BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//leHACK//NONSGML Events//EN
BEGIN:VEVENT
UID:2415
DTSTAMP:20260623T104253
DTSTART:20260628T010000
DTEND:20260628T023000
LOCATION:Salle Louis Armand s3
DESCRIPTION:Come learn and show off your GeoGuessr skills at this IRL workshop organized by OpenFacto.
SUMMARY:WORKSHOP: GeoGuessr Party
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/osint/#workshop-geoguessr-party
END:VEVENT
BEGIN:VEVENT
UID:2188
DTSTAMP:20260625T143555
DTSTART:20260627T230000
DTEND:20260628T003000
LOCATION:Workshop Room 3 S3
DESCRIPTION:Understand the fundamentals of reverse engineering Android applications.\nLearn to use debugging tools to analyze Android app behavior.\nBypass security mechanisms using Frida scripts.\nSniff and replay Bluetooth Low Energy (BLE) communications.\nModify Smali code to alter app functionality.\nReverse engineer native libraries used in Android apps.\nPerform Man-in-the-Middle (MITM) attacks on HTTPS services.
SUMMARY:Apkpatcher: Reverse Engineering and Modifying Android Applications Without Rooting
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/workshops/#apkpatcher-reverse-engineering-and-modifying-android-applications-without-rooting
END:VEVENT
BEGIN:VEVENT
UID:2191
DTSTAMP:20260625T145816
DTSTART:20260627T230000
DTEND:20260628T003000
LOCATION:Workshop Room 2 S3
DESCRIPTION:Ce workshop introduit un framework dédié aux attaques de protocoles sans-fil, WHAD, avec un focus tout particulier sur le protocole Bluetooth Low Energy. Il fait écho au talk soumis par l'auteur sur le même sujet, et permettra de mettre en pratique les attaques évoquées dans ce dernier sur de véritables équipements connectés.
SUMMARY:Hacking Bluetooth Low Energy Devices with WHAD
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/workshops/#hacking-bluetooth-low-energy-devices-with-whad
END:VEVENT
BEGIN:VEVENT
UID:2187
DTSTAMP:20260625T143823
DTSTART:20260627T223000
DTEND:20260628T000000
LOCATION:Salle Louis Armand
DESCRIPTION:Most reverse engineering workflows treat a binary as a static artifact. Dynamic Binary Instrumentation flips that: instead of reading code, you *watch it run*, intercepting every instruction and memory access with nothing but Python.\n\nThis workshop is a hands-on introduction to DBI using [PyQBDI](https://qbdi.readthedocs.io/en/stable/get_started-pyqbdi.html). Attendees go from zero to writing instrumentation scripts that trace execution, inspect runtime state, instrument native libraries, and ultimately bypass anti-debugging protections to extract a hidden flag. They leave with reusable scripts and the foundations to apply QBDI in professional engagements, CTF challenges, or personal research.\n\n[QBDI](https://qbdi.quarkslab.com/) is an open-source framework developed at Quarkslab, supporting Linux, Windows, Android, and macOS. It has been used in practice to [break whitebox cryptographic implementations](https://blog.quarkslab.com/introduction-to-whiteboxes-and-collision-based-attacks-with-qbdi.html), [deobfuscate VM-protected binaries](https://blog.quarkslab.com/qbdi-vs-tritondse-against-a-vm-who-will-be-the-fastest.html), and [analyze Android native libraries without source code](https://blog.quarkslab.com/android-native-library-analysis-with-qbdi.html).
SUMMARY:Introduction à l'instrumentation dynamique binaire avec QBDI
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/workshops/#introduction-a-linstrumentation-dynamique-binaire-avec-qbdi
END:VEVENT
BEGIN:VEVENT
UID:2449
DTSTAMP:20260627T133452
DTSTART:20260627T210000
DTEND:20260627T230000
LOCATION:Amphithéâtre Gaston Berger
DESCRIPTION:Who Wants to Win Bitcoins - Game Rules\n\n21:00 pm - 23:00 pm Gaston Berger\n\nComposition of the teams\nA team consists of exactly 3 players\nEach player is part of one team and one team only\nRegistration\n\nTo register, send an email to [ quiveutgagnerdesbitcoins [at] gmail.com] (not easy, eh) mentioning the name of your team and the nicknames of the participants.\n\n9 places are available for the game, if more than 9 teams are registered, pre-selections will take place and will be done by email (no, no speed test).\n\nPrinciple of the game\n\nWho Wants to Win Bitcoins is a game inspired by DEFCON's Hacker Jeopardy, but it does not share the whole concept.\n\nThe game is played in rounds: 3 selection rounds and 1 final. During each round, 3 teams of 3 players compete by answering questions. Each correct answer earns points, a wrong answer does not lose any points.\n\nAt the end of the round, the team with the most points is declared the winner. In the event of a tie, a series of additional questions will be used to decide between the two teams.\n\nThe team that wins the final round wins a pre-provisioned wallet of bitcoins, for an amount greater than 30€ (to be determined).\n\nHow does a round unfold?\n\n6 categories of questions are randomly selected and displayed on the main screen. Each category has 5 questions ranging from 100 to 500 points, for a total of 30 questions.\n\nDuring the round, a team is designated "in charge" of the question board. The team in charge determines the next question, and keeps the hand as long as they answer the questions correctly first, and loses it if an opposing team answers correctly before them. In this case, the hand passes to the opposing team who chooses the next question and is now in charge of the board.\n\nWhen a question is asked, teams buzz in to give their answer. The fastest team is the first to answer: points are awarded for correct answers, and they take control of the question board. If they get it wrong, they can no longer answer that question and the floor is left to the other teams. If they take too long to answer, they lose their turn and the floor is left to the other teams.\n\nIf no team gives the right answer, the floor is given to the audience. If a member of the audience gives the right answer when asked, they win leHACK swag (t-shirts, hardware, mugs, etc.)! However, the team in charge of the question board has the final say.\n\nIf no one finds the answer, it is revealed and the game continues, with the question board team keeping the lead.\n\nThe team in charge of the question board chooses the next question, and so on until the last question.\n\nEnd of the round\n\nThe round ends when all 30 questions have been asked. The points of the teams are totaled and the team with the most points is declared the winner. In the event of a tie, a sudden death test is set up: the first team to answer a question correctly wins the round.\n\nBasic Rules\nAny team caught cheating will be immediately disqualified\nAny objectionable or inappropriate behavior towards the organizers and participants will result in the disqualification of the team concerned
SUMMARY:Qui Veut Gagner des Bitcoins
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/conferences/#qui-veut-gagner-des-bitcoins
END:VEVENT
BEGIN:VEVENT
UID:2192
DTSTAMP:20260625T143150
DTSTART:20260627T210000
DTEND:20260627T223000
LOCATION:Salle Louis Armand
DESCRIPTION:The world of Web Hacking is evolving, and with it, our tooling must evolve as well. Caido, the new guy on the HTTP Proxy block, brings a new set of tools and capabilities to web hackers that minimize friction and increase efficiency in your hacking process. Join us as we explore:\n* HTTPQL Search\n* Caido Workflows (easy to understand & integrate low-code/no-code automation)\n* Environment Variables (no, not that kind)\n* Organization/Note Taking\n* Shift - Caido AI Integration\n* and much more
SUMMARY:Efficient Web Hacking with Caido
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/workshops/#efficient-web-hacking-with-caido
END:VEVENT
BEGIN:VEVENT
UID:2190
DTSTAMP:20260625T145050
DTSTART:20260627T210000
DTEND:20260627T223000
LOCATION:Workshop Salle 2 S3
DESCRIPTION:keep digging for that root shell
SUMMARY:Hardware hacking : keep digging for that root shell
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/workshops/#hardware-hacking-keep-digging-for-that-root-shell
END:VEVENT
BEGIN:VEVENT
UID:2189
DTSTAMP:20260625T144637
DTSTART:20260627T210000
DTEND:20260627T223000
LOCATION:Workshop Room 3 S3
DESCRIPTION:Your favorite Android mobile apps or smart TV are probably fortresses: obfuscated code, anti hooking defenses, encrypted protocols. Traditional RE tools? Weeks of manual grinding. But what if you could teach your hooks to evolve, fuzz vendor services for hidden root commands, and let an AI orchestrate the entire RE workflow?\n\nIn this hands-on workshop, you'll learn to autopsy mobile applications using Reversense, a free collaborative reverse engineering platform now available as open source. Unlike traditional tools that require weeks of manual analysis, Reversense automates the discovery, modeling, and instrumentation of mobile apps in their real execution context.\n\nYou'll work through 3 real-world scenarios:\n\n- Hardened App Security Audit : Identify sensitive data and bypass security mechanisms, such as anti-hooking, using self-improved hooks and dynamic modeling.\n\n- Discovery of Undocumented ADB Commands : Use combination of built-in fuzzing engine, and cross-app hooking to uncover hidden vendor backdoors and factory test modes in Android devices.\n\n- AI-Powered Reverse Automation : Leverage MCP (Model Context Protocol) integration to orchestrate complex multi-stage reverse engineering workflows.
SUMMARY:Teaching hooks to hunt: automated Android app reversing
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/workshops/#teaching-hooks-to-hunt-automated-android-app-reversing
END:VEVENT
BEGIN:VEVENT
UID:2272
DTSTAMP:20260627T132458
DTSTART:20260627T213000
DTEND:20260627T221500
LOCATION:Salle Louis Armand S3
DESCRIPTION:Following the serie of workshops Ratzilla gave on car hacking, he will give a closure...
SUMMARY:LIVE TALK: Car Hacking
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/osint/#car-hacking
END:VEVENT
BEGIN:VEVENT
UID:2361
DTSTAMP:20260618T064931
DTSTART:20260627T170000
DTEND:20260627T220000
LOCATION:Workshop zone
DESCRIPTION:Red Team Alliance is coming to LeHack Paris! Ever wondered what physical penetration testers actually...
SUMMARY:Lockpicking with the Red Team Alliance. #4
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/workshops/#lockpicking-with-the-red-team-alliance-copy-3
END:VEVENT
BEGIN:VEVENT
UID:2301
DTSTAMP:20260621T210520
DTSTART:20260627T200500
DTEND:20260627T205500
LOCATION:LeLAB village hardware Salle C et D niveau S2
DESCRIPTION:Chaque participant démarre avec une plateforme d'attaque et un STM32 vérouillée. l'objectif : casser la...
