Technology
HACK IN PARIS 7th Edition - Europe s Leading IT Security Congress
From June 27th to July 1, 2016
Clarence Chio - Chaouki Kasmi & Jose Lopes Esteves (Source: © Ruby BIRD & Yasmina BEDDOU)
Jayson E. Street, A. Joseph, S. Guasch & C. Chio
(Source: © Ruby BIRD & Yasmina BEDDOU)
(Source: © Ruby BIRD & Yasmina BEDDOU)
'HACK IN PARIS' became the Europe' leading I.T. Security Congress and this year it is the 7th Edition. It was held from June 27 to June 29 (Training Sessions) and from June 30 to July 1 (Talks). All this, at La Maison de la Chimie in PARIS.
As it was announced by HACK IN PARIS, intrusion attempts are more and more frequent and sophisticated, regardless of their targets (states or corporations). It is in this context that international hacking events are multiplying. A few events take place in France, but until now, no one had covered kacking practices with a technical approach including both professional training and information aspects. It is this gap that HACK IN PARIS aims to fill.
As it was announced by HACK IN PARIS, intrusion attempts are more and more frequent and sophisticated, regardless of their targets (states or corporations). It is in this context that international hacking events are multiplying. A few events take place in France, but until now, no one had covered kacking practices with a technical approach including both professional training and information aspects. It is this gap that HACK IN PARIS aims to fill.
As journalists, we attended the 2-Day talks from June 30 to July 1, 2016. They were as follow and very instructive :
- JUNE 30 :
*Keynote - Voting between sharks by Sandra Guarsch & Jesus Choliz
Types of electronic voting (voting machine - Remote internet voting) ; The motivation ; a private compagny can control the election ; The administration and electoral board ; What a single person cannot do ; Fraud alert ;...
- JUNE 30 :
*Keynote - Voting between sharks by Sandra Guarsch & Jesus Choliz
Types of electronic voting (voting machine - Remote internet voting) ; The motivation ; a private compagny can control the election ; The administration and electoral board ; What a single person cannot do ; Fraud alert ;...
* Whisper in the Wire : Voice Command Injection Reloaded by Chaouki Kasmi & Jose Lopes Esteves (ANSSI, France)
Voice command interpreters ; Previous work (injection through headphones) ; Back-door coupling (characterization) ; Back-door coupling (exploitation)...
* Machine learning-based techniques for network intrusion detection by Clarence Chio
Intrusion detection ? ; Why are threshold/rule-based heuristics good ? ; Why are ML-based techniques attractive compared to threshold/rule-based heuristics ? ; The big ML + Anomaly Detection Problem....
Voice command interpreters ; Previous work (injection through headphones) ; Back-door coupling (characterization) ; Back-door coupling (exploitation)...
* Machine learning-based techniques for network intrusion detection by Clarence Chio
Intrusion detection ? ; Why are threshold/rule-based heuristics good ? ; Why are ML-based techniques attractive compared to threshold/rule-based heuristics ? ; The big ML + Anomaly Detection Problem....
* The titanic Methodology by Jason E. Street talking about his own experience regarding his relationships with others.
Cultivate relationships ; fasten the image of being part of a solution not looking for a problem ; empower the employees to ge involved with what you do ; communication involves listening not just telling...
The afternoon was following the same pattern :
* What could have derailed the Northeast Regional n° 188 ? by Moshe Zioni
* All Your Door Belong To Me- Attracking Physical by Valerie Thomas
* From zero to SYSTEM on full disk encrypted Windows system by Nabeel Ahmed & Tom Gills
Cultivate relationships ; fasten the image of being part of a solution not looking for a problem ; empower the employees to ge involved with what you do ; communication involves listening not just telling...
The afternoon was following the same pattern :
* What could have derailed the Northeast Regional n° 188 ? by Moshe Zioni
* All Your Door Belong To Me- Attracking Physical by Valerie Thomas
* From zero to SYSTEM on full disk encrypted Windows system by Nabeel Ahmed & Tom Gills
* DEBATE : 'Researchers who find bugs in software are violating software licences and are breaking law. They should be prosecuted, not rewarded with bug bounties'. By Winn Schwartau, Kate Moussouris, Dave Chronister, Mark Rasch
JULY 1 :
- Keynote : 3 APAs + 1000 lines of code = Super pretty OSINT by Matias Katz
Super pretty OSINT : only 3 steps (Search for information, put it somewhere, give it some value)... Search for information (Twitter, Easy API, Awful performance, Allow to be beaten to death, Just gives away the data),... give it some value...
JULY 1 :
- Keynote : 3 APAs + 1000 lines of code = Super pretty OSINT by Matias Katz
Super pretty OSINT : only 3 steps (Search for information, put it somewhere, give it some value)... Search for information (Twitter, Easy API, Awful performance, Allow to be beaten to death, Just gives away the data),... give it some value...
* Security offense and defense strategies : video-game consoles architecture under microscope by Mathieu Renard
Xbox : Hypertransport bus eavesdropping ; Xbox 360 : hardware architecture ; Xbox 360 : security model....
* DIFFDroid - Dynamic Analysis Made Easier for Android by Anto Joseph
Dynamic instrumentation ; What is hooking ? ; What do we want in our soluions ? ; Future...
* HARDSPLOIT TOOL : The next Hardware Hacking by Julien Moinard
Internet of Things & Privacy concern ? ; Hardware hacking basic procedure ; Hardspoit framework...
Xbox : Hypertransport bus eavesdropping ; Xbox 360 : hardware architecture ; Xbox 360 : security model....
* DIFFDroid - Dynamic Analysis Made Easier for Android by Anto Joseph
Dynamic instrumentation ; What is hooking ? ; What do we want in our soluions ? ; Future...
* HARDSPLOIT TOOL : The next Hardware Hacking by Julien Moinard
Internet of Things & Privacy concern ? ; Hardware hacking basic procedure ; Hardspoit framework...
The afternoon sessions follow the same pattern :
* Type=5, Code=1 (or Lady in The Middle) by Dorota Kulas
* Because of the advancements in prosthetics by Gregory Carpenter
* How to successfully execute a professional Social Engineering attacks - and make money with it. By Dominique Brack.
* Abusing Software Defined Networks by Gregory Pickett
Ruby BIRD
http://www.portfolio.uspa24.com/
Yasmina BEDDOU
http://www.yasmina-beddou.uspa24.com/
* Type=5, Code=1 (or Lady in The Middle) by Dorota Kulas
* Because of the advancements in prosthetics by Gregory Carpenter
* How to successfully execute a professional Social Engineering attacks - and make money with it. By Dominique Brack.
* Abusing Software Defined Networks by Gregory Pickett
Ruby BIRD
http://www.portfolio.uspa24.com/
Yasmina BEDDOU
http://www.yasmina-beddou.uspa24.com/
Hackers Techniques Detection Talks Conferences Training Paris Maison De La Chimie Sysdream Leading It Security Congress Europe 6th Edition 2016 Hack In Paris Yasmina Beddou Ruby Bird
Liability for this article lies with the author, who also holds the copyright. Editorial content from USPA may be quoted on other websites as long as the quote comprises no more than 5% of the entire text, is marked as such and the source is named (via hyperlink).
