BEGIN:VCALENDAR VERSION:2.0 PRODID:-//leHACK//NONSGML Events//EN BEGIN:VEVENT UID:2415 DTSTAMP:20260623T104253 DTSTART:20260628T010000 DTEND:20260628T023000 LOCATION:Salle Louis Armand s3 DESCRIPTION:Come learn and show off your GeoGuessr skills at this IRL workshop organized by OpenFacto. SUMMARY:WORKSHOP: GeoGuessr Party ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/osint/#workshop-geoguessr-party END:VEVENT BEGIN:VEVENT UID:2188 DTSTAMP:20260625T143555 DTSTART:20260627T230000 DTEND:20260628T003000 LOCATION:Workshop Room 3 S3 DESCRIPTION:Understand the fundamentals of reverse engineering Android applications.\nLearn to use debugging tools to analyze Android app behavior.\nBypass security mechanisms using Frida scripts.\nSniff and replay Bluetooth Low Energy (BLE) communications.\nModify Smali code to alter app functionality.\nReverse engineer native libraries used in Android apps.\nPerform Man-in-the-Middle (MITM) attacks on HTTPS services. SUMMARY:Apkpatcher: Reverse Engineering and Modifying Android Applications Without Rooting ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/workshops/#apkpatcher-reverse-engineering-and-modifying-android-applications-without-rooting END:VEVENT BEGIN:VEVENT UID:2191 DTSTAMP:20260625T145816 DTSTART:20260627T230000 DTEND:20260628T003000 LOCATION:Workshop Room 2 S3 DESCRIPTION:Ce workshop introduit un framework dédié aux attaques de protocoles sans-fil, WHAD, avec un focus tout particulier sur le protocole Bluetooth Low Energy. Il fait écho au talk soumis par l'auteur sur le même sujet, et permettra de mettre en pratique les attaques évoquées dans ce dernier sur de véritables équipements connectés. SUMMARY:Hacking Bluetooth Low Energy Devices with WHAD ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/workshops/#hacking-bluetooth-low-energy-devices-with-whad END:VEVENT BEGIN:VEVENT UID:2187 DTSTAMP:20260625T143823 DTSTART:20260627T223000 DTEND:20260628T000000 LOCATION:Salle Louis Armand DESCRIPTION:Most reverse engineering workflows treat a binary as a static artifact. Dynamic Binary Instrumentation flips that: instead of reading code, you *watch it run*, intercepting every instruction and memory access with nothing but Python.\n\nThis workshop is a hands-on introduction to DBI using [PyQBDI](https://qbdi.readthedocs.io/en/stable/get_started-pyqbdi.html). Attendees go from zero to writing instrumentation scripts that trace execution, inspect runtime state, instrument native libraries, and ultimately bypass anti-debugging protections to extract a hidden flag. They leave with reusable scripts and the foundations to apply QBDI in professional engagements, CTF challenges, or personal research.\n\n[QBDI](https://qbdi.quarkslab.com/) is an open-source framework developed at Quarkslab, supporting Linux, Windows, Android, and macOS. It has been used in practice to [break whitebox cryptographic implementations](https://blog.quarkslab.com/introduction-to-whiteboxes-and-collision-based-attacks-with-qbdi.html), [deobfuscate VM-protected binaries](https://blog.quarkslab.com/qbdi-vs-tritondse-against-a-vm-who-will-be-the-fastest.html), and [analyze Android native libraries without source code](https://blog.quarkslab.com/android-native-library-analysis-with-qbdi.html). SUMMARY:Introduction à l'instrumentation dynamique binaire avec QBDI ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/workshops/#introduction-a-linstrumentation-dynamique-binaire-avec-qbdi END:VEVENT BEGIN:VEVENT UID:2449 DTSTAMP:20260627T133452 DTSTART:20260627T210000 DTEND:20260627T230000 LOCATION:Amphithéâtre Gaston Berger DESCRIPTION:Who Wants to Win Bitcoins - Game Rules\n\n21:00 pm - 23:00 pm Gaston Berger\n\nComposition of the teams\nA team consists of exactly 3 players\nEach player is part of one team and one team only\nRegistration\n\nTo register, send an email to [ quiveutgagnerdesbitcoins [at] gmail.com] (not easy, eh) mentioning the name of your team and the nicknames of the participants.\n\n9 places are available for the game, if more than 9 teams are registered, pre-selections will take place and will be done by email (no, no speed test).\n\nPrinciple of the game\n\nWho Wants to Win Bitcoins is a game inspired by DEFCON's Hacker Jeopardy, but it does not share the whole concept.\n\nThe game is played in rounds: 3 selection rounds and 1 final. During each round, 3 teams of 3 players compete by answering questions. Each correct answer earns points, a wrong answer does not lose any points.\n\nAt the end of the round, the team with the most points is declared the winner. In the event of a tie, a series of additional questions will be used to decide between the two teams.\n\nThe team that wins the final round wins a pre-provisioned wallet of bitcoins, for an amount greater than 30€ (to be determined).\n\nHow does a round unfold?\n\n6 categories of questions are randomly selected and displayed on the main screen. Each category has 5 questions ranging from 100 to 500 points, for a total of 30 questions.\n\nDuring the round, a team is designated "in charge" of the question board. The team in charge determines the next question, and keeps the hand as long as they answer the questions correctly first, and loses it if an opposing team answers correctly before them. In this case, the hand passes to the opposing team who chooses the next question and is now in charge of the board.\n\nWhen a question is asked, teams buzz in to give their answer. The fastest team is the first to answer: points are awarded for correct answers, and they take control of the question board. If they get it wrong, they can no longer answer that question and the floor is left to the other teams. If they take too long to answer, they lose their turn and the floor is left to the other teams.\n\nIf no team gives the right answer, the floor is given to the audience. If a member of the audience gives the right answer when asked, they win leHACK swag (t-shirts, hardware, mugs, etc.)! However, the team in charge of the question board has the final say.\n\nIf no one finds the answer, it is revealed and the game continues, with the question board team keeping the lead.\n\nThe team in charge of the question board chooses the next question, and so on until the last question.\n\nEnd of the round\n\nThe round ends when all 30 questions have been asked. The points of the teams are totaled and the team with the most points is declared the winner. In the event of a tie, a sudden death test is set up: the first team to answer a question correctly wins the round.\n\nBasic Rules\nAny team caught cheating will be immediately disqualified\nAny objectionable or inappropriate behavior towards the organizers and participants will result in the disqualification of the team concerned SUMMARY:Qui Veut Gagner des Bitcoins ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/conferences/#qui-veut-gagner-des-bitcoins END:VEVENT BEGIN:VEVENT UID:2192 DTSTAMP:20260625T143150 DTSTART:20260627T210000 DTEND:20260627T223000 LOCATION:Salle Louis Armand DESCRIPTION:The world of Web Hacking is evolving, and with it, our tooling must evolve as well. Caido, the new guy on the HTTP Proxy block, brings a new set of tools and capabilities to web hackers that minimize friction and increase efficiency in your hacking process. Join us as we explore:\n* HTTPQL Search\n* Caido Workflows (easy to understand & integrate low-code/no-code automation)\n* Environment Variables (no, not that kind)\n* Organization/Note Taking\n* Shift - Caido AI Integration\n* and much more SUMMARY:Efficient Web Hacking with Caido ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/workshops/#efficient-web-hacking-with-caido END:VEVENT BEGIN:VEVENT UID:2190 DTSTAMP:20260625T145050 DTSTART:20260627T210000 DTEND:20260627T223000 LOCATION:Workshop Salle 2 S3 DESCRIPTION:keep digging for that root shell SUMMARY:Hardware hacking : keep digging for that root shell ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/workshops/#hardware-hacking-keep-digging-for-that-root-shell END:VEVENT BEGIN:VEVENT UID:2189 DTSTAMP:20260625T144637 DTSTART:20260627T210000 DTEND:20260627T223000 LOCATION:Workshop Room 3 S3 DESCRIPTION:Your favorite Android mobile apps or smart TV are probably fortresses: obfuscated code, anti hooking defenses, encrypted protocols. Traditional RE tools? Weeks of manual grinding. But what if you could teach your hooks to evolve, fuzz vendor services for hidden root commands, and let an AI orchestrate the entire RE workflow?\n\nIn this hands-on workshop, you'll learn to autopsy mobile applications using Reversense, a free collaborative reverse engineering platform now available as open source. Unlike traditional tools that require weeks of manual analysis, Reversense automates the discovery, modeling, and instrumentation of mobile apps in their real execution context.\n\nYou'll work through 3 real-world scenarios:\n\n- Hardened App Security Audit : Identify sensitive data and bypass security mechanisms, such as anti-hooking, using self-improved hooks and dynamic modeling.\n\n- Discovery of Undocumented ADB Commands : Use combination of built-in fuzzing engine, and cross-app hooking to uncover hidden vendor backdoors and factory test modes in Android devices.