SUMMARY:WORKSHOP: Outil de bypass de protection JTAG (pratique)
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/workshops/#workshop-outil-de-bypass-de-protection-jtag-pratique
END:VEVENT
BEGIN:VEVENT
UID:2262
DTSTAMP:20260622T181707
DTSTART:20260627T180500
DTEND:20260627T200500
LOCATION:LeLAB village hardware Salle C et D niveau S2
DESCRIPTION:Pendant deux heures, nous explorerons les cinq principales vulnérabilités liées à l'IoT — qu'il s'agisse d'embarqué, de cloud, de mobile, de données ou de processus. L'objectif est de montrer qu'avec très peu de matériel et des compétences de base, il est déjà possible de compromettre un firmware, d'altérer des données ou encore d'élever ses privilèges. La session combinera des apports théoriques, mais fera surtout la part belle à la pratique.\n\nPré‑requis : Un téléphone et une distribution Linux Kali, accompagnés d'un port USB‑A, devraient suffire pour participer sereinement au workshop.
SUMMARY:WORKSHOP: le top 5 des vulnérabilités IoT est-il réaliste pour un rookie? (DVID)
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/workshops/#workshop-le-top-5-des-vulnerabilites-iot-est-il-realiste-pour-un-rookie-dvid
END:VEVENT
BEGIN:VEVENT
UID:2245
DTSTAMP:20260622T182859
DTSTART:20260627T190500
DTEND:20260627T195500
LOCATION:Salle 3 niveau S3
DESCRIPTION:Vandal, c'est l'implémentation en pur C d'une plateforme d'analyse RF multi-protocoles basée sur de l'ESP32-S3.\n\nOn a soupoudré notre layer-cake cyber avec :\n- du WiFi avec injection de trames, deauth, captive_portal, sniffing, scanners et autres surprises\n- du Bluetooth BLE 5.0 avec scan de services, monitoring d'attributs et détection de security profile + bruteforce de pin\n- du Sub-GHz via CC1101, capture et replay et de beaux waterfall\n- du 2.4 GHz via Sx1280 et NRF52840 à venir\n- une couche de BadUSB HID ou MSC, complet et pilotable à distance\n- une gestion d'ADC 16 bits pour l'attaque physique et l'analyse de signaux\n- du messaging juste pour rire ou préparer l'apocalypse\n- des stupidités comme une CLI SSH embarquée vu qu'on avait trop de place\n\nPuis on a soupoudré avec du GPS pour le wardriving du pauvre, une SD-Card pour le storage offline — le tout sur un seul SoC, sans laptop hôte, pilotable à distance à l'aide de n'importe quel navigateur web.\n\nDans ce talk on va aussi parler de stack : pourquoi on a choisi une architecture event-driven autour de l'esp_event_loop, comment s'organise notre code autour de modules et de composants, et pourquoi nous avons choisi une infrastructure clients-serveur.\n\nOn terminera par un tour rapide du VANDAL Protocol qu'on s'impose entre les agents et la console. Démos live prévues, et probablement pleins de trucs qui ne fonctionneront pas comme prévu.
SUMMARY:TALK: Offensive AI on ESP32: Breaking Embedded Limits
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/lelab/#talk-vandal-yet-another-dongle-2
END:VEVENT
BEGIN:VEVENT
UID:2414
DTSTAMP:20260623T103939
DTSTART:20260627T170000
DTEND:20260627T193000
LOCATION:Salle Louis Armand s3
DESCRIPTION:RUMPS are small talk sessions, where you can freely grab the mic to present random speech about hacking without control, censorship, pressure, and inside a 'plausible deniability' setup. No lineup, no recording, no endorsements, anonymity is guaranteed if needed but you bring your own countermeasures (face mask allowed). You take all responsibility for the topic you present, leHACK isn’t responsible for your speech, be wise and don’t break the law. See you on Louis Armand room, on S3 level, starting Saturday 27/06/2026 from 17:00 to 19:30. Format : 5 minutes, ABSOLUTELY NO CAMERA, NO RECORDING! We will enforce this and immediately remove offenders without warning. Send us your speech hints at CFP before Saturday noon !
SUMMARY:TALK: Rumps
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/osint/#talk-rumps
END:VEVENT
BEGIN:VEVENT
UID:2440
DTSTAMP:20260626T112100
DTSTART:20260627T185000
DTEND:20260627T191000
LOCATION:Amphithéâtre Gaston Berger
DESCRIPTION:
SUMMARY:🔐 Surprise Talk
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/conferences/#%f0%9f%94%90-suprise-talk
END:VEVENT
BEGIN:VEVENT
UID:2173
DTSTAMP:20260517T103414
DTSTART:20260627T183000
DTEND:20260627T185000
LOCATION:Amphithéâtre Gaston Berger
DESCRIPTION:Comment écouter le réseau 3G avec ce que l'on a sous la main ?\nAvec un récepteur TV, une antenne bricolé, gr-gsm et simple_IMSI-catcher.py !
SUMMARY:simple_IMSI-catcher déjà 11 ans! - Oros
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/conferences/#simple_imsi-catcher-deja-11-ans
END:VEVENT
BEGIN:VEVENT
UID:2244
DTSTAMP:20260621T194824
DTSTART:20260627T180500
DTEND:20260627T185000
LOCATION:Salle 3 niveau S3
DESCRIPTION:Vous pouvez tout faire; il suffit d'y passer suffisamment de temps. En attendant, voilà un guide simple pour se lancer dans le hardware.
SUMMARY:TALK: CyberpunkGuide to hardware hacking
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/lelab/#talk-cyberpunkguide-to-hardware-hacking
END:VEVENT
BEGIN:VEVENT
UID:2170
DTSTAMP:20260517T103135
DTSTART:20260627T174500
DTEND:20260627T183000
LOCATION:Amphithéâtre Gaston Berger
DESCRIPTION:Avez-vous déjà tenté de vous infiltrer dans un événement hautement sécurisé ?\n\nProbablement non — nous, si :).\n\nÀ travers cette conférence, nous verrons comment les dispositifs de sécurité de certains des plus grands événements peuvent être contournés à l’aide de différentes méthodes, outils et techniques, allant de l’OSINT à l’ingénierie sociale.\n\nÀ partir de cas réels d’intrusions physiques, nous décortiquerons leur architecture : périmètres, zones d’accès, rôles humains, accréditations etc…\n\nEnfin, des démonstrations illustreront comment des dispositifs conçus pour protéger peuvent devenir exploitables dès lors que la validation repose sur des mécanismes humains.
SUMMARY:ALL ACCESS AUTHORIZED : How to infiltrate major events for fun and profit
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/conferences/#all-access-authorized-how-to-infiltrate-major-events-for-fun-and-profit
END:VEVENT
BEGIN:VEVENT
UID:2261
DTSTAMP:20260621T210353
DTSTART:20260627T170500
DTEND:20260627T175500
LOCATION:LeLAB village hardware Salle C et D niveau S2
DESCRIPTION:- Installer le DigiLab sur son Flipper Zero\n- Tour d'horizon et limitations\n- Détecter des grandeurs\n- Configurer les retours sensoriels\n- Aller plus loin\n\nMatériel nécessaire : Un Flipper Zero par personne, installation propre.
SUMMARY:WORKSHOP: Explorer les signaux avec le DigiLab
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/workshops/#workshop-explorer-les-signaux-avec-le-digilab-2
END:VEVENT
BEGIN:VEVENT
UID:2167
DTSTAMP:20260517T102939
DTSTART:20260627T172000
DTEND:20260627T174000
LOCATION:Amphithéâtre Gaston Berger
DESCRIPTION:Les applications de “smart city” promettent sécurité, modernité et économies d’énergie. Sur le papier, tout est parfaitement sous contrôle. Dans la réalité… disons que c’est plus lumineux que sécurisé.\n\nCette présentation propose l’analyse d’une application mobile permettant de contrôler l’éclairage public, signaler des zones dangereuses et partager sa position avec des proches. Officiellement, le système est protégé, restreint (et selon son créateur :“impiratable”).\n\nDans les faits, une compréhension même modérée de son fonctionnement permet de contourner les restrictions géographiques et d’activer l’ensemble des lampadaires d’une ville (voire de centaines de communes) sans la moindre authentification. sign\n\nMais ce n’est qu’un début. Des failles critiques permettent également d’identifier des utilisateurs supposément anonymes, de reconstituer leurs habitudes, d’accéder à des événements privés et de manipuler le partage de position en temps réel.\n\nÀ travers une analyse technique rigoureuse et un certain sens de la nuance, ce talk met en lumière une vérité simple : annoncer une sécurité avancée ne suffit pas à la rendre réelle.
SUMMARY:LeHack 117 : Permis d’illuminer toute la ville - MadSquirrel
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/conferences/#lehack-117-permis-dilluminer-toute-la-ville
END:VEVENT
BEGIN:VEVENT
UID:2281
DTSTAMP:20260622T180426
DTSTART:20260627T170500
DTEND:20260627T173000
LOCATION:Salle 3 niveau S3
DESCRIPTION:
SUMMARY:LIVE TALK: Car Hacking
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/lelab/#live-talk-car-hacking-copy-7
END:VEVENT
BEGIN:VEVENT
UID:2178
DTSTAMP:20260522T121356
DTSTART:20260627T170000
DTEND:20260627T172000
LOCATION:Amphithéâtre Gaston Berger
DESCRIPTION:Les fréquences radio transportent toutes sortes de données, des communications aériennes aux télécommandes de voiture, et la plupart d'entre elles sont étonnamment faciles à intercepter. Ce talk vous montre comment fonctionne réellement le piratage radio. Pas besoin d'équipement coûteux ni d'années d'expérience. Avec les bons outils et les bonnes connaissances, le spectre devient enfin visible.
