Talks

Benjamin Bayart

Keynote

Coming soon ...

Benjamin Bayart est expert en télécommunications et ancien président de French Data Network, le plus ancien fournisseur d’accès à Internet en France encore en exercice. Militant pour les libertés fondamentales dans la société de l'information par la neutralité du net et le logiciel libre, ses prises de positions en font une personnalité remarquée de l'Internet français.
Virtualabs

Break, dump & crash

Subtitle: Broadcom based Cable Modem Hacking for fun and profit

Many last-generation Cable modem are based on last generation Broadcom chipsets, allowing multiple applications to run, multitask support and various embedded files such as HTML pages or resources. This talk aims at presenting simple tools and methods to break into these modems, dump information from specific components, and also presents many features of the BCM3383 chipset.

The author wrote many tools dealing with packed firmwares and files, and identified many ways to hack the way cable modems work. These tools will be made publicly available once the talk done.

CrashTest

Retro-arcades protections & hacking

In order to be successful, old-school arcades had to be awesome. To be awesome, they were often running on dedicated hardware.
As they were awesome, it triggered an awesome level of piracy, for which bootleggers were ready to remake from scratch the whole hardware.
In order to fight that, the industry came with awesome dedicated protections, and some of them are still undefeated nowadays.

This talk introduces the world of old-school arcades, and explains what it took to prevent some of them to be lost forever.

Jayson Street

Around the world in 80 Cons

This is a talk on perspectives. I step outside of mine to see hacking around the world though different views. We will explore how companies who publish reports help skew the global perspective. We will look at how people from different parts of the world see hacking/ information security from their own perspective. We will hear a few tales of what I saw through my perspective of a stranger in a foreign land. We will then explore a small slice of history of a few hackers to gain a better perspective of where we have been, where we are now and where we are heading. This talk was not only created to entertain and enlighten the conference attendees to take a step back and look at what they themselves are a part of. It was made for them to share with friends, family and coworkers. So people on the outside could get a better understanding of what a hacker truly is and why being one is such a great thing to be!

Jayson E. Street is an author of “Dissecting the hack: The F0rb1dd3n Network” from Syngress. Also creator of http://dissectingthehack.com He has also spoken at DEFCON, DerbyCon, UCON and at several other ‘CONs and colleges on a variety of Information Security subjects. His life story can be found on Google under “Jayson E. Street” *He is a highly carbonated speaker who has partaken of Pizza from Beijing to Brazil. He does not expect anybody to still be reading this far but if they are please note he was chosen as one of Time’s persons of the year for 2006. ;-)
Matthieu Bouthors

La tête dans les nuages

"Cloud" is slowly replacing some parts of our the web we have been used to deal with, in this talk we will see how to understand and adapt our toolkits and our attacks to this "cloud" world.

Mr Jack

Use CNC and 3D to cut your own mechanical keys

This presentation will show you how to duplicate a key, with no experience, applicable on standard keys, dimple keys and even high security pump locks keys. Only for a few bucks.

Commercially available code cutting machine usually cost more than 10 000 euros, and the are dedicated to a specific type of key. Even locksmiths are pretty rare to own one, because the total invesment is around 60 000 euros if you want to duplicate a large part of the key available on the market.

Using a CNC milling machine can be very helpful, for less than 5 000 euros, or even less than 1 000 euros with DIY machines. And this machines are more and more present in HackerSpaces and FabLabs.

And what about 3D printing ?
Please come and you will know ;-)

Take back the control over your physical security !

HaveFun !
MrJack

Security trainer for locksmiths, computer scientists and the military for 6 years, Alexandre is continuously developing tools and techniques to circumvent physical security devices. He recently formed a company specializing in physical pentesting and training. He has also co-authored the only French-book covering a wide variety of techniques to open locks without leaving traces.
Vorex & Virtualabs

Coucou, tu veux voir ma domotique ?

This talk deals with home automation (also called "domotics") and its security concerns: assets and security protection, privacy and digital security. These security aspects are closely related, actual intruders not relying only on classical intrusion techniques and tools but also on new technologies: social networks, specific-purpose electronic devices and computers.

Many opensource and closed solutions and their vulnerabilities will be demonstrated , showing their lack of maturity but also the fact developpers do not follow best practices. Moreover, this talk questions on of the most announced marketing motto: "Protect your assets and your family with our home automation box !"

Many live demos will be performed on some of the presented home-automation  solutions, showing the ease and possible impact in real life.

Electrolab

Using a basic bathroom scale to remotly follow a behive production

  • Description of different possible solutions
  • Description of a multiplexed LCD signal
  • Practical way of rebuilding the LCD structure

1.    Example based on the Téraillon TX6000 scale
2.    Arduino code for weight reading
3.    Communication method : Sigfox network with Akeru board, why and how.
4.    Results : history of an actual behive mesures

Electrolab is a hackerspace located in Nanterre, 15 miles away from Paris downtown. Our chief weapon is surprise, electronic, Chemical experiment, smithy, high power laser cutting, high vacuum experiment and and an almost fanatical devotion to hacking spirit. http://www.electrolab.fr and @Electrolab_Fr
Renaud Lifchitz

Extraction et attaque de clés publiques RSA grâce à une faiblesse courante des signatures électroniques - application à PGP et Vigik

This talk will show a very common weakness in RSA signatures. We will be able to computationally extract public RSA keys from communications and embedded systems in case the public key is voluntarily not published. This weakens RSA signatures where keys of small sizes and/or quality are used and allows direct factoring attacks. 2 studies will be conducted on PGP/GPG e-mails and on the Vigik access control system which protects access to nearly 1 million buildings in France.

