May 25, 10:00-2:30 - ROOM 2200

Unlock the Secrets of the Dark Web

Are you curious about the hidden side of the internet? 

Our comprehensive Dark Web Workshop is your gateway to understanding the unknown. From the technology behind the Tor network to the risks, legal considerations, and ethical debates surrounding the dark web, this course covers all aspects of the digital underground, ensuring you are well-prepared and informed.

Learn about:

    The History and Evolution of the Dark Web: Understand how it began and why it is crucial in today’s digital landscape.

    The Tor Network and Anonymity: Learn how the Tor browser works and how encryption guarantees privacy.

    Legitimate Uses vs. Illicit Activities: Discover the dark web's importance for whistleblowers and activists and the cybersecurity threats it poses.

Hands-On Experience: This is your chance to create hidden services, explore the Tor browser, and capture screenshots without direct access—all in a safe environment. Get ready to dive in and learn by doing!

Whether you're fascinated by technology, concerned about cybersecurity, or simply curious, this course will equip you with the necessary skills and knowledge.

Enroll now and plunge into the digital world's most mysterious domain!

May 25, 10:00-5:00 - ROOM 2270

Practical Intrusion Analysis with DFIR Labs

This hands-on workshop provides an in-depth dive into Digital Forensics and Incident Response (DFIR) using interactive, cloud-based labs. Participants will analyze real-world cyber intrusions through forensic artifacts, including system logs, network traffic, and memory captures.

Leveraging SIEM platforms like Elasticsearch and Splunk, attendees will develop practical skills in detecting adversary techniques, reconstructing attack timelines, and investigating security incidents using structured methodologies. The workshop offers a blend of guided instruction and independent analysis, making it accessible for both beginners and experienced DFIR professionals.

By the end of the session, participants will have hands-on experience in hunting threats, analyzing forensic data, and responding to cyber incidents with real-world tactics.

Technical Requirements:

    •    Participants must bring a laptop capable of running a modern web browser.

    •    Some exercises may require Wireshark or similar network analysis tools (installation recommended).

May 25, 10:30-2:45 - ROOM 2245

Cybersecurity Skills Crash Course - Featuring CTF Games and PicoCTF

Learn beginner cybersecurity skills through interactive CTF (Capture The Flag) games! In this half-day workshop, we'll use the PicoCTF education platfrom to introduce participants to basic IT skills and cybersecurity specializations such as:

* Basic Linux Operations

* Digital Forensics

* Web App Hacking

* Cryptography

* Binary Hacking

* and more!

This workshop is aimed at beginner-level cybersecurity enthusiasts who want a fun introduction to the varied and exciting world of CTF competition!

Participant Requirements:

Partipants will need to have a registered account at picoctf.org and supply their own laptop device to interact and participate in this hands-on, objective-based, guided workshop.

May 25, 10:30-3:00 - ROOM 2945

Threat Modelling Starter Training

This threat modelling training is geared towards beginner to intermediate audiences with software engineering and security engineer/pentester backgrounds who have never done any sort of threat modelling work but are trying to get into it. Practically, anyone can join this class even if they do not have those backgrounds, but at least some basic idea of how programs work on a code level, basic cybersecurity issues and threats and anybody interested in learning them.

The main goal of this training is to equip participants with understanding the importance of threat modelling in dealing and understanding cyber threats to their applications and networks.  The trainer's goal is to prevent more software security bugs from inception by teaching students whether they build more secure software or find underlying security flaws and bugs and minimizing the risks and impact of the engineered software. Participants will be immersed with STRIDE and DREAD methodologies for threat modelling and they will create their own threat models during the training.

At the end of the training, students shall expect themselves to be able to do a quick threat model of any function/method that they wish to implement in their software, realize the threats that they could introduce or deal with, and finally be able to write a full and complete threat model on their own from start to finish including recommendations, threat scenarios and related risk ratings.

May 25, 3:00-5:00 - ROOM 2245

Doing More with Less: Meeting Cybersecurity Compliance

For many organizations, achieving cybersecurity compliance can feel overwhelming—especially with limited resources and a small security team. In this session, Judy Sin, a Cybersecurity Consulting Manager with hands-on experience supporting organizations of all sizes, will break down what “compliance” really means and how to tackle it without a large budget or staff.

You’ll walk away with practical strategies for:

    Interpreting and applying frameworks like NIST CSF, OSFI B-13, and CIS Controls

    Prioritizing controls that provide the most value and reduce the most risk

    Leveraging automation, cross-functional partnerships, and smart planning

    Building a scalable foundation that supports both compliance and security maturity

Whether you're just starting your compliance journey or trying to operationalize requirements with lean resources, this talk will provide a realistic, risk-based approach that works in the real world.

May 25, 3:00-5:00 - ROOM 2200

From Clicks to Compromise: Large-Scale, Campaigns, Intel & Infostealers

Phishing remains one of the most effective tools for cybercriminals, leading to large-scale credential theft, malware infections, and data exfiltration. This workshop provides a hands-on approach to tracking phishing campaigns, analyzing malware distribution networks, and leveraging Threat Intelligence to uncover attacker infrastructure.

This workshop explores the fundamentals of phishing, phishing campaigns, and the role of threat intelligence in detecting and mitigating attacks. Participants will learn to investigate phishing sites, analyze phishing kits, and track phishing campaigns using practical tools and methodologies. The session will cover various types of phishing campaigns, including malware delivery, ClickFix, Business Email Compromise (BEC), and more sophisticated large-scale operations.

Attendees will also dive into Traffic Distribution Systems (TDS) and DNS abuse, understanding their role in phishing operations, evasion techniques, and infrastructure setup. Through hands-on exercises, participants will gain experience in identifying and dismantling phishing threats, leveraging detection techniques and intelligence-driven approaches.

By the end of the workshop, participants will be equipped with the skills to track, analyze, and respond to phishing attacks effectively, with a deeper understanding of how different phishing techniques operate at scale.