SUMMARY:R4di0_P1r4cy - Beemo
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/conferences/#r4di0_p1r4cy
END:VEVENT
BEGIN:VEVENT
UID:2168
DTSTAMP:20260517T102524
DTSTART:20260627T161500
DTEND:20260627T170000
LOCATION:Amphithéâtre Gaston Berger
DESCRIPTION:Le protocole Bluetooth Low Energy et ses vulnérabilités, tout le monde les connaît car\nelles font régulièrement la une des actualités et 2026 n'a pas dérogé à la régle. Mécanisme\nd'appaîrage simplifié exploitable par des pirates, communications non-chiffrées laissant fuiter\ndes informations sensibles, robots humanoïdes compromis avec une injection de commande transmise\npar BLE, injection de flux audio dans des écouteurs, autant de problèmes révélés ces dernières années\ngrâce à de nombreux chercheurs en sécurité et qui mettent à mal l'image ce protocole et des équipements\nqui l'emploient. Mais connaissez-vous vraiment *tous* les moyens à votre disposition permettant de\ncompromettre de tels équipements ?\n\nDans ce talk, nous allons aborder des aspects moins connus du protocole Bluetooth Low Energy et la manière\ndont ces derniers peuvent être exploités pour compromettre l'intégrité et la sécurité d'équipements\nconnectés. Certaines de ces techniques ont été découvertes lors de l'analyse de différentes implémentations,\nvoire directement lors de tests effectués sur des équipements domotique ou des smartphones, d'autres sont \ntrès peu connues ou n'ont jamais été publiées à ce jour. Si vous êtes expert sur ce protocole de\ncommunication ou simple néophyte curieux de découvrir des attaques avancées, ce talk peut vous apprendre\ndes choses assez surprenantes.
SUMMARY:Pwning bluetooth devices in unexpected ways - Virtualabs
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/conferences/#pwning-bluetooth-devices-in-unexpected-ways
END:VEVENT
BEGIN:VEVENT
UID:2412
DTSTAMP:20260623T103938
DTSTART:20260627T160000
DTEND:20260627T170000
LOCATION:Salle Louis Armand s3
DESCRIPTION:How OSINT can help identify Russian spies in journalistic investigations : ethical considerations and real-world examples.
SUMMARY:TALK: Hunting spies for a living
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/osint/#talk-hunting-spies-for-a-living
END:VEVENT
BEGIN:VEVENT
UID:2280
DTSTAMP:20260622T180212
DTSTART:20260627T160500
DTEND:20260627T165500
LOCATION:Salle 3 niveau S3
DESCRIPTION:
SUMMARY:LIVE TALK: Car Hacking
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/lelab/#live-talk-car-hacking-copy-6
END:VEVENT
BEGIN:VEVENT
UID:2260
DTSTAMP:20260622T182153
DTSTART:20260627T160500
DTEND:20260627T165500
LOCATION:leLAB Village Hardware
DESCRIPTION:BADGE FCSC – Soudure d'un badge lumineux capacitif\n\nVenez découvrir la soudure en assemblant un badge lumineux capacitif.\n- Soudure d'un microcontrôleur et de 8 LED (composants de surface) au fer à souder, à l'air chaud ou à la plaque chauffante.\n- Programmation du microcontrôleur avec un micrologiciel WLED pré-configuré.\n\n\n\nATELIER MESURES\n\nDécouverte et expérimentation autour des instruments de labo : oscilloscope MSO, analyse logique, décodage de protocoles, génération de signaux, glitches, runt pulses, bruit, triggers, radio / signaux numériques selon les envies et le chaos ambiant.
SUMMARY:WORKSHOP: Badge Hackropole + Atelier mesures
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/workshops/#workshop-badge-fcsc-atelier-mesures-10
END:VEVENT
BEGIN:VEVENT
UID:2166
DTSTAMP:20260621T093738
DTSTART:20260627T155000
DTEND:20260627T161000
LOCATION:Amphithéâtre Gaston Berger
DESCRIPTION:Quand on pense au warez on pense jeux video , la suite adobe ou microsoft word. Mais il existe une autre scène qui existe aussi depuis longtemps, c'est la scène pour les logiciels de contrôle-commande industrielle.\n\nCes logicielles sont les environnements de développement et d'interactions des systèmes de contrôle physique, de la programmations des automate industrielle, en bref, les logicielle qui font fonctionner notre monde industriel. \n\nNous allons essayer ici d'analyser ce marché via deux angles. \n\nD'un côté une analyse technique en regardant certains crack keygen, mais aussi des tools contournant la sécurité intégrer des automate pour voir ce qu'ils font techniquement, et constater si leurs actions sont légitimes ou si ce n'est que du sucre de l'eaux et beaucoup de mallware.  \n\nD'un autre côté, la distribution, les vendeurs et les clients cible de ce dernier.
SUMMARY:Warez for the working man : investigations d'une warez des logiciel de contrôle commande industrielle. - biero-el-corridor - l0key
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/conferences/#warez-for-the-working-man-investigations-dune-warez-des-logiciel-de-controle-commande-industrielle
END:VEVENT
BEGIN:VEVENT
UID:2360
DTSTAMP:20260618T064931
DTSTART:20260627T130000
DTEND:20260627T160000
LOCATION:Workshop zone
DESCRIPTION:Red Team Alliance is coming to LeHack Paris! Ever wondered what physical penetration testers actually...
SUMMARY:Lockpicking with the Red Team Alliance. #3
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/workshops/#lockpicking-with-the-red-team-alliance-copy-2
END:VEVENT
BEGIN:VEVENT
UID:2410
DTSTAMP:20260623T103938
DTSTART:20260627T150000
DTEND:20260627T160000
LOCATION:Salle Louis Armand s3
DESCRIPTION:The Digital Armoury maps the brief history of the global 3D-printed firearms ecosystem, from designers and design communities to files, distribution platforms, physical objects, end users, and emerging practices. The talk examines how digital designs circulate, evolve, and materialize, and how OSINT can help researchers and security professionals better understand the connection between the online movement and its potential real-world consequences.
SUMMARY:TALK: The Digital Armoury; Mapping the Global 3D-Printed Firearms Movement
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/osint/#talk-the-digital-armoury-mapping-the-global-3d-printed-firearms-movement
END:VEVENT
BEGIN:VEVENT
UID:2279
DTSTAMP:20260627T100822
DTSTART:20260627T150500
DTEND:20260627T155500
LOCATION:Salle3 niveau S3
DESCRIPTION:
SUMMARY:LIVE TALK: Car Hacking
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/lelab/#live-talk-car-hacking-copy-5
END:VEVENT
BEGIN:VEVENT
UID:2259
DTSTAMP:20260622T183210
DTSTART:20260627T150500
DTEND:20260627T155500
LOCATION:leLAB Village Hardware
DESCRIPTION:BADGE FCSC – Soudure d'un badge lumineux capacitif\n\nVenez découvrir la soudure en assemblant un badge lumineux capacitif.\n- Soudure d'un microcontrôleur et de 8 LED (composants de surface) au fer à souder, à l'air chaud ou à la plaque chauffante.\n- Programmation du microcontrôleur avec un micrologiciel WLED pré-configuré.\n\n\n\nATELIER MESURES\n\nDécouverte et expérimentation autour des instruments de labo : oscilloscope MSO, analyse logique, décodage de protocoles, génération de signaux, glitches, runt pulses, bruit, triggers, radio / signaux numériques selon les envies et le chaos ambiant.
SUMMARY:WORKSHOP: Badge Hackropole + Atelier mesures
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/workshops/#workshop-badge-fcsc-atelier-mesures-9
END:VEVENT
BEGIN:VEVENT
UID:2174
DTSTAMP:20260517T102212
DTSTART:20260627T153000
DTEND:20260627T155000
LOCATION:Amphithéâtre Gaston Berger
DESCRIPTION:This talk aims at reviewing and explaining in detail the technical Sighax exploit. The Nintendo 3DS, despite having layered security based on a strong chain of trust and a privilege split between two processors ARM11 and ARM9, implements improper validation of the RSA PKCS#1 v1.5 padding in the ARM9 bootrom code. This vulnerability, combined with a custom uncautious ASN.1 parser, makes it possible to bruteforce specific RSA signatures causing the signature's hash to be computed against itself on the stack, allowing to bypass a signature check.\nWe will also discuss how this exploit, coupled with the design of Nintendo's FIRM file format, allows to dump the protected bottom half of the ARM9 bootrom, which is locked away by the time any firmware is loaded.\nThe goal is to provide a clear overview of how a console can go from executing confined userland homebrew to cold boot, pre firmware persistence with full access over the console in just a few mistakes.\nWe will go over the 3DS security architecture with its ARM9 / ARM11, the FIRM boot chain, the RSA PKCS#1 v1.5 padding implementation flaw, the ASN.1 parser mistakes and how "perfect" signatures were bruteforced to take advantage of these issues in order to sign any firmware stored in the console eMMC.
SUMMARY:Sighax deep dive: breaking the 3DS chain of trust - Cyprien Molinet (@cypelf)
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/conferences/#sighax-deep-dive-breaking-the-3ds-chain-of-trust
END:VEVENT
BEGIN:VEVENT
UID:2193
DTSTAMP:20260517T101946
DTSTART:20260627T144500
DTEND:20260627T153000
LOCATION:Amphithéâtre Gaston Berger
DESCRIPTION:macOS has long been perceived as a low-risk platform, often treated as a secondary concern...
SUMMARY:macOS Zero Mercy: Inside the Mind of a Malware Developer - Zoziel Freire
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/conferences/#macos-zero-mercy-inside-the-mind-of-a-malware-developer
END:VEVENT
BEGIN:VEVENT
UID:2407
DTSTAMP:20260623T103936
DTSTART:20260627T140000
DTEND:20260627T150000
LOCATION:Salle Louis Armand s3
DESCRIPTION:This study offers a cross-analysis of the circulation and reception of Russian and pro-Russian narratives in Moldova. The country currently serves as a testing ground for Russia to trial new techniques that are subsequently rolled out in other countries. It is also viewed by Moscow as a vulnerability for Europe, given that some of its citizens are able to move freely both within Russian-occupied Transnistria and within the Schengen Area. The investigation focused on Gagauzia, a southern region where a sense of marginalisation vis-à-vis Chișinău and Europe creates fertile ground for the penetration of Russian narratives. It combines ethnographic fieldwork with a digital investigation utilising cyber and OSINT methods, and has enabled us to uncover manoeuvres relying on clandestine broadcasting equipment, as well as Russian, Chinese and possibly even Iranian cybercriminal networks, used to disseminate narratives in Gagauzia.
