Passer au contenu

 

leHACK 2025
La Singularité
Édition OBSOLESCENCE HUMAINE ACQUISE

leHACK EST TERMINÉ, à l'année prochaine !

LE LEADERBOARD DU WARGAME EST PUBLIÉ !

LE SHOPLE TALKSLE RUMPSLE WARGAMELE CRASH PARTY LE JEOPARDY

 

YOU WILL KNOW NOTHING AND BE HAPPY

Fritz Lang avec son Maschinenmensch dans Metropolis, Stanley Kubrick avec HAL dans 2001 : L'Odyssée de l'espace, Isaac Asimov dans sa série Robots ou Philip K. Dick dans Les androïdes rêvent-ils de moutons électriques ?, le film de 1983 WARGAME Film, tous ont cherché à nous avertir : l’essor d’une intelligence artificielle consciente représente une menace existentielle pour l’humanité. Vous pouvez les concevoir avec les meilleures intentions ou pour résoudre un problème, mais même en contrôlant les paramètres, des failles logiques finissent par émerger. On ne peut tout simplement pas contrôler les conséquences dans les méta-systèmes complexes. Encore moins lorsque l’on ne comprend pas pleinement pourquoi ils fonctionnent.

L’AGI intégrée aux modèles de langage est censée devenir une réalité d’ici la fin de 2025. Tout comme l’imprimerie et Internet ont provoqué des transformations sans précédent du destin humain, ce météore culturel pourrait bouleverser notre monde. Des professions comme le droit, les ressources humaines, la vidéographie, l’écriture, la comptabilité et même le développement informatique—les agents du fisc comme les fraudeurs—pourraient bientôt devenir obsolètes. Personne, parmi ceux qui construisent ces modèles, ne sait précisément ce qu’il faitLes modèles statistiques échappent à la compréhension humaine ; ils sont trop éloignés de la structure de l’esprit humain. Tout ce que l’on sait, c’est que it works.

L’IA est bien plus efficace que les humains pour ingérer un corpus de documents, elle peut parcourir une multitude de sites web en quelques heures, prédire statistiquement les passions humaines instantanées en consommant les API des réseaux sociaux et dans la foulée rédiger des plans de communication pour les contrer. Outils de décision gouvernementale. pre-cogs militaires.Une dictature parfaite.

Nous avons finalement atteint le point où tout le matériel d'entrainement généré par l'homme a été consommé. Les opérateurs de LLM n'ont pas d'autre choix que de continuer à les former sur des ensembles de données synthétiques, essentiellement des données générées par d'autres LLM. Tout comme en génétique, la consanguinité conduit à l'effondrement de l'évolution, et l' Effondrement des modèles d’IA : Les AGI débiles sont à nos portes. Que va-t-il se passer si elles alimentent des prises de décisions importantes ?

Bientôt ces IA seront des systèmes d'exploitation entiers qui liront vos intentions. Un système d’exploitation « avec une âme », comme ils disent. Ce système lira dans vos pensées, anticipera chacun de vos mouvements, des mouvements que vous n'apprendrez plus à faire vous-même. Rapidement, plus personne ne saura comment executer. Les sociétés d'IA détiendront la clé API de votre vie. Que pensez-vous qu'il adviendra si elles cessent de fournir des services ?

Nous aurons acquis notre propre obsolescence, à un prix inestimable.

Sommes-nous des doomers? Oui et non.
Nous sommes des hackers.
Les pirates informatiques sont une espèce particulière: montrez-leur une carte et ils déchiffreront ce qui se trouve au dos. L'image du recto est évidente et explicite, mais le verso peut cacher un tour de magie ou le secret d'un tricheur de casino.

C'est peut-être pour cela que la culture hacker a toujours été remplie d'anarchistes, de paranoïaques, de marginaux et de génies. On ne peut pas avoir l'avant sans l'arrière, du moins pas dans une dimension N=3 (à l'exception notable du Ruban de Möbius ). La technologie ne nous impressionne pas, nous la contrôlons. Les enjeux financiers ne nous intimident pas, nous restons l'ultime minorité.

Nous aimons les machines – et nous les détestons.

Nous sommes des hackers.

 

leHACK TRACKS

📱 APPLICATION WEB MOBILE INSTALLABLE

workshops TRACK View track >

Confessionnal ZATAZ FR

Confessionnal mobile

Le Confessionnal ZATAZ est un espace anonymisé proposé lors d'événements comme la NdH, leHack ou encore au HackFest de Québec par Damien Bancal, le fondateur de ZATAZ, permettant aux participants de transmettre en toute confidentialité leurs découvertes en cybersécurité. Les participants peuvent s'exprimer sans révéler leur identité et aider. À l’issue de l’événement, ZATAZ relaie ces signalements aux organisations concernées (startups, entreprises, institutions comme l'ANSSI), pour permettre d'aider à corriger les vulnérabilités sans exposer l’auteur. Le Confessionnal ZATAZ est un lieu sécurisé et confidentiel pour encourager le signalement responsable, loin des considérations d’identité et de reconnaissance, servant la communauté et la sécurité collective.

