Talks

[FR] Keynote
Benjamin Bayart

Keynote

Coming soon ...

Benjamin Bayart est expert en télécommunications et ancien président de French Data Network, le plus ancien fournisseur d’accès à Internet en France encore en exercice. Militant pour les libertés fondamentales dans la société de l'information par la neutralité du net et le logiciel libre, ses prises de positions en font une personnalité remarquée de l'Internet français.
[EN] Around the world in 80 Cons
Jayson Street

Around the world in 80 Cons

This is a talk on perspectives. I step outside of mine to see hacking around the world though different views. We will explore how companies who publish reports help skew the global perspective. We will look at how people from different parts of the world see hacking/ information security from their own perspective. We will hear a few tales of what I saw through my perspective of a stranger in a foreign land. We will then explore a small slice of history of a few hackers to gain a better perspective of where we have been, where we are now and where we are heading. This talk was not only created to entertain and enlighten the conference attendees to take a step back and look at what they themselves are a part of. It was made for them to share with friends, family and coworkers. So people on the outside could get a better understanding of what a hacker truly is and why being one is such a great thing to be!

Jayson E. Street is an author of “Dissecting the hack: The F0rb1dd3n Network” from Syngress. Also creator of http://dissectingthehack.com He has also spoken at DEFCON, DerbyCon, UCON and at several other ‘CONs and colleges on a variety of Information Security subjects. His life story can be found on Google under “Jayson E. Street” *He is a highly carbonated speaker who has partaken of Pizza from Beijing to Brazil. He does not expect anybody to still be reading this far but if they are please note he was chosen as one of Time’s persons of the year for 2006. ;-)
[FR] Extraction et attaque de clés publiques RSA grâce à une faiblesse courante des signatures électroniques - application à PGP et Vigik
Renaud Lifchitz

Extraction et attaque de clés publiques RSA grâce à une faiblesse courante des signatures électroniques - application à PGP et Vigik

This talk will show a very common weakness in RSA signatures. We will be able to computationally extract public RSA keys from communications and embedded systems in case the public key is voluntarily not published. This weakens RSA signatures where keys of small sizes and/or quality are used and allows direct factoring attacks. 2 studies will be conducted on PGP/GPG e-mails and on the Vigik access control system which protects access to nearly 1 million buildings in France.

Renaud Lifchitz is a French senior IT security consultant. He has a solid penetration testing, training and research background. His main interests are protocol security (authentication, cryptography, protocol security, information leakage, zero-knowledge proof, RFID security) and number theory. He currently mostly works on wireless protocols and was speaker for the following international conferences: CCC 2010 (Germany), Hackito Ergo Sum 2010 & 2012 (France), DeepSec 2012 (Austria), Shakacon 2012 (USA), 8dot8 2013 (Chile).
[FR] Break, dump & crash
Virtualabs

Break, dump & crash

Sous-titre: Hacker les modem fibre for fun & profit

Beaucoup de modem cable/fibre de dernière génération sont basés sur des chipsets Broadcom, offrant ainsi la possibilité d'exécuter plusieurs applications (Middleware), de gérer le multitache et différents fichiers embarqués dans le périphérique comme des pages HTML ou d'autres ressources.

Ce talk présente des outils et méthodes simples pour accéder aux éléments internes de ces modems, récupérer de l'information de composants spécifiques et présente aussi plusieurs fonctionnalités du chipset Broadcom BCM3383.

Des outils dédiés permettant de manipuler les différents firmwares et fichiers seront rendus publiques à la suite de cette présentation.

[EN] Security Threats for Instant Messaging Platforms
Jaime Sanchez

Security Threats for Instant Messaging Platforms

Global surveillance emerged as a phenomenon since the late 1940s and Internet and mobile technology are being developed with such pace that it is impossible to guarantee electronic privacy and nobody should expect it. How strong are the actual Instant Messaging Platforms? Do they take care of our security and privacy? We'll look inside the security of several clients (like BBM, Snapchat, Viber or Line) and will put our focus on WhatsApp.

WhatsApp might not be as widely known as Twitter, but the company announced that it has passed 400 million active monthly users. WhatsApp has been plagued by several security issues in the past, so we decided to start the research. We’ve discovered several vulnerabilities more that we'll disclosure (with proof of concept code), including encryption flaws, remote DOS (making the client crash by sending a custom message) or how to spoof messages manipulating sender address information.