SUMMARY:TALK: On the information frontline. A human and digital investigation in the Russian-speaking region of Gagauzia (Moldova)
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/osint/#talk-on-the-information-frontline-a-human-and-digital-investigation-in-the-russian-speaking-region-of-gagauzia-moldova
END:VEVENT
BEGIN:VEVENT
UID:2258
DTSTAMP:20260622T183356
DTSTART:20260627T140500
DTEND:20260627T145500
LOCATION:leLAB Village Hardware
DESCRIPTION:BADGE FCSC – Soudure d'un badge lumineux capacitif\n\nVenez découvrir la soudure en assemblant un badge lumineux capacitif.\n- Soudure d'un microcontrôleur et de 8 LED (composants de surface) au fer à souder, à l'air chaud ou à la plaque chauffante.\n- Programmation du microcontrôleur avec un micrologiciel WLED pré-configuré.\n\n\n\nATELIER MESURES\n\nDécouverte et expérimentation autour des instruments de labo : oscilloscope MSO, analyse logique, décodage de protocoles, génération de signaux, glitches, runt pulses, bruit, triggers, radio / signaux numériques selon les envies et le chaos ambiant.
SUMMARY:WORKSHOP: Badge Hackropole + Atelier mesures
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/workshops/#workshop-badge-fcsc-atelier-mesures-8
END:VEVENT
BEGIN:VEVENT
UID:2278
DTSTAMP:20260627T100731
DTSTART:20260627T140500
DTEND:20260627T145500
LOCATION:Salle3 niveau S3
DESCRIPTION:
SUMMARY:LIVE TALK: Car Hacking
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/lelab/#live-talk-car-hacking-copy-4
END:VEVENT
BEGIN:VEVENT
UID:2222
DTSTAMP:20260519T170649
DTSTART:20260627T142000
DTEND:20260627T144000
LOCATION:Amphithéâtre Gaston Berger
DESCRIPTION:Venez découvrir le quotidien des missions terrain sur la partie fraude documentaire, un entre deux...
SUMMARY:Parcours d'un fraudeur - Cybermoustache
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/conferences/#parcours-dun-fraudeur
END:VEVENT
BEGIN:VEVENT
UID:2176
DTSTAMP:20260517T101311
DTSTART:20260627T140000
DTEND:20260627T142000
LOCATION:Amphithéâtre Gaston Berger
DESCRIPTION:Souvent sous-estimée par les organisations, l’intrusion physique constitue pourtant un vecteur de compromission particulièrement efficace, en dépit des investissements croissants dans les dispositifs techniques et humains. \n\nCette conférence propose une analyse concrète des mécanismes qui mènent au succès ou à l’échec d’une intrusion physique, en s’appuyant sur des retours d’expérience, des cas réels et des missions de red team.\n\nNous examinerons les facteurs clés de réussite, tels que l’ingénierie sociale, les failles organisationnelles ou la surestimation des contrôles techniques, ainsi que les éléments conduisant à l’échec : vigilance du personnel, procédures adaptées, culture de sécurité, ou encore certaines limitations imposées par les clients.\n\nL’objectif est de dépasser une vision purement technologique afin de mettre en lumière le rôle central de l’humain et des processus.
SUMMARY:Physical intrusion: Success and Failure - Joker2a
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/conferences/#physical-intrusion-success-and-failure
END:VEVENT
BEGIN:VEVENT
UID:2257
DTSTAMP:20260622T182449
DTSTART:20260627T130500
DTEND:20260627T135500
LOCATION:LeLAB village hardware Salle C et D niveau S2
DESCRIPTION:- Comprendre le protocole\n- Flasher l'esp32 pour interagir avec le tag\n- Exploration des différentes fonctionnalités\n\nMatériel principal : Tag pricer, esp32 (M5Stack Cardputer ou C6).
SUMMARY:WORKSHOP: Hacking de Tag ESL via esp32
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/workshops/#workshop-hacking-de-tag-esl-via-esp32-2
END:VEVENT
BEGIN:VEVENT
UID:2256
DTSTAMP:20260621T210244
DTSTART:20260627T120500
DTEND:20260627T125500
LOCATION:LeLAB village hardware Salle C et D niveau S2
DESCRIPTION:- Installer et utiliser proxmark3\n- Utiliser la CLI pour discuter avec un Tag/Lecteur\n- Clone de badges (LF, HF)\n- Tester les différentes attaques possible en NFC (relay, replay, clone, fuzz…)\n\nChallenge : Cracker plusieurs cibles, à plusieurs niveaux.\n\nMatériel principal : Handheld RFID, Cameleon, Proxmark, Flipper Zero, Cartes Magic, PN532.
SUMMARY:WORKSHOP: NFC/RFID Lab
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/workshops/#workshop-nfc-rfid-lab-2
END:VEVENT
BEGIN:VEVENT
UID:2243
DTSTAMP:20260622T183041
DTSTART:20260627T120500
DTEND:20260627T125000
LOCATION:Room 3 niveau S3
DESCRIPTION:The Kindle is a very popular device with a long history of public jailbreaks. As time went on, Amazon gradually improved the security of its products and jailbreaks became scarcer. This talk presents a new jailbreak, developed to answer a personal question of how to bootstrap research on a closed platform. It targets the latest firmware (at the time of development) and did not rely existing jailbreaks for introspection during development.\n\nThe goal of this talk is to provide a window into the thought process of an attacker. Not of the exploitation process itself, but everything around it : why some surface was selected, why some choices were made, why some did not pan out, ... It is oriented towards beginners and towards a wider audience.
SUMMARY:TALK: Bootstrapping Kindle research for the lazy attacker
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/lelab/#talk-bootstrapping-kindle-research-for-the-lazy-attacker
END:VEVENT
BEGIN:VEVENT
UID:2405
DTSTAMP:20260623T103935
DTSTART:20260627T113000
DTEND:20260627T123000
LOCATION:Salle Louis Armand s3
DESCRIPTION:Phishing kits increasingly send stolen credentials straight into Telegram, posting them to a bot the operator controls. That design is also the weakness: anyone holding the bot token reads the same channel the operator does. At scale, that access becomes a view across the whole ecosystem, kept strictly aggregate: which sectors and regions the stolen data concentrates in, how large the victim pools actually are, and what the channels expose about the operators, who range from organized crews to people who plainly do not grasp the tool they deploy and keep treating their exfiltration feed as the private space it never was.
SUMMARY:TALK: The Phisher's Inbox: Reading Telegram Exfiltration Channels with the Bot Token
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/osint/#talk-the-phishers-inbox-reading-telegram-exfiltration-channels-with-the-bot-token
END:VEVENT
BEGIN:VEVENT
UID:2182
DTSTAMP:20260517T101200
DTSTART:20260627T113000
DTEND:20260627T121500
LOCATION:Amphithéâtre Gaston Berger
DESCRIPTION:n8n is an open-source workflow automation platform with AI agents, used by thousands of organizations worldwide. With more than 70,000 publicly accessible instances on Shodan and recent critical CVEs listed in CISA's Known Exploited Vulnerabilities catalog, it has become a high-value target for attackers.\n\nThis talk first explores what attackers can do with leaked n8n credentials. Starting from real-world n8n JWT tokens exposed on GitHub, we found around 1,300 publicly reachable instances. Among those, 25% authenticated successfully, giving us a live dataset of production n8n instances to answer one question: what can an attacker do once inside?\n\nWe built three attack chains to find out. First, we demonstrate Remote Code Execution leveraging real-world workflow abuse and existing CVEs, showing how n8n's legitimate execution capabilities turn into a direct shell. Second, we walk through credentials enumeration, extraction, and exfiltration: n8n instances store third-party API keys, OAuth tokens, and database credentials directly in workflows, making a single JWT a skeleton key to an organization's entire integration stack. Third, we reveal original cryptographic weaknesses in n8n's native secret handling, what we call n8ive crypto, exposing design flaws that allow offline secret recovery and privilege escalation.\n\nBeyond the practical attacks, this talk raises a broader question: when automation platforms become the central hub of modern infrastructure, an account compromise is now a launchpad for attacks across the entire stack.
SUMMARY:n8ive by Design: One Leaked Key, Three Attack Chains - guedou
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/conferences/#n8ive-by-design-one-leaked-key-three-attack-chains
END:VEVENT
BEGIN:VEVENT
UID:2255
DTSTAMP:20260622T183430
DTSTART:20260627T110500
DTEND:20260627T115500
LOCATION:leLAB Village Hardware
DESCRIPTION:BADGE FCSC – Soudure d'un badge lumineux capacitif\n\nVenez découvrir la soudure en assemblant un badge lumineux capacitif.\n- Soudure d'un microcontrôleur et de 8 LED (composants de surface) au fer à souder, à l'air chaud ou à la plaque chauffante.\n- Programmation du microcontrôleur avec un micrologiciel WLED pré-configuré.\n\n\n\nATELIER MESURES\n\nDécouverte et expérimentation autour des instruments de labo : oscilloscope MSO, analyse logique, décodage de protocoles, génération de signaux, glitches, runt pulses, bruit, triggers, radio / signaux numériques selon les envies et le chaos ambiant.
SUMMARY:WORKSHOP: Badge Hackropole + Atelier mesures
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/workshops/#workshop-badge-fcsc-atelier-mesures-7
END:VEVENT
BEGIN:VEVENT
UID:2242
DTSTAMP:20260621T200310
DTSTART:20260627T110500
DTEND:20260627T115000
LOCATION:Salle 3 niveau S3
DESCRIPTION:En 2024, un nouvel intérêt spécifique a germé dans mon cerveau : j'adore les consoles de jeux, et j'adore le hacking. Pourquoi n'ai-je jamais exploré le hacking de consoles ?!\n\nJ'ai toujours été fasciné par les personnes capables de casser des systèmes de sécurité conçus avec précision par Sony, Microsoft ou Nintendo, et de comprendre leur fonctionnement interne ésotérique au point d'y ajouter, d'y activer ou d'y modifier des fonctionnalités en dehors de ce qui était prévu par le constructeur.\n\nAlors, l'année dernière, j'ai décidé qu'il était enfin temps de contribuer à cette communauté transversale de hackers et de gamers.\n\nMais trouver de nouvelles façons d'exploiter une console de jeu est à la fois extrêmement chronophage et complexe ; je voulais commencer par quelque chose de réalisable : écrire mon propre logiciel pour une console déjà hackée.\n\nEt quelle meilleure console pour commencer que ma console portable préférée : la PS Vita. Elle dispose d'une superbe communauté de hackers et de développeurs d'homebrews, et même d'un incroyable SDK non officiel !\n\nAlors je sais, c'est une console de jeu ; mais écrire des jeux vidéo c'est un processus incroyablement long et fastidieux. Je voulais quelque chose de simple pour débuter et puisque c'est ce à quoi je consacre une partie non négligeable de mon temps ces jours-ci, j'ai commencé à écrire des outils de hacking et de réseau pour la console, fixant mon premier objectif : un scanner de ports TCP.\n\nEt ensuite, une fois que cela à fonctionné, j'ai visé plus grand.\n\nCe que je voulais créer, c'était mon propre appareil de type Flipper Zero, via un logiciel intégré dans le corps d'une PlayStation Vita à l'air innocent.\n\nSuivez-moi dans cette aventure, des bases du hacking de consoles PlayStation jusqu'au développement d'outils de sécurité offensive !
