Corelan "Advanced" with Peter Van Eeckhoutte Corelan is back at Hack In Paris for the 6th time, offering the 'Advanced Win32 Exploitation' course again.
The Corelan® “ADVANCED” exploit development class is a fast-paced, mind-bending, hands-on course where you will learn advanced exploit development techniques from an experienced exploit developer. This is most certainly not an entry level course. In fact, this is a one of the finest and most advanced courses you will find on Win32 exploit development. This is a truly unique opportunity to learn advanced exploitation skills from “corelanc0d3r”, the founder of Corelan Team, author of mona.py, and author of numerous tutorials on Exploit Development for the Win32 platform. You will leave this class with an arsenal of tools, techniques and insights that will allow you to find bugs more easily, understand and manipulate the Windows heap, diagnose and understand heap corruptions and write complex exploits. Students are expected to understand the basics of memory management on Windows (stack, heap, process virtual memory layout), master stack based buffer overflows (saved return pointer overwrites, SEH overwrites), and have practical experience with ASLR & DEP bypass (i.e. you must be able to write ROP chains yourself).
Additionally, students should be fluent with debuggers (Immunity / notions of WinDBG), experienced with writing simple scripts in python/javascript and have a basic understanding of common assembly instructions. This is a fast-paced hands-on class, packed with knowledge and practical tips & tricks. Prepare for long days of brain smashing, bleeding from the eyes & ears and high blood pressure. Speakers  Peter Van Eeckhoutte Peter Van Eeckhoutte is the founder of Corelan Team and the author of the well-known tutorials on Win32 Exploit Development Training . The team gathers a group of IT Security enthusiasts and researchers from around the world, who all share common interests: doing research, gather & share knowledge, and perform responsible/coordination disclosure. Above all, the team is well known for their ethics and their approach to helping other people in the field. With his team, he has developed and published numerous tools that will assist pentesters and exploit developers, and published whitepapers/video’s on a wide range of IT Security related topics (pentesting tools, (malware) reverse engineering, etc). The team also moderates a forum that provides a platform for people who want to talk about exploit development, and operates an IRC channel (freenode, channel #corelan). Peter has been an active member of the IT Security community for close to 15 years and has been working on exploit development for 10 years. He presented at security conferences (Athcon, Hack In Paris, DerbyCon) and delivered the Corelan Live Win32 Exploit Development Bootcamp at various places around the globe. He trained security enthusiasts & professionals from private companies, government agencies and military. You can read more about their experiences on his website. | 3 days | €2,100.00 | €420.00 | Not available |
Developing Burp Suite Extensions - From manual testing to security automation with Luca Carettoni Burp Suite is a powerful integrated platform for web application security. In this hands-on class, attendees will learn how to design and develop Burp Suite extensions for a variety of tasks. In just few hours, we will work on plugins to improve manual security testing efforts as well as to create fully-automated security tools. This workshop is based on real-life use cases where the extension capabilities of the tool can be unleashed to improve efficiency and effectiveness of security auditing. As an attendee, you will bring home a full bag of tricks that will take your web security skills to the next level. Prerequisites Attendees are expected to have rudimental understanding of Burp Suite as well as basic object-oriented programming experience (Burp Extensions will be developed in Java). While Burp extensions are developed live in Java, attendees can work on Python or Ruby since all exercises are also provided in those languages. Target Audience Suitable for both web application security specialists and developers. Material to bring by attendees Attendees should bring their own laptop with the latest Java as well as their favourite IDE installed. Speakers  Luca Carettoni With over 14 years of experience in the application security field, Luca Carettoni is a respected web security expert. Throughout