 ZATAZ

ZATAZ

27/06/2025

10:00 - 18:00 CAR HACKING FR CAR HACKING

Cité des sciences - Main Entrance - Outdoor Parvis Nord


Car hacking (June 27 et June 28 th- 10:00 / 18:00)


@RatZillaS will animate a permanent workshop in the outdoor space of the Cité des Sciences !
In 2023 there were 133,800 car thefts, either one car stolen every 4 minutes
The theft of hybrid or electric vehicles has increased by 70%, which proves the need to think about the safety of vehicles from their design. The connectivity of these vehicles brings comfort but also new cyber vulnerabilities. These workshops aim to shed light on the state of the threat but also parades to ensure the protection of property, people in and around these vehicles

 RatZillaS

RatZillaS

28/06/2025

10:00 - 18:00 CAR HACKING FR CAR HACKING

Cité des sciences - Main Entrance - Outdoor Parvis Nord


Car hacking (June 27 et June 28 th- 10:00 / 18:00)


@RatZillaS will animate a permanent workshop in the outdoor space of the Cité des Sciences !
In 2023 there were 133,800 car thefts, either one car stolen every 4 minutes
The theft of hybrid or electric vehicles has increased by 70%, which proves the need to think about the safety of vehicles from their design. The connectivity of these vehicles brings comfort but also new cyber vulnerabilities. These workshops aim to shed light on the state of the threat but also parades to ensure the protection of property, people in and around these vehicles

 RatZillaS

RatZillaS

14:00 - 01:00 Lockpicking- Red Team Alliance EN

Zone 2 - S3

The mission of the Red Team Alliance is to advance the discipline of security by advancing the people in security.

RTA was formed in 2017 when two consultancies recognized the critical need for mature security training and certification that transcends the traditional "brain dump" style trainings found in hotel business centers and conference rooms. In 2025, RTA expanded its mission to serve the global security community, launching region-specific training programs tailored for Europe and Australia, addressing the unique regulatory environments and security challenges in these markets.

Operating from state-of-the-art facilities in Las Vegas, NV and Fredericksburg, VA, with new training partnerships across Europe and Australia, RTA develops comprehensive programs that expose students to real-world environments as they are deployed in the field through immersive hands-on exercises and labs. This natural learning approach not only improves skill retention but bolsters confidence in the field and promotes mission success.

Led by world-renowned instructors including Babak Javadi and Deviant Ollam, RTA offers flagship courses covering Covert Methods of Entry, Physical Access Control Systems, Physical Intrusion Detection Systems, Surveillance Dynamics, and more. RTA has become an essential training provider for organizations and government customers including the FBI, NSA, DARPA, and National Defense University, as well as European and Australian security agencies.

In addition to providing advanced, practical skills, RTA maintains an established certification program offering three progressive credentials: Covert Entry Associate (CEA), Covert Entry Professional (CEP), and Covert Entry Expert (CEE). These certifications validate proficiency and help security professionals stand out in the field.

Through this integrated approach, RTA has established itself as the definitive training resource for security professionals worldwide seeking to master modern physical and electronic security vulnerabilities.

Babak Javadi
21:00 - 23:00 Network protocol abuse: driving ICS equipent mad. FR

Zone 2 - Worshop Room 4

Ce Workshop s'articulera sur les explications et l'utilisations de plusieurs librairies qui permette de s'interfacez avec de PLC (microcontrôleur programmable destiné au contrôle industriel).
Une 1ʳᵉ partie sera dédiée aux explications techniques du fonctionnement des PLC et des différents protocoles réseaux associé.
La deuxième partie sera sur "l'exploitation" et l'explication des libraires qui permette de s'interfacer avec les PLC.
Protocoles utilisés dans le workshop : - MODBUS - s7comm (siemens) - OPC UA
L'objectif de ce workshop et de démontrer la faciliter avec laquelle, on peut prendre le contrôle d'un PLC si aucune mesure de sécurité n'est appliqué, ou que des mauvaises configurations sont mises en place.
Le support du workshop sont des équipements physiques qui sont contenus dans un Lab réseaux portables. Les participants pourront se connecter au LAB via RJ45 (limiter à 5 personnes) ou par wifi (20 personnes).

Cordier Erwan

cyber-security and ICS entousiast.
21:00 - 23:55 Active Directory pwnage with NetExec FR

Zone 2 - Workshop Room 2

In this workshop, we will show you how to take advantage of NetExec to efficiently and easily compromise an Active Directory domain during an internal pentest.

A lab will be provided to each student, and the goal will be to become a domain administrator using various paths—only with NetExec! The first one to gain domain admin will be covered in glory for eternity!

In this workshop, you will learn which features to use depending on the attack you need to perform, which commands to run first, what to do when you grab credentials, etc.—all by actually doing it live. No slides, only NXC as your best friend!

This workshop is for students who have already played a little with Active Directory or for people who want to learn more about the tool and how to use it properly during an internal pentest!

 Martial Puygrenier

Martial Puygrenier

Flibustier du net ̿ ̿̿’̿’\̵͇̿̿\=(•̪●)=/̵͇̿̿/’̿̿ ̿ ̿ ̿

 Wilfried Bécard

Wilfried Bécard

Expert Sécurité @Synacktiv

 Thomas Seigneuret

Thomas Seigneuret

Red Teamer & Security researcher Maintainer of #NetExec, #DonPAPI, dploot, certsync, and all the stuff on my github repo bsky: http://zblurx.bsky.social
21:00 - 23:55 Breaking into Hades’ realm: an advanced Kerberos exploitation EN

Zone 2 - Worshop Room 3

Originally developed by MIT, Kerberos is widely used in Microsoft Active Directory environments. Therefore, this protocol is a prime target for exploitation, allowing privilege escalation as well as establishing persistence.

