them, you can reverse engineer them, you can extend them, you can do whatever you want with them. And there will be more information about that during the conference. I think it's kind of a secret, but maybe I just blew it up, whatever. So we will publish more information about that. There will also be a workshop explaining what you can do with your previous year badge because each year, we give a badge to the participant. And maybe it is just accumulating dust in your wardrobe, but now after the conference, you will be able to do stuff with it. This year since the event, oh, I'm sorry, I was not done. This year since the event is virtual, you can buy the badge online. As we said, there are no flags that can help you with the CTF in the bag, in the badge, which was the case before. But you can get street creds from the badge. You can buy it on the shop and this is where you can switch slide. Speaking of the online shop, this year since you will not a mug and t-shirt, we set up an online shop. So you can switch like this. So you can go at shop.ensec.io. It's a very simple and plain shop where you can buy extremely beautifully designed goods. You can buy the badge. You will not get a choice of the color of the badge that you will receive. This is intentional and you can then brag with the badge after the fact. We believe it is one of the most beautiful piece of design ever produced and we have good reaction with respect to that. You can also buy a classic collection and a team collection of this year CTF. It is up to you to try to guess what the team is with this design and we don't believe you can and this is an important thing. You can expect more things to be available at the shop especially during the CTF. There will probably be very limited and exclusive things that you will be able to get yourself so you can brag in the street that you've been part of the Nordsek experience. Ok, thank you. So last but not least, sponsorship. As I tried with a little success to explain at the beginning of the talk of the presentation Infosec conferences need to be independent and this is because the main idea of Infosec and of hacking in the good sense and of technology is that we should have the right to explore technology and so because of that we need to stay independent of corporate not incentives but you know what I mean. But of course we need money to organize things and we are also the same which is the report so we need the support of enterprise organizations so that's why we need sponsors. So you can switch that. So why would you associate with Nordsek? Well because Nordsek represents the brightest minds in their field, traditionally in our part of the world but now to a much larger extent. So you would support a non-profit organization that is 100% run by volunteers. Nobody makes one dollar and trust me the people who organize Nordsek should get a lot of dollars for doing that but they don't and we really do it because we love to do things together for a greater purpose. So what you can get out of it except just plain visibility well you can get access somehow to this pool of talent by being present in the event. We will not share any list of participants in any kind of way because we respect privacy it's part of our core values. You can reach technical influencers of course and you can also start communicating the network of startups and small businesses that surrounds the Montreal ecosystem. Well you know like all of the rest of the things that are kind of expected of this kind of event so if you want to support Nordsek you can go on our website www.ensek.io if you explore more than 5 minutes you will surely end up on the sponsorship page. So this year here you have the list of our 2021 sponsors that is a typo in the slides and we would like to thank them all. There are others that are constantly adding up until the beginning of the event so this slide could get bigger in the next few weeks. So thank you very much I know that was a lengthy presentation and maybe there are still things that have not been said and you can ask in the Discord channel for more notifications. Thank you very much I'll be taking from here so yeah thank you everyone for the amazing presentation I hope that it enlightened our folks over here about how we organize Nordsek especially the CTF part where David shared a lot of insight on all to perform at the CTF too so that was really great I didn't even see the slide before tonight and that was really cool so yeah we'll move into the AMA portion of the evening I will be monitoring the question on Discord so please join the Discord at www.ensek.io.discord as you can see there's the general channel somewhere over here I will be asking a question to our panel of guests if you want to ask a question specifically to someone please put it in the question itself otherwise I'll just assume that it's a question for everyone and yeah that's pretty much it so thanks again everyone and I'm just gonna start monitoring for questions as we don't have any yet I mean yeah so so Alivibi Dado asked wouldn't this distract from the CTF I'm guessing that it was asking about the badge does anyone want to speak of this can you repeat the question so so sorry I'm just gonna pull the Discord up so Alivibi Dado asked wouldn't this distract from the CTF he was asking about would the badge distract the kernel panic random crashing game no I think it's something that is related to the previous conversation in the Discord I see I see I see well I got distracted because there was no question yet we shall forget Nidbix ask an IPv4 question mark never but maybe maybe Dado can answer that question yeah well every year most of the challenges are IPv6 in fact all of the challenges are either local or IPv6 so you might have a binary that listens to local hosts so 127 and Colin Colin but otherwise pretty much only IPv6 thank you very much we have found a video asking how many flags can we expect I can I can maybe say it as I saw the list of flags and challenges I will say many but when I say many I think it is our biggest pool of challenges or flag points that you can acquire so far it will be I think the largest version of our CTF yet so it is very exciting next question is are there a lot of badges left to purchase maybe Sargent Libé yes I can so there were all in all so we have a fixed number of badges there were all in all available 400 badge I do not know exactly the number of badges left there are left some left but I doubt that by the end of that by the beginning of the CTF there will be some so if you want one and if you want to brag during the CTF with the street crowds accumulated with the flags you can get