\n\n- AI-Powered Reverse Automation : Leverage MCP (Model Context Protocol) integration to orchestrate complex multi-stage reverse engineering workflows. SUMMARY:Teaching hooks to hunt: automated Android app reversing ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/workshops/#teaching-hooks-to-hunt-automated-android-app-reversing END:VEVENT BEGIN:VEVENT UID:2272 DTSTAMP:20260627T132458 DTSTART:20260627T213000 DTEND:20260627T221500 LOCATION:Salle Louis Armand S3 DESCRIPTION:Following the serie of workshops Ratzilla gave on car hacking, he will give a closure... SUMMARY:LIVE TALK: Car Hacking ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/osint/#car-hacking END:VEVENT BEGIN:VEVENT UID:2361 DTSTAMP:20260618T064931 DTSTART:20260627T170000 DTEND:20260627T220000 LOCATION:Workshop zone DESCRIPTION:Red Team Alliance is coming to LeHack Paris! Ever wondered what physical penetration testers actually... SUMMARY:Lockpicking with the Red Team Alliance. #4 ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/workshops/#lockpicking-with-the-red-team-alliance-copy-3 END:VEVENT BEGIN:VEVENT UID:2301 DTSTAMP:20260621T210520 DTSTART:20260627T200500 DTEND:20260627T205500 LOCATION:LeLAB village hardware Salle C et D niveau S2 DESCRIPTION:Chaque participant démarre avec une plateforme d'attaque et un STM32 vérouillée. l'objectif : casser la... SUMMARY:WORKSHOP: Outil de bypass de protection JTAG (pratique) ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/workshops/#workshop-outil-de-bypass-de-protection-jtag-pratique END:VEVENT BEGIN:VEVENT UID:2262 DTSTAMP:20260622T181707 DTSTART:20260627T180500 DTEND:20260627T200500 LOCATION:LeLAB village hardware Salle C et D niveau S2 DESCRIPTION:Pendant deux heures, nous explorerons les cinq principales vulnérabilités liées à l'IoT — qu'il s'agisse d'embarqué, de cloud, de mobile, de données ou de processus. L'objectif est de montrer qu'avec très peu de matériel et des compétences de base, il est déjà possible de compromettre un firmware, d'altérer des données ou encore d'élever ses privilèges. La session combinera des apports théoriques, mais fera surtout la part belle à la pratique.\n\nPré‑requis : Un téléphone et une distribution Linux Kali, accompagnés d'un port USB‑A, devraient suffire pour participer sereinement au workshop. SUMMARY:WORKSHOP: le top 5 des vulnérabilités IoT est-il réaliste pour un rookie? (DVID) ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/workshops/#workshop-le-top-5-des-vulnerabilites-iot-est-il-realiste-pour-un-rookie-dvid END:VEVENT BEGIN:VEVENT UID:2245 DTSTAMP:20260622T182859 DTSTART:20260627T190500 DTEND:20260627T195500 LOCATION:Salle 3 niveau S3 DESCRIPTION:Vandal, c'est l'implémentation en pur C d'une plateforme d'analyse RF multi-protocoles basée sur de l'ESP32-S3.\n\nOn a soupoudré notre layer-cake cyber avec :\n- du WiFi avec injection de trames, deauth, captive_portal, sniffing, scanners et autres surprises\n- du Bluetooth BLE 5.0 avec scan de services, monitoring d'attributs et détection de security profile + bruteforce de pin\n- du Sub-GHz via CC1101, capture et replay et de beaux waterfall\n- du 2.4 GHz via Sx1280 et NRF52840 à venir\n- une couche de BadUSB HID ou MSC, complet et pilotable à distance\n- une gestion d'ADC 16 bits pour l'attaque physique et l'analyse de signaux\n- du messaging juste pour rire ou préparer l'apocalypse\n- des stupidités comme une CLI SSH embarquée vu qu'on avait trop de place\n\nPuis on a soupoudré avec du GPS pour le wardriving du pauvre, une SD-Card pour le storage offline — le tout sur un seul SoC, sans laptop hôte, pilotable à distance à l'aide de n'importe quel navigateur web.\n\nDans ce talk on va aussi parler de stack : pourquoi on a choisi une architecture event-driven autour de l'esp_event_loop, comment s'organise notre code autour de modules et de composants, et pourquoi nous avons choisi une infrastructure clients-serveur.\n\nOn terminera par un tour rapide du VANDAL Protocol qu'on s'impose entre les agents et la console. Démos live prévues, et probablement pleins de trucs qui ne fonctionneront pas comme prévu. SUMMARY:TALK: Offensive AI on ESP32: Breaking Embedded Limits ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/lelab/#talk-vandal-yet-another-dongle-2 END:VEVENT BEGIN:VEVENT UID:2414 DTSTAMP:20260623T103939 DTSTART:20260627T170000 DTEND:20260627T193000 LOCATION:Salle Louis Armand s3 DESCRIPTION:RUMPS are small talk sessions, where you can freely grab the mic to present random speech about hacking without control, censorship, pressure, and inside a 'plausible deniability' setup. No lineup, no recording, no endorsements, anonymity is guaranteed if needed but you bring your own countermeasures (face mask allowed). You take all responsibility for the topic you present, leHACK isn’t responsible for your speech, be wise and don’t break the law. See you on Louis Armand room, on S3 level, starting Saturday 27/06/2026 from 17:00 to 19:30. Format : 5 minutes, ABSOLUTELY NO CAMERA, NO RECORDING! We will enforce this and immediately remove offenders without warning. Send us your speech hints at CFP before Saturday noon ! SUMMARY:TALK: Rumps ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/osint/#talk-rumps END:VEVENT BEGIN:VEVENT UID:2440 DTSTAMP:20260626T112100 DTSTART:20260627T185000 DTEND:20260627T191000 LOCATION:Amphithéâtre Gaston Berger DESCRIPTION: SUMMARY:🔐 Surprise Talk ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/conferences/#%f0%9f%94%90-suprise-talk END:VEVENT BEGIN:VEVENT UID:2173 DTSTAMP:20260517T103414 DTSTART:20260627T183000 DTEND:20260627T185000 LOCATION:Amphithéâtre Gaston Berger DESCRIPTION:Comment écouter le réseau 3G avec ce que l'on a sous la main ?\nAvec un récepteur TV, une antenne bricolé, gr-gsm et simple_IMSI-catcher.py ! SUMMARY:simple_IMSI-catcher déjà 11 ans! - Oros ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/conferences/#simple_imsi-catcher-deja-11-ans END:VEVENT BEGIN:VEVENT UID:2244 DTSTAMP:20260621T194824 DTSTART:20260627T180500 DTEND:20260627T185000 LOCATION:Salle 3 niveau S3 DESCRIPTION:Vous pouvez tout faire; il suffit d'y passer suffisamment de temps. En attendant, voilà un guide simple pour se lancer dans le hardware. SUMMARY:TALK: CyberpunkGuide to hardware hacking ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/lelab/#talk-cyberpunkguide-to-hardware-hacking END:VEVENT BEGIN:VEVENT UID:2170 DTSTAMP:20260517T103135 DTSTART:20260627T174500 DTEND:20260627T183000 LOCATION:Amphithéâtre Gaston Berger DESCRIPTION:Avez-vous déjà tenté de vous infiltrer dans un événement hautement sécurisé ?\n\nProbablement non — nous, si :).\n\nÀ travers cette conférence, nous verrons comment les dispositifs de sécurité de certains des plus grands événements peuvent être contournés à l’aide de différentes méthodes, outils et techniques, allant de l’OSINT à l’ingénierie sociale.\n\nÀ partir de cas réels d’intrusions physiques, nous décortiquerons leur architecture : périmètres, zones d’accès, rôles humains, accréditations etc…\n\nEnfin, des démonstrations illustreront comment des dispositifs conçus pour protéger peuvent devenir exploitables dès lors que la validation repose sur des mécanismes humains. SUMMARY:ALL ACCESS AUTHORIZED : How to infiltrate major events for fun and profit ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/conferences/#all-access-authorized-how-to-infiltrate-major-events-for-fun-and-profit END:VEVENT BEGIN:VEVENT UID:2261 DTSTAMP:20260621T210353 DTSTART:20260627T170500 DTEND:20260627T175500 LOCATION:LeLAB village hardware Salle C et D niveau S2 DESCRIPTION:- Installer le DigiLab sur son Flipper Zero\n- Tour d'horizon et limitations\n- Détecter des grandeurs\n- Configurer les retours sensoriels\n- Aller plus loin\n\nMatériel nécessaire : Un Flipper Zero par personne, installation propre. SUMMARY:WORKSHOP: Explorer les signaux avec le DigiLab ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/workshops/#workshop-explorer-les-signaux-avec-le-digilab-2 END:VEVENT BEGIN:VEVENT UID:2167 DTSTAMP:20260517T102939 DTSTART:20260627T172000 DTEND:20260627T174000 LOCATION:Amphithéâtre Gaston Berger DESCRIPTION:Les applications de “smart city” promettent sécurité, modernité et économies d’énergie. Sur le papier, tout est parfaitement sous contrôle. Dans la réalité… disons que c’est plus lumineux que sécurisé.\n\nCette présentation propose l’analyse d’une application mobile permettant de contrôler l’éclairage public, signaler des zones dangereuses et partager sa position avec des proches. Officiellement, le système est protégé, restreint (et selon son créateur :“impiratable”).\n\nDans les faits, une compréhension même modérée de son fonctionnement permet de contourner les restrictions géographiques et d’activer l’ensemble des lampadaires d’une ville (voire de centaines de communes) sans la moindre authentification. sign\n\nMais ce n’est qu’un début. Des failles critiques permettent également d’identifier des utilisateurs supposément anonymes, de reconstituer leurs habitudes, d’accéder à des événements privés et de manipuler le partage de position en temps réel.\n\nÀ travers une analyse technique rigoureuse et un certain sens de la nuance, ce talk met en lumière une vérité simple : annoncer une sécurité avancée ne suffit pas à la rendre réelle. SUMMARY:LeHack 117 : Permis d’illuminer toute la ville - MadSquirrel ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/conferences/#lehack-117-permis-dilluminer-toute-la-ville END:VEVENT BEGIN:VEVENT UID:2281 DTSTAMP:20260622T180426 DTSTART:20260627T170500 DTEND:20260627T173000 LOCATION:Salle 3 niveau S3 DESCRIPTION: SUMMARY:LIVE TALK: Car Hacking ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/lelab/#live-talk-car-hacking-copy-7 END:VEVENT BEGIN:VEVENT UID:2178 DTSTAMP:20260522T121356 DTSTART:20260627T170000 DTEND:20260627T172000 LOCATION:Amphithéâtre Gaston Berger DESCRIPTION:Les fréquences radio transportent toutes sortes de données, des communications aériennes aux télécommandes de voiture, et la plupart d'entre elles sont étonnamment faciles à intercepter. Ce talk vous montre comment fonctionne réellement le piratage radio. Pas besoin d'équipement coûteux ni d'années d'expérience. Avec les bons outils et les bonnes connaissances, le spectre devient enfin visible. SUMMARY:R4di0_P1r4cy - Beemo ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/conferences/#r4di0_p1r4cy END:VEVENT BEGIN:VEVENT UID:2168 DTSTAMP:20260517T102524 DTSTART:20260627T161500 DTEND:20260627T170000 LOCATION:Amphithéâtre Gaston Berger DESCRIPTION:Le protocole Bluetooth Low Energy et ses vulnérabilités, tout le monde les connaît car\nelles font régulièrement la une des actualités et 2026 n'a pas dérogé à la régle. Mécanisme\nd'appaîrage simplifié exploitable par des pirates, communications non-chiffrées laissant fuiter\ndes informations sensibles, robots humanoïdes compromis avec une injection de commande transmise\npar BLE, injection de flux audio dans des écouteurs, autant de problèmes révélés ces dernières années\ngrâce à de nombreux chercheurs en sécurité et qui mettent à mal l'image ce protocole et des équipements\nqui l'emploient. Mais connaissez-vous vraiment *tous* les moyens à votre disposition permettant de\ncompromettre de tels équipements ?