Agenda

Talk Agenda

Hack.lu 2017 - agenda in PDF format

Tuesday 17 October 2017 (Talks)

Time Talks and Speakers
07:30 Registration open & refreshment
08:45 Myths and realities of attribution manipulation (Félix Aimé, Ronan Mouchoux)
09:30 Snuffleupagus - Killing bugclasses in PHP 7, virtual-patching the rest (Sébastien (blotus) Blot, Thibault (buixor) Koechlin, Julien (jvoisin) Voisin)
10:15 Refreshment break
10:30 Randori, a low interaction honeypot with a vengeance (Bouke van Laethem)
11:15 Keynote: Queer Privacy & Building Consensual Systems (Sarah Jamie Lewis)
12:00 Lunch
13:00 Lightning talks
13:30 ManaTI: Web Assistance for the Threat Analyst, supported by Domain Similarity (Raúl B. Netto)
14:15 Let’s Play with WinDBG & .NET (Paul Rascagneres)
15:00 Device sensors meet the web - a story of sadness and regret (Lukasz Olejnik)
15:45 Refreshment break
16:00 Malicious use of Microsoft “Local Administrator Password Solution” (Maxime Clementz, Antoine Goichot)
16:45 The Bicho: An Advanced Car Backdoor Maker (Sheila Ayelen Berta, Claudio Caracciolo)
17:30 Countering Security Threats by Sharing Information: Emerging Civil Society Practices (Becky Kazansky)
18:15 Intel AMT: Using & Abusing the Ghost in the Machine (Parth Shukla)

Wednesday 18 October 2017 (Talks)

Time Talks and Speakers
07:30 Registration open & refreshment
08:00 The Struggle: dealing with language designers & maintainers on proper use of CSPRNGs (Aaron Zauner)
08:45 Keynterceptor: Press any key to continue (Niels van Dijkhuizen)
09:30 A view into ALPC-RPC (Clement Rouault, Thomas Imbert)
10:15 Refreshment break - Hardware shredder for free
10:30 The untold stories of Hackers in Detention (azet and JKT)
11:15 Keynote: Infosec and failure (杏👼Ąż)
12:00 Lunch - Hardware shredder for free
13:00 Lightning talks
13:30 Sigma - Generic Signatures for Log Events (Thomas Patzke)
14:15 SMT Solvers in the IT Security - deobfuscating binary code with logic (Thaís Moreira Hamasaki)
15:00 Network Automation is not your Safe Haven: Protocol Analysis and Vulnerabilities of Autonomic Network (Omar Eissa)
15:45 Refreshment break - Hardware shredder for free
16:00 API design for cryptography (Frank Denis)
16:45 WTFrance ?! Cryptography and legislation in France (Okhin)
17:30 In Soviet Russia, Vulnerability Finds You (Inbar Raz)
18:15 Hospitals and infosec (the consequences of bad security in health care) (Jelena Milosevic)
19:15 Social event including the PowerPoint Karaoke (5 minutes fun for everyone)
23:00  

Thursday 19 October 2017 (Talks)

Time Talks and Speakers
07:30 Registration open & refreshment
08:00 How I’ve Broken Every Threat Intel Platform I’ve Ever Had (And Settled on MISP) (John Bambenek)
08:45 Automation Attacks at Scale (Will Glazier, Mayank Dhiman)
09:30 Front door Nightmares. When smart is not secure (ObiWan666)
10:15 Refreshment break
10:30 What is the max Reflected Distributed Denial of Service (rDDoS) potential of IPv4? (Éireann Leverett, Aaron Kaplan)
11:15 Keynote: Information Flows and Leaks in Social Media (Vladimir Kropotov, Fyodor Yarochkin)
12:00 Lunch
13:00 Lightning talks + CTF contest awards
13:30 On Strategy (Eleanor Saitta)
14:15 Digital Vengeance: Exploiting Notorious C&C Toolkits (Waylon Grange)
15:00 Are your VoLTE and VoWiFi calls secure? (Sreepriya Chalakkal)
15:45 Refreshment break
16:00 Bug hunting using symbolic virtual machines! (Anto Joseph)
16:45 Vulnerability Disclosure, Governments and You (Jeroen van der Ham)
17:30 TIDS: A Framework for Detecting Threats in Telecom Networks (Alexandre De Oliveira, Cu D. Nguyen)
18:15 Applying bug hunters methodologies to your organisation, lessons from the field. (Paul Amar)
19:15 Kick-off for Open Source Security Software Hackathon which takes place on Friday 20 October 2017

