leHACK Conferences tracks 📅 iCal 📱 INSTALLABLE MOBILE WEB APP

Zone 3 - Louis Armand Conference Room

The Baybridge study uses OSINT to build on previous research about a large-scale Chinese online influence operation. By digging into technical and Chinese online resources, the study aims to (1) comprehensively map the online infrastructure of the network, (2) present new evidence of possible state involvement, and (3) analyze content to reveal discursive strategies, targeting methods, and the implications of Russian stakeholders. These insights aim to improve understanding of this phenomenon and combat online information manipulation.

Zone 3 - Louis Armand Conference Room

Robert Sell has been a certified human tracker in his capacity as a Team Leader in Search and Rescue for over a decade. Trained by border services tracking teams and Canadian Special forces, Robert has spent countless hours as a three person tracking team searching for real persons in the Pacific North West. He applies the tracker skillsets to help people improve their Open Source Intelligence Operations. As the Founder of Trace Labs he has had the opportunity to see the OSINT strategy and techniques of thousands of investigators. He uses this knowledge to compare and show best practises from the tracking field to help OSINT investigators. Robert lowers the curtain on the skillsets and approach real trackers take. This includes everything from detecting state of mind to sign cutting concepts. This talk will allow you to see what was previously invisible to you.

Zone 3 - Louis Armand Conference Room

This talk presents an original investigation at the crossroads of OSINT and cybercrime: the analysis of stealer logs — not from victims, but from the cybercriminals themselves.
Infostealers are malware designed to exfiltrate sensitive data to Command-and-Control (C2) servers. However, our research reveals that due to negligence or lack of operational security, some threat actors end up falling victim to their own tools. By analyzing these “leaked” or compromised stealer logs, we’ve been able to profile a wide range of actors — from inexperienced users exposing their personal credentials, to advanced operators managing multiple malware campaigns simultaneously.
Through concrete case studies, we will demonstrate how OSINT techniques can be used to turn attackers’ tools against them, exposing their practices, mistakes, and even parts of their infrastructure. This talk offers a rare behind-the-scenes look at the infostealer ecosystem and highlights how intelligence gathering can reveal the human flaws behind cybercrime.

Zone 3 - Louis Armand Conference Room

In this talk, Marwan Ouarab, founder of Find My Scammer, reveals how open-source intelligence (OSINT) techniques helped him uncover the real identities behind a global romance scam in which fraudsters posed as Brad Pitt to deceive and extort victims worldwide. By tracing digital breadcrumbs, analyzing infrastructure, and pivoting through online identities, Marwan dismantled a network of scammers who operated with shocking coordination. This talk dives into the technical methods, investigative challenges, and the human stories at the heart of one of the most bizarre celebrity impersonation scams in recent years.

Zone 3 - Louis Armand Conference Room

We'll be running Tracelabs Search Party CTF live in Paris during leHACK! The event will be live from 17:00 to 21:00 Paris time and will be available only for in-person attendees. More details will come soon.Cost: FreeRegistration: To be definedWe need volunteer OSINT CoachMore information : https://docs.google.com/forms/d/e/1FAIpQLScKCb7108-BxouwkQv7SHGrCbztsxFTSey45QEd-tzyzSv31A/viewform

Zone 3 - Louis Armand Conference Room

Since the disappearance of Yevgeny Prigozhin in August 2023, the future of the Wagner PMC's digital influence operations—particularly in Africa—has raised many questions. Recent analyses suggest that these activities persist, though in a transformed manner, and now appear to be integrated into the Russian state’s broader informational influence strategy.

A key player in this new dynamic is African Initiative, a Russian news agency founded in Moscow in September 2023. It presents itself as an information bridge between Russia and Africa. Through its various channels, it disseminates pro-Russian and anti-Western content in multiple languages, including French.

This talk will detail the TTPs (Tactics, Techniques, and Procedures) of the “AI-Freak” modus operandi associated with African Initiative and will showcase several original OSINT pivots used in the investigation.

Zone 3 - Louis Armand Conference Room

The Federal intelligence service says in its annual report around 20% of Russian diplomats in Switzerland are spies. Is it possible to fact-check that using open source information or leaks ? Using the sources we found, we will try to explain our research strategy, the tools we used and who knows, find some guys or interesting profiles.

