Skip to content
BLACKOUT

Theory and talks are great, but practice rulez supreme.
leHACK workshops are collaborative public practical trainings on niche techniques which will improve your skills.

workshops TRACK

OSINT 101: an introduction to Windows malware analysis and OSINT FR Atelier d'introduction au reverse de malware et l'OSINT et les liens entre ces deux disciplines Le workshop cible un public novice au reverse l'OSINT Introduction min OpenFacto introduction What is Cyber Threat Intelligence What is malware analysis What is OSINT - gt insist on methodology before tools and the need to check the origins of one's tools - gt pivots Links between malware analysis and OSINT Windows Malware analysis h Introduction on Windows Malware analysis min Many different possible goals - gt even more different methodologies Exploratory what does this malware do Detection briefly talk about detection signatures Extracting information for further analysis mistakes made by dev PDB email address etc and malware configuration IP domain names etc Studying the evolution of the code need to know what characteristics are unchanging possibility to compare different versions etc etc Feedback The first step can be difficult to make but there are some quick wins that can help you get started A lot of people are scared of assembly but if you don't want to be a professional malware analyst you don't necessarily need to have a very deep understanding of assembly language if you do want to get into it practicing is the best way to learn and being patient is important try not to get frustrated with the fact that you won't understand everything at first A lot of good resources exist list at the end the first one being PMA which is really good to get started The basics min Mostly demonstrations with possibility for the attendees to try it out at the same time Some important notions Strings string formats extracting them what strings could be interesting PDB function names Talk about the PE header without getting into too many details mostly imports Windows API and timestamps Assembly There won't be the time to get into details here it's a very broad subject Most important tip practice and don't get discouraged It's okay not to understand everything but you need keep in mind your goal Free tools available to practice at home show Binary Ninja A possible strategy start with some quick wins and get into the details of assembly little by little with practice Or just stop at the quick wins that can still be useful even if assembly isn't your thing Quick wins exist min Many tools exist online Tools for extracting embedded files like images - gt OSINT Tools for unpacking broad subject there may not be enough time to talk about it Windows API documentation Show as an example malware functions where you can see Windows API functions being called and roughly guess what's going on interactive Recognizable patterns or cryptograhic constants Show examples of famous cryptographic functions that are easily recognizable interactive Basically if you don't get too intimidated you might understand more than you'd think Limitations complex packing obfuscation techniques OSINT h Dorks min Starting point we got an Windows API yeah Review of major search engines and how to influence results...

Anso

OpenFacto member and CTI analyst specialised in OSINT investigations Travel plans : none needed, already in Paris Social media : openfacto on Bluesky and Linkedin

Cora

CTI analyst specialised in malware analysis Travel plans : none needed, already in Paris

Initiation à la classification de malware FR Ce workshop propose une découverte de la classification de malware, en partant des bases pour construire un système scalable de recherche et de classification. On commencera par explorer l’intérêt de chercher des similarités entre binaires. J'aborderai les méthodes classiques de diffing binaire (BinDiff, Diaphora), avant de passer à une approche plus globale pour mesurer la similarité à grande échelle, à partir de features extraites des binaires. Les participants découvriront comment appliquer des méthodes de comparaison efficaces pour classifier de grands volumes de binaires, tout en gardant une durée de traitement réaliste. Nous évaluerons les performances des modèles à l’aide d'outils classiques de machine learning, puis visualiserons les résultats avec des graphes (neo4j) qui donnent des résultats plus visuels. L'objectif final est de créer un outil simple de classification et de recherche de similarité basé sur Python et Docker Valentin Lonnoy

Valentin Lonnoy

Valentin Lonnoy, étudiant en réponse à incident à l’Université de Technologie de Troyes, participant à de nombreux CTF avec l’équipe HackUTT (président du club).