his career, he worked on security problems across multiple industries and companies of different size. He is the co-founder of Doyensec, an application security consultancy working at the intersection of offensive engineering and software development. At LinkedIn, he led a team responsible for identifying new security vulnerabilities in applications, infrastructure and open source components. Prior to that, Luca worked as the Director of Information Security at Addepar, a startup that is reinventing global wealth management. Proud to be a Matasano Security alumni, he helped bootstrapping the Silicon Valley office by delivering high-quality security assessments to software vendors and startups. As a security researcher, he discovered numerous vulnerabilities in software products of multiple vendors including 3com, Apple, Barracuda, Cisco, Citrix, HP, IBM, Oracle, Sun, Siemens, VMware, Zend and many others. Since the beginning of his career, he has been an active participant in the security community and a member of the Open Web Application Security Project (OWASP). Luca holds a Master’s Degree in Computer Engineering from the Politecnico di Milano University. | 2 days | €1,200.00 | €240.00 | Not available |
Offensive Mobile Application Exploitation - iOS & Android with Prateek Gianchandani Even wondered how different attacking a Mobile application would be, from a traditional web application? Gone are the days when knowledge of just SQL Injection or XSS could help you land a lucrative high-paying infoSec job. After the introduction of iOS 10 and Android 7 Nougat, We are bringing an updated version of the course with the latest tools & techniques. This will be an introductory course on exploiting iOS and Android applications, suited well for both beginners as well as advanced security enthusiasts. The training will be based on exploiting Damn Vulnerable iOS app, Android-InsecureBankv2 and other real-world application vulnerabilities in order to give an in-depth knowledge about the different kinds of vulnerabilities in Mobile applications. This course will also discuss how an attacker can secure their application using secure coding & obfuscation techniques. After the workshop, the students will be able to successfully pentest and secure applications running on the various operating systems. The training will also include a CTF challenge in the end where the attendees will use their skills learnt in the training to solve the CTF challenges. The students will be provided with Slides, tools and VMs used during the course. Prerequisites - Basic Linux knowledge
- Experiecne on any mobile testing is a plus
- Willingness to learn
Target Audience This course is for penetration testers, mobile developers or anyone keen to learn mobile application security Material to bring by attendees - A jailbroken device (iPhone/iPad/iPod). Please contact the trainer if you are having difficulty in arranging one
- Computer with atleast 20+GB of hard disk space and 4 GB of RAM
Course Syllabus Part 1 - iOS Exploitation Module 1 : Getting Started with iOS Pentesting - iOS security model
- App Signing, Sandboxing and Provisioning
- Setting up XCode 8
- Changes in iOS 10
- Primer to iOS 10 security
- Exploring the iOS filesystem
- Intro to Objective-C and Swift
- What's new in Swift 3 ?
- Setting up the pentesting environment
- Jailbreaking your device
- Cydia, Mobile Substrate
- Getting started with Damn Vulnerable iOS app
- Binary analysis
- Finding shared libraries
- Checking for PIE, ARC
- Decrypting ipa files
- Self signing IPA files
Module 2 : Static and Dynamic Analysis of iOS Apps - Static Analysis of iOS applications
- Dumping class information
- Insecure local data storage
- Dumping Keychain
- Finding url schemes
- Dynamic Analysis of iOS applications
- Cycript basics
- Advanced Runtime Manipulation using Cycript
- Method Swizzling
- GDB basic usage
- Modifying ARM registers
Module 3 : Exploiting iOS Applications - Exploiting iOS applications
- Broken Cryptography
- Side channel data leakage
- Sensitive information disclosure
- Exploiting URL schemes
- Client side injection
- Bypassing jailbreak, piracy checks
- Inspecting Network traffic
- Traffic interception over HTTP, HTTPs
- Manipulating network traffic
- Bypassing SSL pinning
Module 4 : Reversing iOS Apps - Introduction to Hopper
- Disassembling methods
- Modifying assembly instructions
- Patching App Binary
- Logify
Module 5 : Securing iOS Apps - Securing iOS applications
- Where to look for vulnerabilities in code?
