La 14e édition de la convention de sécurité Hack.lu aura lieu du 16 au 18 octobre 2018 au Luxembourg. Au programme, trois jours de conférences techniques sur différents sujets (reverse, analyse de malware, forensics, etc.) traités par des experts reconnus de la sécurité des SI.
Cette conférence est organisée par le CERT Computer Incident Reponse Center Luxembourg (CIRCL).
Conférences
Le programme des conférences a été récemment dévoilé :
Mardi 16 octobre
- Come to the dark side! We have radical insurance groups & ransomware. (Eireann Leverett, Ankit Gangwal)
- Hypervisor-level debugger: benefits and challenges (Mathieu Tarral)
- Risk Assessment Optimisation with MONARC (Fabien Mathey)
- Real World: Threat Intelligence (Elle Armageddon)
- Let me Yara that for you! (Dan Demeter)
- The (not so profitable) path towards automated heap exploitation (Thais aka barbieauglend)
- Neuro-Hacking (The science behind social engineering and an effective security culture) (Emmanuel Nicaise)
- The Snake keeps reinventing itself (Jean-Ian Boutin and Matthieu Faou)
- WHAT THE FAX?! (Eyal Itkin, Yaniv Balmas)
- Trojans in SS7 – how they bypass all security measures (Sergey Puzankov)
- So you think IoT DDoS botnets are dangerous – Bypassing ISP and Enterprise Anti-DDoS with 90’s technology (Dennis Rand)
Mercredi 17 octobre
- IPC – the broken dream of inherent security (Thanh Bui)
- Operating large-scale honeypot sensor networks (Piotr Kijewski)
- Abusing Bash for Windows (Antoine Cervoise)
- Cl4ndestina: privacy by default with a feminist perspective from the Global South (Steffania Paola and Narrira Lemos (Cl4ndestina))
- 14 Easy Lessons for Thinking About Complex Adversarial Systems (Eleanor Saitta)
- Education & communication (Ange Albertini)
- Make ARM Shellcode Great Again (Saumil Udayan Shah)
- Finding the best threat intelligence provider for a specific purpose: trials and tribulations (Alicia Hickey, Dror-John Roecher)
- pEp – pretty Easy privacy for everyone! (sva)
- how to hack a Yacht – swimming IoT (Stephan Gerling)
- APIs are critical to security people – what I learned trying to discover useful APIs (Alexander Jaeger)
- Simple analysis using pDNS (Irena Damsky)
- Social event (info)
Jeudi 18 octobre
- Worms that turn: nematodes and neotodes (Matt Wixey)
- Mind the (Air)Gap (Erez Yalon, Pedro Umbelino)
- Not So Random (Guenaelle De Julis – @b4stet4)
- Dissecting Of Non-Malicious Artifacts: One IP At A Time (Dani Goland, Ido Naor)
- Improving Internet Security Through Cooperation: SIE Europe in 2018 (Paul Vixie)
- Building with Privacy by Design (Naomi Freeman)
- Only an Electron Away from Code Execution (Silvia Väli)
- Breaking Parser Logic: Take Your Path Normalization off and Pop 0days Out! (Orange Tsai)
- Modern pentest tricks for faster, wider, greater engagements (Thomas Debize)
- Serial-Killer: Security Analysis of Industrial Serial Device Servers (Florian Adamsky)
- Attacks on critical infrastructure and machinery (voffchik)
- Practical and Affordable Side-Channel Attacks (Francois Durvaux)
Workshops
En parallèle des conférences, des Workshops sont également prévus durant cette édition 2018 :
Mardi 16 octobre
- ARM IoT Firmware Emulation (Saumil Udayan Shah)
- Hacking mobile data and phone calls (Priya Chalakkal)
- Android RE workshop (Axelle Apvrille)
- Finding security vulnerabilities with modern fuzzing techniques (René Freingruber)
- Introduction to Bro Network Security Monitor (Eva Szilagyi, David Szili)
- Finding security vulnerabilities with modern fuzzing techniques (René Freingruber)
Mercredi 17 octobre 2018
- Teenage Mutant Binja Turtles (Benedikt Schmotzle (byte_swap))
- The Hive / MISP (Adulau)
- Log Hunting with Sigma (Thomas Patzke)
- Getting Your Hands Dirty: How to Analyze the Behavior of Malware Traffic and Web Connections (Veronica Valeros, Sebastian Garcia)
- MONARC hands-on with a case study (Fabien Mathey)
- Intro to Binary Analysis with Z3 and Angr (Sam Brown)
- Unpacking for Dummies (Paul Jung & Remi Chipaux)
Jeudi 18 octobre 2018
- Reversing and Vulnerability research of Ethereum Smart Contracts (Patrick Ventuzelo)
- Practical Docker Security Workshop (Paul Amar)
- Hands-On Introduction to Exploit Development (Georgia Weidman)
- Malware Triage: Analyzing Malscripts – Return of The Exploits! (Sergei Frankoff, Sean Wilson)
- Ask Me Anything – MISP (iglocska)
Enfin, les organisateurs proposeront des challenges techniques de type Capture The Flag (CTF) et ce durant 48h.
XMCO sera partenaire média et proposera un résumé des conférences au sein d’un prochain numéro de l’ActuSécu.
Toutes les informations sur la conférence sont disponibles sur le site officiel :
- Conférences : https://2018.hack.lu/talks
- Agenda : https://hack.lu/agenda/
- Inscriptions : https://hack.lu/info/
- Twitter : https://twitter.com/hack_lu