Breaking into Hades' realm: an advanced Kerberos exploitation EN Originally developed by MIT, Kerberos is widely used in Microsoft Active Directory environments. Therefore, this protocol is a prime target for exploitation, allowing privilege escalation as well as establishing persistence. This workshop is designed for cybersecurity professionals who seek to deepen their understanding of Kerberos vulnerabilities and the sophisticated techniques used to exploit them. Participants will embark on a comprehensive journey on Kerberos exploitation, starting with the fundamentals of the protocol and moving swiftly into advanced attack strategies. The workshop will primarily cover: - Abusing delegations - Forging tickets (especially Diamond and Sapphire tickets) - *-roasting (well-known variants as well as their newer versions, such as Kerberoasting without pre-authentication) Throughout the workshop, participants will engage in hands-on labs to reinforce their learning. By the end of the session, attendees will possess a deep understanding of Kerberos exploitation techniques and practical knowledge to effectively conduct these attacks. Join us to master the art of Kerberos exploitation and fortify your skills to always be Domain Admin on the first day of your pentest engagement Requirements: - Basic knowledge of Active Directory and Kerberos protocol - A laptop with Exegol (https://exegol.readthedocs.io) pre-installed, with the latest nightly image already downloaded Volker Carstein

Volker Carstein

Hacker speaker Jack of All Trades Social Engineering, OSINT, AD, TTRPG Pentester / Red Team Operator @ Bsecure / Parabellum Services

rayanlecat

rayanlecat

Pentester

Apkpatcher: Reverse Engineering and Modifying Android Applications Without Rooting FR This hands-on workshop will guide participants through the process of reverse engineering and modifying Android applications without the need for rooted devices. I will present [apkpatcher](https://apkpatcher.ci-yow.com/) to explore various techniques to analyze, modify, and remove tracker on Android apps, focusing on practical skills that can be applied in real-world scenarios. Understand the fundamentals of reverse engineering Android applications. Learn to use debugging tools to analyze Android app behavior. Bypass security mechanisms using Frida scripts. Sniff and replay Bluetooth Low Energy (BLE) communications. Modify Smali code to alter app functionality. Reverse engineer native libraries used in Android apps. Perform Man-in-the-Middle (MITM) attacks on HTTPS services. By the end of the workshop, participants will have gained practical experience in reverse engineering and modifying Android applications. They will be equipped with the skills to analyze app security and implement modifications without requiring rooted devices. Workshop Duration: 1.5 hours Benoît Forgette

Benoît Forgette

Playing the game of tag with modern day AV and EDRs: A guide to evading the watchdogs. FR The perpetual race to safeguard and secure our infrastructures have given birth to robust defensive mechanisms, such as antiviruses (AV), Endpoint Detection and Response (EDRs), and Extended detection and response (XDR) just to name a few. Over the years the detection methodologies employed by them have evolved. From the very basic string and hash matching techniques, defensive mechanisms have enhanced their capabilities by employing machine learning, in memory scanning and other sophisticated techniques. From the perspective of a malware developer, developing malware is considerably easier as compared to evading it. In this talk we will discuss various techniques employed by malware developers to circumvent detection measures implemented by modern day AVs and EDRs. This talk will solely focus on the Windows ecosystem. We will discuss the nitty gritties of the Windows OS, followed by various detection techniques implemented by AVs and EDRs. After understanding the detection methods we will shift our focus on various techniques that can be implemented to bypass aforementioned detection techniques. Some techniques included are Unhooking, BlockDLL, Repatching, API Hashing, ETW and AMSI patching etc. In order to better understand the concepts discussed, we present real life PoCs. These PoCs will showcase the discussed evasion techniques on a popular red teaming tool (Juicy Potato). The implemented techniques will be tested against ‘Windows Defender’, a popular and widely used inbuilt AV solution by Microsoft. Furthermore these PoCs will showcase the exact detection methods and how we were able to bypass them to gain access. Aryan Jogia

Aryan Jogia

Active Directory pwnage with NetExec FR In this workshop, we will show you how to take advantage of NetExec to efficiently and easily compromise an Active Directory domain during an internal pentest. A lab will be provided to each student, and the goal will be to become a domain administrator using various paths—only with NetExec! The first one to gain domain admin will be covered in glory for eternity! In this workshop, you will learn which features to use depending on the attack you need to perform, which commands to run first, what to do when you grab credentials, etc.—all by actually doing it live. No slides, only NXC as your best friend! This workshop is for students who have already played a little with Active Directory or for people who want to learn more about the tool and how to use it properly during an internal pentest! Martial Puygrenier