SUMMARY:TALK: De la PS Vita au Flipper Zero en quelques milliers de lignes de code
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/lelab/#talk-de-la-ps-vita-au-flipper-zero-en-quelques-milliers-de-lignes-de-code
END:VEVENT
BEGIN:VEVENT
UID:2403
DTSTAMP:20260623T103934
DTSTART:20260627T103000
DTEND:20260627T113000
LOCATION:Salle Louis Armand s3
DESCRIPTION:Lorand Bodo is an international civil servant at the International, Impartial and Independent Mechanism for Syria (IIIM), where he works as an Internet Resources Analyst. In a personal capacity, Lorand Bodo will discuss the role of open source investigations in accountability efforts at the international level, drawing on practical experience in building investigative capacity, developing analytical workflows, and training initiatives. The talk will highlight how organizations can leverage open sources to support evidence-based investigations.
SUMMARY:TALK: From Open Data to Evidence
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/osint/#talk-from-open-data-to-evidence
END:VEVENT
BEGIN:VEVENT
UID:2270
DTSTAMP:20260612T155536
DTSTART:20260627T110500
DTEND:20260627T112500
LOCATION:Amphithéâtre Gaston Berger
DESCRIPTION:On va parler crypto, finances, et gros sous. Ce talk ne sera pas enregistré. Pas...
SUMMARY:Crypto-surprise
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/conferences/#crypto-surprise-charlie-bromberg
END:VEVENT
BEGIN:VEVENT
UID:2318
DTSTAMP:20260615T180202
DTSTART:20260627T104500
DTEND:20260627T110500
LOCATION:Amphithéâtre Gaston Berger
DESCRIPTION:Oubliez les communiqués de presse lissés et les présentations institutionnelles : en coulisses, une attaque...
SUMMARY:Gestion de crise at scale : le cas Leboncoin - Zak
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/conferences/#gestion-de-crise-at-scale-le-cas-leboncoin-zak
END:VEVENT
BEGIN:VEVENT
UID:2254
DTSTAMP:20260622T183454
DTSTART:20260627T100000
DTEND:20260627T105500
LOCATION:leLAB Village Hardware
DESCRIPTION:BADGE FCSC – Soudure d'un badge lumineux capacitif\n\nVenez découvrir la soudure en assemblant un badge lumineux capacitif.\n- Soudure d'un microcontrôleur et de 8 LED (composants de surface) au fer à souder, à l'air chaud ou à la plaque chauffante.\n- Programmation du microcontrôleur avec un micrologiciel WLED pré-configuré.\n\nCe projet de soudure est volontairement gardé simple pour être accessible aux novices. Les sources de ce badge sont disponibles sur https://github.com/FCSC-FR/hackropole-badge.\n\n\n\nATELIER MESURES\n\nDécouverte et expérimentation autour des instruments de labo :\n- oscilloscope MSO, analyse logique, décodage de protocoles,\n- génération de signaux, glitches, runt pulses, bruit, triggers,\n- radio / signaux numériques selon les envies et le chaos ambiant.\n\nMatériel principal : Oscilloscope MSO Rohde & Schwarz RTB2K-COM4, Batronix MSO DemoBoard Pico, Saleae Logic Pro 16.
SUMMARY:WORKSHOP: Badge Hackropole + Atelier mesures
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/workshops/#workshop-badge-fcsc-atelier-mesures-6
END:VEVENT
BEGIN:VEVENT
UID:2241
DTSTAMP:20260621T200406
DTSTART:20260627T103000
DTEND:20260627T105000
LOCATION:Salle 3 niveau S3
DESCRIPTION:Finding CVEs in open-source projects or bug bounty programs has become extremely competitive. This talk shows an alternative path: hardware and IoT targets that nobody wants to analyze. With minimal budget and basic tools, I will explain how hardware hacking can help you get your first CVE.
SUMMARY:TALK: Getting your first CVE with hardware hacking (the easy way)
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/lelab/#talk-getting-your-first-cve-with-hardware-hacking-the-easy-way
END:VEVENT
BEGIN:VEVENT
UID:2184
DTSTAMP:20260517T094244
DTSTART:20260627T100000
DTEND:20260627T104500
LOCATION:Amphithéâtre Gaston Berger
DESCRIPTION:Fifteen years ago, compromising an organization could be as simple as walking through the front door with confidence, dropping a USB drive in a parking lot, or sending a poorly crafted phishing email. At NDH2K11, Jayson E. Street demonstrated just how easily organizations could be compromised using little more than human trust and a bit of creativity.\n\nFast-forward fifteen years. The technology landscape has transformed—AI-generated voices can impersonate executives, phishing campaigns are automated at scale, and attackers now leverage OSINT and generative technologies that dramatically lower the barrier to entry.\n\nYet despite this technological evolution, one uncomfortable truth remains: the fundamental weaknesses, attackers exploiting humans have not changed.\n\nIn this retrospective talk, Jayson revisits real examples from his early work compromising banks and organizations through social engineering and physical infiltration, comparing them to modern attacks involving phishing, vishing, and AI-driven deception. Through stories, demonstrations, and lessons learned across more than a decade of adversarial testing, he shows how attackers continue to succeed not because of cutting-edge exploits—but because organizations still rely on the same fragile assumptions about trust, process, and human behavior.\n\nThe session concludes by challenging the industry’s traditional approach to security validation and introduces a modern framework for adversarial simulation designed to help organizations experience real-world attacks safely before criminals deliver them for real.\n\nAfter fifteen years of evolving tools, tactics, and technology, the biggest lesson may be the simplest one:\n\nAttack methods change.\n\nHuman nature does not.
SUMMARY:From NDH2K11 to LeHack XXVI: A 15 year Retrospective… or Oh my how things (really haven’t) changed!” - Jayson E. Street
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/conferences/#from-ndh2k11-to-lehack-xxvi-a-15-year-retrospective-or-oh-my-how-things-really-havent-changed
END:VEVENT
BEGIN:VEVENT
UID:2240
DTSTAMP:20260621T200438
DTSTART:20260627T100000
DTEND:20260627T102000
LOCATION:Salle 3 niveau S3
DESCRIPTION:Le keylogger physique est un outil incontournable de l'arsenal Red Team, permettant de profiter d'une intrusion physique réussie afin de collecter facilement des informations sensibles (e.g. mots de passe, noms de serveurs ou d'application critiques, données confidentielles).\n\nPourtant, les solutions existantes montrent rapidement leurs limites : stockage des logs en clair, Wi Fi impossible à désactiver, nécessité de pré-configurer le mappage clavier et absence de plans de circuit imprimé (e.g. fichiers Gerber) permettant de reproduire le PCB.\n\nCes limites sont en outre accentuées, pour les produits commerciaux, par un coût d'achat souvent élevé et l'impossibilité d'accéder au code source, rendant impossible l'audit du firmware et l'ajout de nouvelles fonctionnalités. Plusieurs modèles très répandus sont par ailleurs déjà connus, dans la littérature, pour contenir une backdoor non documentée.\n\nDurant ce talk, je proposerai une approche alternative avec KeyProxy, un keylogger physique conçu spécifiquement pour des engagements de Red Team, dont l'objectif est d'être exploitable sur le terrain tout en respectant des contraintes de sécurité fortes (e.g. utilisation de composants facilement accessibles, stockage chiffré des frappes, fonctionnement agnostique du mappage clavier).\n\nAu-delà de l'outil lui-même, ce talk présentera également le fonctionnement du protocole USB HID ainsi qu'un retour d'expérience offensif sur l'usage réel des keyloggers physiques en intrusion.
SUMMARY:TALK: KeyProxy : un keylogger physique sécurisé et open-source conçu pour la Red Team
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/lelab/#talk-keyproxy-un-keylogger-physique-securise-et-open-source-concu-pour-la-red-team
END:VEVENT
BEGIN:VEVENT
UID:2402
DTSTAMP:20260624T100447
DTSTART:20260626T180000
DTEND:20260626T210000
LOCATION:Salle Louis Armand s3
DESCRIPTION:Help find the missing. Join the Trace Labs Search Party CTF at leHACK! The Trace Labs Search Party is a unique OSINT CTF where participants investigate real missing persons cases using open-source intelligence techniques. The intelligence gathered during the event is shared with partner organizations assisting families and law enforcement. Free and exclusively available to in-person leHACK attendees. Come learn, collaborate, and put your OSINT skills to work for a meaningful cause. A huge thank you to LGDD for supporting the event and serving as Trace Labs Coaches.
SUMMARY:CTF: Tracelabs Search Party
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/osint/#ctf-tracelabs-search-party
END:VEVENT
BEGIN:VEVENT
UID:2359
DTSTAMP:20260618T064931
DTSTART:20260626T170000
DTEND:20260626T200000
LOCATION:Workshop zone
DESCRIPTION:Red Team Alliance is coming to LeHack Paris! Ever wondered what physical penetration testers actually...
SUMMARY:Lockpicking with the Red Team Alliance. #2
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/workshops/#lockpicking-with-the-red-team-alliance-copy
END:VEVENT
BEGIN:VEVENT
UID:2198
DTSTAMP:20260624T071450
DTSTART:20260626T183000
DTEND:20260626T191500
LOCATION:Amphithéâtre Gaston Berger
DESCRIPTION:Together, we'll explore what lies behind the sale of vulnerability, a reality often far removed...