it soon the shipping is extremely fast so I would do it sooner than later if I were you because we don't expect to have any leftovers yep cool, thank you very much next question again from Pierre David will you be coming back on site in 2022 I hope so I think we there are some things we can control like end of the world invasion of dinosaurs and from what from the information that we have I believe we will come back in 2021 otherwise we will be extremely creative to bring something of value yeah I personally I'm really looking forward to an on site edition but yeah next question we have a question about the talks will they be available after the broadcast yes I don't know if we'll have them available immediately as a sort of video on demand from the stream but that may be the case and then they'll all get cut out posted yes, I believe last year we if you go on our YouTube channel I think all the talks from last year are there yeah, they're there cool, thank you very much I'm gonna skip Pierre David's question it's a troll question about watching hackers but we have someone else asking is there a way we can drink with moderation you will be competing from home so you are free to do whatever you want but please don't intoxicate yourself too much while hacking so yeah maybe David has an opinion on that because David, do you think it is a good idea to drink during the CTF well, what I can say is that if you have someone that can feed you that's better but yeah I mean it's your it's your decision if you want to drink drink or not actually I've developed an algorithm regarding my alcohol consumption during the CTF so I'm Joey, former participant in the CTF in the GOATS team now challenge designer so my algorithm is very simple if I see that my team is in the top 15 I don't drink but as soon as we go under that I might start opening a beer or two or more and yeah I've lived by that for the past few edition maybe five or six edition I believe that yeah it is a good idea but I mean it is a good rule to have it does sound like it can get crazy a little bit but yeah okay thanks for the answer we have another question so what is the CTF schedule 9 a.m. to 3 a.m. as usual so I'm guessing you're talking about the time during the day which the CTF is open we don't have exact hours like this like last year where we open up the infrastructure at 9 a.m. so people can start submitting flags and start doing things and then at 3 a.m. we close it so that our infrastructure team can sleep a little bit otherwise it's kind of a lot more intense for them to get through it I believe that the CTF should and I say should because there's always things that can happen on friday at 8 p.m. an eastern standard time so it starts friday evening and then going through the days am I missing something about the hours law nope you're great perfect so we don't have any more questions if you have any I'm still looking at the channel right now because if someone wants to say something while we're waiting the room is open when I want to say thank you to everyone who showed up to this Q&A session here it's very kind and it was called last minute so we had to make up a lot of stuff and there's so much information that's why what we thought would take 25 minutes took an hour and a half so thank you to all the people in this organization big shout out to sergent-vivis which is on the eastern time zone your european time zone which is now staying really up late to attend this so a big shout out oh we have a new question so how many volunteers is required to run that kind of event really great question sergent-vivis want to pick it up or anyone yeah sure well it depends on so many things it depends on how much time and the level of involvement of your volunteers but I say to run an event the size and scope of Nordsec which is kind of impressive you would need on site at least 100 to 150 volunteers for the size that we have and to run this kind of event virtually I mean we have like 30 how many or how many challenge designers do we have around 20 around 20 and many people to moderate during the event many people to create content design stuff there's really a lot of logistics also involved it's quite impressive to be on the other side of the organization and to run it on site well that's even more of course because we have to set up the rooms we have to plan everything ahead we have to build up stages we have to run AV record everything we have to clean everything after of course we have to serve drinks and food I mean it's just a monster to organize and since we plan on becoming the best info security in the world for example an event that we look on as an example of well organized event is the CCC which is held yearly in Germany they have about 2,000 volunteers for 20,000 18 to 20,000 participants so you can see the scale we have about 100 volunteers for about 1,000 1,500 participants at the last on-site edition that's great I mean definitely like a when we're talking about a a remote version of Nordsec we definitely need less people but we need people that are even more present because they have a lot of jobs but definitely when we're on-site we have a lot of volunteers and we have a lot of shifts so that everybody knows when they need to be there and everything we cannot thank them enough for their generosity for their time because without them there's no Nordsec I will be taking the last few questions because it's already 8.30 I think there's two more in the call maybe wrap this up if there's three questions so we'll take these three and then move on except if there's plenty of them that just shows up so will there be a non-fungible coin this year where do you want to take this out I mean we will be which always try to make coins I have mine always next to me every year if you are a volunteer speaker or finishing the top tree of the CTF we do we do make coins and ship them out last year I believe we did a bit later than what we usually do and that's on us, I apologize but we will be making some this year are there going to be NFTs about Nordsec I believe we have NFTs but I don't want to spoil it I don't know I don't know anything about this we have cyberslash asking for the CTF I understand there will be private text and voice room for the team do you expect them to be used all the time or just to coordinate with staff with teams of 20 I suppose they will be crowded maybe je n'attends, do you want to take this one I wasn't listening can you repeat the question please sir the question is for the CTF I understand there will be private and text and voice rooms for the teams do you expect them to be used all the time or just to coordinate with staff