Martial Puygrenier

Flibustier du net ̿ ̿̿’̿’\̵͇̿̿\=(•̪●)=/̵͇̿̿/’̿̿ ̿ ̿ ̿

Hardware Hacking : getting a root shell via UART FR Ever wondered how to gain root access to a device via hardware ? Why not trying yourself ? This workshop will equip you with the skills and knowledge to understand the basics of hardware hacking . In this workshop, you may : - Learn what UART is and why it's a crucial interface for embedded systems. - Set Up Your Environment: Get your tools ready, including serial adapters and terminal software. - Discover how to physically connect to a device's UART pins and establish a serial connection. - How to interact with the device's shell and gain root access. Noë Flatreaud

Noë Flatreaud

IT Consultant • Cybersecurity Researcher interested in Bitcoin and Cryptography

Network protocol abuse: driving ICS equipent mad. FR Ce Workshop s'articulera sur les explications et l'utilisations de plusieurs librairies qui permette de s'interfacez avec de PLC (microcontrôleur programmable destiné au contrôle industriel). Une 1ʳᵉ partie sera dédiée aux explications techniques du fonctionnement des PLC et des différents protocoles réseaux associé. La deuxième partie sera sur "l'exploitation" et l'explication des libraires qui permette de s'interfacer avec les PLC. Protocoles utilisés dans le workshop : - MODBUS - s7comm (siemens) - OPC UA L'objectif de ce workshop et de démontrer la faciliter avec laquelle, on peut prendre le contrôle d'un PLC si aucune mesure de sécurité n'est appliqué, ou que des mauvaises configurations sont mises en place. Le support du workshop sont des équipements physiques qui sont contenus dans un Lab réseaux portables. Les participants pourront se connecter au LAB via RJ45 (limiter à 5 personnes) ou par wifi (20 personnes). Cordier Erwan

Cordier Erwan

cyber-security and ICS entousiast.

Integrating secure coding to DevSecOps cycle FR This workshop aims to overcome the drawbacks of the current approach of teaching application security by blindly attacking applications to analyze vulnerabilities. This results in engineers being unable to figure out the proper fix for the vulnerabilities and hence allowing attackers to exploit the same. The labs will help security enthusiasts, developers and students to identify the root cause of the vulnerability in the code, patch it, re-deploy the application, and finally verify the fix. As an attendee, you will learn to find vulnerabilities with both an attacker and a defenders point of view which would help in a swift SDLC of fixing and moving forward instead of traditional pentesting procedures of fixing the issues at the end of the cycle. The demonstration will be done using a vulnerable e-cart application with microservice architecture which is deployed using docker where the vulnerable code is attacked and replaced with secure code snippets, compiled, deployed and pentested again to demonstrate how fixing a vulnerability at the root saves engineers time and efforts.

Gopika Subramanian

Pentesting AWS Cloud Environments FR Equip participants with the skills to identify and exploit vulnerabilities in AWS cloud environments, ensuring robust cloud security. Participants will enhance their cloud security skills by gaining practical knowledge and hands-on experience identifying and mitigating vulnerabilities in AWS cloud environments. Target Audience: Cybersecurity professionals, cloud engineers, IT administrators, and anyone interested in cloud security.- Workshop duration: 40 minutes - Workshop language: English Zakaria Brahimi

Zakaria Brahimi

As a penetration tester, my day-to-day responsibilities include conducting security audits (application security, configuration review, source code review) and penetration tests on a variety of challenging environments (systems, networks, web applications, web services, mobile applications). I have also worked on several organizational security and governance projects. I am also the author of several works (conferences, practical workshops, webinars) and publications (articles, tutorials, publications) in cybersecurity. I also provide occasional training in ethical hacking and cybersecurity awareness.

Insecure time-based secret in web applications and Sandwich attack exploitation FR The goal of this workshop is to put ourselves in the shoes of a bug bounty researcher wishing to automate an attack scenario to the maximum of its possibilities. The scenario studied will be that of a password reset token based on a time-based secret that is not cryptographically secure. We will look at how to construct the attack scenario and script a detection and exploitation procedure. We will then look at how to use the open source tool "Reset tolkien" to detect and exploit this type of web vulnerability. Tom Chambaretaud

Tom Chambaretaud

Technical Lead @YesWeHack | Bug hunter (approximately every 3 months)