Renaud Lifchitz is a French senior IT security consultant. He has a solid penetration testing, training and research background. His main interests are protocol security (authentication, cryptography, protocol security, information leakage, zero-knowledge proof, RFID security) and number theory. He currently mostly works on wireless protocols and was speaker for the following international conferences: CCC 2010 (Germany), Hackito Ergo Sum 2010 & 2012 (France), DeepSec 2012 (Austria), Shakacon 2012 (USA), 8dot8 2013 (Chile).
Jaime Sanchez

Security Threats for Instant Messaging Platforms

Global surveillance emerged as a phenomenon since the late 1940s and Internet and mobile technology are being developed with such pace that it is impossible to guarantee electronic privacy and nobody should expect it. How strong are the actual Instant Messaging Platforms? Do they take care of our security and privacy? We'll look inside the security of several clients (like BBM, Snapchat, Viber or Line) and will put our focus on WhatsApp.

WhatsApp might not be as widely known as Twitter, but the company announced that it has passed 400 million active monthly users. WhatsApp has been plagued by several security issues in the past, so we decided to start the research. We’ve discovered several vulnerabilities more that we'll disclosure (with proof of concept code), including encryption flaws, remote DOS (making the client crash by sending a custom message) or how to spoof messages manipulating sender address information.

Jaime Sanchez (@segofensiva) is passionate about computer security that has worked for over 13 years as a specialist advisor for large national and international companies. He works for Telefonica and holds a Computer Engineering degree and also Executive MBA, as well as holding several certifications like CISA, CISM, CISSP, just to name a few. He is a frequent speaker introducing new bugs, exploitation techniques and mitigation, as in RootedCON, Nuit du Hack, Black Hat Arsenal USA 2013, Defcon 21, DeepSec, BlackHat Sao Paulo, Shmoocon and many others. Frequent contributor on several technical magazines in Spain, involved with state-of-the-art attack and defense mechanisms, network security and general ethical hacking techniques, he also writes a blog called SeguridadOfensiva (www.seguridadofensiva.com), touching on current topics in the field of hacking and security.
Zakaria Rachid & Borja Berástegui

Take care of your inputs

We've been messing with all kind of public devices in the last years, in airports, malls, cinemas, museums or even just on the street.

In this talk, we will expose again the experiences Borja talked previously at RootedCon (Spain) and Zack will tell about his experience as well and add as much new owned devices as possible.

Interactive kiosks, ticket-selling machines, ATMs... In this talk we will see what kind of computers are being offered to everyone who wants to.

All kinds of devices exposed to the hands of anyone in public and easily accessible. How secured are them? And what is more important ... In which networks are those devices connected to? In this talk we will talk about all this terminals which access has been obtained by escaping the legit applications, their locations, and methods used to access the underlying systems will be discussed.

The main point of the talk is to expose how it is possible to acquire control of the underlying system of this computers.

Marc Nimmerrichter

Defeating Memory Corruption Attacks by Replication and Diversification

Memory error exploits have been around for quite some time now, but despite all the efforts to prevent these attacks, they are still one of the most commonly exploited vulnerabilities to get arbitrary code execution - sometimes even with system privileges - on a target machine. Most of the protections currently deployed are probabilistic, meaning that they can make the exploitation of memory errors harder and more time consuming, but they cannot prevent them deterministically. It turned out that ASLR can be bypassed with techniques such as heap spraying, and that stack canaries can be left untouched by simply overwriting pointers other than the return address. Furthermore, these security mechanisms rely on keeping the seed secret, which cannot always be assured.

We propose a technique that provides deterministic protection against all memory corruption attacks that perform full pointer overwrites to redirect the execution flow. The key ideas are address space partitioning, process replication and I/O synchronization. Deterministic protection can be achieved by making sure that any virtual memory address is only valid in one of the processes. Any memory corruption attack that attempts to redirect the execution flow by a pointer overwrite, cannot be successful in both processes. Since both processes are fed with the same input, it will result in a segmentation fault in one of the processes. By monitoring the processes at system call ganularity, it can be assured that malicious code cannot do any damage to the system.

A PoC was developed in the course of the research, which is published under the terms of the LGPL.

After receiving a BSc degree in Computing, Marc continued his studies on an MSc degree in Information Security at Royal Holloway, University of London. He currently works at Deloitte Luxembourg, providing Information Security consulting services to clients in the public and private sector. Marc has mainly been working on penetration tests, source code reviews and mobile security assessments.
Marco Cova

Combating Evasive Malware

A key challenge in today's malware analysis is the use of evasions, a set of techniques that malicious artifacts use to determine if they are running inside analysis environments and to evade their detection.

In this talk, we will review evasion techniques found in-the-wild in binary and web-based malware (i.e., malicious web pages). We will also present two systems that we have introduced to detect and bypass common evasion techniques used in these contexts.

The talk will leverage our experience with doing malware analysis in a commercial settings at Lastline, as well as years of experience in running two academic malware analysis systems: Anubis (http://anubis.iseclab.org) and Wepawet (http://wepawet.cs.ucsb.edu).

Marco Cova is a member of the founding team of Lastline, Inc., where is currently a Senior Security Research, and is a Lecturer in Computer Security at the University of Birmingham, UK. He received his M.S degree in Computer Engineering from the University of Bologna, Italy, and his Ph.D. degree in Computer Science from the University of California, Santa Barbara. His research interests include most areas of systems security, with an emphasis on web-based malware analysis and detection, botnets, and vulnerability analysis. He has published more than 25 papers on these topics in leading conferences and journals. He has also led the design and development of Wepawet, a publicly-available service for the analysis of malicious web pages.