Workshop Agenda

Tuesday 17 October 2017 (Workshops)

Time Hollenfels Echternach - Diekirch  
9:30 Programming Wireshark With Lua (Didier Stevens) ca. 2h Breaking Apps with Frida Jahmel Harris  
10:15 Refreshment break Refreshment break  
10:30 workshop continued workshop continued  
12:00 Lunch break Lunch break  
13:00 Lightning talks Lightning talks  
13:30 Reverse Engineering a (M)MORPG (Antonin Beaujeant) ca. 6h Mobile Security workshop (Frank Spiering, Arthur Donkers) ca. 6h  
15:45 Refreshment break Refreshment break  
16:00 workshop continued workshop continued  
19:15 end of workshop    

Wednesday 18 October 2017 (Workshops)

Time Hollenfels Echternach - Diekirch  
08:45 SAP Pentest - From outside to company salaries tampering (Yvan Genuer) ca. 3h Python and Machine Learning (Sébastien Larinier) ca. 3h  
10:15 Refreshment break Refreshment break  
10:30 workshop continued workshop continued  
12:00 Lunch break Lunch break  
13:30 Getting the Most Out of Windows Event Logs (David Szili) ca. 4h Hacking the Warrant: A workshop on LEA CNE (Scarlet Kim, Éireann Leverett)  
15:45 Refreshment break Refreshment break  
16:00 workshop continued Lockpicking workshop (Walter Belgers)  
18:00 end of workshop end of workshop  

Thursday 19 October 2017 (Workshops)

Time Hollenfels Echternach - Diekirch      
08:00   Malware Triage Workshop - Malscripts Are The New Exploit Kit (Sean Wilson, Sergei Frankoff) ca. 4h      
08:45 ManaTI: Web Assistance for the Threat Analyst, supported by Domain Similarity (Raúl B. Netto) ca. 2h workshop continued      
10:15 Refreshment break Refreshment break      
10:30 workshop continued workshop continued      
12:00 Lunch break Lunch break      
13:00 Lightning talks Lightning talks      
13:30 Dr. Honeypots - How I Learned to Stop Worrying and Know My Enemies (and Worms) (Guillaume Arcas) Threat Intel workshop with MISP and The Hive      
15:45 Refreshment break Refreshment break      
16:00 workshop continued workshop continued      
18:00 end of workshop        

Monday 16 October 2017 Special interest pre-hack meeting

Time Room Title
14:00 - 18:00 Hollenfels MISP summit

Wednesday 18 October 2017 Hardware shredder

A hardware shredder will be available outside on a truck. There will be shred-it-for-free slots during break times and on demand. Feel free to bring your old storage devices, e.g. HDDs, CDs, smart phones, SD cards, SIM cards, floppy disks and have them shredded for free. Please watch the video.

Friday 20 October 2017

hack.lu brings many security professionals together. We observe that many people and organisations create open source software to support their security activities, ranging from reverse engineering, digital forensic, incident response (DFIR), threat analysis to network security. Many of the security tools are developed on a long-term commitment and they provide viable solutions to improve security globally. Due to the big success of the first hackathon in May and in order to support the continuity of innovation, development and integration of such open source security tools, we decided to organise a two-days hackathon after the hack.lu conference in October.

Kickoff: Thursday, 19:15

Hackathon: Friday, 09:00

Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.

Defending any decent-sized organization is extremely difficult; you have to keep the business up and running while also making sure that attackers will not be able to reach the crown-jewels and you have to do it in a way that makes your C-level executives, managers and users happy.

BSides Luxembourg is a conference that is 100% dedicated to defense, inspiring discussions and knowledge exchange among the participants, whether they are from red or blue team side.