This workshop is designed for cybersecurity professionals who seek to deepen their understanding of Kerberos vulnerabilities and the sophisticated techniques used to exploit them. Participants will embark on a comprehensive journey on Kerberos exploitation, starting with the fundamentals of the protocol and moving swiftly into advanced attack strategies. The workshop will primarily cover:

- Abusing delegations
- Forging tickets (especially Diamond and Sapphire tickets)
- *-roasting (well-known variants as well as their newer versions, such as Kerberoasting without pre-authentication)

Throughout the workshop, participants will engage in hands-on labs to reinforce their learning. By the end of the session, attendees will possess a deep understanding of Kerberos exploitation techniques and practical knowledge to effectively conduct these attacks.
Join us to master the art of Kerberos exploitation and fortify your skills to always be Domain Admin on the first day of your pentest engagement

Requirements:
- Basic knowledge of Active Directory and Kerberos protocol
- A laptop with Exegol (https://exegol.readthedocs.io) pre-installed, with the latest nightly image already downloaded

Volker Carstein

Hacker speaker Jack of All Trades Social Engineering, OSINT, AD, TTRPG Pentester / Red Team Operator @ Bsecure / Parabellum Services

rayanlecat

Pentester
23:00 - 01:55 Initiation à la classification de malware FR

Zone 2 - Worshop Room 4

Ce workshop propose une découverte de la classification de malware, en partant des bases pour construire un système scalable de recherche et de classification.

On commencera par explorer l’intérêt de chercher des similarités entre binaires. J'aborderai les méthodes classiques de diffing binaire (BinDiff, Diaphora), avant de passer à une approche plus globale pour mesurer la similarité à grande échelle, à partir de features extraites des binaires. Les participants découvriront comment appliquer des méthodes de comparaison efficaces pour classifier de grands volumes de binaires, tout en gardant une durée de traitement réaliste.

Nous évaluerons les performances des modèles à l’aide d'outils classiques de machine learning, puis visualiserons les résultats avec des graphes (neo4j) qui donnent des résultats plus visuels. L'objectif final est de créer un outil simple de classification et de recherche de similarité basé sur Python et Docker

Valentin Lonnoy

Valentin Lonnoy, étudiant en réponse à incident à l’Université de Technologie de Troyes, participant à de nombreux CTF avec l’équipe HackUTT (président du club).

29/06/2025

00:05 - 02:00 Tracing Crypto and Understanding Context in a Decentralized World EN

Zone 2 - Workshop Rooms

This workshop introduces the fundamentals of investigating how cryptocurrency moves across wallets, smart-contracts, bridges, and exchanges. You'll learn how to follow transactions on-chain and apply OSINT techniques to extract context and potential control signals. Through hands-on examples, we’ll explore how to interpret what’s really happening behind the data in a decentralized, multi-chain ecosystem.

 Tanguy Laucournet

Tanguy Laucournet

Tanguy is a security engineer currently working as a Blockchain/OSINT expert at FuzzingLabs. He has five years of hands-on experience in blockchain technology, gained through multiple projects at leading tech companies and French research institutions. In addition to his expertise in blockchain, Tanguy possesses a deep knowledge of OSINT. At FuzzingLabs, he focuses on developing tools to facilitate investigations, profiling, and de-anonymization related to blockchains. Tanguy has also given talks and workshops at several conferences, including leHack, Hacklu, CTI Summit, and FirstCTI.

Mohammed Benhelli

Blockchain Security Expert

Jonathan Tondellier

Web3 – Osint
01:00 - 02:55 Hardware Hacking : getting a root shell via UART FR

Zone 2 - Worshop Room 2

Ever wondered how to gain root access to a device via hardware ?

Why not trying yourself ? This workshop will equip you with the skills and knowledge to understand the basics of hardware hacking . In this workshop, you may :

- Learn what UART is and why it's a crucial interface for embedded systems.
- Set Up Your Environment: Get your tools ready, including serial adapters and terminal software.
- Discover how to physically connect to a device's UART pins and establish a serial connection.
- How to interact with the device's shell and gain root access.

Noë Flatreaud

IT Consultant • Cybersecurity Researcher interested in Bitcoin and Cryptography
02:00 - 04:00 Phishing detection and investigation with OSINT feeds and free softwares. EN

Zone 2 - Workshop Rooms

--Let me show you how to detect phishing/scam campaigns by analyzing OSINT data and using open-source tools I've created myself over the last few years.

Going even further, let's discover together how to gather information or material on the actors of these campaigns, their infrastructure, the developers of phishing kits, and even the existing marketplaces to fine-tune our knowledge of these threats.

Get a machine capable of running Docker containers, or a VM image. A network connection is required, as well as basic knowledge of the UN*X shell.

 Thomas 'tAd' Damonneville

Thomas 'tAd' Damonneville

Thomas Damonneville is a security expert, founder at StalkPhish, CERT analyst. He do tools, investigations, awareness, since some years now. https://www.linkedin.com/in/thdamon/ https://bsky.app/profile/o0tad0o.bsky.social https://stalkphish.com/ https://www.linkedin.com/company/stalkphish https://bsky.app/profile/stalkphish.bsky.social
02:00 - 04:00 Apkpatcher: Reverse Engineering and Modifying Android Applications Without Rooting FR

Zone 2 - Workshop Room 4

This hands-on workshop will guide participants through the process of reverse engineering and modifying Android applications without the need for rooted devices.
I will present [apkpatcher](https://apkpatcher.ci-yow.com/) to explore various techniques to analyze, modify, and remove tracker on Android apps, focusing on practical skills that can be applied in real-world scenarios.

