@Hack

Join @Hack, a student Canadian cybersecurity hackathon in downtown Montreal, featuring web, crypto, pwning, AI, and many more challenges.
Showcase your hacking skills, win prizes, and collaborate on a shared challenge! Don't miss out!

[ Registration Closed ]

Agenda

March 2nd

7:00 - 9:00 AM

Registration & Breakfast

9:30 - 10:30 AM

Opening Ceremony

11:00 AM

CTF Begins

12:00 - 2:00 PM

Lunch

2:30 - 6:30 PM

Career Fair & Workshops

7:00 - 9:00 PM

Dinner

9:30 - 11:30 PM

Lounge w/ Organizer Meet & Greet

March 3nd

7:00 - 8:30 AM

Breakfast

10:00 AM

Hacking Ends

10:15 - 11:00 AM

Scoring

11:00 - 12:00 PM

Award Ceremony

Event Details

@Hack (“At Hack”) is a national cybersecurity student hackathon hosted at Concordia University by TECHNATION’s Career Ready Program and Hexploit Alliance. Open to all post-secondary students in Canada, this two-day event brings together cybersecurity enthusiasts to the heart of Montréal at Concordia’s downtown campus for a weekend filled with unique cybersecurity challenges.

@Hack provides a unique platform for students to sharpen and showcase their cybersecurity and hacking skills. In teams of 2-4, participants will compete in Capture the Flag-style cybersecurity challenges spanning from AI to Reverse Engineering tasks. Throughout the weekend, teams will also participate in workshops, a career fair, and a networking event.

Timeline

December 14th Event Registration

January 31st Event Registration Ending

February 10th Registration Confirmation

February 12th Student Showcase Submission - Ending

February 26th Camera-ready student showcase

March 2nd Event start

March 3rd Event Ending and closing ceremony

Organizing Committee

The organizing team makes up the Hexploit Alliance association under ECSGA at Concordia University

Design Team Lead

Mahsan Etihad

I’m a Graphic Designer with a deep-seated passion for home architecture and design. My journey began with a Bachelor’s degree in Architecture and Restoration of Historical Buildings, where I learned to blend historical elegance with modern aesthetics. Away from the drafting table, I immerse myself in music, often expressing my creativity through the strings of an electric guitar. Designing, for me, goes beyond work; it’s a way of interpreting the world.

Instagram: @clunatlc

Portfolio: https://mahsanetehad.wixsite.com/arts

Linkedin: https://www.linkedin.com/in/fatemeh-ettehadmohkam

Logistics Team Lead

Anthony Andreoli

I am a PhD Researcher in binary code analysis, specializing in vulnerability detection in IoT devices. My spare time is spent learning and playing music (piano, electric bass), studying the mind, and not shutting up about the wonders of the Bhagavad Gita. Extremely inquisitive, I ask endless questions. My special skill is an extremely shrunken perception of time.

Instagram: @riskydiablo

Linkedin: https://www.linkedin.com/in/anthony-andreoli/

Website: https://aandreoli.com

Marketing and Social Media Team Lead

Alireza Toghiani

Hi I'm a Master of Information Systems Security student and also I'm an iOS Engineer. My hobbies would be soccer, watching movies, and reading books.

Instagram: @devmvrick/

Github: https://github.com/alireza12t

Linkedin: https://linkedin.com/in/alireza12t

Finance Team Lead

Ali-Moussa Darkallah

Hello there, I am a PhD student in Information & Systems Engineering. Beyond the confines of my screen, I find solace in the great outdoors and indulge in the art of fishing. As a member of the Finance team, my job is to manage all the financial operations ensuring the smooth functioning of this CTF.

Linkedin: https://www.linkedin.com/in/ali-moussa-darkallah-17b129203/

Tech Dev Team Lead

Dhiaa Elhak Rebbah

Call me Dhiaa, I am a PhD student in Information Systems Security. Specialized in Cybersecurity of Critical Infrastructures: Power Systems to make it less fancy. As the Tech Dev Team Lead, along with my amazing team, I helped making this website. So what do you think about the website huh?

