Conferences & CTF in a single day
Québec · Montréal · Trois-Rivières · Chicoutimi
May 30, 2026
What is iHack?
iHack is an (almost) free annual event organized by the Hackfest community. A simultaneous day of cybersecurity conferences across multiple cities, followed by an evening CTF.
Québec
TBD
Schedule
| 12:00 | Doors open |
| 13:00 | Patrick Mathieu & Franck Desert – AI Programming - Tips & Tricks |
| 14:00 | TBA |
| 15:30 | Patrick Mathieu – Tabletop Exercise and How to Prepare for a Security Incident |
| 16:30 | Podcast La French Connection – Podcast La French Connection |
| 17:30 | Dinner (pizza) |
| 18:30 | CTF begins |
| 02:00 | CTF ends |
Presentations
AI Programming - Tips & Tricks
13:00Patrick Mathieu & Franck Desert
This presentation will be an introduction to AI programming, using Python, Cursor, and Claude Code. We'll see how to use these tools to create simple and effective AI applications and the programming approaches involved. We'll also explore fundamental AI concepts such as machine learning, recursion, and language models. This presentation is designed for beginners and AI enthusiasts.
Tabletop Exercise and How to Prepare for a Security Incident
15:30Patrick Mathieu
Each week, Quebec SMEs experience cybersecurity incidents. The problem isn't a lack of tools or good intentions—it's a lack of practice. When it happens, teams hesitate, decisions are delayed, and blind spots emerge. Not due to lack of skill, but because they've never tested their incident response capacity together. In this talk, Patrick Mathieu, a security consultant with over 20 years of experience, immerses you in a realistic crisis scenario and concretely shows you the benefits of being prepared. We'll talk about Tabletop Exercises (TTX), incident preparedness, and—most importantly—what actually works on the ground. No jargon or unnecessary fear, just concrete examples and clear paths to strengthen your security posture. You'll leave with a better understanding of your potential risks, and simple actions to be ready when it counts.
Podcast La French Connection
16:30Podcast La French Connection
The La French Connection podcast will be in a live format, with a conversation between attendees and speakers on the topics covered at the iHack events.
Schedule
| 11:30 | Doors open |
| 12:30 | Frédérik Bernard – Chronicles of a Compromised Québec 2: Look in the Mirror |
| 13:30 | Vianney Gall – Software Defined Radio 101 Workshop |
| 14:30 | TBA |
| 15:30 | Jonathan Marcil – Threat Modeling and LLMs |
| 16:30 | Podcast La French Connection – Podcast La French Connection |
| 17:30 | Dinner |
| 18:30 | CTF begins |
Presentations
Chronicles of a Compromised Québec 2: Look in the Mirror
12:30Frédérik Bernard
He always tells his teams the same thing: "Relax. We're not saving lives. We're saving businesses." Since January 2025, the Secur01 teams have responded to new incidents. Heavier cases. More human. Harder to talk about. Behind every breach, there is an organization. Behind every organization, there are decisions. And behind every decision, there is a human who chose to look the other way. This year, the Chronicles aren't about the attackers. They're about us. The MSPs. The executives. The IT teams. Those who were entrusted with security. And what they did with it. This is a talk about what we avoid telling ourselves. About the mistakes we repeat because we never had the courage to honestly look at ourselves in the mirror. "We're not saving lives." Until the day we realize that phrase has its limits.
Software Defined Radio 101 Workshop
13:30Vianney Gall
This workshop offers a high-level introduction to software-defined radio (SDR). Participants will learn about how SDR systems work in general, the main tools and software available, and the key criteria to consider when choosing a device. The workshop is aimed at beginners and focuses on practical understanding rather than in-depth theory. By the end of the session, participants will have the foundations needed to get started with SDR and make an informed choice when purchasing equipment. A limited number of SDR devices will be provided for hands-on exercises, but participants are encouraged to bring their own equipment if they have any.
Vianney Gall is a cybersecurity analyst specializing in penetration testing, with a degree in computer engineering. His areas of interest include industrial security, radio technologies, and embedded systems through hands-on experimentation. He makes the practice of software-defined radio accessible through CTFs and short hands-on training sessions.
Threat Modeling and LLMs
15:30Jonathan Marcil
A presentation in 2026 without AI is incomplete, you say? Well, this one includes a double dose of LLMs! On one hand, we'll introduce the concepts and perform threat modeling of a personal assistant-type agent; on the other, we'll use an LLM to create this model. Beyond threats, we'll also cover some defense elements.
Jonathan is an application security advisor who has published on the topic of threat modeling and is involved in NorthSec and OWASP Montréal. He is passionate about application security and enjoys architecture analysis, code review, cloud security, and demystifying security tools. Jonathan holds a bachelor's degree in software engineering from ÉTS Montréal and has 20 years of experience in information technology and security.
Podcast La French Connection
16:30Podcast La French Connection
The La French Connection podcast will be in a live format, with a conversation between attendees and speakers on the topics covered at the iHack events.
Chicoutimi
Université du Québec à Chicoutimi - Room P0 - 7500
555 Bd de l'Université, Chicoutimi, QC G7H 2B1
Schedule
| 11:30 | Doors open |
| 12:30 | Enzo Hoummady – Prompt Injection 101: How to Make LLMs Do Anything |
| 13:30 | Maxime – OSINT / OpSec |
| 14:30 | TBA |
| 15:30 | TBA |
| 16:30 | Podcast La French Connection – Podcast La French Connection |
| 17:30 | Dinner |
| 18:30 | CTF begins |
Presentations
Prompt Injection 101: How to Make LLMs Do Anything
12:30Enzo Hoummady
Enzo Hoummady is pursuing a doctorate at the Université du Québec à Chicoutimi. He also holds an engineering degree in cybersecurity from the Institut National des Sciences Appliquées Centre Val de Loire in France. His research now focuses on AI security and more specifically on the security of deep learning.