Understand the fundamentals of reverse engineering Android applications.
Learn to use debugging tools to analyze Android app behavior.
Bypass security mechanisms using Frida scripts.
Sniff and replay Bluetooth Low Energy (BLE) communications.
Modify Smali code to alter app functionality.
Reverse engineer native libraries used in Android apps.
Perform Man-in-the-Middle (MITM) attacks on HTTPS services.

By the end of the workshop, participants will have gained practical experience in reverse engineering and modifying Android applications. They will be equipped with the skills to analyze app security and implement modifications without requiring rooted devices.

Workshop Duration: 1.5 hours

Benoît Forgette

03:00 - 04:00 Insecure time-based secret in web applications and Sandwich attack exploitation FR

Zone 2 - Worshop Room 3

The goal of this workshop is to put ourselves in the shoes of a bug bounty researcher wishing to automate an attack scenario to the maximum of its possibilities. The scenario studied will be that of a password reset token based on a time-based secret that is not cryptographically secure. We will look at how to construct the attack scenario and script a detection and exploitation procedure. We will then look at how to use the open source tool "Reset tolkien" to detect and exploit this type of web vulnerability.

Tom Chambaretaud

Technical Lead @YesWeHack | Bug hunter (approximately every 3 months)
03:00 - 03:55 Pentesting AWS Cloud Environments FR

Zone 2 - Worshop Room 2

Equip participants with the skills to identify and exploit vulnerabilities in AWS cloud environments, ensuring robust cloud security.
Participants will enhance their cloud security skills by gaining practical knowledge and hands-on experience identifying and mitigating vulnerabilities in AWS cloud environments.
Target Audience: Cybersecurity professionals, cloud engineers, IT administrators, and anyone interested in cloud security.- Workshop duration: 40 minutes
- Workshop language: English

Zakaria Brahimi

As a penetration tester, my day-to-day responsibilities include conducting security audits (application security, configuration review, source code review) and penetration tests on a variety of challenging environments (systems, networks, web applications, web services, mobile applications). I have also worked on several organizational security and governance projects. I am also the author of several works (conferences, practical workshops, webinars) and publications (articles, tutorials, publications) in cybersecurity. I also provide occasional training in ethical hacking and cybersecurity awareness.

conferences TRACK View track >

27/06/2025

10:30 - 11:15 From HTML Injection to Full AWS Account Takeover: Discovering Critical Risks in PDF Generation EN From HTML Injection to Full AWS Account Takeover: Discovering Critical Risks in PDF Generation

Zone 1 - Gaston Berger conference stage

Modern web applications often provide features like PDF generation to enhance user experience, but these functionalities can inadvertently introduce critical vulnerabilities when improperly secured. During a recent penetration test, we identified a severe HTML injection vulnerability in the PDF file generation feature of two separate applications. Exploiting this weakness, we demonstrated the potential to perform Server-Side Request Forgery (SSRF) attacks, enabling access to internal files and sensitive application source code. This session provides a detailed, real-world example of how a seemingly minor vulnerability can have catastrophic consequences. It emphasizes the importance of secure development practices, robust cloud configurations, and proactive vulnerability mitigation. Attendees will walk away with practical strategies to strengthen their security posture, making this talk both educational and actionable.

Raunak Parmar
11:15 - 12:00 Up and Down Technique: Exposing Hidden Data from RAG Systems EN Up and Down Technique: Exposing Hidden Data from RAG Systems

Zone 1 - Gaston Berger conference stage

Retrieval-Augmented Generation (RAG) systems have revolutionized how LLMs (Large Language Models) access "additional" knowledge, powering everything from enterprise chatbots to cutting-edge research tools. However, their architecture, designed to integrate text chunks to give additional context to prompts, also opens the door to innovative data exfiltration techniques. In this talk, titled "Up and Down Technique: Exposing Hidden Data from RAG Systems", Pedro presents a technique he discovered that enables adversaries to systematically extract sensitive information from RAG applications via prompt injection. During this talk, we’ll deep dive into the internals of RAG systems by analyzing their architecture, embeddings, vector databases, and prompt anatomy. Pedro will demonstrate, using real-world examples, how attackers can exfiltrate data from documents via carefully crafted prompt injections. More importantly, the presentation will provide a set of comprehensive mitigation strategies. Designed for red teamers, bug bounty hunters, developers, CISOs, and cybersecurity enthusiasts, this talk bridges the gap between theoretical vulnerabilities and practical, actionable defense strategies, equipping security professionals with the knowledge they need to protect modern, AI-powered applications against emerging threats.

Pedro Paniago
14:00 - 14:45 Cache me if you can, smuggling payloads via browsers caching systems FR Cache me if you can, smuggling payloads via browsers caching systems

Zone 1 - Gaston Berger conference stage

Malware deployment is a critical stage during a red team exercise, as it allows redteam operators, if performed successfully, to gain access to a target’s internal network. For a while, the easiest way of delivering malwares was to send an email with an attachment, the malware itself. Although this technique still sometimes works, blue teams are monitoring it more and more, and numerous security tools were created to block such attachments. As such, it was necessary to find others ways of delivering malwares. This presentation introduces one, cache smuggling, which leverages browser caching mechanisms to bypass traditional security defenses and deliver malwares. Additionally, we will see that such mechanisms can be used to facilitate silent reconnaissance of internal networks as well as information gathering and, finally, how you can protect your company and yourself against it.