SUMMARY:<undisclosed> - x86
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/conferences/#x86-temp-placeholder
END:VEVENT
BEGIN:VEVENT
UID:2179
DTSTAMP:20260517T101037
DTSTART:20260626T180500
DTEND:20260626T182500
LOCATION:Amphithéâtre Gaston Berger
DESCRIPTION:Modified drone companion apps claiming to unlock FCC transmission modes are widely circulated among hobbyist communities, yet their internal mechanisms remain largely undocumented. This talk presents a reverse engineering case study of such a patched Android application, revealing how runtime instrumentation frameworks—specifically Frida—are embedded and abused to dynamically alter application behavior.\n\nThrough differential APK analysis, deobfuscation of injected JavaScript Frida payloads, and inspection of native libraries, we uncover a full instrumentation pipeline designed to hook critical Java class methods to bypass regulatory constraints. The session concludes with a discussion on technical limitations, potential firmware-level barriers, and implications for mobile app integrity.
SUMMARY:Reverse Engineering of FCC Unlocks in DJI Fly clones - Klcium
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/conferences/#reverse-engineering-of-fcc-unlocks-in-dji-fly-clones
END:VEVENT
BEGIN:VEVENT
UID:2180
DTSTAMP:20260517T093154
DTSTART:20260626T174500
DTEND:20260626T180500
LOCATION:Amphithéâtre Gaston Berger
DESCRIPTION:What if the backdoor phase required no code at all?\n\nLast year at leHack, I introduced a framework for reasoning\nabout unconventional persistence — backdoors built from\nconfiguration and trust rather than malware. The audience\nasked for more demos, more operational reality.\n\nThis talk delivers. Through live demonstrations on realistic\nenvironments, we show how subtle, codeless modifications to\na system can create invisible conditions for future\ncode execution — triggered later through channels no\ndefender would think to suspect.\n\nNo binary, no shell, no payload on disk. Just\nchanges that look benign, pass audits, and wait patiently.\n\nBuilt from tested tradecraft, real red team operations, and\nongoing research.
SUMMARY:The Art of Staying In, Part II: Target Weakening - m101
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/conferences/#the-art-of-staying-in-part-ii-target-weakening
END:VEVENT
BEGIN:VEVENT
UID:2253
DTSTAMP:20260622T181615
DTSTART:20260626T170500
DTEND:20260626T175500
LOCATION:LeLAB village hardware Salle C et D niveau S2
DESCRIPTION:- Installer le DigiLab sur son Flipper Zero\n- Tour d'horizon et limitations\n- Détecter des grandeurs\n- Configurer les retours sensoriels\n- Aller plus loin\n\nMatériel nécessaire : Un Flipper Zero par personne, installation propre.
SUMMARY:WORKSHOP: Explorer les signaux avec le DigiLab
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/workshops/#workshop-explorer-les-signaux-avec-le-digilab
END:VEVENT
BEGIN:VEVENT
UID:2239
DTSTAMP:20260621T194558
DTSTART:20260626T170500
DTEND:20260626T175500
LOCATION:Room 3 niveau S3
DESCRIPTION:
SUMMARY:TALK: outil de bypass de protection JTAG (théorie)
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/lelab/#talk-outil-de-bypass-de-protection-jtag-theorie
END:VEVENT
BEGIN:VEVENT
UID:2172
DTSTAMP:20260612T084715
DTSTART:20260626T170000
DTEND:20260626T174500
LOCATION:Amphithéâtre Gaston Berger
DESCRIPTION:Est ce que le reverse c’est IDA, R2, Frida, Ghidra, QEMU, et bien d’autres ? Non, c’est tout ça, et tout ça ce n’est pas  le secret que l’on veut découvrir, la DRM que l’on veut casser, ce n’est que le moyen. Aujourd’hui, après Dexcalibur, et plus de 5 ans de développement nous libérons en open source  Reversense, une plateforme d’automatisation du reverse qui crée une projection de votre application mobile ou votre binaire dans une représentation \nuniverselle interrogeable, analysable et exécutable. Reversense offre une interface graphique permettant de naviguer et analyser la projection de l’application, statiquement ou à travers les exécutions, ainsi que de \nnombreuses fonctionnalités en dehors du champ des outils traditionnels : automatisation du parcours de l’interface, génération et édition automatique des hooks Frida qui vont muter d’une exécution à l’autre, instrumentation cross-process ou cross-device, fuzzing inapp, gestion \nd’une ferme de téléphones, …\n\nLe talk présente l’outil - l’idée et l’usage - mais surtout comment nous avons repensé le métier de reverser à une ère où le binaire est omniprésent, le temps pour reverser toujours plus réduit mais où nous voulons garder du plaisir.
SUMMARY:Reversense: One Hook, Then the Universe - Georges-Bastien Michel (@FrenchYeti)
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/conferences/#reversense-one-hook-then-the-universe
END:VEVENT
BEGIN:VEVENT
UID:2238
DTSTAMP:20260621T200531
DTSTART:20260626T160500
DTEND:20260626T165500
LOCATION:Salle 3 niveau S3
DESCRIPTION:Vandal, c'est l'implémentation en pur C d'une plateforme d'analyse RF multi-protocoles basée sur de l'ESP32-S3.\n\nOn a soupoudré notre layer-cake cyber avec :\n- du WiFi avec injection de trames, deauth, captive_portal, sniffing, scanners et autres surprises\n- du Bluetooth BLE 5.0 avec scan de services, monitoring d'attributs et détection de security profile + bruteforce de pin\n- du Sub-GHz via CC1101, capture et replay et de beaux waterfall\n- du 2.4 GHz via Sx1280 et NRF52840 à venir\n- une couche de BadUSB HID ou MSC, complet et pilotable à distance\n- une gestion d'ADC 16 bits pour l'attaque physique et l'analyse de signaux\n- du messaging juste pour rire ou préparer l'apocalypse\n- des stupidités comme une CLI SSH embarquée vu qu'on avait trop de place\n\nPuis on a soupoudré avec du GPS pour le wardriving du pauvre, une SD-Card pour le storage offline — le tout sur un seul SoC, sans laptop hôte, pilotable à distance à l'aide de n'importe quel navigateur web.\n\nDans ce talk on va aussi parler de stack : pourquoi on a choisi une architecture event-driven autour de l'esp_event_loop, comment s'organise notre code autour de modules et de composants, et pourquoi nous avons choisi une infrastructure clients-serveur.\n\nOn terminera par un tour rapide du VANDAL Protocol qu'on s'impose entre les agents et la console. Démos live prévues, et probablement pleins de trucs qui ne fonctionneront pas comme prévu.
SUMMARY:TALK: Offensive AI on ESP32: Breaking Embedded Limits
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/lelab/#talk-vandal-yet-another-dongle
END:VEVENT
BEGIN:VEVENT
UID:2175
DTSTAMP:20260517T100635
DTSTART:20260626T163500
DTEND:20260626T165500
LOCATION:Amphithéâtre Gaston Berger
DESCRIPTION:Espressif designs small, low-cost system-on-chips primarily intended for wireless connectivity such as Wi-Fi and Bluetooth Low Energy. These SoCs are widely used as the networking and control component in IoT and embedded products, handling external inputs, protocol parsing, and communication with the rest of the system. Espressif has publicly reported cumulative shipments on the order of one billion chips, with hundreds of millions of devices deployed in the field, making vulnerabilities in shared firmware components a product-scale security concern rather than an isolated implementation detail.\n\nIn this talk, we present a set of real security vulnerabilities identified in Espressif’s software development kit (SDK) and USB stack. Rather than focusing on vulnerability counts, we explain how we deliberately filtered out noise to concentrate on issues that are reachable, cross trust boundaries, and have realistic security impact in shipped products.\n\nWe briefly introduce the analysis approach that enabled this triage, including graph-based code exploration, backward slicing from security-sensitive operations, reachability and exploitability reasoning, and threat-model awareness. We then deep-dive into a USB vulnerability, walking through the vulnerable code path, violated assumptions, and attacker-controlled inputs. Where available, we present ongoing exploitation work and discuss the practical challenges and constraints of turning such bugs into reliable exploits on embedded targets.\n\nFinally, we connect these findings to real-world Espressif-based products, illustrating how low-level firmware vulnerabilities can propagate to product-level security risks. We conclude with lessons learned for embedded developers and security engineers on how to reason about exploitability, prioritization, and impact in modern IoT and embedded software stacks.
SUMMARY:From USB to ESP: Security Vulnerabilities in Espressif Firmware - Maxime Rossi Bellom & Ramtine Tofighi Shirazi
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/conferences/#from-usb-to-esp-security-vulnerabilities-in-espressif-firmware
END:VEVENT
BEGIN:VEVENT
UID:2252
DTSTAMP:20260622T183517
DTSTART:20260626T160500
DTEND:20260626T165500
LOCATION:leLAB Village Hardware
DESCRIPTION:BADGE FCSC – Soudure d'un badge lumineux capacitif\n\nVenez découvrir la soudure en assemblant un badge lumineux capacitif.\n- Soudure d'un microcontrôleur et de 8 LED (composants de surface) au fer à souder, à l'air chaud ou à la plaque chauffante.\n- Programmation du microcontrôleur avec un micrologiciel WLED pré-configuré.\n\nCe projet de soudure est volontairement gardé simple pour être accessible aux novices.\n\n\n\nATELIER MESURES\n\nDécouverte et expérimentation autour des instruments de labo : oscilloscope MSO, analyse logique, décodage de protocoles, génération de signaux, glitches, runt pulses, bruit, triggers, radio / signaux numériques selon les envies et le chaos ambiant.
SUMMARY:WORKSHOP: Badge Hackropole + Atelier mesures
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/workshops/#workshop-badge-fcsc-atelier-mesures-5
END:VEVENT
BEGIN:VEVENT
UID:2186
DTSTAMP:20260517T100514
DTSTART:20260626T161500
DTEND:20260626T163500
LOCATION:Amphithéâtre Gaston Berger
DESCRIPTION:WSO2 products (API Manager, Identity Server) are massively deployed \nacross critical infrastructure (banking, insurance, defense, government) \nin France and worldwide. During offensive security engagements at \nAmbionics Security (LEXFO), we discovered over a dozen critical 0-day \nvulnerabilities in WSO2's shared Java codebase and achieved RCE on \ndozens of client instances across French organizations.\n\nThe vulnerabilities span the full spectrum: authentication bypasses via \npath parameter confusion, full-control SSRF through a 2008-era legacy \nproxy, systemic CSRF on every SOAP administration service, account \ntakeover via flawed password reset logic, and multiple RCE vectors \nthrough Siddhi Streaming SQL, H2 database UDFs, SQLite file-write to JSP \nwebshell, and unsandboxed JavaScript execution in the JVM.\n\nBut the real challenge came next. Facing a properly hardened deployment \n(management console firewalled off, no admin ports exposed, zero \noutbound connectivity), we chained 7 N-days into a single-request \nunauthenticated RCE through the only reachable endpoint: the API Gateway \nHTTPS port. The chain combines blind XXE, SSRF relay, HTTP request \nsmuggling via CRLF injection in Axis2 headers, and privilege escalation \ninto a reliable exploit against near-current WSO2 versions.\n\nPacked with Java web exploitation tricks, the talk concludes with a live \ndemo: one request, seven vulnerabilities, a reverse shell.