\n\nDans ce talk, nous allons aborder des aspects moins connus du protocole Bluetooth Low Energy et la manière\ndont ces derniers peuvent être exploités pour compromettre l'intégrité et la sécurité d'équipements\nconnectés. Certaines de ces techniques ont été découvertes lors de l'analyse de différentes implémentations,\nvoire directement lors de tests effectués sur des équipements domotique ou des smartphones, d'autres sont \ntrès peu connues ou n'ont jamais été publiées à ce jour. Si vous êtes expert sur ce protocole de\ncommunication ou simple néophyte curieux de découvrir des attaques avancées, ce talk peut vous apprendre\ndes choses assez surprenantes. SUMMARY:Pwning bluetooth devices in unexpected ways - Virtualabs ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/conferences/#pwning-bluetooth-devices-in-unexpected-ways END:VEVENT BEGIN:VEVENT UID:2412 DTSTAMP:20260623T103938 DTSTART:20260627T160000 DTEND:20260627T170000 LOCATION:Salle Louis Armand s3 DESCRIPTION:How OSINT can help identify Russian spies in journalistic investigations : ethical considerations and real-world examples. SUMMARY:TALK: Hunting spies for a living ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/osint/#talk-hunting-spies-for-a-living END:VEVENT BEGIN:VEVENT UID:2280 DTSTAMP:20260622T180212 DTSTART:20260627T160500 DTEND:20260627T165500 LOCATION:Salle 3 niveau S3 DESCRIPTION: SUMMARY:LIVE TALK: Car Hacking ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/lelab/#live-talk-car-hacking-copy-6 END:VEVENT BEGIN:VEVENT UID:2260 DTSTAMP:20260622T182153 DTSTART:20260627T160500 DTEND:20260627T165500 LOCATION:leLAB Village Hardware DESCRIPTION:BADGE FCSC – Soudure d'un badge lumineux capacitif\n\nVenez découvrir la soudure en assemblant un badge lumineux capacitif.\n- Soudure d'un microcontrôleur et de 8 LED (composants de surface) au fer à souder, à l'air chaud ou à la plaque chauffante.\n- Programmation du microcontrôleur avec un micrologiciel WLED pré-configuré.\n\n\n\nATELIER MESURES\n\nDécouverte et expérimentation autour des instruments de labo : oscilloscope MSO, analyse logique, décodage de protocoles, génération de signaux, glitches, runt pulses, bruit, triggers, radio / signaux numériques selon les envies et le chaos ambiant. SUMMARY:WORKSHOP: Badge Hackropole + Atelier mesures ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/workshops/#workshop-badge-fcsc-atelier-mesures-10 END:VEVENT BEGIN:VEVENT UID:2166 DTSTAMP:20260621T093738 DTSTART:20260627T155000 DTEND:20260627T161000 LOCATION:Amphithéâtre Gaston Berger DESCRIPTION:Quand on pense au warez on pense jeux video , la suite adobe ou microsoft word. Mais il existe une autre scène qui existe aussi depuis longtemps, c'est la scène pour les logiciels de contrôle-commande industrielle.\n\nCes logicielles sont les environnements de développement et d'interactions des systèmes de contrôle physique, de la programmations des automate industrielle, en bref, les logicielle qui font fonctionner notre monde industriel. \n\nNous allons essayer ici d'analyser ce marché via deux angles. \n\nD'un côté une analyse technique en regardant certains crack keygen, mais aussi des tools contournant la sécurité intégrer des automate pour voir ce qu'ils font techniquement, et constater si leurs actions sont légitimes ou si ce n'est que du sucre de l'eaux et beaucoup de mallware. \n\nD'un autre côté, la distribution, les vendeurs et les clients cible de ce dernier. SUMMARY:Warez for the working man : investigations d'une warez des logiciel de contrôle commande industrielle. - biero-el-corridor - l0key ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/conferences/#warez-for-the-working-man-investigations-dune-warez-des-logiciel-de-controle-commande-industrielle END:VEVENT BEGIN:VEVENT UID:2360 DTSTAMP:20260618T064931 DTSTART:20260627T130000 DTEND:20260627T160000 LOCATION:Workshop zone DESCRIPTION:Red Team Alliance is coming to LeHack Paris! Ever wondered what physical penetration testers actually... SUMMARY:Lockpicking with the Red Team Alliance. #3 ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/workshops/#lockpicking-with-the-red-team-alliance-copy-2 END:VEVENT BEGIN:VEVENT UID:2410 DTSTAMP:20260623T103938 DTSTART:20260627T150000 DTEND:20260627T160000 LOCATION:Salle Louis Armand s3 DESCRIPTION:The Digital Armoury maps the brief history of the global 3D-printed firearms ecosystem, from designers and design communities to files, distribution platforms, physical objects, end users, and emerging practices. The talk examines how digital designs circulate, evolve, and materialize, and how OSINT can help researchers and security professionals better understand the connection between the online movement and its potential real-world consequences. SUMMARY:TALK: The Digital Armoury; Mapping the Global 3D-Printed Firearms Movement ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/osint/#talk-the-digital-armoury-mapping-the-global-3d-printed-firearms-movement END:VEVENT BEGIN:VEVENT UID:2279 DTSTAMP:20260627T100822 DTSTART:20260627T150500 DTEND:20260627T155500 LOCATION:Salle3 niveau S3 DESCRIPTION: SUMMARY:LIVE TALK: Car Hacking ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/lelab/#live-talk-car-hacking-copy-5 END:VEVENT BEGIN:VEVENT UID:2259 DTSTAMP:20260622T183210 DTSTART:20260627T150500 DTEND:20260627T155500 LOCATION:leLAB Village Hardware DESCRIPTION:BADGE FCSC – Soudure d'un badge lumineux capacitif\n\nVenez découvrir la soudure en assemblant un badge lumineux capacitif.\n- Soudure d'un microcontrôleur et de 8 LED (composants de surface) au fer à souder, à l'air chaud ou à la plaque chauffante.\n- Programmation du microcontrôleur avec un micrologiciel WLED pré-configuré.\n\n\n\nATELIER MESURES\n\nDécouverte et expérimentation autour des instruments de labo : oscilloscope MSO, analyse logique, décodage de protocoles, génération de signaux, glitches, runt pulses, bruit, triggers, radio / signaux numériques selon les envies et le chaos ambiant. SUMMARY:WORKSHOP: Badge Hackropole + Atelier mesures ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/workshops/#workshop-badge-fcsc-atelier-mesures-9 END:VEVENT BEGIN:VEVENT UID:2174 DTSTAMP:20260517T102212 DTSTART:20260627T153000 DTEND:20260627T155000 LOCATION:Amphithéâtre Gaston Berger DESCRIPTION:This talk aims at reviewing and explaining in detail the technical Sighax exploit. The Nintendo 3DS, despite having layered security based on a strong chain of trust and a privilege split between two processors ARM11 and ARM9, implements improper validation of the RSA PKCS#1 v1.5 padding in the ARM9 bootrom code. This vulnerability, combined with a custom uncautious ASN.1 parser, makes it possible to bruteforce specific RSA signatures causing the signature's hash to be computed against itself on the stack, allowing to bypass a signature check.\nWe will also discuss how this exploit, coupled with the design of Nintendo's FIRM file format, allows to dump the protected bottom half of the ARM9 bootrom, which is locked away by the time any firmware is loaded.\nThe goal is to provide a clear overview of how a console can go from executing confined userland homebrew to cold boot, pre firmware persistence with full access over the console in just a few mistakes.\nWe will go over the 3DS security architecture with its ARM9 / ARM11, the FIRM boot chain, the RSA PKCS#1 v1.5 padding implementation flaw, the ASN.1 parser mistakes and how "perfect" signatures were bruteforced to take advantage of these issues in order to sign any firmware stored in the console eMMC. SUMMARY:Sighax deep dive: breaking the 3DS chain of trust - Cyprien Molinet (@cypelf) ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/conferences/#sighax-deep-dive-breaking-the-3ds-chain-of-trust END:VEVENT BEGIN:VEVENT UID:2193 DTSTAMP:20260517T101946 DTSTART:20260627T144500 DTEND:20260627T153000 LOCATION:Amphithéâtre Gaston Berger DESCRIPTION:macOS has long been perceived as a low-risk platform, often treated as a secondary concern... SUMMARY:macOS Zero Mercy: Inside the Mind of a Malware Developer - Zoziel Freire ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/conferences/#macos-zero-mercy-inside-the-mind-of-a-malware-developer END:VEVENT BEGIN:VEVENT UID:2407 DTSTAMP:20260623T103936 DTSTART:20260627T140000 DTEND:20260627T150000 LOCATION:Salle Louis Armand s3 DESCRIPTION:This study offers a cross-analysis of the circulation and reception of Russian and pro-Russian narratives in Moldova. The country currently serves as a testing ground for Russia to trial new techniques that are subsequently rolled out in other countries. It is also viewed by Moscow as a vulnerability for Europe, given that some of its citizens are able to move freely both within Russian-occupied Transnistria and within the Schengen Area. The investigation focused on Gagauzia, a southern region where a sense of marginalisation vis-à-vis Chișinău and Europe creates fertile ground for the penetration of Russian narratives. It combines ethnographic fieldwork with a digital investigation utilising cyber and OSINT methods, and has enabled us to uncover manoeuvres relying on clandestine broadcasting equipment, as well as Russian, Chinese and possibly even Iranian cybercriminal networks, used to disseminate narratives in Gagauzia. SUMMARY:TALK: On the information frontline. A human and digital investigation in the Russian-speaking region of Gagauzia (Moldova) ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/osint/#talk-on-the-information-frontline-a-human-and-digital-investigation-in-the-russian-speaking-region-of-gagauzia-moldova END:VEVENT BEGIN:VEVENT UID:2258 DTSTAMP:20260622T183356 DTSTART:20260627T140500 DTEND:20260627T145500 LOCATION:leLAB Village Hardware DESCRIPTION:BADGE FCSC – Soudure d'un badge lumineux capacitif\n\nVenez découvrir la soudure en assemblant un badge lumineux capacitif.