Links to the slides and materials for talks I have given in the past.
2011
2012
2013
2014
2014 - Files Upload Vulnerabilities - Confoo / OWASP Montreal
2014 - XXE : À l'assaut des analyseurs XML (French) - Hackfest + OWASP Montreal
2015
2015 - La sécurité Java en continu (French) - Confoo / JUG Montreal
2015 - Breaking PRNGs: A predictable talk on Pseudo Random Number Generators - NorthSec
2015 - Rosetta Flash And Why Flash Is Still Vulnerable... - NorthSec
2015 - Find Security Bugs & Reissue Request Scripter - Black Hat Arsenal USA / Europe
2015 - Security Code Review for Your Web Application - JavaOne
2015 - Rosetta Flash And Why Flash Is Still Vulnerable... (Extended) - Hackfest
2016
2016 - Modern XSS: Protections (and bypasses) - Confoo
2016 - The new wave of Deserialization Bugs - AltSecCon + NorthSec
2016 - Roslyn Security Guard - Black Hat Arsenal USA / Europe
2016 - Chateaux de carte ou Forteresse : Votre application web est-elle vulnerable? - ML2
2017
2017 - La sécurité Java en 2017 (French) - JUG Montréal
2017 - Security by Design - AtlSecCon + GoSec
2017 - CSP Auditor - Black Hat Arsenal USA
2017 - Static-Analysis: Now you're playing with power - Hackfest
2017 - Security boot camp for .NET developers - Confoo Vancouver
2017 - Modern XSS: The modern protections (and bypasses) v.2.0 - Confoo Vancouver
2018
2018 - Security boot camp for .NET developers - OWASP Québec + Confoo Montreal
2018 - Orange is the new Hack: An Introduction to Machine Learning with Orange - AtlSecCon + NorthSec + GoSec
2018 - Kill All Humans... Bugs! : Machine Learning to the rescue of code review - 44CON
2018 - Advanced XXE Workshop V1 - OWASP BASC + Hackfest
2019
2019 - Cache Me If You Can - Confoo
2019 - Java Security Code Review: Shall we play a game? - JUG Montreal
2019 - Deserialization: RCE for the modern web applications - AtlSecCon
2019 - Deserialization Workshop - NorthSec
2019 - OWASP Find Security Bugs: The community static code analyzer - AppSecGlobal + SecTor
2020 - 5 Unicode vulnerabilities that could byͥte you - Confoo
2020 - Template Injection in Action - Hackfest and GoSec
2020 - Advanced XXE Exploitation - New format based on Hack In Paris material
2021 - Unicode vulnerabilities that could byͥte you (New version) [video] - OWASP Toronto
2021 - Request Smuggling 101 - NorthSec + Confoo + GoSec
2021 - Request Smuggling Workshop - Intent Summit + Hackfest
2022 - Privacy pitfalls for your web application - Confoo
2022 - Web Application Firewall Bypass Workshop: Slides | Workshop Handbook (More details) - NorthSec
2023 - Developing Your First Chrome Extension - Confoo
2019 - Deserialization: RCE for the modern web applications - AtlSecCon
2019 - Deserialization Workshop - NorthSec
2019 - OWASP Find Security Bugs: The community static code analyzer - AppSecGlobal + SecTor
2020
2020 - 5 Unicode vulnerabilities that could byͥte you - Confoo
2020 - Template Injection in Action - Hackfest and GoSec
2020 - Advanced XXE Exploitation - New format based on Hack In Paris material
2021
2021 - Unicode vulnerabilities that could byͥte you (New version) [video] - OWASP Toronto
2021 - Request Smuggling 101 - NorthSec + Confoo + GoSec
2021 - Request Smuggling Workshop - Intent Summit + Hackfest
2022
2022 - Privacy pitfalls for your web application - Confoo
2022 - Web Application Firewall Bypass Workshop: Slides | Workshop Handbook (More details) - NorthSec
2023
2023 - Developing Your First Chrome Extension - Confoo