- Code obfuscation techniques
- Piracy/Jailbreak checks
- iMAS, Encrypted Core Data
Part 2 - Android Exploitation Module 1 - Why Android
- Intro to Android
- Android Security Architecture
- Android application structure
- Signing Android applications
- ADB – Non Root
- Rooting Android devices
- ADB – Rooted
- Understanding Android file system
- Permission Model Flaws
Module 2 - Understanding Android Components
- Introducing Android Emulator
- Introducing Android AVD
Module 3 - Proxying Android Traffic
- Reverse Engineering for Android Apps
- Smali Labs for Android
- Dex Analysis and Obfuscation
- Android App Hooking
Module 4 - Attack Surfaces for Android applications
- Exploiting Local Storage
- Exploiting Weak Cryptography
- Exploiting Side Channel Data Leakage
- Root Detection and Bypass
- Exploiting Weak Authorization mechanism
- Identifying and Exploiting flawed Broadcast Receivers
- Identifying and Exploiting flawed Intents
- Identifying and Exploiting Vulnerable Activity Components
- Exploiting Backup and Debuggable apps
- Dynamic Analysis for Android Apps
- Analysing Proguard, DexGuard and other Obfuscation Techniques
Module 5 - Exploitation using Drozer
- Automated source code analysis
- Exploiting Android embedded applications
Speakers  Prateek Gianchandani OWASP member and contributor has been working in the infosec industry for about 5 years. He is currently working as an Information security engineer for an airlines company. During his five years, he has performed a number of penetration tests on mobile and web applications and even developed a lot of applications for the App Store. His core focus area is iOS application pentesting and exploitation. He is also the author of the open source vulnerable application named Damn Vulnerable iOS app and also runs a popular blog series on iOS application security at http://highaltitudehacks.com/security. | 3 days | €1,800.00 | €360.00 | Not available |
Pentesting the Modern Application Stack with Bharadwaj Machiraju and Francis Alexander Continuous Build & Deployment tools, Message brokers, Configuration Management systems, Resource Management systems and Distributed file systems are some of the most common systems deployed in modern cloud infrastructures thanks to the increase in the distributed nature of software. Modern day pentesting is no more limited to remote command execution from an exposed web application. In present day scenario, all these applications open up multiple doors into a company’s infrastructure. One must be able to effectively find and compromise these systems for a better foothold on the infrastructure which is evident through the recent attacks on the application stack through platforms like Shodan paving way for a full compromise on corporate infrastructures. In this 2 day course we start by looking at the application stack consisting of Databases,CI tools, Distributed Configuration & Resource management tools, Containers, Big Data Environments, Search technologies and Message Brokers. Along with the training knowledge, the course also aims to impart the technical know-how methodology of testing these systems. This course is meant for anyone who would like to know, attack or secure the modern day stack. The students are bound to have some real fun and entirely new experience through this unique course, as we go through multiple challenging scenarios one might not have come across. During the entire duration of the course, the students are expected to learn the following: - Look for vulnerabilities within the application stack.
- Gain in depth knowledge on how to pentest the modern stack consisting of Continuous Build & Deployment tools, Message broker's, Configuration Management systems, Resource Management systems and Distributed file systems.
- Security testing of an entire application stack from an end-to-end perspective.
Teaching Methodology Students are encouraged to follow the technical training with hands-on approach to the facilitated labs for every module to gain deeper and practical understanding of the topic. Who should take this course - DevSecOps
- Security Engineers
- Penetration testers
- Bug bounty hunters
- System Administrators
- SOC analysts
- Security enthusiasts and anyone interested in the modern application stack.
Student requirements Knowledge of basic pentesting, web application working and linux command line basics,the ability to use a web proxy like Burp Suite, ZAP, and the ability to write basic scripts in any interpreted language is an added advantage. What students should bring The requirement for the course is a laptop with administrative and USB access and minimum configuration of 8GB RAM and 100GB hard-disk space.Full virtualisation support, Virtual Box and Docker should be installed. Unix box is preferred. What students will be provided with - Presentation Material and associated pdfs.
- 10+ containerized labs to emulate sophisticated production application stacks.
- Access to specific relevant OpSecX courses and certifications.
Course Syllabus Day 1 Pentesting some of the widely used systems in the modern stack :- Module 0: Modern Application Stack - Evolution of Application Stack
- Components of Stack
- Threat Modelling
- Attack Surface
Module 1: Pentesting Databases: - MySQL,Postgres and OracleDB
- Basic Enumeration
- Laying out the attack surface
- Pentesting third party plugins.
- Attacking Database Servers.
- Case Study of CVE-2016-6663
- Security testing using tools of trade.
- Pentesting NoSQL Databases & Caches: MongoDB, Cassandra, Redis & Memcache
- Fingerprinting NoSQL databases,
- Injection attacks on NoSQL Databases.
- Attacking and identifying vulnerabilities in NoSQL databases through NoSQL exploitation framework.
- Case study on Mongo Ransomware and hands on vulnerable applications.
- Securing databases.
Module 2: Public Cloud Environments - Introduction to Cloud Environments.
- AWS Configurations & AWS Security Checks.
- Pentesting AWS lambda servers.
- Secure Best practices for Cloud environments and Securing AWS instances
Module 3: CI Tools - Introduction to Jenkins, TeamCity and Go.
- Basic misconfigurations and attack surface for these tools.