\n- Soudure d'un microcontrôleur et de 8 LED (composants de surface) au fer à souder, à l'air chaud ou à la plaque chauffante.\n- Programmation du microcontrôleur avec un micrologiciel WLED pré-configuré.\n\n\n\nATELIER MESURES\n\nDécouverte et expérimentation autour des instruments de labo : oscilloscope MSO, analyse logique, décodage de protocoles, génération de signaux, glitches, runt pulses, bruit, triggers, radio / signaux numériques selon les envies et le chaos ambiant. SUMMARY:WORKSHOP: Badge Hackropole + Atelier mesures ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/workshops/#workshop-badge-fcsc-atelier-mesures-8 END:VEVENT BEGIN:VEVENT UID:2278 DTSTAMP:20260627T100731 DTSTART:20260627T140500 DTEND:20260627T145500 LOCATION:Salle3 niveau S3 DESCRIPTION: SUMMARY:LIVE TALK: Car Hacking ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/lelab/#live-talk-car-hacking-copy-4 END:VEVENT BEGIN:VEVENT UID:2222 DTSTAMP:20260519T170649 DTSTART:20260627T142000 DTEND:20260627T144000 LOCATION:Amphithéâtre Gaston Berger DESCRIPTION:Venez découvrir le quotidien des missions terrain sur la partie fraude documentaire, un entre deux... SUMMARY:Parcours d'un fraudeur - Cybermoustache ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/conferences/#parcours-dun-fraudeur END:VEVENT BEGIN:VEVENT UID:2176 DTSTAMP:20260517T101311 DTSTART:20260627T140000 DTEND:20260627T142000 LOCATION:Amphithéâtre Gaston Berger DESCRIPTION:Souvent sous-estimée par les organisations, l’intrusion physique constitue pourtant un vecteur de compromission particulièrement efficace, en dépit des investissements croissants dans les dispositifs techniques et humains. \n\nCette conférence propose une analyse concrète des mécanismes qui mènent au succès ou à l’échec d’une intrusion physique, en s’appuyant sur des retours d’expérience, des cas réels et des missions de red team.\n\nNous examinerons les facteurs clés de réussite, tels que l’ingénierie sociale, les failles organisationnelles ou la surestimation des contrôles techniques, ainsi que les éléments conduisant à l’échec : vigilance du personnel, procédures adaptées, culture de sécurité, ou encore certaines limitations imposées par les clients.\n\nL’objectif est de dépasser une vision purement technologique afin de mettre en lumière le rôle central de l’humain et des processus. SUMMARY:Physical intrusion: Success and Failure - Joker2a ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/conferences/#physical-intrusion-success-and-failure END:VEVENT BEGIN:VEVENT UID:2257 DTSTAMP:20260622T182449 DTSTART:20260627T130500 DTEND:20260627T135500 LOCATION:LeLAB village hardware Salle C et D niveau S2 DESCRIPTION:- Comprendre le protocole\n- Flasher l'esp32 pour interagir avec le tag\n- Exploration des différentes fonctionnalités\n\nMatériel principal : Tag pricer, esp32 (M5Stack Cardputer ou C6). SUMMARY:WORKSHOP: Hacking de Tag ESL via esp32 ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/workshops/#workshop-hacking-de-tag-esl-via-esp32-2 END:VEVENT BEGIN:VEVENT UID:2256 DTSTAMP:20260621T210244 DTSTART:20260627T120500 DTEND:20260627T125500 LOCATION:LeLAB village hardware Salle C et D niveau S2 DESCRIPTION:- Installer et utiliser proxmark3\n- Utiliser la CLI pour discuter avec un Tag/Lecteur\n- Clone de badges (LF, HF)\n- Tester les différentes attaques possible en NFC (relay, replay, clone, fuzz…)\n\nChallenge : Cracker plusieurs cibles, à plusieurs niveaux.\n\nMatériel principal : Handheld RFID, Cameleon, Proxmark, Flipper Zero, Cartes Magic, PN532. SUMMARY:WORKSHOP: NFC/RFID Lab ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/workshops/#workshop-nfc-rfid-lab-2 END:VEVENT BEGIN:VEVENT UID:2243 DTSTAMP:20260622T183041 DTSTART:20260627T120500 DTEND:20260627T125000 LOCATION:Room 3 niveau S3 DESCRIPTION:The Kindle is a very popular device with a long history of public jailbreaks. As time went on, Amazon gradually improved the security of its products and jailbreaks became scarcer. This talk presents a new jailbreak, developed to answer a personal question of how to bootstrap research on a closed platform. It targets the latest firmware (at the time of development) and did not rely existing jailbreaks for introspection during development.\n\nThe goal of this talk is to provide a window into the thought process of an attacker. Not of the exploitation process itself, but everything around it : why some surface was selected, why some choices were made, why some did not pan out, ... It is oriented towards beginners and towards a wider audience. SUMMARY:TALK: Bootstrapping Kindle research for the lazy attacker ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/lelab/#talk-bootstrapping-kindle-research-for-the-lazy-attacker END:VEVENT BEGIN:VEVENT UID:2405 DTSTAMP:20260623T103935 DTSTART:20260627T113000 DTEND:20260627T123000 LOCATION:Salle Louis Armand s3 DESCRIPTION:Phishing kits increasingly send stolen credentials straight into Telegram, posting them to a bot the operator controls. That design is also the weakness: anyone holding the bot token reads the same channel the operator does. At scale, that access becomes a view across the whole ecosystem, kept strictly aggregate: which sectors and regions the stolen data concentrates in, how large the victim pools actually are, and what the channels expose about the operators, who range from organized crews to people who plainly do not grasp the tool they deploy and keep treating their exfiltration feed as the private space it never was. SUMMARY:TALK: The Phisher's Inbox: Reading Telegram Exfiltration Channels with the Bot Token ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/osint/#talk-the-phishers-inbox-reading-telegram-exfiltration-channels-with-the-bot-token END:VEVENT BEGIN:VEVENT UID:2182 DTSTAMP:20260517T101200 DTSTART:20260627T113000 DTEND:20260627T121500 LOCATION:Amphithéâtre Gaston Berger DESCRIPTION:n8n is an open-source workflow automation platform with AI agents, used by thousands of organizations worldwide. With more than 70,000 publicly accessible instances on Shodan and recent critical CVEs listed in CISA's Known Exploited Vulnerabilities catalog, it has become a high-value target for attackers.\n\nThis talk first explores what attackers can do with leaked n8n credentials. Starting from real-world n8n JWT tokens exposed on GitHub, we found around 1,300 publicly reachable instances. Among those, 25% authenticated successfully, giving us a live dataset of production n8n instances to answer one question: what can an attacker do once inside?\n\nWe built three attack chains to find out. First, we demonstrate Remote Code Execution leveraging real-world workflow abuse and existing CVEs, showing how n8n's legitimate execution capabilities turn into a direct shell. Second, we walk through credentials enumeration, extraction, and exfiltration: n8n instances store third-party API keys, OAuth tokens, and database credentials directly in workflows, making a single JWT a skeleton key to an organization's entire integration stack. Third, we reveal original cryptographic weaknesses in n8n's native secret handling, what we call n8ive crypto, exposing design flaws that allow offline secret recovery and privilege escalation.\n\nBeyond the practical attacks, this talk raises a broader question: when automation platforms become the central hub of modern infrastructure, an account compromise is now a launchpad for attacks across the entire stack. SUMMARY:n8ive by Design: One Leaked Key, Three Attack Chains - guedou ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/conferences/#n8ive-by-design-one-leaked-key-three-attack-chains END:VEVENT BEGIN:VEVENT UID:2255 DTSTAMP:20260622T183430 DTSTART:20260627T110500 DTEND:20260627T115500 LOCATION:leLAB Village Hardware DESCRIPTION:BADGE FCSC – Soudure d'un badge lumineux capacitif\n\nVenez découvrir la soudure en assemblant un badge lumineux capacitif.\n- Soudure d'un microcontrôleur et de 8 LED (composants de surface) au fer à souder, à l'air chaud ou à la plaque chauffante.\n- Programmation du microcontrôleur avec un micrologiciel WLED pré-configuré.\n\n\n\nATELIER MESURES\n\nDécouverte et expérimentation autour des instruments de labo : oscilloscope MSO, analyse logique, décodage de protocoles, génération de signaux, glitches, runt pulses, bruit, triggers, radio / signaux numériques selon les envies et le chaos ambiant. SUMMARY:WORKSHOP: Badge Hackropole + Atelier mesures ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/workshops/#workshop-badge-fcsc-atelier-mesures-7 END:VEVENT BEGIN:VEVENT UID:2242 DTSTAMP:20260621T200310 DTSTART:20260627T110500 DTEND:20260627T115000 LOCATION:Salle 3 niveau S3 DESCRIPTION:En 2024, un nouvel intérêt spécifique a germé dans mon cerveau : j'adore les consoles de jeux, et j'adore le hacking. Pourquoi n'ai-je jamais exploré le hacking de consoles ?!\n\nJ'ai toujours été fasciné par les personnes capables de casser des systèmes de sécurité conçus avec précision par Sony, Microsoft ou Nintendo, et de comprendre leur fonctionnement interne ésotérique au point d'y ajouter, d'y activer ou d'y modifier des fonctionnalités en dehors de ce qui était prévu par le constructeur.\n\nAlors, l'année dernière, j'ai décidé qu'il était enfin temps de contribuer à cette communauté transversale de hackers et de gamers.\n\nMais trouver de nouvelles façons d'exploiter une console de jeu est à la fois extrêmement chronophage et complexe ; je voulais commencer par quelque chose de réalisable : écrire mon propre logiciel pour une console déjà hackée.\n\nEt quelle meilleure console pour commencer que ma console portable préférée : la PS Vita. Elle dispose d'une superbe communauté de hackers et de développeurs d'homebrews, et même d'un incroyable SDK non officiel !\n\nAlors je sais, c'est une console de jeu ; mais écrire des jeux vidéo c'est un processus incroyablement long et fastidieux. Je voulais quelque chose de simple pour débuter et puisque c'est ce à quoi je consacre une partie non négligeable de mon temps ces jours-ci, j'ai commencé à écrire des outils de hacking et de réseau pour la console, fixant mon premier objectif : un scanner de ports TCP.