obilodeau
@obilodeau.bsky.social
Father of two. Hacker. President @NorthSec. Research at Flare. Cofounder of MontréHack. Love to teach and share. BlackHat, Defcon, SecTor speaker.
Learning about color mapping and LUT (cube files) and trying all sorts of ffmpeg tricks to make bland videos look good at 2 am..
Yup, it's about @nsec.io and trying to leverage cool video shots that we were given for free, but they were raw...
Then you realize a phone does a lot of work for you...
Yup, it's about @nsec.io and trying to leverage cool video shots that we were given for free, but they were raw...
Then you realize a phone does a lot of work for you...
October 16, 2025 at 6:15 AM
Learning about color mapping and LUT (cube files) and trying all sorts of ffmpeg tricks to make bland videos look good at 2 am..
Yup, it's about @nsec.io and trying to leverage cool video shots that we were given for free, but they were raw...
Then you realize a phone does a lot of work for you...
Yup, it's about @nsec.io and trying to leverage cool video shots that we were given for free, but they were raw...
Then you realize a phone does a lot of work for you...
Here is all the cool stuff I brought back from @bsideslv.org, @blackhatofficial.bsky.social and @defcon.bsky.social. Was thrilled to do the trio! Chrono order: Sponsor at BSides LV, speaking at BlackHat USA and DEFCON. I wasn't even trying to bring stuff back, it just happened! 🙏 cool people I met!
August 14, 2025 at 4:54 AM
Here is all the cool stuff I brought back from @bsideslv.org, @blackhatofficial.bsky.social and @defcon.bsky.social. Was thrilled to do the trio! Chrono order: Sponsor at BSides LV, speaking at BlackHat USA and DEFCON. I wasn't even trying to bring stuff back, it just happened! 🙏 cool people I met!
Met @malwarejake.bsky.social in real life! Glad I got to talk to him about Estelle and I recent work on stealer logs with incident response use cases
August 4, 2025 at 10:53 PM
Met @malwarejake.bsky.social in real life! Glad I got to talk to him about Estelle and I recent work on stealer logs with incident response use cases
Look at this nice hardware badge! Real filament tubes!
August 4, 2025 at 9:40 PM
Look at this nice hardware badge! Real filament tubes!
Free give-aways all week during Hacker Summer Camp!
I'll be at the Flare booth during @bsideslv.org, I'll be roaming around and giving a talk at @blackhatofficial.bsky.social (brag) and I'll also be roaming around + giving a talk at @defcon.bsky.social (brag).
Come and see me. Let's chat! Cheers
I'll be at the Flare booth during @bsideslv.org, I'll be roaming around and giving a talk at @blackhatofficial.bsky.social (brag) and I'll also be roaming around + giving a talk at @defcon.bsky.social (brag).
Come and see me. Let's chat! Cheers
August 4, 2025 at 8:24 AM
Free give-aways all week during Hacker Summer Camp!
I'll be at the Flare booth during @bsideslv.org, I'll be roaming around and giving a talk at @blackhatofficial.bsky.social (brag) and I'll also be roaming around + giving a talk at @defcon.bsky.social (brag).
Come and see me. Let's chat! Cheers
I'll be at the Flare booth during @bsideslv.org, I'll be roaming around and giving a talk at @blackhatofficial.bsky.social (brag) and I'll also be roaming around + giving a talk at @defcon.bsky.social (brag).
Come and see me. Let's chat! Cheers
A dream come true: I wrote POC-level code that I thought would be a good addition to our platform, and someone rewrote it and integrated it. We are now protecting more customers automatically with it!
Now onto the next POC!
Now onto the next POC!
July 2, 2025 at 6:15 PM
A dream come true: I wrote POC-level code that I thought would be a good addition to our platform, and someone rewrote it and integrated it. We are now protecting more customers automatically with it!
Now onto the next POC!
Now onto the next POC!
Estelle Ruellan and I were accepted at BlackHat USA!!
"Hackers Dropping Mid-Heist Selfies: LLM ldentifies Information Stealer Infection Vector and Extracts loCs"
Couldn't be happier sharing what we did on a worldwide stage!
p.s.: picture of us celebrating from Botconf after our talk today
#BHUSA
"Hackers Dropping Mid-Heist Selfies: LLM ldentifies Information Stealer Infection Vector and Extracts loCs"
Couldn't be happier sharing what we did on a worldwide stage!
p.s.: picture of us celebrating from Botconf after our talk today
#BHUSA
May 21, 2025 at 11:56 PM
Estelle Ruellan and I were accepted at BlackHat USA!!
"Hackers Dropping Mid-Heist Selfies: LLM ldentifies Information Stealer Infection Vector and Extracts loCs"
Couldn't be happier sharing what we did on a worldwide stage!
p.s.: picture of us celebrating from Botconf after our talk today
#BHUSA
"Hackers Dropping Mid-Heist Selfies: LLM ldentifies Information Stealer Infection Vector and Extracts loCs"
Couldn't be happier sharing what we did on a worldwide stage!
p.s.: picture of us celebrating from Botconf after our talk today
#BHUSA
NorthSec is delivered. It was an incredible edition! Great keynotes, our best party so far and our world-class in-person CTF scenario and huge set of diverse and accessible challenges were a great success!
I didn't take much photos, I'll report back later. ✈️🇫🇷 to botconf now! 😅
I didn't take much photos, I'll report back later. ✈️🇫🇷 to botconf now! 😅
May 19, 2025 at 9:33 PM
NorthSec is delivered. It was an incredible edition! Great keynotes, our best party so far and our world-class in-person CTF scenario and huge set of diverse and accessible challenges were a great success!
