Hack In Paris 2015
Juste avant la Nuit du Hack, il y a un autre évènement dont j’aimerai vous parler qui s’appelle Hack In Paris, organisé par la société Sysdream et dont je suis partenaire.
Hack in Paris se déroulera du 15 au 19 juin et proposera durant 5 jours, une approche technique et pratique de la sécurité informatique pour les professionnels. Les 3 premiers jours seront consacrés à la pratique avec de nombreux experts techniques qui formeront les participants sur des thématiques aussi diverses que l’exploitation Android/iOS, le pentesting des systèmes de contrôle industriel, les attaques via navigateurs, l’utilisation de Python dans le cadre de la sécurité, le hacking hardware ou l’utilisation de la suite de pentesting Burp…etc.
Les 2 jours suivants seront consacrés à des conférences toutes plus passionnantes que les autres. Je vous mets la liste ici :
Keynote: Analogue Network Security par Winn Schwartau This keynote is about applying analogue thinking to Network Security. It’s about a different way of approaching our defenses, understanding the attackers and hopefully will inspire others. It’s about a melange of concepts, many analogue, that when combined in various ways, I hope will help our industry.
Backdooring X11 with much class and no privileges par Matias Katz X11 is much more powerful than we think. In this talk I will show how to generate a backdoor for any Linux or BSD machine that runs X11, X-Window or Xorg, by using only syscalls to X, no binaries, or Opcodes, or privileges to be executed, which can be invoked by hardware interruptions or an open port on the victim computer.
Bootkit via SMS: 4G access level security assessment par Timur Yunusov When spring came to one country we’ve got the desire to hack stuff not in frowzy office but in the open air. All of a sudden, along with snowdrops, telecom operators billboards appeared which advertised the fastest, the cheapest and the best. Before diving into the internet with the new gadget we decided to test how these ads correspond to reality… To our reality.
Fitness Tracker: Hack In Progress par Axelle Apvrille This talk is about hacking a well-known fitness wristband, the Fitbit Flex. Wearables are extremely trendy nowadays, but actually, we know little about their security: what information do they send on us? how reliable are they ? can they be hacked? etc. The fact they rely on proprietary protocols does not help. So, precisely, we focus on understanding the communication with the tracker. Eventually, that’s how we learn how to turn the Flex into a wearable random number generator.
Revisiting ATM vulnerabilities for our fun and vendor’s profit par Alexey Osipov & Olga Kochetova For many years world knew only about physical or even vandal attacks on ATMs. Firstly there were cash-machine robberies, ram raids or another “big-power-needed” attacks. Technical progress increased and brought more intelligent crime - skimming and shimming for stealing magstripe track data, fake pinpad for stealing PIN. During last several years so many times ATMs were jackpotted with some named or unnamed malware. How it happened? Unpatched operating system or vulnerable ATM software? Possible.
Server-side browsing considered harmful par Nicolas Grégoire SSRF vulnerabilities (aka CWE-918) allows attackers to submit arbitrary URL to vulnerable applications, and have the application (or one of its components) browse this URL. The talk describes my latest findings regarding this narrow field of AppSec. Of course, being under NDA during my penetration tests, I’ll only covering bugs reported to bounties programs. That includes Yahoo, Facebook, Prezi, PayPal, Stripe, CoinBase, and more!
DDoS mitigations’ EPIC FAIL collection par Moshe Zioni I have been researching DDoS attacks and mitigation techniques for the past three years and worked with industry leaders on testing their systems, sometimes massive and complex as the Eiffel tower itself, providing them with cutting edge, and even never-seen-before attacks. I was amazed (actually still am) to find out that those big corporations, investing much work into their architecture of defense came to FAIL and sometimes the sole reason for a successful attack was a mitigation configuration or architecture FAIL.
You don’t hear me but your phone’s voice interface does par Jose Lopes Esteves et Chaouki Kasmi Voice command allows the hand-free use of a mobile device for texting, calling and application launching. This way of interacting with the mobile devices is spreading and will certainly be one of the main improvements in the upcoming UIs. Today, a lot of features can be accessed by voice, depending on the device and the operating system. Some of them can be critical from a security point of view. On can cite placing phone calls, sending text messages, publishing and browsing the internet or even changing the device’s settings. As voice is the medium for launching commands, it is assumed that the victim would hear the attacker’s voice, so that the attack vector is generally unrealistic.
Exploiting TCP Timestamps par Veit Hailperin Buried deep in one of the most widely used protocols in the internet - the Transport Control Protocol - lies a mechanism which, among others, is supposed to offer some sort of protection: TCP timestamps. Despite the fact that there have been numerous methods identified to exploit this mechanism, not much has been done to remediate the situation. These attacks include host uptime calculation, information gathering of the network layout behind a NAT, identifying virtual hosted services and hidden service detection in TOR. They have been around since at least 2001 and it is partially because of the variety of exploits that there has been no effective solution for the problems. In this talk we want to present new methods of exploitation and try to raise awareness for this problem in the hope of triggering remediation.