Jaime Sanchez (@segofensiva) is passionate about computer security that has worked for over 13 years as a specialist advisor for large national and international companies. He works for Telefonica and holds a Computer Engineering degree and also Executive MBA, as well as holding several certifications like CISA, CISM, CISSP, just to name a few. He is a frequent speaker introducing new bugs, exploitation techniques and mitigation, as in RootedCON, Nuit du Hack, Black Hat Arsenal USA 2013, Defcon 21, DeepSec, BlackHat Sao Paulo, Shmoocon and many others. Frequent contributor on several technical magazines in Spain, involved with state-of-the-art attack and defense mechanisms, network security and general ethical hacking techniques, he also writes a blog called SeguridadOfensiva (www.seguridadofensiva.com), touching on current topics in the field of hacking and security.
[FR] La tête dans les nuages
Matthieu Bouthors

La tête dans les nuages

Le "cloud" remplace lentement des parties du web que l'on a l'habitude de côtoyer, nous allons voir dans cette présentation comment comprendre et adapter nos outils et attaques au monde du "cloud".

[FR] Coucou, tu veux voir ma domotique ?
Vorex & Virtualabs

Coucou, tu veux voir ma domotique ?

Ce talk aborde la domotique et sa problématique de la sécurité: sécurité des biens et des personnes, de la vie privée ainsi que la sécurité numérique. Ces trois types de sécurité sont étroitement liées, les attaquants actuels ne se limitant plus aux techniques traditionnelles mais utilisant de plus en plus les nouvelles technlogies pour arriver à leur fin: réseaux sociaux, outils électroniques et informatiques.

Plusieurs solutions open-source et propriétaires seront présentées, et pour certaines d'entre-elles des vulnérabilités seront dévoilées, démontrant le manque de maturité des solutions actuelles, et la méconnaissance des développeurs des bonnes pratiques de développement et des attaques existantes.  De plus, ce talk va mettre en doute un des arguments commercial récurrent de ces solutions: la protection des biens et des personnes.

Plusieurs démonstrations en live seront effectuées, sur certaines solutions domotique, démontrant la facilité d'exploitation et l'impact possible sur des cas réels.

[EN] Take care of your inputs
Zakaria Rachid & Borja Berástegui

Take care of your inputs

We've been messing with all kind of public devices in the last years, in airports, malls, cinemas, museums or even just on the street.

In this talk, we will expose again the experiences Borja talked previously at RootedCon (Spain) and Zack will tell about his experience as well and add as much new owned devices as possible.

Interactive kiosks, ticket-selling machines, ATMs... In this talk we will see what kind of computers are being offered to everyone who wants to.

All kinds of devices exposed to the hands of anyone in public and easily accessible. How secured are them? And what is more important ... In which networks are those devices connected to? In this talk we will talk about all this terminals which access has been obtained by escaping the legit applications, their locations, and methods used to access the underlying systems will be discussed.

The main point of the talk is to expose how it is possible to acquire control of the underlying system of this computers.

[FR] Retro-arcades protections & hacking
CrashTest

Retro-arcades protections & hacking

Pour avoir du succès, les jeux d'arcades des années 80-90 étaient condamnés à taper dans l’œil.
Pour ça, ils tournaient souvent sur hardware dédié.
Avec ces jeux exceptionnels est apparu un piratage d'un niveau technique exceptionnel. En réponse, les fabricants créaient des protections elles aussi exceptionnelles, dont certaines sont toujours invaincues de nos jours.

Ceci est une visite d'ensemble du monde des jeux d'arcades, de leurs protections, et ce qu'il a fallu faire pour que certains d'entre eux ne soient plus voués à l'oubli.

[EN] Defeating Memory Corruption Attacks by Replication and Diversification
Marc Nimmerrichter

Defeating Memory Corruption Attacks by Replication and Diversification

Memory error exploits have been around for quite some time now, but despite all the efforts to prevent these attacks, they are still one of the most commonly exploited vulnerabilities to get arbitrary code execution - sometimes even with system privileges - on a target machine. Most of the protections currently deployed are probabilistic, meaning that they can make the exploitation of memory errors harder and more time consuming, but they cannot prevent them deterministically. It turned out that ASLR can be bypassed with techniques such as heap spraying, and that stack canaries can be left untouched by simply overwriting pointers other than the return address. Furthermore, these security mechanisms rely on keeping the seed secret, which cannot always be assured.