Github: https://github.com/RebbahD

Linkedin: https://www.linkedin.com/in/rebbahdhiaa/

CTF Design Team Lead

Anis Lounis

Hello, I'm Anis, a curious individual currently immersed in my PhD studies on cybersecurity, exploring ways to discover previously unidentified zero-days. Occasionally, I dabble in writing code that works 10% of the time, every time. Alongside my exceptional team, we aim to keep your minds entertained with enjoyable glitches throughout the two days of the CTF. Feel free to reach out if you'd like to connect; my contact information is included below:

Twitter: https://twitter.com/AnixPasBesoin/

Github: https://github.com/AnixPasBesoin

Linkedin: https://www.linkedin.com/in/anis-lounis

Infrastructure Team Lead

Hugo Kermabon

Hi! I am a PhD student in Information Systems Engineering at Concordia University.Passionate about computers for a long time, I participated in many CTF in the past. Hope to see you soon at @hack!

Website: https://users.encs.concordia.ca/~h_kermab/

Flickr: https://www.flickr.com/photos/kermabob/

Senior Lecturer, Computer Science and Software Engineering

Dr.Aiman Hanna

Email: [email protected]

Website: https://www.aimanhanna.com

Professor & Tier I Concordia Research Chair, Concordia Institute for Information Systems Engineering

Dr.Mourad Debbabi

Email: [email protected]

Website: https://users.encs.concordia.ca/~debbabi/

Gina Cody Research Chair on Cybersecurity and the Internet of things, Concordia Institute for Information Systems Engineering

Dr.Carol Fung

Email: [email protected]

Website: https://explore.concordia.ca/index.php/carol-fung

Event Workshops and Presentations

Create Your Own Networked CTFs Using Docker Containers

Description:

The workshop will teach the participants about how they can leverage docker and it's orchestration tools to quickly create and deploy their own CTFs. The participants will get plenty of hands on with docker and docker-compose by working on multiple demos along with the presenter. The participant will gain a good foundational knowledge of containers and their advantages, and can use the same later to not just create their own CTFs, but other distributed systems and networks to play around with various services and create a home lab.

Prerequisites:

A machine running Ubuntu is recommended, windows seems to have issues with docker-compose. The machine must have docker, as well as docker-compose installed. Optionally, you can also have a code editor of your choice. This can be done by following the instructions on the following

Websites:

Docker - https://docs.docker.com/get-docker/
Docker-Compose - https://docs.docker.com/compose/install/
VSCode (Optional) - https://code.visualstudio.com/download

CISSP Unveiled: A Journey into Cybersecurity Excellence

Description:

Delve into Gaurav's triumphant journey, unraveling essential tips for CISSP aspirants, complemented by Md. Saiduzzamans' wealth of experience in the industry, as he prepares for the exam with 9 years of cybersecurity expertise. Explore their unique perspectives and study tactics, gaining valuable insights into the path of CISSP success. Beyond the exam, join us in navigating the expansive realm of cybersecurity, where we offer a comprehensive view for cyber-enthusiasts. Uncover key strategies, and embark on a journey that not only opens doors to CISSP success but also provides a broader understanding of the ever-evolving field of cybersecurity.

Developing Secure Cloud Applications with DevOps and AI

Description:

This presentation covers best practices for developing secure cloud applications using Amazon Web Services, DevOps principles and practices, integrating security testing, and leveraging AI for behavioral analysis and threat detection.

Prerequisites:

Will present a demo and bring links to the participants. Bring the cellphone with camera!
At the end of the presentation, a copy format PDF could be shared with the participants.