 Aurélien Chalot

Aurélien Chalot

14:45 - 15:30 Quantum computing demystified: A beginner's guide and cybersecurity implications FR Quantum computing demystified: A beginner's guide and cybersecurity implications

Zone 1 - Gaston Berger conference stage

This talk will give an understanding of basic quantum computing principles, the importance of PQC, the role of QKD in secure communications, and the transformative impact of quantum technologies on the cybersecurity landscape. We will overview the concepts of quantum computing, by providing a foundational understanding for beginners and explore the implications for cybersecurity. 1. Basics of quantum computing: explanation of key concepts: qubits, superposition, entanglement, quantum gates. 2. Introduction to quantum programming (Q#) with simple examples 3. Quantum computing and cybersecurity: - Post-Quantum Cryptography (PQC): - Quantum Key Distribution (QKD): 4. Quantum Attacks and Cybersecurity Implications: What is possible today an in the (near) future with the threat posed by quantum computers to current encryption standards?

Robin Descamps

Robin is a consultant and ethical hacker leading and executing penetration testing, red & purple teaming, and security research projects for various clients, aiming to identify their cyber vulnerabilities and mitigate their risks. He contributed to improving the security of several companies, such as Deutsche Telekom, BMC Software, and Pydio, by uncovering and reporting multiple 0-day vulnerabilities. He recently got interest in quantum computing security, being involved in several related events. His classic background allows him to demistify quantum computing from a “classic hacker” point of view rather than a specialised researcher.
15:45 - 16:30 The Last Resort: Debugging Embedded Systems with Unconventional Methods FR The Last Resort: Debugging Embedded Systems with Unconventional Methods

Zone 1 - Gaston Berger conference stage

A debugger is always a valuable tool when searching for vulnerabilities, particularly in embedded systems where multiple peripherals may be involved. Most targets support either well-standardized debug protocols such as JTAG or SWD, or rely on proprietary alternatives. These debug ports are often locked to prevent unauthorized access. When locked, depending on the chip, it may still be possible to reactivate them by exploiting a bug. In rare cases where this is not possible, direct modification of the firmware may be an option. In such scenarios, an on-chip debugger can be implemented within the firmware itself. While potentially unstable, this type of debugger can be highly useful for firmware analysis and exploit development. This talk offers an overview of low-level concepts related to interrupts, followed by a detailed guide on building an on-chip debugger, addressing the various choices and challenges that may arise during the process. To begin with, a communication channel is required, preferably one that remains operational even during a debug interrupt. An initial breakpoint must be set on the target to trigger the debugger. A debug handler, ideally written in assembly, needs to be implemented and configured to listen for commands responsible for reading and writing memory and register contents. An intermediate server between GDB and the target must also be created. Several open-source skeletons are available to assist in this task. In addition, the talk places special emphasis on designing a lightweight debugger, as it is intended for embedded targets. It will therefore present techniques to keep the code as minimal and efficient as possible.

Vincent Lopes
16:30 - 17:15 Active Directory: Hall of Shame & Physical Pwnage FR Active Directory: Hall of Shame & Physical Pwnage

Zone 1 - Gaston Berger conference stage

Active Directory reste la cible numéro un des attaquants, et honnêtement... certaines configurations nous facilitent beaucoup trop la tâche. Dans ce talk, je vais partager une collection des pires erreurs de sécurité que j’ai rencontrées en Pentest. Au programme : un "Hall of Shame" des failles les plus ridicules, honteuses et dangereuses que l’on croise encore trop souvent : -DCSync pour tout le monde – Quand récupérer tous les hashes NTLM devient trivial -Password Policies from Hell – Des exigences tellement mauvaises qu’elles favorisent le cracking -Users’ Description WTF – Des creds en clair directement dans les champs AD -Old but Gold Protocols – NTLMv1, LDAP simple bind... du pain béni pour les attaquants -Service Accounts: The Backdoor Special – Comptes à privilèges cachés, souvent avec Kerberoasting offert -Delegation Disasters – Escalades absurdes via des délégations mal configurées -ADCS ESC1: The First Step to Total Control – Comment pwn AD avec des certificats mal configurés -Plaintext Passwords: Peak Shame – GPOs et scripts qui balancent des mots de passe en clair -GPOs That Shoot Themselves – Quand les admins se tirent une balle dans le pied Démo: Ski Resort Domain Admin Challenge Pour illustrer ces fails en action, je vous montrerai une attaque réel où l’on passe d’un simple accès sur le réseau à Domain Admin en quelques étapes, grâce à un cocktail de mauvaises configs et de relai NTLM. Bonus : "10-Minute Physical Intrusion Challenge" Parce qu’un AD mal sécurisé, c’est bien, mais si on peut aussi poser les mains sur le serveur en moins de 10 minutes, c’est encore mieux… Pourquoi ce talk ? Ce n’est pas un énième talk sur les bases d’AD. Ici, on va se moquer (gentiment) des pires fails qu’on voit en entreprise et montrer comment les exploiter efficacement. Objectif : fournir aux attaquants des techniques réelles et pragmatiques, et (pour les défenseurs dans la salle) leur donner envie de corriger ces erreurs critiques immédiatement.