OSINT / OpSec
13:30Maxime
Podcast La French Connection
16:30Podcast La French Connection
The La French Connection podcast will be in a live format, with a conversation between attendees and speakers on the topics covered at the iHack events.
Trois-Rivières
Cégep de Trois-Rivières - Science Pavilion — CTF: SC-1006 Cafeteria / Talks: SA-3035 Auditorium
3500, rue De Courval, C.P. 97, Trois-Rivières, (Québec), G9A 5E6
Schedule
| 12:30 | Doors open |
| 14:00 | Christian Lambert (WhyN0t) – Integrating Security Before the First Commit? WhyN0t! Introduction to DevSecOps in the Real World. |
| 14:30 | Robert Descôteaux – Your Mailbox Is a Target: Enterprise Attacks and Defenses |
| 15:30 | Christian Lambert, Robert Descôteaux – Cybersecurity Events You Should Know... and Attend |
| 16:00 | TBA |
| 16:30 | Podcast La French Connection – Podcast La French Connection |
| 17:30 | Networking and dinner |
| 18:30 | CTF begins |
Presentations
Integrating Security Before the First Commit? WhyN0t! Introduction to DevSecOps in the Real World.
14:00Christian Lambert (WhyN0t)
Security is still too often seen as the bottleneck of deployments. Yet, given today's delivery speed, pushing validations to the very end of the cycle is no longer a viable option. Far from buzzwords, this presentation aims to demystify DevSecOps with a down-to-earth approach. Beyond the simple CI/CD pipeline, where and how can we truly inject security? Drawing on my field experience in IT, we'll explore the classic pitfalls to avoid in order to finally unite development, operations, and security teams. Warning: the goal here is not to provide you with a list of magic tools. Instead, we'll address the challenges, sometimes cultural, needed to transform security into an enabler capable of mitigating risks and blocking vulnerabilities well before they reach production.
Having fallen into the world of computing back in the TRS-80 era, Christian "WhyN0t" Lambert took a detour through the Canadian Armed Forces before diving back into the IT trenches in the late 90s. After studying at uLaval, he survived the evolution of the industry by exploring every facet of the trade: Sysadmin, DevOps, DevSecOps, occasional Pentester, and now Security Architect. His current mission? Advocating for holistic, pragmatic, and integrated security.
Your Mailbox Is a Target: Enterprise Attacks and Defenses
14:30Robert Descôteaux
At a time when the majority of cyberattacks begin with a simple email, corporate messaging remains one of the most critical—and often most underestimated—attack surfaces. Targeted phishing, CEO fraud (BEC), or MFA bypass: techniques are evolving rapidly, driven in part by automation and artificial intelligence. This presentation offers a deep dive into modern attacks targeting messaging services, highlighting the methods used in the field. Through realistic scenarios, we'll analyze how attackers exploit technical flaws, weak configurations, and human behavior alike. Beyond the assessment, this session will cover effective defense strategies, combining technical controls (SPF, DKIM, DMARC), identity protection, detection capabilities, and the key role of users. Duration: 1 hour
An old-school hacker, I quickly realized there was even more challenge and satisfaction in protecting infrastructures than in compromising them. Passionate about information security, I'm interested in everything related to physical security, information technology, cybersecurity, and personal data protection. Free-spirited and deeply curious, I see myself as a facilitator: I like to challenge traditional approaches to make security more accessible, more tangible, and better integrated into everyday life, especially for SMEs. My goal: to simplify without oversimplifying, break certain conventions, and facilitate the implementation of security solutions adapted to everyone's reality.
Cybersecurity Events You Should Know... and Attend
15:30Christian Lambert, Robert Descôteaux
Want to grow your network, accelerate your learning, or simply discover the key events in the cybersecurity community? This presentation is for you. In 15 minutes, we offer an overview of 10 must-attend events. From Hackfest to NorthSec, GoSec, BSides, and even DEF CON and Black Hat, we'll share what makes each one unique, their "vibe," and why they deserve your attention. Through a dynamic two-voice presentation, sprinkled with humor and anecdotes, you'll discover the differences between community, technical, and corporate events, along with concrete tips to get the most out of your participation. Whether you're a beginner or an experienced professional, you'll leave with a better understanding of the cybersecurity event ecosystem... and maybe the urge to add a few dates to your calendar. Duration: 15 minutes
Podcast La French Connection
16:30Podcast La French Connection
The La French Connection podcast will be in a live format, with a conversation between attendees and speakers on the topics covered at the iHack events.
iHack CTF
Every evening, a simultaneous CTF across all cities. Beginners welcome.
Prizes
What to bring
- Laptop
- Power cables
- Ethernet cable (recommended)
Register on the scoreboard at 6:30 PM
Sponsors
ITCloud is a Canadian value-added cloud distributor that supports MSPs and IT solution providers with access to cloud, cybersecurity, and productivity solutions. By bringing together business continuity, security, and cloud services in one place, ITCloud helps partners simplify how they deliver and manage solutions, while also providing technical support, training, and enablement.
Services:
- Cloud distribution & licensing
- Cybersecurity solutions
- Backup & business continuity
- Productivity & Microsoft solutions
- Technical support, training & partner enablement