\n\nEt ensuite, une fois que cela à fonctionné, j'ai visé plus grand.\n\nCe que je voulais créer, c'était mon propre appareil de type Flipper Zero, via un logiciel intégré dans le corps d'une PlayStation Vita à l'air innocent.\n\nSuivez-moi dans cette aventure, des bases du hacking de consoles PlayStation jusqu'au développement d'outils de sécurité offensive ! SUMMARY:TALK: De la PS Vita au Flipper Zero en quelques milliers de lignes de code ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/lelab/#talk-de-la-ps-vita-au-flipper-zero-en-quelques-milliers-de-lignes-de-code END:VEVENT BEGIN:VEVENT UID:2403 DTSTAMP:20260623T103934 DTSTART:20260627T103000 DTEND:20260627T113000 LOCATION:Salle Louis Armand s3 DESCRIPTION:Lorand Bodo is an international civil servant at the International, Impartial and Independent Mechanism for Syria (IIIM), where he works as an Internet Resources Analyst. In a personal capacity, Lorand Bodo will discuss the role of open source investigations in accountability efforts at the international level, drawing on practical experience in building investigative capacity, developing analytical workflows, and training initiatives. The talk will highlight how organizations can leverage open sources to support evidence-based investigations. SUMMARY:TALK: From Open Data to Evidence ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/osint/#talk-from-open-data-to-evidence END:VEVENT BEGIN:VEVENT UID:2270 DTSTAMP:20260612T155536 DTSTART:20260627T110500 DTEND:20260627T112500 LOCATION:Amphithéâtre Gaston Berger DESCRIPTION:On va parler crypto, finances, et gros sous. Ce talk ne sera pas enregistré. Pas... SUMMARY:Crypto-surprise ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/conferences/#crypto-surprise-charlie-bromberg END:VEVENT BEGIN:VEVENT UID:2318 DTSTAMP:20260615T180202 DTSTART:20260627T104500 DTEND:20260627T110500 LOCATION:Amphithéâtre Gaston Berger DESCRIPTION:Oubliez les communiqués de presse lissés et les présentations institutionnelles : en coulisses, une attaque... SUMMARY:Gestion de crise at scale : le cas Leboncoin - Zak ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/conferences/#gestion-de-crise-at-scale-le-cas-leboncoin-zak END:VEVENT BEGIN:VEVENT UID:2254 DTSTAMP:20260622T183454 DTSTART:20260627T100000 DTEND:20260627T105500 LOCATION:leLAB Village Hardware DESCRIPTION:BADGE FCSC – Soudure d'un badge lumineux capacitif\n\nVenez découvrir la soudure en assemblant un badge lumineux capacitif.\n- Soudure d'un microcontrôleur et de 8 LED (composants de surface) au fer à souder, à l'air chaud ou à la plaque chauffante.\n- Programmation du microcontrôleur avec un micrologiciel WLED pré-configuré.\n\nCe projet de soudure est volontairement gardé simple pour être accessible aux novices. Les sources de ce badge sont disponibles sur https://github.com/FCSC-FR/hackropole-badge.\n\n\n\nATELIER MESURES\n\nDécouverte et expérimentation autour des instruments de labo :\n- oscilloscope MSO, analyse logique, décodage de protocoles,\n- génération de signaux, glitches, runt pulses, bruit, triggers,\n- radio / signaux numériques selon les envies et le chaos ambiant.\n\nMatériel principal : Oscilloscope MSO Rohde & Schwarz RTB2K-COM4, Batronix MSO DemoBoard Pico, Saleae Logic Pro 16. SUMMARY:WORKSHOP: Badge Hackropole + Atelier mesures ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/workshops/#workshop-badge-fcsc-atelier-mesures-6 END:VEVENT BEGIN:VEVENT UID:2241 DTSTAMP:20260621T200406 DTSTART:20260627T103000 DTEND:20260627T105000 LOCATION:Salle 3 niveau S3 DESCRIPTION:Finding CVEs in open-source projects or bug bounty programs has become extremely competitive. This talk shows an alternative path: hardware and IoT targets that nobody wants to analyze. With minimal budget and basic tools, I will explain how hardware hacking can help you get your first CVE. SUMMARY:TALK: Getting your first CVE with hardware hacking (the easy way) ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/lelab/#talk-getting-your-first-cve-with-hardware-hacking-the-easy-way END:VEVENT BEGIN:VEVENT UID:2184 DTSTAMP:20260517T094244 DTSTART:20260627T100000 DTEND:20260627T104500 LOCATION:Amphithéâtre Gaston Berger DESCRIPTION:Fifteen years ago, compromising an organization could be as simple as walking through the front door with confidence, dropping a USB drive in a parking lot, or sending a poorly crafted phishing email. At NDH2K11, Jayson E. Street demonstrated just how easily organizations could be compromised using little more than human trust and a bit of creativity.\n\nFast-forward fifteen years. The technology landscape has transformed—AI-generated voices can impersonate executives, phishing campaigns are automated at scale, and attackers now leverage OSINT and generative technologies that dramatically lower the barrier to entry.\n\nYet despite this technological evolution, one uncomfortable truth remains: the fundamental weaknesses, attackers exploiting humans have not changed.\n\nIn this retrospective talk, Jayson revisits real examples from his early work compromising banks and organizations through social engineering and physical infiltration, comparing them to modern attacks involving phishing, vishing, and AI-driven deception. Through stories, demonstrations, and lessons learned across more than a decade of adversarial testing, he shows how attackers continue to succeed not because of cutting-edge exploits—but because organizations still rely on the same fragile assumptions about trust, process, and human behavior.\n\nThe session concludes by challenging the industry’s traditional approach to security validation and introduces a modern framework for adversarial simulation designed to help organizations experience real-world attacks safely before criminals deliver them for real.\n\nAfter fifteen years of evolving tools, tactics, and technology, the biggest lesson may be the simplest one:\n\nAttack methods change.\n\nHuman nature does not. SUMMARY:From NDH2K11 to LeHack XXVI: A 15 year Retrospective… or Oh my how things (really haven’t) changed!” - Jayson E. Street ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/conferences/#from-ndh2k11-to-lehack-xxvi-a-15-year-retrospective-or-oh-my-how-things-really-havent-changed END:VEVENT BEGIN:VEVENT UID:2240 DTSTAMP:20260621T200438 DTSTART:20260627T100000 DTEND:20260627T102000 LOCATION:Salle 3 niveau S3 DESCRIPTION:Le keylogger physique est un outil incontournable de l'arsenal Red Team, permettant de profiter d'une intrusion physique réussie afin de collecter facilement des informations sensibles (e.g. mots de passe, noms de serveurs ou d'application critiques, données confidentielles).\n\nPourtant, les solutions existantes montrent rapidement leurs limites : stockage des logs en clair, Wi Fi impossible à désactiver, nécessité de pré-configurer le mappage clavier et absence de plans de circuit imprimé (e.g. fichiers Gerber) permettant de reproduire le PCB.\n\nCes limites sont en outre accentuées, pour les produits commerciaux, par un coût d'achat souvent élevé et l'impossibilité d'accéder au code source, rendant impossible l'audit du firmware et l'ajout de nouvelles fonctionnalités. Plusieurs modèles très répandus sont par ailleurs déjà connus, dans la littérature, pour contenir une backdoor non documentée.\n\nDurant ce talk, je proposerai une approche alternative avec KeyProxy, un keylogger physique conçu spécifiquement pour des engagements de Red Team, dont l'objectif est d'être exploitable sur le terrain tout en respectant des contraintes de sécurité fortes (e.g. utilisation de composants facilement accessibles, stockage chiffré des frappes, fonctionnement agnostique du mappage clavier).\n\nAu-delà de l'outil lui-même, ce talk présentera également le fonctionnement du protocole USB HID ainsi qu'un retour d'expérience offensif sur l'usage réel des keyloggers physiques en intrusion. SUMMARY:TALK: KeyProxy : un keylogger physique sécurisé et open-source conçu pour la Red Team ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/lelab/#talk-keyproxy-un-keylogger-physique-securise-et-open-source-concu-pour-la-red-team END:VEVENT BEGIN:VEVENT UID:2402 DTSTAMP:20260624T100447 DTSTART:20260626T180000 DTEND:20260626T210000 LOCATION:Salle Louis Armand s3 DESCRIPTION:Help find the missing. Join the Trace Labs Search Party CTF at leHACK! The Trace Labs Search Party is a unique OSINT CTF where participants investigate real missing persons cases using open-source intelligence techniques. The intelligence gathered during the event is shared with partner organizations assisting families and law enforcement. Free and exclusively available to in-person leHACK attendees. Come learn, collaborate, and put your OSINT skills to work for a meaningful cause. A huge thank you to LGDD for supporting the event and serving as Trace Labs Coaches. SUMMARY:CTF: Tracelabs Search Party ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/osint/#ctf-tracelabs-search-party END:VEVENT BEGIN:VEVENT UID:2359 DTSTAMP:20260618T064931 DTSTART:20260626T170000 DTEND:20260626T200000 LOCATION:Workshop zone DESCRIPTION:Red Team Alliance is coming to LeHack Paris! Ever wondered what physical penetration testers actually... SUMMARY:Lockpicking with the Red Team Alliance. #2 ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/workshops/#lockpicking-with-the-red-team-alliance-copy END:VEVENT BEGIN:VEVENT UID:2198 DTSTAMP:20260624T071450 DTSTART:20260626T183000 DTEND:20260626T191500 LOCATION:Amphithéâtre Gaston Berger DESCRIPTION:Together, we'll explore what lies behind the sale of vulnerability, a reality often far removed... SUMMARY:<undisclosed> - x86 ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/conferences/#x86-temp-placeholder END:VEVENT BEGIN:VEVENT UID:2179 DTSTAMP:20260517T101037 DTSTART:20260626T180500 DTEND:20260626T182500 LOCATION:Amphithéâtre Gaston Berger DESCRIPTION:Modified drone companion apps claiming to unlock FCC transmission modes are widely circulated among hobbyist communities, yet their internal mechanisms remain largely undocumented. This talk presents a reverse engineering case study of such a patched Android application, revealing how runtime instrumentation frameworks—specifically Frida—are embedded and abused to dynamically alter application behavior.