Very interesting conferences about how technologies fails or abused by cyber criminals.

Very interesting conferences about how technologies fails or abused by cyber criminals.

Capture The Flags

Hackfest 2013, debriefing

Social Engineer Like A Boss, by Shane MacDougall; Fuzzing in the 5th Dimension, by Blake Cornell; Bypass security controls with mobile devices, by Georgia Weilman; Antivirus evasion techniques, by Francois Harvey; How [not] to suck at CTF, by Olivier Bilodeau; Forgotten your password?, by Laurent Desaulniers; Hide yo Apache, hide yo SSH cause they backdoorin' everyine out there, by Sebastien Duquette & Marc-Etienne M. Leveille. Whowhowhoooo!

HACKFEST

Very interesting conferences about how technologies fails or abused by cyber criminals.

What to remember?

Cool introduction of social enginering with "Social Engineer Like A Boss", by Shane MacDougall. Never forgot that you are the first product to sell to your employer. Be stressless, you're the best! Not really a methodology but good practices to be confident about yourself when you're presenting.

"Fuzzing in the 5th Dimension" by Blake Cornell, presented an interogation about how will be the futur of IT security with quantum processor. To better understand what is a quantum processor, look at following videos. To summary, this is the most powerfull processor existing. Some people like David Deutsch say that processor could be able to emulate the universe behavior, fantastic! This presentation mixed this amazing processor to the fuzzing, libraries or softwares able to try numerous of security failures. Combined together, you got an amazing system able to test all security troubles at the same time, on one processor cycle only!

  • https://www.youtube.com/embed/CMdHDHEuOUE
  • https://www.youtube.com/embed/RnDmrSb-zAk
  • https://www.youtube.com/embed/g_IaVepNDT4

About mobile devices security, Georgia Weilman presented his pentest mobile framework ("Bypass security controls with mobile devices"). This framework could give privilege excalation on the attacked device to send text message, read text messages, take pictures etc... Following, the demonstration video found on Georgia's blog.

  • https://web.archive.org/web/20160125015822/https://vimeo.com/46160029

Unfortunately, i missed "Antivirus evasion techniques" by Francois Harvey. I will edit the post if i find something like blog posts or videos.

Edit blog:

  • http://fr.slideshare.net/FrancoisHarvey/hackfest-2013-vasion-antivirale-francois-harvey
  • https://fr.slideshare.net/FrancoisHarvey

At "How [not] to suck at CTF", Olivier Bilodeau presented a very crazy introduction of what is a CTF and how to progress despite its difficulties. Very encouraging for novice like me :) By the way, the CTF has not given anything very good. No attack works. I would have liked to succeed yet something about VOIP servers with SIPVicious, but nothing... Next time.

Saturday, Laurent Desaulniers presented "Forgotten your password?", a well demonstration to how get password of user account with a parrallel attack based on pseudo random numbers (doing the same thing at the same time or establish prediction by calculating hash to reset password). Sliders at this link.

In early after noon, Sebastien Duquette et Marc-Etienne M. Leveille presented together "Hide yo Apache, hide yo SSH cause they backdoorin' everyine out there". A meaningful analysis on the existence of Linux malware. They studied different SSH backdoor that allow attackers to recover passwords and connect to an infected machine and also to infect another machine.

In conclusion, a very friendly and very rewarding event.