We propose a technique that provides deterministic protection against all memory corruption attacks that perform full pointer overwrites to redirect the execution flow. The key ideas are address space partitioning, process replication and I/O synchronization. Deterministic protection can be achieved by making sure that any virtual memory address is only valid in one of the processes. Any memory corruption attack that attempts to redirect the execution flow by a pointer overwrite, cannot be successful in both processes. Since both processes are fed with the same input, it will result in a segmentation fault in one of the processes. By monitoring the processes at system call ganularity, it can be assured that malicious code cannot do any damage to the system.

A PoC was developed in the course of the research, which is published under the terms of the LGPL.

After receiving a BSc degree in Computing, Marc continued his studies on an MSc degree in Information Security at Royal Holloway, University of London. He currently works at Deloitte Luxembourg, providing Information Security consulting services to clients in the public and private sector. Marc has mainly been working on penetration tests, source code reviews and mobile security assessments.
[FR] Use CNC and 3D to cut your own mechanical keys
Mr Jack

Use CNC and 3D to cut your own mechanical keys

Cette présentation vous montrera comment copier une clé même sans expérience, sur des modèles de clés à dents, clés à trous, et même certains modèles de haute sécurité à pompes. Pour quelques euros seulement.

Les machines du commerce dédiées à la fabrication de clés sont disponibles à des prix généralement au delà de 10 000 euro, et ne peuvent tailler qu'une certaine catégorie de clé. Les serruriers eux-mêmes sont rares à en posséder, l'investissement atteignant les 60 000 euros si on veut pouvoir fabriquer la majorité des clés en circulation.

L'utilisation d'une fraiseuse CNC peut facilement résoudre ce problème, pour moins de 5 000 euros, voire même moins de 1 000 euros si on la fabrique soi-même. Et ces machines se répandent de plus en plus, notamment dans les hacker-space et fablab.

Et l'impression 3D dans tout ça ?
Venez et vous saurez ;-)

Reprenez le contrôle de votre sécurité physique !

Have Fun !
MrJack

Security trainer for locksmiths, computer scientists and the military for 6 years, Alexandre is continuously developing tools and techniques to circumvent physical security devices. He recently formed a company specializing in physical pentesting and training. He has also co-authored the only French-book covering a wide variety of techniques to open locks without leaving traces.
[EN] Combating Evasive Malware
Marco Cova

Combating Evasive Malware

A key challenge in today's malware analysis is the use of evasions, a set of techniques that malicious artifacts use to determine if they are running inside analysis environments and to evade their detection.

In this talk, we will review evasion techniques found in-the-wild in binary and web-based malware (i.e., malicious web pages). We will also present two systems that we have introduced to detect and bypass common evasion techniques used in these contexts.

The talk will leverage our experience with doing malware analysis in a commercial settings at Lastline, as well as years of experience in running two academic malware analysis systems: Anubis (http://anubis.iseclab.org) and Wepawet (http://wepawet.cs.ucsb.edu).

Marco Cova is a member of the founding team of Lastline, Inc., where is currently a Senior Security Research, and is a Lecturer in Computer Security at the University of Birmingham, UK. He received his M.S degree in Computer Engineering from the University of Bologna, Italy, and his Ph.D. degree in Computer Science from the University of California, Santa Barbara. His research interests include most areas of systems security, with an emphasis on web-based malware analysis and detection, botnets, and vulnerability analysis. He has published more than 25 papers on these topics in leading conferences and journals. He has also led the design and development of Wepawet, a publicly-available service for the analysis of malicious web pages.
[FR] Using a basic bathroom scale to remotly follow a behive production
Electrolab

Using a basic bathroom scale to remotly follow a behive production

Comment hacker un pèse personne en utilisant sa propre électronique

  • Description des différentes méthodes possibles
  • Description d'un signal d'alimentation de LCD à segments multiplexés
  • Méthode pratique pour reconstruire la structure du LCD

1.    Exemple basé sur la balance téraillon TX6000
2.    Codage arduino pour la lecture du poids
3.    Méthode d'envoi de la mesure à distance ; réseau Sigfox avec la board Akeru, pourquoi et comment ?
4.    Résultats : historique de mesure sur une ruche réelle

Electrolab is a hackerspace located in Nanterre, 15 miles away from Paris downtown. Our chief weapon is surprise, electronic, Chemical experiment, smithy, high power laser cutting, high vacuum experiment and and an almost fanatical devotion to hacking spirit. http://www.electrolab.fr and @Electrolab_Fr