\n\nThrough differential APK analysis, deobfuscation of injected JavaScript Frida payloads, and inspection of native libraries, we uncover a full instrumentation pipeline designed to hook critical Java class methods to bypass regulatory constraints. The session concludes with a discussion on technical limitations, potential firmware-level barriers, and implications for mobile app integrity. SUMMARY:Reverse Engineering of FCC Unlocks in DJI Fly clones - Klcium ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/conferences/#reverse-engineering-of-fcc-unlocks-in-dji-fly-clones END:VEVENT BEGIN:VEVENT UID:2180 DTSTAMP:20260517T093154 DTSTART:20260626T174500 DTEND:20260626T180500 LOCATION:Amphithéâtre Gaston Berger DESCRIPTION:What if the backdoor phase required no code at all?\n\nLast year at leHack, I introduced a framework for reasoning\nabout unconventional persistence — backdoors built from\nconfiguration and trust rather than malware. The audience\nasked for more demos, more operational reality.\n\nThis talk delivers. Through live demonstrations on realistic\nenvironments, we show how subtle, codeless modifications to\na system can create invisible conditions for future\ncode execution — triggered later through channels no\ndefender would think to suspect.\n\nNo binary, no shell, no payload on disk. Just\nchanges that look benign, pass audits, and wait patiently.\n\nBuilt from tested tradecraft, real red team operations, and\nongoing research. SUMMARY:The Art of Staying In, Part II: Target Weakening - m101 ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/conferences/#the-art-of-staying-in-part-ii-target-weakening END:VEVENT BEGIN:VEVENT UID:2253 DTSTAMP:20260622T181615 DTSTART:20260626T170500 DTEND:20260626T175500 LOCATION:LeLAB village hardware Salle C et D niveau S2 DESCRIPTION:- Installer le DigiLab sur son Flipper Zero\n- Tour d'horizon et limitations\n- Détecter des grandeurs\n- Configurer les retours sensoriels\n- Aller plus loin\n\nMatériel nécessaire : Un Flipper Zero par personne, installation propre. SUMMARY:WORKSHOP: Explorer les signaux avec le DigiLab ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/workshops/#workshop-explorer-les-signaux-avec-le-digilab END:VEVENT BEGIN:VEVENT UID:2239 DTSTAMP:20260621T194558 DTSTART:20260626T170500 DTEND:20260626T175500 LOCATION:Room 3 niveau S3 DESCRIPTION: SUMMARY:TALK: outil de bypass de protection JTAG (théorie) ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/lelab/#talk-outil-de-bypass-de-protection-jtag-theorie END:VEVENT BEGIN:VEVENT UID:2172 DTSTAMP:20260612T084715 DTSTART:20260626T170000 DTEND:20260626T174500 LOCATION:Amphithéâtre Gaston Berger DESCRIPTION:Est ce que le reverse c’est IDA, R2, Frida, Ghidra, QEMU, et bien d’autres ? Non, c’est tout ça, et tout ça ce n’est pas le secret que l’on veut découvrir, la DRM que l’on veut casser, ce n’est que le moyen. Aujourd’hui, après Dexcalibur, et plus de 5 ans de développement nous libérons en open source Reversense, une plateforme d’automatisation du reverse qui crée une projection de votre application mobile ou votre binaire dans une représentation \nuniverselle interrogeable, analysable et exécutable. Reversense offre une interface graphique permettant de naviguer et analyser la projection de l’application, statiquement ou à travers les exécutions, ainsi que de \nnombreuses fonctionnalités en dehors du champ des outils traditionnels : automatisation du parcours de l’interface, génération et édition automatique des hooks Frida qui vont muter d’une exécution à l’autre, instrumentation cross-process ou cross-device, fuzzing inapp, gestion \nd’une ferme de téléphones, …\n\nLe talk présente l’outil - l’idée et l’usage - mais surtout comment nous avons repensé le métier de reverser à une ère où le binaire est omniprésent, le temps pour reverser toujours plus réduit mais où nous voulons garder du plaisir. SUMMARY:Reversense: One Hook, Then the Universe - Georges-Bastien Michel (@FrenchYeti) ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/conferences/#reversense-one-hook-then-the-universe END:VEVENT BEGIN:VEVENT UID:2238 DTSTAMP:20260621T200531 DTSTART:20260626T160500 DTEND:20260626T165500 LOCATION:Salle 3 niveau S3 DESCRIPTION:Vandal, c'est l'implémentation en pur C d'une plateforme d'analyse RF multi-protocoles basée sur de l'ESP32-S3.\n\nOn a soupoudré notre layer-cake cyber avec :\n- du WiFi avec injection de trames, deauth, captive_portal, sniffing, scanners et autres surprises\n- du Bluetooth BLE 5.0 avec scan de services, monitoring d'attributs et détection de security profile + bruteforce de pin\n- du Sub-GHz via CC1101, capture et replay et de beaux waterfall\n- du 2.4 GHz via Sx1280 et NRF52840 à venir\n- une couche de BadUSB HID ou MSC, complet et pilotable à distance\n- une gestion d'ADC 16 bits pour l'attaque physique et l'analyse de signaux\n- du messaging juste pour rire ou préparer l'apocalypse\n- des stupidités comme une CLI SSH embarquée vu qu'on avait trop de place\n\nPuis on a soupoudré avec du GPS pour le wardriving du pauvre, une SD-Card pour le storage offline — le tout sur un seul SoC, sans laptop hôte, pilotable à distance à l'aide de n'importe quel navigateur web.\n\nDans ce talk on va aussi parler de stack : pourquoi on a choisi une architecture event-driven autour de l'esp_event_loop, comment s'organise notre code autour de modules et de composants, et pourquoi nous avons choisi une infrastructure clients-serveur.\n\nOn terminera par un tour rapide du VANDAL Protocol qu'on s'impose entre les agents et la console. Démos live prévues, et probablement pleins de trucs qui ne fonctionneront pas comme prévu. SUMMARY:TALK: Offensive AI on ESP32: Breaking Embedded Limits ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/lelab/#talk-vandal-yet-another-dongle END:VEVENT BEGIN:VEVENT UID:2175 DTSTAMP:20260517T100635 DTSTART:20260626T163500 DTEND:20260626T165500 LOCATION:Amphithéâtre Gaston Berger DESCRIPTION:Espressif designs small, low-cost system-on-chips primarily intended for wireless connectivity such as Wi-Fi and Bluetooth Low Energy. These SoCs are widely used as the networking and control component in IoT and embedded products, handling external inputs, protocol parsing, and communication with the rest of the system. Espressif has publicly reported cumulative shipments on the order of one billion chips, with hundreds of millions of devices deployed in the field, making vulnerabilities in shared firmware components a product-scale security concern rather than an isolated implementation detail.\n\nIn this talk, we present a set of real security vulnerabilities identified in Espressif’s software development kit (SDK) and USB stack. Rather than focusing on vulnerability counts, we explain how we deliberately filtered out noise to concentrate on issues that are reachable, cross trust boundaries, and have realistic security impact in shipped products.\n\nWe briefly introduce the analysis approach that enabled this triage, including graph-based code exploration, backward slicing from security-sensitive operations, reachability and exploitability reasoning, and threat-model awareness. We then deep-dive into a USB vulnerability, walking through the vulnerable code path, violated assumptions, and attacker-controlled inputs. Where available, we present ongoing exploitation work and discuss the practical challenges and constraints of turning such bugs into reliable exploits on embedded targets.\n\nFinally, we connect these findings to real-world Espressif-based products, illustrating how low-level firmware vulnerabilities can propagate to product-level security risks. We conclude with lessons learned for embedded developers and security engineers on how to reason about exploitability, prioritization, and impact in modern IoT and embedded software stacks. SUMMARY:From USB to ESP: Security Vulnerabilities in Espressif Firmware - Maxime Rossi Bellom & Ramtine Tofighi Shirazi ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/conferences/#from-usb-to-esp-security-vulnerabilities-in-espressif-firmware END:VEVENT BEGIN:VEVENT UID:2252 DTSTAMP:20260622T183517 DTSTART:20260626T160500 DTEND:20260626T165500 LOCATION:leLAB Village Hardware DESCRIPTION:BADGE FCSC – Soudure d'un badge lumineux capacitif\n\nVenez découvrir la soudure en assemblant un badge lumineux capacitif.\n- Soudure d'un microcontrôleur et de 8 LED (composants de surface) au fer à souder, à l'air chaud ou à la plaque chauffante.\n- Programmation du microcontrôleur avec un micrologiciel WLED pré-configuré.\n\nCe projet de soudure est volontairement gardé simple pour être accessible aux novices.\n\n\n\nATELIER MESURES\n\nDécouverte et expérimentation autour des instruments de labo : oscilloscope MSO, analyse logique, décodage de protocoles, génération de signaux, glitches, runt pulses, bruit, triggers, radio / signaux numériques selon les envies et le chaos ambiant. SUMMARY:WORKSHOP: Badge Hackropole + Atelier mesures ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/workshops/#workshop-badge-fcsc-atelier-mesures-5 END:VEVENT BEGIN:VEVENT UID:2186 DTSTAMP:20260517T100514 DTSTART:20260626T161500 DTEND:20260626T163500 LOCATION:Amphithéâtre Gaston Berger DESCRIPTION:WSO2 products (API Manager, Identity Server) are massively deployed \nacross critical infrastructure (banking, insurance, defense, government) \nin France and worldwide. During offensive security engagements at \nAmbionics Security (LEXFO), we discovered over a dozen critical 0-day \nvulnerabilities in WSO2's shared Java codebase and achieved RCE on \ndozens of client instances across French organizations.