- Security testing of CI Tools and outlook on vulnerabilities in Jenkins, TeamCity and Go.
- Case Study: Remote Code Execution on Jenkins.
Module 4: Software Collaboration Tools - Leveraging Version Control Systems like Git, SVN and Perforce.
- Attacking Code collaboration tools - Phabricator, Gitlab and Github Enterprise.
Module 5: Message Brokers - Introduction to RabbitMQ and Kafka.
- Common misconfigurations.
- Attacking and extracting juicy information from Message brokers.
Day 2 Module 6: Containers - Hacking Docker environments.
- Setting up vulnerability static analysis for Docker containers (Clair and other tools).
- Hacking Vagrant instances.
- Securing Docker and Vagrant instances.
Module 7: Distributed Configuration Management Systems (DCMS) - Attacking Apache Zookeeper, HashiCorp Consul & Serf, CoreOS Etcd.
- Owning the entire application thorough DCMS , pivoted attacks.
- Attacking and Scanning using Garfield.
Module 8: Distributed File System - Basic misconfigurations for Hadoop.
- Analysing the threat model for Hadoop.
- Attacks and remote code executions on Hadoop.
- Securing Hadoop Instances.
Module 9: Kubernetes,Mesos and Marathon (Distributed Deployment & Resource Management) - Introduction to Kubernetes,Mesos and Marathon
- Fingerprinting Kubernetes,Mesos and Marathon
- Common Misconfigurations
- Pentesting Kubernetes and pivoting through kubernetes containers.
- Hacking entire application stack through Mesos and Marathon.
- Securing Mesos instances.
Module 10: Search Technologies - Introduction to ElasticSearch and Apache Solr (Lucene)
- Laying out the attack surface and common misconfigurations.
- Pentesting ElasticSearch and Solr.
- Case Study :ElasticSearch CVE-2015-1427 RCE Exploit.
Labs 10+ containerized labs to emulate sophisticated production stack along with applications. Speakers  Bharadwaj Machiraju Bharadwaj Machiraju is project leader for OWASP OWTF. He is mostly found either building a web appsec tool or hunting bugs for fame (hackerone.com/tunnelshade). All tools are available at github.com/tunnelshade and all ramblings at blog.tunnelshade.in . Spoke at few conferences notably Nullcon, Troopers, Brucon, Pycon India etc.. Apart from information security, he is interested in sleeping, mnemonic techniques & machine learning.  Francis Alexander Francis Alexander , Security Engineer for Envestnet|Yodlee has over 3+ Years of Experience in the Application Security industry, the author of NoSQL Exploitation framework and NoSQL Honeypot. His areas of interest include NoSQL Databases, Machine Learning and Cloud Security. He has been invited to speak & train at variety of conferences such as Troopers, Insomn'hack, Hack in the Box, Hack in Paris, 44Con, Nullcon, C0c0n. | 2 days | €1,200.00 | €240.00 | Not available |
Practical Internet Of Things (IoT) Hacking with Aseem Jakhar "The great power of Internet Of Things comes with the great responsibility of security". Being the hottest technology, the developments and innovations are happening at a stellar speed, but the security of IoT is yet to catch up. Since the safety and security repercussions are serious and at times life threatening, there is no way you can afford to neglect the security of IoT products. The course focuses on the attack surface on current and evolving IoT technologies in various domains such as home, enterprise Automation. It covers grounds-up on various IoT protocols including internals, specific attack scenarios for individual protocols and open source software/hardware tools one needs to have in their IoT penetration testing arsenal. We also discuss in detail how to attack the underlying hardware of the sensors using various practical techniques. In addition to the protocols and hardware we will extensively focus on reverse engineering mobile apps and native ARM/MIPS code to find weaknesses. Throughout the course, We will use DRONA, a VM created by us specifically for IoT penetration testing. DRONA is the result of our R&D and has most of the required tools for IoT security analysis. We will also distribute DIVA – IoT, a vulnerable IoT sensor made in-house for hands-on exercises. The “Practical Internet of Things (IoT) Hacking” course is aimed at security professionals