SUMMARY:Attacking WSO2: 0-Days and N-Day Chains for Pre-Auth RCE  on Enterprise Java - Noel MACCARY
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/conferences/#attacking-wso2-0-days-and-n-day-chains-for-pre-auth-rce-on-enterprise-java
END:VEVENT
BEGIN:VEVENT
UID:2400
DTSTAMP:20260623T103931
DTSTART:20260626T153000
DTEND:20260626T163000
LOCATION:Salle Louis Armand s3
DESCRIPTION:As the mandate of Reporters sans frontières (RSF) has expanded, the organization launched its own investigations desk in 2022. Today, RSF is allocating dedicated resources and building innovative partnerships to take a deep dive into crimes committed against journalists, expose disinformation and propaganda operations, investigate the misuse of surveillance technologies, and shed light on the forces undermining media independence and pluralism. OSINT techniques have become part of RSF’s everyday investigative toolkit. This conference will offer a first glimpse behind the scenes of RSF’s investigative work: how facts are tracked and turned into impactful stories.
SUMMARY:TALK: Fight for Facts! Investigations at Reporters Without Borders (RSF)
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/osint/#talk-fight-for-facts-investigations-at-reporters-without-borders-rsf
END:VEVENT
BEGIN:VEVENT
UID:2196
DTSTAMP:20260526T085107
DTSTART:20260626T153000
DTEND:20260626T161500
LOCATION:Amphithéâtre Gaston Berger
DESCRIPTION:Throughout this presentation we’d like to expose Qilin’s methodology, from compromising victims to exfiltration. We’ll...
SUMMARY:The Hidden Agenda: Exposing Qilin Ransomware Operations - Glacius_
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/conferences/#pas-besoin-detre-un-mytho-pour-faire-de-loffensif-temp
END:VEVENT
BEGIN:VEVENT
UID:2358
DTSTAMP:20260618T064239
DTSTART:20260626T130000
DTEND:20260626T160000
LOCATION:Workshop Room 4 (S3)
DESCRIPTION:Red Team Alliance is coming to LeHack Paris! Ever wondered what physical penetration testers actually...
SUMMARY:Lockpicking with the Red Team Alliance.
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/workshops/#lockpicking-with-the-red-team-alliance
END:VEVENT
BEGIN:VEVENT
UID:2251
DTSTAMP:20260622T183645
DTSTART:20260626T150500
DTEND:20260626T155500
LOCATION:leLAB Village Hardware
DESCRIPTION:BADGE FCSC – Soudure d'un badge lumineux capacitif\n\nVenez découvrir la soudure en assemblant un badge lumineux capacitif.\n- Soudure d'un microcontrôleur et de 8 LED (composants de surface) au fer à souder, à l'air chaud ou à la plaque chauffante.\n- Programmation du microcontrôleur avec un micrologiciel WLED pré-configuré.\n\nCe projet de soudure est volontairement gardé simple pour être accessible aux novices.\n\n\n\nATELIER MESURES\n\nDécouverte et expérimentation autour des instruments de labo : oscilloscope MSO, analyse logique, décodage de protocoles, génération de signaux, glitches, runt pulses, bruit, triggers, radio / signaux numériques selon les envies et le chaos ambiant.
SUMMARY:WORKSHOP: Badge Hackropole + Atelier mesures
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/workshops/#workshop-badge-fcsc-atelier-mesures-4
END:VEVENT
BEGIN:VEVENT
UID:2237
DTSTAMP:20260622T160501
DTSTART:20260626T150500
DTEND:20260626T155500
LOCATION:Salle 3 niveau S3
DESCRIPTION:Depuis deux ans et demi, Evil-M5Project transforme les produits M5Stack notament le Cardputer en couteau...
SUMMARY:TALK: ESP32 au-delà des limites
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/lelab/#talk-esp32-au-dela-des-limites
END:VEVENT
BEGIN:VEVENT
UID:2194
DTSTAMP:20260517T095941
DTSTART:20260626T144500
DTEND:20260626T153000
LOCATION:Amphithéâtre Gaston Berger
DESCRIPTION:Whilst organisations and individuals continue to heavily focus on digital initial access vectors, many continue...
SUMMARY:Overcast Panda - Jake Lomas & Antoine Vianey-Liaud
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/conferences/#overcast-panda-temp
END:VEVENT
BEGIN:VEVENT
UID:2398
DTSTAMP:20260623T103930
DTSTART:20260626T143000
DTEND:20260626T153000
LOCATION:Salle Louis Armand s3
DESCRIPTION:This session dives into China’s OSINT ecosystem: how public and private actors intertwine to equip the Party-state with powerful capabilities to collect and exploit publicly available data. We’ll unpack the tools, workflows, and partnerships that sustain this system, with a particular focus on how information is extracted and processed from Chinese sources
SUMMARY:TALK: Decoding China’s OSINT Ecosystem
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/osint/#talk-decoding-chinas-osint-ecosystem
END:VEVENT
BEGIN:VEVENT
UID:2250
DTSTAMP:20260622T183719
DTSTART:20260626T140500
DTEND:20260626T145500
LOCATION:leLAB Village Hardware
DESCRIPTION:BADGE FCSC – Soudure d'un badge lumineux capacitif\n\nVenez découvrir la soudure en assemblant un badge lumineux capacitif.\n- Soudure d'un microcontrôleur et de 8 LED (composants de surface) au fer à souder, à l'air chaud ou à la plaque chauffante.\n- Programmation du microcontrôleur avec un micrologiciel WLED pré-configuré.\n\nCe projet de soudure est volontairement gardé simple pour être accessible aux novices.\n\n\n\nATELIER MESURES\n\nDécouverte et expérimentation autour des instruments de labo : oscilloscope MSO, analyse logique, décodage de protocoles, génération de signaux, glitches, runt pulses, bruit, triggers, radio / signaux numériques selon les envies et le chaos ambiant.
SUMMARY:WORKSHOP: Badge Hackropole + Atelier mesures
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/workshops/#workshop-badge-fcsc-atelier-mesures-3
END:VEVENT
BEGIN:VEVENT
UID:2236
DTSTAMP:20260621T195942
DTSTART:20260626T143000
DTEND:20260626T145000
LOCATION:Salle 3 niveau S3
DESCRIPTION:For several years now, IoT devices have become part of our daily lives, sometimes even into our most personal spaces. Yet, they are not explored as much as they should be from a security analysis perspective, perhaps due to this plastic shell which could act as a psychological barrier.\n\n"IoT Horror Stories: Beneath the Plastic Shell" offers a hands-on account through a couple of concrete cases, highlighting the horrifying state of security of some low-cost consumer devices (products whose price does not always seem to include security).\n\nThrough these examples, this talk also aims to show that this field can be more accessible than one might think. Indeed, the large attack surface of these devices opens up numerous avenues to explore, sometimes without requiring any knowledge of electronics or hardware.
SUMMARY:TALK: IoT Horror Stories: Beneath the Plastic Shell
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/lelab/#talk-iot-horror-stories-beneath-the-plastic-shell
END:VEVENT
BEGIN:VEVENT
UID:2171
DTSTAMP:20260517T095628
DTSTART:20260626T140000
DTEND:20260626T144500
LOCATION:Amphithéâtre Gaston Berger
DESCRIPTION:SAP is widely used by Fortune 500 companies and often underpins critical business processes, yet its attack surface is difficult to evaluate due to its proprietary nature. In this talk, I retrace how I approached that problem in practice: starting from a single thread and following it through reverse engineering, archive format internals, black-box fuzzing, and exploit development.\n\nAlong the way, I show how that process led to multiple vulnerabilities across different SAP components, ranging from local privilege escalation to remote unauthenticated memory corruption. I also cover the practical role LLMs played during the research, as a tool for crash triage, root-cause analysis, and exploit development.
SUMMARY:Getting Lost in SAP: From LPE to Remote Memory Corruption - Tao Sauvage
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/conferences/#getting-lost-in-sap-from-lpe-to-remote-memory-corruption
END:VEVENT
BEGIN:VEVENT
UID:2395
DTSTAMP:20260623T103930
DTSTART:20260626T133000
DTEND:20260626T143000
LOCATION:Salle Louis Armand s3
DESCRIPTION:Analyzing manipulation campaigns on social media is a complex topic, especially when you want to draw an accurate and complete picture of the operation. Inauthentic accounts and posts are diluted in a huge ocean of legitimate content, but what if we had the ability to scan the entire ocean? In this talk, we will demonstrate 4 cases where we managed to uncover influence operations by using algorithms on very large datasets, including our findings on the infamous Russian operation against the 2024 Romanian elections.
SUMMARY:TALK: Needle in a haystack: influence operations hiding in a dataset of 10 million users
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/osint/#talk-needle-in-a-haystack-influence-operations-hiding-in-a-dataset-of-10-million-users
END:VEVENT
BEGIN:VEVENT
UID:2277
DTSTAMP:20260622T180249
DTSTART:20260626T130500
DTEND:20260626T135500
LOCATION:Salle 3 niveau S3
DESCRIPTION:
SUMMARY:LIVE TALK: Car Hacking
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/lelab/#live-talk-car-hacking-copy-3
END:VEVENT
BEGIN:VEVENT
UID:2249
DTSTAMP:20260622T160638
DTSTART:20260626T130500
DTEND:20260626T135500
LOCATION:LeLAB village hardware Salle C et D niveau S2
DESCRIPTION:- Comprendre le protocole\n- Flasher l'esp32 pour interagir avec le tag\n- Exploration des différentes fonctionnalités\n\nMatériel principal : Tag pricer, esp32 (M5Stack Cardputer ou C6).