 Nicolas Aunay

Nicolas Aunay

17:15 - 18:00 Keep-it-alived : Étude de la sécurité du protocole VRRP FR Keep-it-alived : Étude de la sécurité du protocole VRRP

Zone 1 - Gaston Berger conference stage

VRRP (Virtual Router Redundancy Protocol) est un protocole open standard conçu pour garantir la haute disponibilité des routeurs. Éprouvé et largement adopté, il est utilisé dans de nombreuses infrastructures réseau. Cependant, la question de sa sécurité est rarement abordée en profondeur dans les ressources disponibles en ligne. Par exemple, VRRPv2, encore très répandu aujourd'hui, propose deux modes d'authentification, dont l'un est facilement contournable. En revanche, dans VRRPv3, la fonctionnalité d'authentification a été supprimée, les auteurs du protocole estimant que la sécurité devait être gérée en amont. Dans cette présentation, j'examinerai les implications des choix de conception de VRRP en matière de sécurité et mettrai en évidence les vulnérabilités susceptibles d'en découler. Pour cela, je m'appuierai sur Keepalived, une implémentation open source populaire de VRRP. Enfin, je présenterai une faille de conception que j'ai découverte dans le protocole VRRP lui-même (RFC 9568), avec l'aide des mainteneurs du projet Keepalived. Cette vulnérabilité permet à un attaquant sur le même réseau d'usurper le rôle de routeur "master" en cas de conflit de priorité VRRP, même lorsque celle du routeur master légitime est au maximum (255). Elle a fait l'objet de l'erratum 8298, validé par l'IETF.

 Geoffrey Sauvageot-Berland

Geoffrey Sauvageot-Berland

18:00 - 18:45 Confessions of a Linux drama queen: When hackers are totally ruining your life EN Confessions of a Linux drama queen: When hackers are totally ruining your life

Zone 1 - Gaston Berger conference stage

It's one of those mornings. You just crushed your early workout, feeling all kinds of invincible, you're halfway through your first sip of coffee, mentally planning your day, when your SOC team drops a bombshell: Suspicious activity has been detected on a critical system. Suddenly, it's not the caffeine waking you up, it's sheer panic!! But let’s be real—cyber drama is inevitable. What separates the pros from the panicked is how we respond. In the Linux world, post-compromise activity isn’t just a mess; it’s a story waiting to be told. From tracking suspicious IPs and unexpected file creations to analyzing logs and identifying rogue services, our job is to piece together exactly what happened and how. Because let's face it, while trends come and go, resilience never goes out of style. Join me in this session as we turn the chaos into clarity and decode the drama, and maybe even add a little sparkle to incident response.

 Melina Phillips

Melina Phillips

18:45 - 19:30 The imposter’s guide to Hacking (With DEMOs!) EN The imposter’s guide to Hacking (With DEMOs!)

Zone 1 - Gaston Berger conference stage

"Hear from a lifelong imposter who has been fooling people for decades! Watch examples of the no talent and lack of technical knowhow Hacks using just a credit card & imagination. See a new perspective on utilizing everyday devices & toys being repurposed with almost zero modification into attack tools. Marvel at the audacity of this speaker’s declaration of his right to be called a Hacker! Then strap in as you listen to this “pick me guy’s” virtue signaling rants on subjects that he can only be considered a tangible ally on at best! Try to make it to the end of his talk where he casts judgments & harsh critiques on a community & society that is failing so many of us with nonsense standards, unseen privileges & prejudiced expectations which are only there to appease gatekeepers & bullies whose insecurities fuel the toxicity in OUR community! Oh, and there will probably be some memes so yeah I'm sure that'll help!"

 Jayson E. Street

Jayson E. Street

28/06/2025

10:00 - 10:45 Beyond Scanners: How Hands-On Recon Led Me to My First €1K Bug FR Beyond Scanners: How Hands-On Recon Led Me to My First €1K Bug

Zone 1 - Gaston Berger conference stage

In this french-language talk, I’ll share how I uncovered a €1,000 vulnerability by combining a user’s perspective with targeted technical analysis—without relying on automated scanners like Nmap or FFUF. As a new bug hunter, I explored the application’s functionality like a real user, studied its code behavior, and tested custom scripts to zero in on overlooked entry points and subtle misconfigurations. I’ll show you how adopting a user-focused mindset, backed by hands-on experimentation and minimal tooling, can reveal high-value bugs that scanners often miss. Whether you’re just starting out or looking to refine your methods, come learn why manual recon remains one of the most powerful techniques in any bug hunter’s arsenal.

Gaëtan Herfray
10:45 - 11:30 DCOM Turns 20: Revisiting a Legacy Interface in the Modern Threatscape FR DCOM Turns 20: Revisiting a Legacy Interface in the Modern Threatscape

Zone 1 - Gaston Berger conference stage

Part of Windows operating system for over 20 years, DCOM (Distributed Component Object Model) has received a lot of attention from the security research community. Ranging from lateral movement and privilege escalation to persistence techniques, DCOM is an extremely versatile attack vector. Yet, its inner workings remains unknown to many security experts. To close this knowledge gap, we will take a deep dive into DCOM latest research works — including this year's many new contributions— through practical use cases and tooling. A comprehensive testing framework will eventually be presented, enabling security researchers to build upon these previous works more effectively. At last, we will discuss practical defensive strategies, along with key insights to help security analysts effectively detect and respond to DCOM-based abuse.

