What is GeekWeek V?

GeekWeek is an annual workshop that brings together key players in the field of cyber security for nine days of intensive research and development. Tech enthusiasts are presented with the necessary time and resources to devise and implement innovative solutions to prevent, analyze or mitigate cyber-attacks.

GeekWeek offers a unique environment for participants to transform the craziest ideas into reality: advanced tools, millions of samples of spam emails, malware, and analysis reports available for testing, and of course, access to other cyber experts.

GeekWeek is a one-of-a-kind event where CIRTs, critical infrastructure industries (finance, defence, health, etc.), academic researchers, international cyber security partners and the next generation of cyber security experts can come together to improve and protect the cyberspace.


In 2014, Frédéric Massicotte, Mathieu Couture, Patrick Clow and Dominic Bergeron from the Canadian Cyber Incident Response Centre (CCIRC) decided to create a gathering that would inspire innovation and collaboration in the world of cyber security… GeekWeek was born.

Mentored by Mario Lefebvre (recipient of the 2016 Godfather of GeekWeek award), the GeekWeek founders imagined a solution-oriented workshop where participants could drive their own projects and develop solutions together.

While the first GeekWeek had very modest aspirations with an anticipated 10 attendees, the enthusiasm of the cyber security community roared and word-of-mouth rapidly spread. This led to a successful first edition with 29 participants. Since then, the event has grown to host more than 200 international participants putting in 18,000 working hours collectively – the equivalent of nine employees working full-time for a year.

The event has grown from a simple three-day workshop to a full nine-day event investigating more than 20 projects where participants can also attend presentations from their peers on cutting-edge developments in the cyber world, and participate in networking activities.


Past research and pilot project include: malware detection tools, spam and log analysis, mobile malware analysis systems, anti-ransomware tools, cyber-attacks conducted through web browsers, information sharing technologies and standards, cyber sovereignty (the geographic flow of data transmissions), cyber health and predictions, honey cloud, botnet traffic analysis, Internet of things hardening, industrial control systems assessment, fly-away kit/laptops, enforcement process, and automated malware analysis.

But beyond research, many GeekWeek projects have been put into production and are directly helping industry organizations with their cyber security challenges:


A REST API to access CCIRC’s databases. Stakeholders are able to use the code and integrate it with their own projects, including with SIEMs.

Partners now have the ability to access the BeAVER knowledge database at machine speed, and cyber threat information is disseminated in real-time of to protect our partners.


A tool that can process the millions of spam emails received every day to identify key cyberattacks. By extracting, at machine speed, URLs and attachments, analysts start to understand what the spammers are trying to sell or gather from Internet users.

Increases visibility into spam-sources threats, better information and protection to partners.


A malware and ransomware sandbox for Android smartphones. It includes analytics that looks at SSL encryption for Android and how it is exploited in MiTM (man-in-the-middle) attacks to identify outside servers that could be blocked to prevent such attacks.

Provides partners with analysis resources in the mobile malware threat sphere.


A system that prevents ransomware infections by “vaccinating” the individual box so it can identify file system changes at the kernel-level and kill the malicious ones.

Proactive capabilities in stopping ransomware threats on hosts


Machine speed IOCs sharing and victim notification systems.

Leveraging MISP and SOLTRA, these systems are now in operation 24/7 to notify and share back with stakeholders the information they need to mitigate cyberattacks.


A group of tools to crawl the internet and identify credential phishing web sites, malware control panels, etc. This information is shared back, at machine speed, with stakeholders, victims and system owners to rapidly mitigate these threats.

Allow partners to understand cyber threats to their brand and management to make strategic decisions.


One week of face-time to work through cases with RCMP, generating new IOCs and investigations.

Identify attacker infrastructures, and address cybercrime nationally and internationally.


A mapping of all the traffic that originates in Canada and where is it routed to. By measuring how much of the traffic stays in Canada this project gives insight into the cyber sovereignty of the Canadian internet.

Assess problems and impacts of cyber sovereignty.


A centralized map displaying a variety of existing tools and open source data to assess the health of the cyberspace. This broad view allows for a better understanding of the key cyber threats, and of the impact of each and everyone’s actions on the safety of the cyberspace.

Global view of the threat eco-system at macro level analytics and shared scorecards to partners.

The benefits of attending GeekWeek