\n\nThe vulnerabilities span the full spectrum: authentication bypasses via \npath parameter confusion, full-control SSRF through a 2008-era legacy \nproxy, systemic CSRF on every SOAP administration service, account \ntakeover via flawed password reset logic, and multiple RCE vectors \nthrough Siddhi Streaming SQL, H2 database UDFs, SQLite file-write to JSP \nwebshell, and unsandboxed JavaScript execution in the JVM.\n\nBut the real challenge came next. Facing a properly hardened deployment \n(management console firewalled off, no admin ports exposed, zero \noutbound connectivity), we chained 7 N-days into a single-request \nunauthenticated RCE through the only reachable endpoint: the API Gateway \nHTTPS port. The chain combines blind XXE, SSRF relay, HTTP request \nsmuggling via CRLF injection in Axis2 headers, and privilege escalation \ninto a reliable exploit against near-current WSO2 versions.\n\nPacked with Java web exploitation tricks, the talk concludes with a live \ndemo: one request, seven vulnerabilities, a reverse shell. SUMMARY:Attacking WSO2: 0-Days and N-Day Chains for Pre-Auth RCE on Enterprise Java - Noel MACCARY ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/conferences/#attacking-wso2-0-days-and-n-day-chains-for-pre-auth-rce-on-enterprise-java END:VEVENT BEGIN:VEVENT UID:2400 DTSTAMP:20260623T103931 DTSTART:20260626T153000 DTEND:20260626T163000 LOCATION:Salle Louis Armand s3 DESCRIPTION:As the mandate of Reporters sans frontières (RSF) has expanded, the organization launched its own investigations desk in 2022. Today, RSF is allocating dedicated resources and building innovative partnerships to take a deep dive into crimes committed against journalists, expose disinformation and propaganda operations, investigate the misuse of surveillance technologies, and shed light on the forces undermining media independence and pluralism. OSINT techniques have become part of RSF’s everyday investigative toolkit. This conference will offer a first glimpse behind the scenes of RSF’s investigative work: how facts are tracked and turned into impactful stories. SUMMARY:TALK: Fight for Facts! Investigations at Reporters Without Borders (RSF) ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/osint/#talk-fight-for-facts-investigations-at-reporters-without-borders-rsf END:VEVENT BEGIN:VEVENT UID:2196 DTSTAMP:20260526T085107 DTSTART:20260626T153000 DTEND:20260626T161500 LOCATION:Amphithéâtre Gaston Berger DESCRIPTION:Throughout this presentation we’d like to expose Qilin’s methodology, from compromising victims to exfiltration. We’ll... SUMMARY:The Hidden Agenda: Exposing Qilin Ransomware Operations - Glacius_ ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/conferences/#pas-besoin-detre-un-mytho-pour-faire-de-loffensif-temp END:VEVENT BEGIN:VEVENT UID:2358 DTSTAMP:20260618T064239 DTSTART:20260626T130000 DTEND:20260626T160000 LOCATION:Workshop Room 4 (S3) DESCRIPTION:Red Team Alliance is coming to LeHack Paris! Ever wondered what physical penetration testers actually... SUMMARY:Lockpicking with the Red Team Alliance. ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/workshops/#lockpicking-with-the-red-team-alliance END:VEVENT BEGIN:VEVENT UID:2251 DTSTAMP:20260622T183645 DTSTART:20260626T150500 DTEND:20260626T155500 LOCATION:leLAB Village Hardware DESCRIPTION:BADGE FCSC – Soudure d'un badge lumineux capacitif\n\nVenez découvrir la soudure en assemblant un badge lumineux capacitif.\n- Soudure d'un microcontrôleur et de 8 LED (composants de surface) au fer à souder, à l'air chaud ou à la plaque chauffante.\n- Programmation du microcontrôleur avec un micrologiciel WLED pré-configuré.\n\nCe projet de soudure est volontairement gardé simple pour être accessible aux novices.\n\n\n\nATELIER MESURES\n\nDécouverte et expérimentation autour des instruments de labo : oscilloscope MSO, analyse logique, décodage de protocoles, génération de signaux, glitches, runt pulses, bruit, triggers, radio / signaux numériques selon les envies et le chaos ambiant. SUMMARY:WORKSHOP: Badge Hackropole + Atelier mesures ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/workshops/#workshop-badge-fcsc-atelier-mesures-4 END:VEVENT BEGIN:VEVENT UID:2237 DTSTAMP:20260622T160501 DTSTART:20260626T150500 DTEND:20260626T155500 LOCATION:Salle 3 niveau S3 DESCRIPTION:Depuis deux ans et demi, Evil-M5Project transforme les produits M5Stack notament le Cardputer en couteau... SUMMARY:TALK: ESP32 au-delà des limites ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/lelab/#talk-esp32-au-dela-des-limites END:VEVENT BEGIN:VEVENT UID:2194 DTSTAMP:20260517T095941 DTSTART:20260626T144500 DTEND:20260626T153000 LOCATION:Amphithéâtre Gaston Berger DESCRIPTION:Whilst organisations and individuals continue to heavily focus on digital initial access vectors, many continue... SUMMARY:Overcast Panda - Jake Lomas & Antoine Vianey-Liaud ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/conferences/#overcast-panda-temp END:VEVENT BEGIN:VEVENT UID:2398 DTSTAMP:20260623T103930 DTSTART:20260626T143000 DTEND:20260626T153000 LOCATION:Salle Louis Armand s3 DESCRIPTION:This session dives into China’s OSINT ecosystem: how public and private actors intertwine to equip the Party-state with powerful capabilities to collect and exploit publicly available data. We’ll unpack the tools, workflows, and partnerships that sustain this system, with a particular focus on how information is extracted and processed from Chinese sources SUMMARY:TALK: Decoding China’s OSINT Ecosystem ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/osint/#talk-decoding-chinas-osint-ecosystem END:VEVENT BEGIN:VEVENT UID:2250 DTSTAMP:20260622T183719 DTSTART:20260626T140500 DTEND:20260626T145500 LOCATION:leLAB Village Hardware DESCRIPTION:BADGE FCSC – Soudure d'un badge lumineux capacitif\n\nVenez découvrir la soudure en assemblant un badge lumineux capacitif.\n- Soudure d'un microcontrôleur et de 8 LED (composants de surface) au fer à souder, à l'air chaud ou à la plaque chauffante.\n- Programmation du microcontrôleur avec un micrologiciel WLED pré-configuré.\n\nCe projet de soudure est volontairement gardé simple pour être accessible aux novices.\n\n\n\nATELIER MESURES\n\nDécouverte et expérimentation autour des instruments de labo : oscilloscope MSO, analyse logique, décodage de protocoles, génération de signaux, glitches, runt pulses, bruit, triggers, radio / signaux numériques selon les envies et le chaos ambiant. SUMMARY:WORKSHOP: Badge Hackropole + Atelier mesures ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/workshops/#workshop-badge-fcsc-atelier-mesures-3 END:VEVENT BEGIN:VEVENT UID:2236 DTSTAMP:20260621T195942 DTSTART:20260626T143000 DTEND:20260626T145000 LOCATION:Salle 3 niveau S3 DESCRIPTION:For several years now, IoT devices have become part of our daily lives, sometimes even into our most personal spaces. Yet, they are not explored as much as they should be from a security analysis perspective, perhaps due to this plastic shell which could act as a psychological barrier.\n\n"IoT Horror Stories: Beneath the Plastic Shell" offers a hands-on account through a couple of concrete cases, highlighting the horrifying state of security of some low-cost consumer devices (products whose price does not always seem to include security).\n\nThrough these examples, this talk also aims to show that this field can be more accessible than one might think. Indeed, the large attack surface of these devices opens up numerous avenues to explore, sometimes without requiring any knowledge of electronics or hardware. SUMMARY:TALK: IoT Horror Stories: Beneath the Plastic Shell ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/lelab/#talk-iot-horror-stories-beneath-the-plastic-shell END:VEVENT BEGIN:VEVENT UID:2171 DTSTAMP:20260517T095628 DTSTART:20260626T140000 DTEND:20260626T144500 LOCATION:Amphithéâtre Gaston Berger DESCRIPTION:SAP is widely used by Fortune 500 companies and often underpins critical business processes, yet its attack surface is difficult to evaluate due to its proprietary nature. In this talk, I retrace how I approached that problem in practice: starting from a single thread and following it through reverse engineering, archive format internals, black-box fuzzing, and exploit development.\n\nAlong the way, I show how that process led to multiple vulnerabilities across different SAP components, ranging from local privilege escalation to remote unauthenticated memory corruption. I also cover the practical role LLMs played during the research, as a tool for crash triage, root-cause analysis, and exploit development. SUMMARY:Getting Lost in SAP: From LPE to Remote Memory Corruption - Tao Sauvage ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/conferences/#getting-lost-in-sap-from-lpe-to-remote-memory-corruption END:VEVENT BEGIN:VEVENT UID:2395 DTSTAMP:20260623T103930 DTSTART:20260626T133000 DTEND:20260626T143000 LOCATION:Salle Louis Armand s3 DESCRIPTION:Analyzing manipulation campaigns on social media is a complex topic, especially when you want to draw an accurate and complete picture of the operation. Inauthentic accounts and posts are diluted in a huge ocean of legitimate content, but what if we had the ability to scan the entire ocean? In this talk, we will demonstrate 4 cases where we managed to uncover influence operations by using algorithms on very large datasets, including our findings on the infamous Russian operation against the 2024 Romanian elections. SUMMARY:TALK: Needle in a haystack: influence operations hiding in a dataset of 10 million users ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/osint/#talk-needle-in-a-haystack-influence-operations-hiding-in-a-dataset-of-10-million-users END:VEVENT BEGIN:VEVENT UID:2277 DTSTAMP:20260622T180249 DTSTART:20260626T130500 DTEND:20260626T135500 LOCATION:Salle 3 niveau S3 DESCRIPTION: SUMMARY:LIVE TALK: Car Hacking ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/lelab/#live-talk-car-hacking-copy-3 END:VEVENT BEGIN:VEVENT UID:2249 DTSTAMP:20260622T160638 DTSTART:20260626T130500 DTEND:20260626T135500 LOCATION:LeLAB village hardware Salle C et D niveau S2 DESCRIPTION:- Comprendre le protocole\n- Flasher l'esp32 pour interagir avec le tag\n- Exploration des différentes fonctionnalités\n\nMatériel principal : Tag pricer, esp32 (M5Stack Cardputer ou C6). SUMMARY:WORKSHOP: Hacking de Tag ESL via esp32 ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/workshops/#workshop-hacking-de-tag-esl-via-esp32 END:VEVENT BEGIN:VEVENT UID:2276 DTSTAMP:20260627T100615 DTSTART:20260626T120500 DTEND:20260626T125500 LOCATION:Salle3 niveau S3 DESCRIPTION: SUMMARY:LIVE TALK: Car Hacking ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/lelab/#live-talk-car-hacking-copy-2 END:VEVENT BEGIN:VEVENT UID:2248 DTSTAMP:20260621T210011 DTSTART:20260626T120500 DTEND:20260626T125500 LOCATION:LeLAB village hardware Salle C et D niveau S2 DESCRIPTION:- Installer et utiliser proxmark3\n- Utiliser la CLI pour discuter avec un Tag/Lecteur\n- Clone de badges (LF, HF)\n- Tester les différentes attaques possible en NFC (relay, replay, clone, fuzz…)\n\nChallenge : Cracker plusieurs cibles, à plusieurs niveaux.