Julien Bedel
11:45 - 12:30 Espilon [Unknown bot net] FR Espilon [Unknown bot net]

Zone 1 - Gaston Berger conference stage

When you hear the term **“botnet”** mentioned during a regular chat with your friends at the local coffee shop, you think of compromised computers and massive infrastructures, don't you? Well... So was I, until I found myself down the rabbit hole I want to share with you. This talk will present another way to get bots netting. A tale of cheap ESP32 microcontrollers and custom firmware to establish a gprs connection to a command & control. Execute remote commands, do surveillance and eavesdropping, exfiltrate data, or even... triangulate Bluetooth signals... ! We built a custom C2 and firmware ourselves, because why not?? I've been told that's how we become *l33t hackers* _(ツ)_/¯ Because spending far too much time developing all this wasn't enough, we now invite you to this 45-minute course on why you shouldn't trust your ESP32 too much ;)

EUN0US

offpath
14:00 - 14:45 Hacking de jeux vidéo: Casser des jeux et protéger le sien! FR Hacking de jeux vidéo: Casser des jeux et protéger le sien!

Zone 1 - Gaston Berger conference stage

Le pentest de client lourd, ça ne vous fait pas rêver? Et si au lieu de cracker un quelconque logiciel industriel on développait plutôt un petit cheat? C'est le même principe! Tour d'horizon des différentes méthodes de hacking de jeux et focus sur l'édition de la mémoire d'un process avec Cheat Engine. Du simple remplacement de valeurs jusqu'au patching d'instructions avec l'"autoassembler" Et bien sûr présentation des différentes méthodes de protections de binaires... et de leurs limitations face à un hacker déterminé!

Lucas Parsy
14:45 - 15:30 Eastern Promises: Mobile VRP Lessons For Bug Hunters EN

Zone 1 - Gaston Berger conference stage

In the past few years, we've tried our hand at Vulnerability Reward Programs of all kinds of mobile vendors’ products and attack surfaces. Like many others, we’ve encountered as many misses as hits, learning valuable lessons from the mistakes we (and sometimes the vendors) have made. In this talk, we will focus on the takeaways from all this. Some of it has got to do with how to and not to select an attack surface or a product model, how to decide what to give up on and what to double down on, and how to make the best use of the decisions that vendors communicate and the security updates they publish. To keep the content technical, we’ll go back to our vault of Android vulnerabilities and discuss some of our past VRP submissions in the context of lessons to take from them. 

Laszlo Radnai

Laszlo Radnai (Rx7) is a security researcher at TASZK Security labs. He graduated from BME with a CS MSc and developed an interest in hacking from the start of his studies. He's been hacking ever since, gaining practice from CTFs, trying himself at bug bounties, and finally going into vulnerability research as a full-time job. His software security interests evolved from cryptography, to web, to pwning. His favorite part of offensive research is "reverse engineering" the minds of the developers and figuring out what they have overlooked.

Laszlo Szapula (LaTsa)

Laszlo Szapula (LaTsa) started as an intern at TASZK Security Labs and is now a full time member of the vulnerability research team, where he converts Ghidra projects and Club Mates into reverse engineered code. He is focused on the low-level security of Android based smartphones, including the Android kernel, hypervisors, trustzones and basebands. As presenter, his experience includes delivering mobile exploitation trainings at conferences like OffensiveCon and Hardwear.io.
15:30 - 16:15 Fun with watches: hacking a 12€ smartwatch with Bluetooth Low Energy and 3 wires FR Fun with watches: hacking a 12€ smartwatch with Bluetooth Low Energy and 3 wires

Zone 1 - Gaston Berger conference stage

French company GiFi sold in 2024 and early 2025 a cheap smartwatch under its Homday Xpert brand, and we resisted as much as we could but in the end bought some of them to see what it was made of. In this talk, we will explore this smartwatch's internals, from tear-down to firmware extraction (using a weird technique exploiting a remote vulnerability combined with some electronics), to the analysis of the gathered files. We'll also dive into Chinese vendor JieLi system-on-chips and its related ecosystem, and reveal the truth no one really expected about this smartwatch (really, nobody ain't see this coming ?).

 Virtualabs

Virtualabs

Geek, Papa, hacker, quelquefois imposteur https://virtualabs.fr/

 Xilokar

Xilokar

French embedded software developper since 2005. Doing some reverse engineering and security stuff on my free time.
16:30 - 17:15 The Art of Staying In: Unconventional Backdoors on Windows and Linux FR

Zone 1 - Gaston Berger conference stage

**What if a backdoor didn't need malware, a shell, or even a running process?** This talk explores **non-traditional backdooring techniques** — built not on binaries, but on behavior. We explore how attackers leverage **configuration, environmental trust, subtle logic chains, and latent system features** to build long-term, stealthy footholds using only native system features. No payloads, no daemons — just strategic misuse of what's already there. Rather than focusing on registry keys, cron jobs, or service hijacking, we frame persistence in terms of **core primitives**: the ability to **read**, **write**, **execute**, **leak**, **deliver**, or **trigger**. These primitives can be enabled entirely through subtle, often legitimate system features — shell not always required. Some implants exist purely in configuration. Others live only in memory, or activate only when specific, attacker-controlled conditions are met. These techniques don't rely on conventional malware — and often blend into backups, trust chains, or benign system behaviors. This talk is built from tested tradecraft, real red team operations, and exploratory research. 

M101
17:15 - 18:00 GPOParser: Automating Group Policies extraction to reveal security gaps FR

Zone 1 - Gaston Berger conference stage

Group Policy Objects (GPOs) are a set of configurations applied to users and computers within a Windows domain. They allow administrators to enforce security settings, software installations, scripts, and other system policies to ensure consistency and compliance within an organization. GPOs are a fundamental and critical component in the security management of Active Directory. The enumeration of these configurations can uncover opportunities for privilege escalation or lateral movement within an Active Directory environment. However, enumerating these configurations can prove to be tedious and time-consuming: understanding the various use cases and identifying the specific targets of these policies can be complex and labor-intensive. The goal of this talk is to present a tool that automates these tasks, along with the reasons justifying the creation of such a tool. After providing context on how GPOs function, a demonstration of the tool will be given. 