who want to enhance their skills and move to/specialise in IoT security. The course is structured for beginner to intermediate level attendees who do not have any experience in IoT, reversing or hardware. Speakers  Aseem Jakhar Aseem Jakhar is the Director, research at Payatu Technologies Pvt Ltd payatu.com a boutique security testing company. He is well known in the hacking and security community as the founder of null -The open security community, registered not-for profit organization http://null.co.in and also the founder of nullcon security conference nullcon.net and hardwear.io security conference http://hardwear.io He has extensive experience in system programming, security research, consulting and managing security software development projects. He has worked on various security software including UTM appliances, messaging/security appliances, anti-spam engine, antivirus software, multicast packet reflector, Transparent HTTPS proxy with captive portal, Bayesian spam filter to name a few. He currently spends his time researching on IoT security. He is an active speaker and trainer at security and open source conferences; some of the conferences he has spoken at include AusCERT, Defcon, Hack.lu, Black Hat, PHDays, Xcon, Cyber security summit - Bangalore, Cocon, OSI Days - Bangalore, Clubhack, Gnunify. His research includes Linux remote thread injection, automated web application detection and dynamic web filter. He is the author of open source Linux thread injection kit -Jugaad and Indroid which demonstrate a stealthy in-memory malware infection technique. | 3 days | €1,800.00 | €360.00 | Not available |
Practical SAP Netweaver ABAP Pentest with Yvan Genuer SAP is no longer an unknown black box for security community and SAP product appears more and more often in audit requests. This training is focused on SAP Netweaver ABAP. Because we can't cover all SAP software in two days, we decided to work on the most frequent vulnerabilities we faced during our pentests. We'll provide different SAP Systems with different configuration issues in 'realist' environment with a SAP security specialist who receives official acknowledgements from SAP for vulnerabilities reported. Few slides, lots of practical, this is the leitmotiv of this workshop. SAP knowledge is not required. Prerequisites - General knowledge on information security, networking and pentesting
- SAP knowledges is NOT required
Target Audience - Pentesters or security professional
- Anyone interested to learn about SAP Security
Material to bring by attendees - Laptop, with administrative privileges on the system, at least 20G free space and 1G Ram for VM.
- SAP GUI (in a windows VM if you are on linux)
- SSH Client
- Virtualization software
Course Syllabus Day1 - Introduction
- Quick Introduction to SAP world
- SAP ?
- SAP in numbers
- Global concept
- SAP Gui
- Vocabulary
- Introduction to SAP Security
- Why it's important ?
- History
- The SAP security parts
- Risk
- Usefull transactions
- Usefull parameters
- Usefull reports & functions modules
- Training infrastructure
- Overview and warning
- Tools provided
- Hands-on : tools overview
- SAProuter
- Why saprouter is important
- How saprouter works
- SAP ports
- Saprouter vulnerability
- Hands-on : internal scan, discover SAP port, forward port
- Remediation
- SAP Client
- Overview of SAPGui, Webgui and other
- Information history gathering
- Sapgui Shortcut vulnerability
- Hands-on : retrieve information from end user, crack shortcut password
- Remediation
- SAP Netweaver ABAP
- Overview
- SAP Authorization (concept, critical report, os access, db access)
- Password concept and Default account
- Hands-on : find default account
- SAP Message Server
- Hands-on : gathering information
- SAP ICM
- Hands-on : usefull webservices
- SAP MMC
- Hands-on : gathering information
- Remediation
Day2 - Database level security
- Overview
- Direct attack to database
- Hands-on : Retreive SAP database schema password
- Remediation
- SAP Lateral movement
- RFC concept
- RFC hardcoded credential
- Hands-on : find other SAP, get access to trusted SAP system ? SAP Gateway
- Hands-on : get os access to trusted SAP system
- Remediation
- SAP to OS to Database to SAP to...