Zone 3 - Louis Armand Conference Room

Bread & butter of defence OSINT, OSINT goes to war in the Black Sea, the risks of revealing sources, and deception & countering OSINT

Zone 3 - Louis Armand Conference Room

This talk discusses web scraping techniques for the Chinese internet, covering sources like social media and official government websites. It highlights that, contrary to popular belief, China's political processes do not need to be a black box. Millions of government documents can be found online that can illuminate developments in the country, sometimes even on sensitive affairs. Web scraping techniques can help pry open this black box and help see the forest for the trees. Yet, the talk also focuses on how extensive challenges remain, ranging from geo-blocking to "real-name registration".

Zone 3 - Louis Armand Conference Room

Criminals want to own their villa on french riviera or their apartment in Dubai. No need to have police powers to find out where they invest their money. It only takes some open data and OSINT technics for journalists to follow the money. This talk covers how journalists from Le Monde investigate russian oligarchs, drug traffickers and other kleptocrats real estate assets, and why open source is so important.

Zone 3 - Louis Armand Conference Room

As OSINT investigative journalists, we sometimes need to combine open-source techniques with on-the-ground reporting to take our investigations further. Journalists from the program SOURCES on ARTE.tv spent months analyzing customs records, European sanctions regulations, and the technical specifications of CNC machines, which are high-precision tools used to manufacture parts for civilian and military applications. Their investigation revealed that European machines were imported into Russia via third countries in Central Asia. However, one European company flatly denied the open-source findings and the customs records available online. That’s when journalist Maëva Poulet traveled to their headquarters. There, she accessed internal documents and used open-source data to prove that the company’s records about the machine and its destination had been forged.

Zone 2 - Workshop Rooms

Join us for a thrilling workshop where you’ll learn the basics of Windows malware analysis, OSINT and CTI, by extracting interesting information from a malware and using it to track down cybercriminals.

Ever wondered how people could make malicious binaries talk? Or how from a single string in a code an analyst could find its developer’s favorite music band? We bring you the best of two worlds, malware analysis and OSINT, in this introduction workshop.

By using some basic malware analysis techniques, you’ll be able to easily extract interesting information from a malware and its functionalities. With OSINT methods, you’ll find how to use the information found in the malware to pivot on data from websites, social networks, and media to extract hidden or forgotten information on your target.

With this 3 hours workshop targeting absolute beginners, you won’t become an expert in both fields, but you’ll have the opportunity to better understand how they work and discover how they can interact with each other.

Zone 2 - Workshop Rooms

This workshop introduces the fundamentals of investigating how cryptocurrency moves across wallets, smart-contracts, bridges, and exchanges. You'll learn how to follow transactions on-chain and apply OSINT techniques to extract context and potential control signals. Through hands-on examples, we’ll explore how to interpret what’s really happening behind the data in a decentralized, multi-chain ecosystem.

Zone 2 - Workshop Rooms

--Let me show you how to detect phishing/scam campaigns by analyzing OSINT data and using open-source tools I've created myself over the last few years.

Going even further, let's discover together how to gather information or material on the actors of these campaigns, their infrastructure, the developers of phishing kits, and even the existing marketplaces to fine-tune our knowledge of these threats.

Get a machine capable of running Docker containers, or a VM image. A network connection is required, as well as basic knowledge of the UN*X shell.

Zone 2 - Workshop Rooms

This workshop introduces the fundamentals of investigating how cryptocurrency moves across wallets, smart-contracts, bridges, and exchanges. You'll learn how to follow transactions on-chain and apply OSINT techniques to extract context and potential control signals. Through hands-on examples, we’ll explore how to interpret what’s really happening behind the data in a decentralized, multi-chain ecosystem.

Zone 2 - Workshop Rooms

--Let me show you how to detect phishing/scam campaigns by analyzing OSINT data and using open-source tools I've created myself over the last few years.

Going even further, let's discover together how to gather information or material on the actors of these campaigns, their infrastructure, the developers of phishing kits, and even the existing marketplaces to fine-tune our knowledge of these threats.

Get a machine capable of running Docker containers, or a VM image. A network connection is required, as well as basic knowledge of the UN*X shell.