I suppose it will be crowded well oh ok I'm going to read it do you expect the voice channels that we're creating for every team to be used all the time or just when you need to ask something to the staff I just read the question I think that it will be fine ok because with this card it just becomes to be a nightmare when you are way more than 20 people in the same room and also you will see that it's not everybody that talks at the same time especially if we're thinking about like the voice stuff as an example North Tech staff has been doing their meetings you know all the challenge designers and stuff and we're about that number that we said right so we're kind of even a little bit bigger than a large team and there's not really much problem in that because people will just learn how to mute their microphone and then just like a small bunch of people will talk at the same time for the text channel the staff actually won't see everything that you typed so the staff will only see from start to finish when they are assigned to your actual channel so it means that you open a ticket they get the ticket and they say ok I'm gonna go serve that team the bot will argue that they are here and from their hand they will just see like a part of it so you can use the chat as much as you want Discord is able to really take it a lot we've boosted the server right now when we will reach 500 people we might even have like more features on our end and so I think we'll be fine with that and so if you wanna use that channel to just have a talk with the staff and then do your own stuff cause you're already I don't know you're a boomer on Slack or you're using a Google duck or you're forcing anybody but I think that a lot of people they will either join a team they don't know much and stuff and really the Discord might be the place when those type of interactions will be going on but yeah you feel free to do it and it's up to you the only thing that we expect from people is that if they want to interact with us we will ask them to it's like the pound sign like it the command in the channel and that's it that's the only expectation we have cause we need to organize but the rest if you wanna chill there you can if you wanna be on the let's see public channel and spread nonsense not too much cause we have the code concept but you can if you wanna chat with other people you can on those as well the only thing that I will say that you'll still be able to do but I'm not suggesting is that you'll be able to DM people it's just that the way the interface in Discord I kind of not like it cause the DMs are all in one place and it's not the same so you'll see that it's easier for you even if you use like your private channel on Slack and like only the Nordsek let's see server and I'm going to do so but you could still DM worst case scenario but we're doing our best so that like I don't know when you have your own private channel you're sure that other teams don't join and you will see the make list on the right side we will change and you will see that it's only basically your teams that has actually subscribed on Discord and also that has like the VPN set up ready for the CTF so you'll see those and a few bots you're not supposed to see any admin cause we'll go into another mode where only bots and a backup owner account will be able to access it so hopefully this has answered the questions the cyber slash 17 thank you very much to add to this like basically like TLDR use whatever you want for your team the main reason we created those rooms is that we're doing team merges like people are able to buy CTF tickets alone and then we'll merge them with other people that they don't necessarily know and I think this room is really for people to connect together and be able to reach out to each other so that if you do already if you already have a room or you already have like a way to work with your teammates during the CTF please use your channel your way of doing it but we strongly suggest or almost enforce to use or help but thing just so that like questions are funneled the right thing John David is asking will there be an after hours event during the CTF so I have the permission to say it because I just asked but yes there will be Saturday evening during the CTF there will be a Acre Joe Party hosted live by Olivier Biladot I am super excited about it and I can't wait for it to happen so yes there will be after hours event there's going to be other things than just the Acre Joe Party I think this is the big one and everybody's kind of excited about so I am I am very excited about this one and last question but not least where is the clock I did purchase more furniture since last year so I do have more stuff in my room if you have your eyes open you can see that the clock though is still in the corner behind the couch I have not moved it since because I am very lazy and work all the time so yes so I think that's all for the questions if you do still have more questions please ask them in discord in the general channel everybody that's here and more everyone from the organization are in discord so if we see questions it will be a pleasure to answer them so keep them coming we have answers for you so thank you for coming tonight we really appreciate seeing the hype from everyone for this year don't forget that our conference will be free and online we will be streaming it on youtube and probably on twitch too it will be on may 21st it's also not too late to purchase tickets for the CTF if you still want to participate the CTF tickets to sell the CTF is going to be from friday may 21st up to sunday may 23rd so like 2 and a half day kind of thing because it starts in the evening and if you want to keep the Nord sex keep the Nord sex experience going through the week after the CTF we still have plenty of training tickets available as Matthew explained earlier so please go and buy some of our amazing trainings the people giving them are really great and amazing so please go ahead with it and yeah thank you all for coming have a great evening especially thank you for all the people that were here on the call for taking some time during this evening to answer all the beautiful questions and make the Nord sex organization known so thank you everyone and see you in 2 weeks I think if I may just quickly I think one question that was looked over was should we watch hackers again I think you should just get quick hint like that you should always watch hackers a week before Nord sex it's kind of a it's a remony that you do to get in the mood right it's important on both sides go rollerblading pack the planet that's it alright thank you everyone