SUMMARY:WORKSHOP: Hacking de Tag ESL via esp32
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/workshops/#workshop-hacking-de-tag-esl-via-esp32
END:VEVENT
BEGIN:VEVENT
UID:2276
DTSTAMP:20260627T100615
DTSTART:20260626T120500
DTEND:20260626T125500
LOCATION:Salle3 niveau S3
DESCRIPTION:
SUMMARY:LIVE TALK: Car Hacking
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/lelab/#live-talk-car-hacking-copy-2
END:VEVENT
BEGIN:VEVENT
UID:2248
DTSTAMP:20260621T210011
DTSTART:20260626T120500
DTEND:20260626T125500
LOCATION:LeLAB village hardware Salle C et D niveau S2
DESCRIPTION:- Installer et utiliser proxmark3\n- Utiliser la CLI pour discuter avec un Tag/Lecteur\n- Clone de badges (LF, HF)\n- Tester les différentes attaques possible en NFC (relay, replay, clone, fuzz…)\n\nChallenge : Cracker plusieurs cibles, à plusieurs niveaux.\n\nMatériel principal : Handheld RFID, Cameleon, Proxmark, Flipper Zero, Cartes Magic, PN532.
SUMMARY:WORKSHOP: NFC/RFID Lab
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/workshops/#workshop-nfc-rfid-lab
END:VEVENT
BEGIN:VEVENT
UID:2393
DTSTAMP:20260623T103929
DTSTART:20260626T113000
DTEND:20260626T123000
LOCATION:Salle Louis Armand s3
DESCRIPTION:This talk will demonstrate a research project focused on transforming everyday tourist videos and walking tours into an automated investigative tool for tracking international fugitives. Attendees will discover how high-definition public footage can be leveraged for open-source intelligence, turning casual holiday backdrops into an effective search mechanism. By attending this session, you will explore a unique proof of concept for a localised facial recognition pipeline designed to scan video content for specific targets. You will walk away with a practical framework for automating target identification, understanding how open-source data can be harnessed to uncover individuals hiding in plain sight.
SUMMARY:TALK: Sun, Sea, and SQLite: Open-Source Facial Recognition for Fugitive Hunting
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/osint/#talk-sun-sea-and-sqlite-open-source-facial-recognition-for-fugitive-hunting
END:VEVENT
BEGIN:VEVENT
UID:2349
DTSTAMP:20260615T180042
DTSTART:20260626T115000
DTEND:20260626T121000
LOCATION:Amphithéâtre Gaston Berger
DESCRIPTION:Dans cette conférence, l’intervenant propose une immersion dans un univers rarement visible du grand public...
SUMMARY:RF : une menace invisible ? Le monde caché du TSCM - Stéphane
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/conferences/#rf-une-menace-invisible-le-monde-cache-du-tscm-stephane
END:VEVENT
BEGIN:VEVENT
UID:2247
DTSTAMP:20260622T183759
DTSTART:20260626T110500
DTEND:20260626T115500
LOCATION:leLAB Village Hardware
DESCRIPTION:BADGE FCSC – Soudure d'un badge lumineux capacitif\n\nVenez découvrir la soudure en assemblant un badge lumineux capacitif.\n- Soudure d'un microcontrôleur et de 8 LED (composants de surface) au fer à souder, à l'air chaud ou à la plaque chauffante.\n- Programmation du microcontrôleur avec un micrologiciel WLED pré-configuré.\n\nCe projet de soudure est volontairement gardé simple pour être accessible aux novices.\n\n\n\nATELIER MESURES\n\nDécouverte et expérimentation autour des instruments de labo : oscilloscope MSO, analyse logique, décodage de protocoles, génération de signaux, glitches, runt pulses, bruit, triggers, radio / signaux numériques selon les envies et le chaos ambiant.
SUMMARY:WORKSHOP: Badge Hackropole + Atelier mesures
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/workshops/#workshop-badge-fcsc-atelier-mesures-2
END:VEVENT
BEGIN:VEVENT
UID:2275
DTSTAMP:20260622T180231
DTSTART:20260626T110500
DTEND:20260626T115500
LOCATION:Salle 3 niveau S3
DESCRIPTION:
SUMMARY:LIVE TALK: Car Hacking
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/lelab/#live-talk-car-hacking-copy
END:VEVENT
BEGIN:VEVENT
UID:2169
DTSTAMP:20260517T103521
DTSTART:20260626T113000
DTEND:20260626T115000
LOCATION:Amphithéâtre Gaston Berger
DESCRIPTION:Windows shortcut (.LNK) files remain a persistent threat vector. While simple bypasses like adding spaces exist, this session reveals undocumented techniques for deceptive payload delivery and execution. We’ll explore why these methods work, the black-box research methodology used to find them, and the defensive implications. We are also introducing an open-source tool for security teams to simulate and defend against these advanced LNK-based attacks.
SUMMARY:Trust Me, I'm A Shortcut: New LNK Abuse Methods - Wietze Beukema
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/conferences/#trust-me-im-a-shortcut-new-lnk-abuse-methods
END:VEVENT
BEGIN:VEVENT
UID:2391
DTSTAMP:20260623T103928
DTSTART:20260626T103000
DTEND:20260626T113000
LOCATION:Salle Louis Armand s3
DESCRIPTION:AI agents are starting to change OSINT work, not because they replace analysts, but because they can take over parts of the research loop: searching, extracting, comparing sources, drafting briefs, and leaving traces that a human can inspect. This talk presents a practitioner’s view of that shift. It starts with the evolution of cyber horizon scanning from framework-based research and OSINT, to field intelligence and LLM-assisted synthesis, and now to supervised agentic workflows. Using the example of vulnerability research, it will discuss possible architectures built with currently available tools: local agents, web search, controlled tool access, locally hosted language models, cloud model escalation, and evidence traces that support human review. The talk will focus on architecture, token and privacy strategy, local versus cloud model routing, harnesses, evaluation loops, and the limits of automation. It ends with the next question: once agents help govern research workflows, how do we keep human judgment visible and accountable?
SUMMARY:TALK: [>_] Agents in the Basement
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/osint/#talk-_-agents-in-the-basement
END:VEVENT
BEGIN:VEVENT
UID:2185
DTSTAMP:20260517T094917
DTSTART:20260626T104500
DTEND:20260626T113000
LOCATION:Amphithéâtre Gaston Berger
DESCRIPTION:L'écosystème Microsoft Entra ID et Microsoft 365 est devenu en 2025-2026 l'épicentre des compromissions cloud en entreprise. Les rapports sont unanimes : l'identité est le premier vecteur d'attaque, et les environnements M365 représentent la surface d'attaque la plus convoitée : des APT étatiques aux opérateurs de Phishing-as-a-Service.\n\nLe talk couvrira les techniques les plus récentes et impactantes, dont l'abus FOCI (Family of Client IDs), l'extraction de tokens OAuth depuis les caches Windows (TokenBroker, WAM, Azure CLI), le contournement des politiques MFA et Conditional Access, et les angles morts de la détection. En fil rouge, une démonstration live d'OAuthBandit v2, outil open-source de post-exploitation spécialisé dans l'extraction, la validation et l'exploitation de tokens Microsoft OAuth depuis des endpoints compromis : avec le release public de nouvelles fonctionnalités avancées.\n\nCette présentation est un retour terrain brut. Basée sur des cas concrets de réponse à incident et de missions offensives sur des tenants M365 compromis, elle décortique les kill chains modernes observées en production : de l'accès initial par phishing OAuth jusqu'à la prise de contrôle complète du tenant, en passant par le mouvement latéral cloud-to-cloud et la persistence invisible.. ainsi que d’autres surprises ...\n\nL'objectif : armer les défenseurs avec la compréhension fine des TTPs modernes sur M365/Entra ID et des stratégies concrètes de détection et de réponse.
SUMMARY:Entra ID & Microsoft 365 Under Siege : Autopsie des Compromissions Cloud Modernes et Stratégies de Riposte - Kondah Hamza
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/conferences/#entra-id-microsoft-365-under-siege-autopsie-des-compromissions-cloud-modernes-et-strategies-de-riposte
END:VEVENT
BEGIN:VEVENT
UID:2246
DTSTAMP:20260621T210149
DTSTART:20260626T100000
DTEND:20260626T105500
LOCATION:LeLAB village hardware Salle C et D niveau S2
DESCRIPTION:BADGE FCSC – Soudure d'un badge lumineux capacitif\n\nVenez découvrir la soudure en assemblant un badge lumineux capacitif.\n- Soudure d'un microcontrôleur et de 8 LED (composants de surface) au fer à souder, à l'air chaud ou à la plaque chauffante.\n- Programmation du microcontrôleur avec un micrologiciel WLED pré-configuré.\n\nCe projet de soudure est volontairement gardé simple pour être accessible aux novices. Les sources de ce badge sont disponibles sur https://github.com/FCSC-FR/hackropole-badge. Il est équipé de 8 LED RGB, 9 boutons capacitifs, et une interface d'extension 3.3V (entre autre compatible Qwiic) pour libérer votre créativité !\n\n\n\nATELIER MESURES\n\nDécouverte et expérimentation autour des instruments de labo :\n- oscilloscope MSO, analyse logique, décodage de protocoles,\n- génération de signaux, glitches, runt pulses, bruit, triggers,\n- radio / signaux numériques selon les envies et le chaos ambiant.\n\nMatériel principal : Oscilloscope MSO Rohde & Schwarz RTB2K-COM4, Batronix MSO DemoBoard Pico, Saleae Logic Pro 16.\n\nLe but n'est pas juste de "voir des jolies courbes", mais surtout de comprendre comment déclencher correctement un oscillo, traquer un bug, reconnaître un vrai problème électrique, et interpréter des signaux imparfaits.
SUMMARY:WORKSHOP: Badge Hackropole + Atelier mesures
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/workshops/#workshop-badge-fcsc-atelier-mesures
END:VEVENT
BEGIN:VEVENT
UID:2199
DTSTAMP:20260526T084704
DTSTART:20260626T100000
DTEND:20260626T104500
LOCATION:Amphithéâtre Gaston Berger
DESCRIPTION:Avril 2026 : Anthropic dévoile Claude Mythos, capable de trouver des 0-days dans tous les...
SUMMARY:Keynote : Pas besoin d'être un Mythos pour faire de l'offensif - Patrick Ventuzelo
ATTACH;FMTTYPE=image/jpeg:
URL;VALUE=URI:https://lehack.org/tracks/conferences/#keynot-temp-placeholder
END:VEVENT
END:VCALENDAR