Hack in Paris 2022 – Workshops
Break into Barbie's IoT Mansion by SysDream with Sysdream Team
You are in front of a closed house. In the garage is a brand new Tesla car, the key to which is in a safe upstairs. The key to the safe? It's stored in a laptop computer that's also inside the house. The house is of course alarmed. The alarm includes door opening detectors, a camera and other security elements.
Challenge steps:
-Compromise the Wi-Fi network of the house
-Take control of the PC in the house (EthernalBlue) or the owner's iPhone (Jailbroken)
-Disable the alarm by exploiting a web vulnerability
-Open the front door (NFC cloning)
-Steal the car key from the trunk
-Open the garage door by bruteforce 433 MHz radio
Speakers
Sysdream is the cybersecurity division of the Hub One Group. It provides corporate customers, both public and private, in France and abroad, with a wide range of solutions focused on technical and organizational auditing, IT security training and cyber-training. Sysdream is behind the creation of major events such as Hack In Paris, an event dedicated to cybersecurity professionals.
Hack a nuclear power plant and blow up production tanks with Sysdream Team
You have been assigned to carry out an attack on the nuclear power plant that is abusing the production of a nuclear molecule, SysXnium. Two tanks automatically produce the molecule and sensors are used to prevent any overflow. In case of overflow, an alarm is triggered (led and popup). The goal of the attack is to extract, modify and then inject a code that will allow the tanks to explode under the radar.
Steps of the challenge:
-
Use the USB port, without interaction to the system, to extract the code from the system
-
Modify the code to make the tanks overflow
-
Remove the alert detection in the code
-
Inject the code via the USB port, without interaction to the system
-
Successfully overflow the tanks in a stealthy way
Speakers
Sysdream is the cybersecurity division of the Hub One Group. It provides corporate customers, both public and private, in France and abroad, with a wide range of solutions focused on technical and organizational auditing, IT security training and cyber-training. Sysdream is behind the creation of major events such as Hack In Paris, an event dedicated to cybersecurity professionals.
MalDev for Dummies with Cas Van Cooten
With antivirus (AV) and Enterprise Detection and Response (EDR) tooling becoming more mature by the minute, the red team is being forced to stay ahead of the curve. Gone are the times of execute-assembly and dropping unmodified payloads on disk - if you want your engagements to last longer than a week you will have to step up your payload creation and malware development game. Starting out in this field can be daunting however, and finding the right resources is not always easy.
This workshop is aimed at beginners in the space and will guide you through your first steps as a malware developer. It is aimed primarily at offensive practitioners, but defensive practitioners are also very welcome to attend and broaden their skillset.
During the workshop we will go over some theory, after which we will set you up with a lab environment. There will be various exercises that you can complete depending on your current skillset and level of comfort with the subject. However, the aim of the workshop is to learn, and explicitly not to complete all the exercises. You are free to choose your preferred programming language for malware development, but support during the workshop is provided primarily for the C# and Nim programming languages.
During the workshop, we will discuss the key topics required to get started with building your own malware. This includes (but is not limited to):
- The Windows API
- File types and execution methods
- Shellcode execution and injection
- AV and EDR evasion methods
Speakers
Cas van Cooten is an offensive security enthusiast and Red Team Operator at ABN AMRO Bank in The Netherlands. He started out as a "fluffy" information security strategy consultant, but exchanged his suit for a hoodie when he realized he was more of a hacker than a strategist. He likes evading defenses by developing offensive security tooling and malware, specifically in the Nim programming language. He developed tools such as 'Nimplant', 'NimPackt', and 'BugBountyScanner', is a HackTheBox machine author, and likes shitposting on his Twitter timeline.
Mobile Hacking for Android with Guillaume Lopes
Guillaume Lopes (@Guillaume_Lopes) will share many techniques, tips and tricks to deliver to pentesters, bug bounty researchers, app makers or just curious about a 100% hands-on Android workshop. The goals are:
- Understand Android basics
- Learn how to use the common tools (adb, apktool, JADX, Frida and Objection) in order to assess Android applications
- Practice on how to resolve the OWASP Android crackmes (Levels 1, 2 and 3)
Speakers
Guillaume Lopes is a pentester with 10 years of experience in different fields (Active Directory, Windows, Linux, Web applications, Wifi, Android). Currently working as a CTO and Senior Penetration Tester at RandoriSec. He also likes to play CTF (Hackthebox, Insomni’hack, Nuit du Hack, BSides Lisbon, etc.) and gives a hand to the Tipi’hack team.
Mobile Hacking for iOS with Davy Douhine
Davy Douhine (@ddouhine) will share many techniques, tips and tricks to deliver to pentesters, bug bounty researchers, app makers or just curious a 100% hands-on iOS workshop. The goals are:
- Understand iOS basics
- Learn how to use Corellium and Frida in order to assess iOS applications
- Practice on labs covering the main chapters of the OWASP Mobile Application Security Verification Standard
A Corellium virtual device will be provided to the attendees with the pre-installed tools to cover the labs. There is no prerequisites for the attendees, only a web browser.
Speakers
Founder of RandoriSec (https://randorisec.fr/) a security focused IT firm, Davy has worked in the IT Security field for almost fifteen years. He has mainly worked for financial, banks and defense key accounts doing pentests and trainings to help them to improve their security. He enjoys climbing rocks in Fontainebleau or in the Bourgogne vineyards and practice Brazilian jiu-jitsu.
Offensive Forensics: Cleartext credentials on Windows with Tijl Deneut
DPAPI is a known encryption routine that is used to store credentials such as those from Edge, Chrome, Wi-Fi profiles, RDP Profiles, Credential Manager, EFS, OpenVPN etc ... DPAPI-NG is a new iteration of the DPAPI interface to protect data in Windows operating systems and is used to store Windows Hello credentials, such as the Windows Picture Login or the Windows PIN code
By reverse engineering these technologies, it was discovered that our precious Windows user passwords are reversable in Clear Text from the hard drive, even if the system is shut down (e.g. from a backup).
The newly developed open source toolkit (DPAPILAB-NG) is be able to demonstrate this thoroughly.
This workshop will allow you to get hands-on experience with the Python tools described above. Participants will need to have their own laptop to participate in this workshop.
Requirements : Attendees should bring laptop with 2GB free disk space and Python3
Speakers
Tijl Deneut has over 5 years of experience in the IT security sector and is, amongst others, a Certified Ethical Hacker and an active EC-Council Certified Instructor. Tijl also teaches security classes at both the Howest University College and Ghent University, where he also leads several security research projects. He has had the privilege to present at a number of security and other conferences, including Info Security (Brussels), BruCON (Ghent) and the Chaos Communication Congress (Leipzig). And was also the trainer for classes directed towards, amongst others, the Belgian Computer Crime Unit.