How we did it: Building the @Hack CTF Infrastructure

Description:

When we embarked on this project, we were tasked to build a CTF in 7 months. If we’re able to present this workshop, it means that we succeeded! Come learn how, through many ordeals, we designed, built, and deployed the infrastructure for the @Hack CTF!

Career Fair

Communications Security Establishment (CSE)

Organizers

Funding partners

This project is funded in part by the Government of Canada's Student Work Placement Program

Prize partners

NordSec

@Hack Rules of Engagement

Answer

Registration is open to Canadian post-secondary students (including abroad) or international students in a Canadian post-secondary school.
Proof of enrollment (with a student ID) is necessary upon entry to the competition.
Registration for the event will occur in two separate steps:
1. An initial registration where participants enter their information on our registration system - dates announced on event web page
2. A secondary confirmation step where prior-registered participants confirm their desire to attend the event. Emails will be sent to registrants towards the end of January with confirmation steps.

Answer

Teams are composed of 2 - 4 members; each member must be an eligible registrant (see Eligibility and Registration for details)
Team construction will be available upon registration
There are no “solo” teams of one member

Answer

The event begins March 2nd, 2024 and ends on the evening on March 3rd. All times are in reference to Eastern Standard Time (EST).
Official CTF start times will be available on the morning of March 2nd in a distributed Event Schedule, prior to the opening ceremony.
A portion of CTF challenges will be available on the first challenge day, while an additional subset will be unveiled on the second.
Submissions will have a strict closing time determined by the Event Schedule.

Answer

Challenges will be scored in terms of their difficulty
Teams will be ranked by the scores associated to the number of keys discovered across the provided CTF challenges
In the case of a tie-breaker, the first team to reach the tie-score wins

Answer

Teams will submit flags through the CTFd platform

Answer

Only registered members of the event are permitted to partake in the problem solving and submission of events
A team is not allowed to share insights, findings, solutions and flags with other teams, and will be immediately disqualified under such conditions

Answer

A Discord channel will be available during the event for reporting CTF-related issues, not limited to:
- Challenge clarifications
- Scoring discrepancies
- Technical problems (e.g., submission issues)
Organizers can be reached through Discord for any non-technical concerns, like sleeping arrangements, food allergies, etc
A hotline number will be available for emergency situations and provided at event opening

Answer

Any of the following will lead to team-wide expulsion:
- Any attempt to alter the equipment on site, to attack other participants, to set up a hotspot, fake scoreboard, wifi scan, or to use the competition as an excuse to attack elsewhere
- Denial of service attempts
- Brute force on the flags submission system. Don’t attack the scoreboard in general
- Giving out flags or writeups/solutions during the competition
- Flag tampering
- Attempts to attack or probe event infrastructure, including services hosting online challenges, networks and devices utilized to access the internet

Answer

Participants must maintain an air of respect towards other participants, organizers, sponsors, volunteers, and university staff. Failure to do so will lead to personal disqualification
The event will not tolerate any form of harassment - be it verbal or otherwise - and will lead to personal disqualification
No form of taunting, ridicule, or belittling will be tolerated, and will lead to personal disqualification

Answer

1st place team will receive $2,000 CAD per person.
2nd place team will receive $1,250 CAD per person.
3rd place team will receive $750 CAD per person.
Proof of enrollment at a post-secondary institution will be required to both enter the event, and claim prizes

Answer

Involvement in illegal activities, such as (non-exhaustively) smoking, using drugs, and drinking on location is not permitted and will result in immediate disqualification
Hacking of any university infrastructure (routers, access points, student and lab computers, etc.), as well as other participant devices is strictly prohibited

Answer

Any spurious changes to the event will be announced primarily through Discord, as the layout of the event will allow hackers to disperse. Volunteers will assist by verbally spreading the word to reserved rooms

Answer

Feedback will be collected following the event through a post-event email sent to participants

Answer

Organizers reserve the right to make on-the-fly decisions and modifications to the rules in the case of unforeseen circumstances, and we request your patience and understanding in this regard