WORKSHOP: Politique dmarc et phishing par spoofing. Session 2
Petite démo de spoofing à cause d'une politique dmarc trop souvent oubliée. On enchaîne sur du phishing forcément avec quelques astuces, domaine non-ascii, spf, dkim.
Archives: Events
WORKSHOP: Introduction aux FPGA – Session 5
WORKSHOP: Introduction aux FPGA – Session 3
WORKSHOP: Introduction aux FPGA – Session 4
WORKSHOP: Introduction aux FPGA – Session 2
WORKSHOP: Introduction aux FPGA – Session 1
FPGA, ASIC, HDL, circuits logiques, ces mots ne vous disent probablement rien bien qu'assurant le fonctionnement de bon nombre de vos équipements électronique et informatique.
L'objectif de ce Workshop est donc de vous introduire quelques notions de conception de circuits intégrés ainsi que l'outillage utilisé durant la phase d'ingénierie.
le HARDWARE VILLAGE ( SESSION 11 )
le HARDWARE VILLAGE ( SESSION 8 )
le HARDWARE VILLAGE ( SESSION 10 )
le HARDWARE VILLAGE ( SESSION 9 )
le HARDWARE VILLAGE ( SESSION 5 )
le HARDWARE VILLAGE ( SESSION 3 )
le HARDWARE VILLAGE ( SESSION 7 )
le HARDWARE VILLAGE ( SESSION 6 )
le HARDWARE VILLAGE ( SESSION 4 )
le HARDWARE VILLAGE ( SESSION 2 )
le HARDWARE VILLAGE ( SESSION 1 )
Si vous pensez que le hardware hacking est un mystère complet, si vous pensez que c'est un domaine difficile réservé aux gourous, si vous avez peur de vous lancer parce que vous avez peur de casser des choses, venez visiter le village hardware. L'INSCRIPTION EST OBLIGATOIRE Nous avons préparé des ateliers pour démystifier le hardware hacking et vous montrer que tout ...
STRANGER CASE AWARDS
L'Agence Stranger Case va finalement lever le voile sur l'affaire Icarus ! Pour ce grand final de l'événement OSINT organisé par l'ESNA de Bretagne, retrouvez une collaboration exceptionnelle avec l'École de Guerre Économique ainsi que leHACK dans un événement mêlant OSINT, HUMINT et SE; le STRANGER x HUNT !
WORKSHOP: Mastering CrackMapExec like a pro for your next internal pentest !
Going on an internal pentest is not always as easy as it seems, sometimeyou only have 2 days to compromise a domain. While 10 minutes can be enough, other times you can become very short on time ! Mastering CrackMapExec will make you gain time and focus on the methods and paths of compromision rather […]
WORKSHOP: Comment combiner vos outils favoris avec Maltego
Devant la myriade d'outils dédiés à l'OSINT et la cybersécurité, une question se pose: comment combiner ces outils et les utiliser de manière harmonieuse? Maltego est un outil graphique d'analyse de lien logique, permettant d'utiliser différents outils et source de données au sein de la même interface. Avec [Maltego LTC] https://github.com/MaltegoTech/maltego-ltc), un repertoire open-source, nous […]
WORKSHOP: Politique dmarc et phishing par spoofing. Session 1
Petite démo de spoofing à cause d'une politique dmarc trop souvent oubliée. On enchaîne sur du phishing forcément avec quelques astuces, domaine non-ascii, spf, dkim.
WORKSHOP: OSINT for Crisis Management
This workshop will focus on how OSINT tools and techniques can provide a considerable added value in the management of ongoing crises using case studies in Mozambique and Myanmar. For Mozambique, the workshop aims at providing insights into the symbiosis existing between OSINT resources and conventional crisis management and conflict analysis TTPs. This will provide […]
WORKSHOP: China from afar, open data and research
23:00 -> 01:00 """China is a black box"". How many times did you heard this meme? Contrary to popular beliefs, China's society and internet are not opaque abyss that will remain a mystery for outsiders. Information exists out there, but you have to know where to look. Our workshop aims to provide key insights into […]
WORKSHOP: Using Satellite imagery, flight, and vessel data in investigations
"At OCCRP, we often raise questions during the course of an investigation that involve geography. For example, what is the path of a vessel or a flight over time and at which point did we lose track of it? Are there any patterns in its path that recur? Is there a correlation of deforested areas […]
Empowering your OSINT skills with GEOINT
The talk aims at showcasing the power of geographic intelligence using open-source tools and databases on security-related issues. It covers various geolocation techniques, used to address humanitarian crises and document war crimes in conflict areas around the world. The talk will demonstrate how public satellite imagery providers, map services and radar imagery can be turned […]
WORKSHOP: OSINT for Crisis Management
This workshop will focus on how OSINT tools and techniques can provide a considerable added value in the management of ongoing crises using case studies in Mozambique and Myanmar. For Mozambique, the workshop aims at providing insights into the symbiosis existing between OSINT resources and conventional crisis management and conflict analysis TTPs. This will provide […]
WORKSHOP: China from afar, open data and research
23:00 -> 01:00 """China is a black box"". How many times did you heard this meme? Contrary to popular beliefs, China's society and internet are not opaque abyss that will remain a mystery for outsiders. Information exists out there, but you have to know where to look. Our workshop aims to provide key insights into […]
WORKSHOP: Using Satellite imagery, flight, and vessel data in investigations
"At OCCRP, we often raise questions during the course of an investigation that involve geography. For example, what is the path of a vessel or a flight over time and at which point did we lose track of it? Are there any patterns in its path that recur? Is there a correlation of deforested areas […]
GENERAL RUMPS SESSION