\n\nMatériel principal : Handheld RFID, Cameleon, Proxmark, Flipper Zero, Cartes Magic, PN532. SUMMARY:WORKSHOP: NFC/RFID Lab ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/workshops/#workshop-nfc-rfid-lab END:VEVENT BEGIN:VEVENT UID:2393 DTSTAMP:20260623T103929 DTSTART:20260626T113000 DTEND:20260626T123000 LOCATION:Salle Louis Armand s3 DESCRIPTION:This talk will demonstrate a research project focused on transforming everyday tourist videos and walking tours into an automated investigative tool for tracking international fugitives. Attendees will discover how high-definition public footage can be leveraged for open-source intelligence, turning casual holiday backdrops into an effective search mechanism. By attending this session, you will explore a unique proof of concept for a localised facial recognition pipeline designed to scan video content for specific targets. You will walk away with a practical framework for automating target identification, understanding how open-source data can be harnessed to uncover individuals hiding in plain sight. SUMMARY:TALK: Sun, Sea, and SQLite: Open-Source Facial Recognition for Fugitive Hunting ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/osint/#talk-sun-sea-and-sqlite-open-source-facial-recognition-for-fugitive-hunting END:VEVENT BEGIN:VEVENT UID:2349 DTSTAMP:20260615T180042 DTSTART:20260626T115000 DTEND:20260626T121000 LOCATION:Amphithéâtre Gaston Berger DESCRIPTION:Dans cette conférence, l’intervenant propose une immersion dans un univers rarement visible du grand public... SUMMARY:RF : une menace invisible ? Le monde caché du TSCM - Stéphane ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/conferences/#rf-une-menace-invisible-le-monde-cache-du-tscm-stephane END:VEVENT BEGIN:VEVENT UID:2247 DTSTAMP:20260622T183759 DTSTART:20260626T110500 DTEND:20260626T115500 LOCATION:leLAB Village Hardware DESCRIPTION:BADGE FCSC – Soudure d'un badge lumineux capacitif\n\nVenez découvrir la soudure en assemblant un badge lumineux capacitif.\n- Soudure d'un microcontrôleur et de 8 LED (composants de surface) au fer à souder, à l'air chaud ou à la plaque chauffante.\n- Programmation du microcontrôleur avec un micrologiciel WLED pré-configuré.\n\nCe projet de soudure est volontairement gardé simple pour être accessible aux novices.\n\n\n\nATELIER MESURES\n\nDécouverte et expérimentation autour des instruments de labo : oscilloscope MSO, analyse logique, décodage de protocoles, génération de signaux, glitches, runt pulses, bruit, triggers, radio / signaux numériques selon les envies et le chaos ambiant. SUMMARY:WORKSHOP: Badge Hackropole + Atelier mesures ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/workshops/#workshop-badge-fcsc-atelier-mesures-2 END:VEVENT BEGIN:VEVENT UID:2275 DTSTAMP:20260622T180231 DTSTART:20260626T110500 DTEND:20260626T115500 LOCATION:Salle 3 niveau S3 DESCRIPTION: SUMMARY:LIVE TALK: Car Hacking ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/lelab/#live-talk-car-hacking-copy END:VEVENT BEGIN:VEVENT UID:2169 DTSTAMP:20260517T103521 DTSTART:20260626T113000 DTEND:20260626T115000 LOCATION:Amphithéâtre Gaston Berger DESCRIPTION:Windows shortcut (.LNK) files remain a persistent threat vector. While simple bypasses like adding spaces exist, this session reveals undocumented techniques for deceptive payload delivery and execution. We’ll explore why these methods work, the black-box research methodology used to find them, and the defensive implications. We are also introducing an open-source tool for security teams to simulate and defend against these advanced LNK-based attacks. SUMMARY:Trust Me, I'm A Shortcut: New LNK Abuse Methods - Wietze Beukema ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/conferences/#trust-me-im-a-shortcut-new-lnk-abuse-methods END:VEVENT BEGIN:VEVENT UID:2391 DTSTAMP:20260623T103928 DTSTART:20260626T103000 DTEND:20260626T113000 LOCATION:Salle Louis Armand s3 DESCRIPTION:AI agents are starting to change OSINT work, not because they replace analysts, but because they can take over parts of the research loop: searching, extracting, comparing sources, drafting briefs, and leaving traces that a human can inspect. This talk presents a practitioner’s view of that shift. It starts with the evolution of cyber horizon scanning from framework-based research and OSINT, to field intelligence and LLM-assisted synthesis, and now to supervised agentic workflows. Using the example of vulnerability research, it will discuss possible architectures built with currently available tools: local agents, web search, controlled tool access, locally hosted language models, cloud model escalation, and evidence traces that support human review. The talk will focus on architecture, token and privacy strategy, local versus cloud model routing, harnesses, evaluation loops, and the limits of automation. It ends with the next question: once agents help govern research workflows, how do we keep human judgment visible and accountable? SUMMARY:TALK: [>_] Agents in the Basement ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/osint/#talk-_-agents-in-the-basement END:VEVENT BEGIN:VEVENT UID:2185 DTSTAMP:20260517T094917 DTSTART:20260626T104500 DTEND:20260626T113000 LOCATION:Amphithéâtre Gaston Berger DESCRIPTION:L'écosystème Microsoft Entra ID et Microsoft 365 est devenu en 2025-2026 l'épicentre des compromissions cloud en entreprise. Les rapports sont unanimes : l'identité est le premier vecteur d'attaque, et les environnements M365 représentent la surface d'attaque la plus convoitée : des APT étatiques aux opérateurs de Phishing-as-a-Service.\n\nLe talk couvrira les techniques les plus récentes et impactantes, dont l'abus FOCI (Family of Client IDs), l'extraction de tokens OAuth depuis les caches Windows (TokenBroker, WAM, Azure CLI), le contournement des politiques MFA et Conditional Access, et les angles morts de la détection. En fil rouge, une démonstration live d'OAuthBandit v2, outil open-source de post-exploitation spécialisé dans l'extraction, la validation et l'exploitation de tokens Microsoft OAuth depuis des endpoints compromis : avec le release public de nouvelles fonctionnalités avancées.\n\nCette présentation est un retour terrain brut. Basée sur des cas concrets de réponse à incident et de missions offensives sur des tenants M365 compromis, elle décortique les kill chains modernes observées en production : de l'accès initial par phishing OAuth jusqu'à la prise de contrôle complète du tenant, en passant par le mouvement latéral cloud-to-cloud et la persistence invisible.. ainsi que d’autres surprises ...\n\nL'objectif : armer les défenseurs avec la compréhension fine des TTPs modernes sur M365/Entra ID et des stratégies concrètes de détection et de réponse. SUMMARY:Entra ID & Microsoft 365 Under Siege : Autopsie des Compromissions Cloud Modernes et Stratégies de Riposte - Kondah Hamza ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/conferences/#entra-id-microsoft-365-under-siege-autopsie-des-compromissions-cloud-modernes-et-strategies-de-riposte END:VEVENT BEGIN:VEVENT UID:2246 DTSTAMP:20260621T210149 DTSTART:20260626T100000 DTEND:20260626T105500 LOCATION:LeLAB village hardware Salle C et D niveau S2 DESCRIPTION:BADGE FCSC – Soudure d'un badge lumineux capacitif\n\nVenez découvrir la soudure en assemblant un badge lumineux capacitif.\n- Soudure d'un microcontrôleur et de 8 LED (composants de surface) au fer à souder, à l'air chaud ou à la plaque chauffante.\n- Programmation du microcontrôleur avec un micrologiciel WLED pré-configuré.\n\nCe projet de soudure est volontairement gardé simple pour être accessible aux novices. Les sources de ce badge sont disponibles sur https://github.com/FCSC-FR/hackropole-badge. Il est équipé de 8 LED RGB, 9 boutons capacitifs, et une interface d'extension 3.3V (entre autre compatible Qwiic) pour libérer votre créativité !\n\n\n\nATELIER MESURES\n\nDécouverte et expérimentation autour des instruments de labo :\n- oscilloscope MSO, analyse logique, décodage de protocoles,\n- génération de signaux, glitches, runt pulses, bruit, triggers,\n- radio / signaux numériques selon les envies et le chaos ambiant.\n\nMatériel principal : Oscilloscope MSO Rohde & Schwarz RTB2K-COM4, Batronix MSO DemoBoard Pico, Saleae Logic Pro 16.\n\nLe but n'est pas juste de "voir des jolies courbes", mais surtout de comprendre comment déclencher correctement un oscillo, traquer un bug, reconnaître un vrai problème électrique, et interpréter des signaux imparfaits. SUMMARY:WORKSHOP: Badge Hackropole + Atelier mesures ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/workshops/#workshop-badge-fcsc-atelier-mesures END:VEVENT BEGIN:VEVENT UID:2199 DTSTAMP:20260526T084704 DTSTART:20260626T100000 DTEND:20260626T104500 LOCATION:Amphithéâtre Gaston Berger DESCRIPTION:Avril 2026 : Anthropic dévoile Claude Mythos, capable de trouver des 0-days dans tous les... SUMMARY:Keynote : Pas besoin d'être un Mythos pour faire de l'offensif - Patrick Ventuzelo ATTACH;FMTTYPE=image/jpeg: URL;VALUE=URI:https://lehack.org/2026/tracks/conferences/#keynot-temp-placeholder END:VEVENT END:VCALENDAR