- Hands-on : Database to SAP
- Hands-on : SAP to OS
- Hands-on : OS to database
- Hands-on : SAP to database
- ABAP Code vulnerability
- ABAP Introduction
- ABAP command injection
- OS Command injection
- SQL injection
- Autorisation bypass
- Directory traversal
- Cross client access
- Genereic module execution
- Hands-on : use a vulnerable report to elevate priv
- Remediation
- Full SAP pentest challenge
- Hands-on : challenge from internet to internal SAP
- Challenge correction
- Conclusion of securing SAP System
- SAP security best practice overview
- Problems
- The challenge
- Conclusion
Speakers  Yvan Genuer Yvan as near than 15 years old experiences in SAP. Begin as SAP basis administrator for various highest French companies. He focuses himself to SAP Security, where he's self-taught, since 5 years. He's now the SAP assessment and pentester leader at Devoteam security team. Discreet person, however, he receives official acknowledgements from SAP AG for vulnerabilities reported. He is in Grehack conference organization committee since years, and has been invited to talk in Clusir association. | 2 days | €1,200.00 | €240.00 | Not available |
Smart lockpicking - hands-on exploiting IoT devices based on access control systems with Slawomir Jasek Learn how to assess and secure IoT devices by having fun with hacking a dozen of devices among most profitable to attack - smart locks. The agenda will include: wireless sniffing, spoofing, cloning, replay, DoS, authentication and command-injection attacks, analyzing proprietary network protocols, breaking “Latest PKI technology”, abusing excessive services... The software-focused activities will be mixed with short entertaining tricks like opening lock by a strong magnet, counterfeiting fingerprints in biometric sensor or opening voice-controlled lock by hacking nearby speaking toys. Technologies covered will include: Bluetooth Smart, Linux embedded, KNX, NFC, WiFi, P2P, GSM, Wiegand, and others. Each student will receive a 100 EUR value hardware, consisting of Bluetooth hardware sniffer, Raspberry Pi configured with tools and Hackmelock for further practice at home. What will be provided: - course materials in PDFs (several hundred pages)
- all required additional files: source code, documentation, installation binaries…
- Bluetooth Smart hardware sniffer and development kit based on nrf51822 module
- 2 Bluetooth Low Energy USB dongles
- Raspberry Pi 3 with assessment tools and Hackmelock for further hacking at home
- NFC NXP PN532 board + “magic UID” card - which will allow you to clone most common Mifare Classic contactless cards
Here's a dedicated website on this topic: https://www.smartlockpicking.com Prerequisites - At least basic familiarity with Linux command-line, Kali, Wireshark.
- Scripting/programming skills will be very helpful.
- Mobile application reversing skills will be an advantage.
Target Audience - Pentesters, security professionals
- IoT developers
- Anyone interested
Material to bring by attendees Contemporary laptop with virtualization software able to run Kali Linux (at least 4GB of RAM, 40GB space), Android > 4.3 smartphone Course Syllabus - Bluetooth Smart - based on 7 various smart locks, and specially developed Hackmelock (consisting of Android mobile application and lock device simulated on Raspberry Pi):
- passive sniffing - hardware, software
- active MITM - learn GATTacker BLE proxy tool from its creator; BTLEjuice
- static authentication password capture
- spoofing devices and their status
- replay attacks
- command injection
- Denial of Service
- cracking "latest PKI technology"
- other flaws of custom challenge-response authentication
- abusing excessive services (e.g. module's default AT-command interface).
- weaknesses of access sharing functionality
- Linux embedded - based on wireless doorlock, alarm+home automation system
- authentication bypass
- information disclosure
- telnet brute-force
- command injection
- physical attack: switching to WiFi maintenance mode using external intercom
- UART interfaces
- Proprietary network protocols - based on several devices (fingerprint sensor, time attendance monitor, wireless doorlock, alarm system)
- methods of analyzing proprietary protocols - sniffing, MITM, reversing client/server
- sniffing administrative credentials
- abusing improper session management - authentication bypass
- P2P feature - how to attack doorlock hidden behind NAT
- taking control over proprietary HVAC control appliance
- Home automation systems integrated with alarms, doors and access control - based on KNX example installation provided
- typical architecture, group address, device address, KNX-IP gateway
- tools: ETS configuration software, knxmap, nmap scripts...
- locate KNX gateway in LAN or remotely from the Internet
- monitor mode - sniffing the bus passively
- sending write command to group address and open connected doorlock
- SMS and voice remote control over GSM - based on remote control alarm system
- brute-force alarm PIN via SMS and voice calls
- NFC/RFID - based on hotel electronic door lock, pinpad, time attendance sensor
- clone contactless card
- brute-force ID
- Wiegand
- sniff the data transmitted from access control reader using BLEKey
Moreover, everyone will also be able try oneself to: - open smart lock using strong magnet influencing the motor
- cheat fingerprint biometric sensor - you can make your own fingerprint clone
- open voice-controlled lock by hacking nearby speaking devices
Several exercises will be connected with electronic lock guarding a special box of goods from Poland. Whenever a participant will succeed in hacking the lock, the box opens automatically, and one can have a delicious cookie or a shot of a Polish vodka :) | 2 days | €1,200.00 | €240.00 | Not available |