Oracle PeopleSoft applications are under attack! par Alexey “GreenDog” Tyurin Oracle PeopleSoft applications include different critical business systems like HRMS, FMS, SCM, CRM, etc. They are widespread in the world (about 50 % of Fortune 100). In addition, some of these systems (especially HRMS) are accessible from the Internet. Nevertheless, there is almost no research on the security of PeopleSoft applications. Oracle publishes basic information about vulnerabilities in the applications on a regular basis, but it’s not enough for penetration testers. In addition, the uncommon internal architecture of PeopleSoft applications makes black-box testing much harder. But public news about successful attacks against PeopleSoft shows up from time to time.
Copy & Pest : A case-study on the clipboard, blind trust and invisible cross-application XSS par Mario Heiderich The clipboard is one of the most commonly used tools across operating systems, window managers and devices. Pressing Ctrl-C and Ctrl-V has become so fundamentally important to productivity and usability that we cannot get rid of it anymore. We happily and often thoughtlessly copy things from one source and paste them into another. URLs into address-bars, lengthy commands into console windows, text segments into web editors and mail interfaces. And we never worry about security when doing so. Because what could possibly go wrong, right?
Simple Network Management Pwnd: Information data leakage attacks against SNMP enabled embedded devices par Deral Heiland and Mathew Kienow As a large number of embedded devices are deployed throughout home and industry worldwide, we find little or no effort being made to properly secure SNMP services. As a result potentially millions of these devices expose access to their SNMP services over the Internet. Users are unaware as attackers can easily leverage these services to extract critical data and potentially alter security features leading to further compromise. During this presentation we will deliver an examination of the SNMP protocol and associated MIB security issues. Covering such topics as SNMP security controls, MIBs structures and information disclosure concerns. Using live demonstrations, we will also show several examples of critical data leakage and walk the audience through methods for extracting data and performing comparative analysis for the purpose of discovering critical information stored in SNMP private MIBs.
BREAKING in BAD (I’m the one who doesn’t knock) par Jayson E. Street I’ve come to realize that while I may not do a lot of social engineering engagements I do a quite a few weird ones. I also seem to have three main roles I play (all adorably) to try to get into my target.I thought it would be cool to share at least a story from each one of these roles. Some have pictures, some with just witty comments. Though all three will come more importantly with ways that would have stopped me from being successful. The goal is not to show how ‘L337’ I am or these attacks are! Far from it this talk is to show how EASY these attacks were done and how every single attack has one common thread connecting all of them! Though you’ll have to see my talk to find out what that is! ;-)
Attacking secure communication: The (sad) state of encrypted messaging par Thomas Roth In the post-Snowden world encrypted communication is more important than ever: The ’encrypted messaging’ and ‘secure communication’ market is booming - but how secure are the available options really? This talk presents the findings after 12 months of analysing and, more importantly, breaking more than five different ‘NSA proof’ businesses: From Protonmail to Silent Circle to SpiderOak (the Dropbox-alternative recommended by Edward Snowden) we will look at cryptographic problems, embarrassing implementation bugs, false promises, the experiences of disclosing those vulnerabilities to the affected projects and discuss the changes that need to be made in order to ensure comfortable and private communication.
Et un débat qui s’annonce passionnant sur le droit à se défendre soi-même dans le cyberspace. En effet, en cyber sécurité, il est illégal dans la plupart des pays de désarmer son attaquant et le seul choix de défense qui s’offre à la victime d’une attaque, c’est souvent de couper son service. Alors que dans le monde réel, on peut désarmer son adversaire, sur le net, on ne peut pas, car c’est illégal.
Il reste encore quelques places si vous désirez vous y rendre. Il s’agit d’une conf payante donc je vous recommande de voir ça avec votre employeur pour qu’il vous paye le ticket. Et tout sera en anglais, donc c’est à réserver à ceux qui comprennent cette langue étrange. ;-)
Notez aussi que si vous allez à Hack In Paris, vous pourrez enchainer sur la Nuit du Hack gratuitement.
Pour plus d’infos, c’est par ici.
Enfin, j’ai prévu en collaboration avec les experts de la Hack in Paris, une série d’articles techniques sur la sécu, qui j’en suis certain vous plairont.
Entièrement dédiée à la cybersécurité, l'école Guardia est accessible soit directement après le bac (post-bac), soit après un bac+2 ou bac+3. En rejoignant l'école Guardia, vous deviendrez développeur informatique option cybersécurité (Bac+3) ou expert en cybersécurité (Bac+5).