RUMPS are small talk sessions, where you can freely grab the mic to present random speech about hacking without control, censorship, pressure, and inside a “plausible deniability” setup. No lineup, no recording, no endorsments, anonymity is guaranteed if needed and you bring your own countermeasures. You take all responsability for the topic you present, leHACK […]
Open source toolings to help analysts day-to-day activities – from AIL project to MISP
Data Mining, Darknet, and Social Network Monitoring are critical components of modern threat intelligence and security operations. The AIL Project is an open source framework designed to collect, crawl, dig, and analyze unstructured data from various sources. With its extensible Python-based framework, AIL can analyze unstructured data collected via an advanced Crawler manager or from […]
Using OSINT to track illegal supply chains: a use-case on cocaine smuggling
We’ll go through different ways in which OSINT can be useful to cover a highly secretive business: cocaine shipments across continents. Here you don’t have any documents, bills of lading or online tracking data. Where do you start? Being a complex system, it requires you to go into many different directions and go around the […]
A hands-on introduction to Aleph, the data tool that enables OCCRP’s cross-border investigations
Kickstart your investigations with OCCRP Aleph, the leak taming, company registry matching, huge dataset wrangling tool that enables the Organized Crime Corruption Reporting Project (OCCRP) to launch multiple cross border projects a year. Come learn about how to conduct advanced searches, cross-reference data across multiple leaks, and create your own investigation workspace — including building […]
Cryptocurrency & NFT OSINT: Introduction to Web3/Ethereum profiling & deanonymization
This talk unravels the intricacies of blockchain, cryptocurrencies, and NFTs from an Open Source Intelligence (OSINT) perspective. We'll demystify how these technologies operate and explore relevant OSINT techniques. Delving into real-world use cases, we'll highlight how OSINT can help profile public personalities, identify victims of 'rug-pull' scams, and deanonymize Tornado Cash users. Join us for […]
Using the OSINT Mind-State for Better Online Investigations
In recent years, public interest in open-source intelligence (OSINT) gathering and analysis has increased exponentially. As this interest has grown, more and more OSINT investigations have been relying on tools and automation, leaving the analysis process behind. In this talk, Nico will show why you should consider OSINT a thought process. He will discuss how […]
Hardcore OSINT : Reversing social media mechanisms
You'll see how to exploit the features of social networks to get more data. Let's delve into code and hack!
Using OSINT to track international weapons sales to conflict areas
Long before the invasion of Ukraine OSINT techniques helped exploiting social media, satellite imagery, government data and other sources to uncover controversial sales and deployment of weaponry and their link to crimes and violence.
OSINT Investigation: One year later, what happened to them?
OWN is back one year later to bring you an update on the tactics, techniques and procedures of a threat actor specialising in DDoS attacks.
The Paterva story
Back in 2008, a bunch of folks got together in an old warehouse in South Africa and started working on what we now know as Maltego, today's most popular OSINT tool. The founder of Paterva will share the wild story of how this software came to life, how it almost got canned, and the bumpy […]
WORKSHOP: LOCKPICKING avec l’ACF
Samedi à partir de 14h et ( presque ) toute la nuit en zone workshop. Crochetage de serrures faciles et haut de gamme, techniques de transmission d'ondes de chocs, atelier de crochetage de serrures magnétiques avec l'ACF
CONNECTION DROPPED – leBREAK
CONNECTION DROPPED – leBREAK
CONNECTION DROPPED – leBREAK
CONNECTION DROPPED – leBREAK
LUNCH TIME !
LUNCH TIME !
Kernel Panic!
Phear not, take a seat, welcome to leHACK, the oldest and wildest french hacking conference.
Bot-In-The-Middle Attacks – LLM’s and App Security
We have seen tens of thousands of posts, blogs, articles, and more about the threat of 'Artificial Intelligence' in the news - and the reality is that many companies, from Microsoft and Google down to small App Dev houses and Academic Researchers, are exploring how to integrate this technology into applications... so for better or […]
How EDRs work and how to bypass them
I would like to speak about how Endpoint Detection and Response (EDR) softwares work and how to defeat every protection, such as AMSI, Sysmon, DLL Hooking or ETW. The goal of this talk is to allow a good understanding of these protections IN FRENCH, because many presentations on this subject are only in english. I […]
Trusted Types: DOM XSS Protection at Scale
DOM XSS continues to be the most critical threat to web security. Our current best defense against DOM XSS is Trusted Types, a browser-based runtime feature to limit the uses of DOM APIs (and limit the possibility of DOM injection). We will discuss our approach to using Trusted Types to protect billions of our users, […]
KeePass triggers are dead, long live KeePass triggers!
Souvent utilisé pour stocker les secrets critiques du système d'information, KeePass est une cible de choix pour les attaquants. Parmi ses nombreuses fonctionnalités, le logiciel propose un système d’événement-action-condition permettant l'automatisation de tâches complexes. Ce dernier fut rapidement détourné afin d'extraire les mots de passe par simple modification d'un fichier de configuration. Particulièrement discrète, cette […]