I didn't take much photos, I'll report back later. ✈️🇫🇷 to botconf now! 😅
I didn't take much photos, I'll report back later. ✈️🇫🇷 to botconf now! 😅
80+ volunteers have worked on this all year. It's time for another NorthSec and it's going to be epic!
May 14, 2025 at 5:02 AM
80+ volunteers have worked on this all year. It's time for another NorthSec and it's going to be epic!
Achievement unlocked: presenting on a cinema screen
The movie starts in 15 minutes in theatre 14!
Thanks @bsidessf.org for having me!
The movie starts in 15 minutes in theatre 14!
Thanks @bsidessf.org for having me!
April 26, 2025 at 6:03 PM
Achievement unlocked: presenting on a cinema screen
The movie starts in 15 minutes in theatre 14!
Thanks @bsidessf.org for having me!
The movie starts in 15 minutes in theatre 14!
Thanks @bsidessf.org for having me!
Running an infosec conference is also having to deal with vulnerabilities because someone has an XSS payload in his bio 😆👾 Filtering would have been easy but it would strip the joke. We needed to keep it.
Vuln path: Pretalx -> markdown processor -> yaml -> jekyll to HTML. Fixed now.
Vuln path: Pretalx -> markdown processor -> yaml -> jekyll to HTML. Fixed now.
February 25, 2025 at 5:35 AM
Running an infosec conference is also having to deal with vulnerabilities because someone has an XSS payload in his bio 😆👾 Filtering would have been easy but it would strip the joke. We needed to keep it.
Vuln path: Pretalx -> markdown processor -> yaml -> jekyll to HTML. Fixed now.
Vuln path: Pretalx -> markdown processor -> yaml -> jekyll to HTML. Fixed now.
I love the MontréHack community. New faces, familiar faces all willing to learn, hands on the keyboard.
They are starting their *13 years* of *free* *monthly* cybersecurity challenge training sessions! Incredible!
They are starting their *13 years* of *free* *monthly* cybersecurity challenge training sessions! Incredible!
February 20, 2025 at 5:10 AM
I love the MontréHack community. New faces, familiar faces all willing to learn, hands on the keyboard.
They are starting their *13 years* of *free* *monthly* cybersecurity challenge training sessions! Incredible!
They are starting their *13 years* of *free* *monthly* cybersecurity challenge training sessions! Incredible!
Having a blast at #ShmooCon. Talk went great and then I stumbled upon a @northsec.bsky.social badge wearer. Gave him this year's badge. Look how great his dragon mask is!
January 11, 2025 at 11:02 PM
Having a blast at #ShmooCon. Talk went great and then I stumbled upon a @northsec.bsky.social badge wearer. Gave him this year's badge. Look how great his dragon mask is!
me: Hey ChatGPT, can you draw a diagram of Application Bound Encryption in Google Chrome?
it: <diagram below>
me: 🤨 🙄 😠 🤡 🤣
it: <diagram below>
me: 🤨 🙄 😠 🤡 🤣
January 11, 2025 at 4:52 AM
me: Hey ChatGPT, can you draw a diagram of Application Bound Encryption in Google Chrome?
it: <diagram below>
me: 🤨 🙄 😠 🤡 🤣
it: <diagram below>
me: 🤨 🙄 😠 🤡 🤣
Only specific UTF-8 ammunition goes in checked luggage. Ah and it must be escaped.
January 8, 2025 at 7:01 PM
Only specific UTF-8 ammunition goes in checked luggage. Ah and it must be escaped.
This year it took me longer to design my kids' Christmas ciphers than it took them to solve it. I had a pigpen cipher, an emoji mono substitution and linear math algebra.
I'll try to double down next year. More hidden things in the house, more steps, puzzles more fun to solve. You have ideas?
I'll try to double down next year. More hidden things in the house, more steps, puzzles more fun to solve. You have ideas?
December 25, 2024 at 7:07 PM
This year it took me longer to design my kids' Christmas ciphers than it took them to solve it. I had a pigpen cipher, an emoji mono substitution and linear math algebra.
I'll try to double down next year. More hidden things in the house, more steps, puzzles more fun to solve. You have ideas?
I'll try to double down next year. More hidden things in the house, more steps, puzzles more fun to solve. You have ideas?
The news publications about recent MOVEit hacks got details wrong. This threat actor "Nam3L3ss" is an hacktivist that repackages previous breaches putting the spotlight on content matching big brands orgs. He bragged about having ~42TB of data yesterday! Blog: flare.io/learn/resour...
December 12, 2024 at 7:43 PM
The news publications about recent MOVEit hacks got details wrong. This threat actor "Nam3L3ss" is an hacktivist that repackages previous breaches putting the spotlight on content matching big brands orgs. He bragged about having ~42TB of data yesterday! Blog: flare.io/learn/resour...
The @northsec.bsky.social training line-up is announced.
nsec.io/training-ses...
Cybersecurity is a craft: it can't be learned at school, videos or talks. Must be learned hands-on while someone is watching over your shoulders. This is what you get with short topic-focused classes. Get trained!
nsec.io/training-ses...
Cybersecurity is a craft: it can't be learned at school, videos or talks. Must be learned hands-on while someone is watching over your shoulders. This is what you get with short topic-focused classes. Get trained!
February 29, 2024 at 7:31 PM
The @northsec.bsky.social training line-up is announced.
nsec.io/training-ses...
Cybersecurity is a craft: it can't be learned at school, videos or talks. Must be learned hands-on while someone is watching over your shoulders. This is what you get with short topic-focused classes. Get trained!
nsec.io/training-ses...
Cybersecurity is a craft: it can't be learned at school, videos or talks. Must be learned hands-on while someone is watching over your shoulders. This is what you get with short topic-focused classes. Get trained!