Wilfried Bécard
18:00 - 18:45 Modbus, APTs, and Other Ways Humanity is F**ing Up the Climate EN

Zone 1 - Gaston Berger conference stage

Let’s face it: The apocalypse is being debugged by idiots. Picture this: A state-sponsored hacker in a tracksuit hijacks a Modbus-connected dam in 1990s-era code. A disinfo bot army blames the resulting flood on “vegan energy policies.” Meanwhile, your smart thermostat becomes a pawn in a cyberwar over Arctic oil. Welcome to 2025, where climate action is getting hacked faster than your grandma’s Facebook. In this talk, we’ll explore: - APTs’ climate kill list: Energy grids, carbon capture labs, fusion reactors—all hacked via 1970s-era code. - Why Modbus is the cybersecurity equivalent of a flip phone—and why APTs love it. Geopolitical clown shows: - Russia’s “Dark Winter” playbook: How Sandworm hijacked Modbus to freeze European cities and spark a fossil fuel revival. - China’s “Silent Grid” ops: APT41’s attacks on solar farms and EV charging networks—and the shockingly simple Modbus flaws they exploited. - The Lazarus Greenwash: North Korea’s fake ESG ransomware targeting carbon credit markets. - Iran’s “Sandstorm”: Manipulating water treatment sensors to worsen droughts in rival nations. - Stupid human tricks: From AI-powered grid attacks to hacking disaster relief drones. - How to unf* the future**: Threat hunting for climate villains, securing OT systems with duct tape and hope, and why cyber hippies might save the world. You’ll walk away with: - APTs’ TTPs for OT attacks: From Modbus MITM to PLC bricking. - How to weaponize threat intel: Correlating geopolitical events with ICS vulnerabilities. - The Future of Climate Cyberwar: AI-Driven Attacks on Hydrogen Plants, Quantum Exploits, and Why COP30 Might Become a Hacker’s Playground (Hopefully Not!)

Cybelle Oliveira
19:00 - 19:45 Ah, I see, you're a Domain Controller as well FR

Zone 1 - Gaston Berger conference stage

“They told me I could be anything I wanted—so I became a Domain Controller,” he said, with the dramatic flair of a villain revealing his masterstroke. --- Active Directory remains the beating heart of most enterprise environments. While lateral movement and privilege escalation have long been staples of security conferences, persistence techniques often fly under the radar. Among them, DCShadow stands out—a powerful yet underexplored method that has seen little evolution since its debut in 2018. This talk changes that. We’ll walk through the development of the first all-Python DCShadow proof-of-concept, a journey far more treacherous than it sounds. From protocol quirks to undocumented behaviors, this technical deep dive is packed with lessons learned, pitfalls encountered, and how they were overcome. Whether you’re a red teamer, blue teamer, researcher, or just someone fascinated by AD internals and offensive tooling, you’ll come away with a practical understanding of DCShadow and what it takes to bring a complex idea to life.

Charlie Bromberg
19:45 - 20:30 Physical Security : What you don't see… FR

Zone 1 - Gaston Berger conference stage

Comme pour le Pentest Cyber, une grande part de l'intrusion physique nécessaire à un RedTeam consiste en la préparation de l'intrusion. Alors que les technologies de protection évoluent (RF, RFID, serrures électroniques, caméras intégrant de l'IA...), les méthodes d'attaque et de Reverse Engineering évoluent aussi (Analyse mécanique, Osint, recherche de bases de données, mais également des méthodes plus poussées comme les scanners 3D ou les Rayons X). Lors de cette conférence, nous verrons essentiellement cette démarche de pré-intrusion, les méthodes de Reverse Engineering low-tech et high-tech afin de préparer au mieux une intrusion. Ces méthodes permettront de créer des outils et des approches adaptées à des serrures de bâtiment et de coffre fort, des systèmes d'organigramme ou encore des systèmes électroniques.

Mr Jack

osint TRACK View track >

27/06/2025

11:00 - 12:00 BAYBRIDGE – Anatomy of a Chinese Information Influence Ecosystem EN

Zone 3 - Louis Armand Conference Room

The Baybridge study uses OSINT to build on previous research about a large-scale Chinese online influence operation. By digging into technical and Chinese online resources, the study aims to (1) comprehensively map the online infrastructure of the network, (2) present new evidence of possible state involvement, and (3) analyze content to reveal discursive strategies, targeting methods, and the implications of Russian stakeholders. These insights aim to improve understanding of this phenomenon and combat online information manipulation.

 Côme

Côme

Côme is the Global Engagement Manager at Tadaweb, the Operating System for OSINT and PAI.

Ricci

Ricci is an analyst at Tadaweb with a background in international relations. He speaks Mandarin.
13:30 - 14:30 What can we learn about OSINT from Border Services trackers EN

Zone 3 - Louis Armand Conference Room

Robert Sell has been a certified human tracker in his capacity as a Team Leader in Search and Rescue for over a decade. Trained by border services tracking teams and Canadian Special forces, Robert has spent countless hours as a three person tracking team searching for real persons in the Pacific North West. He applies the tracker skillsets to help people improve their Open Source Intelligence Operations. As the Founder of Trace Labs he has had the opportunity to see the OSINT strategy and techniques of thousands of investigators. He uses this knowledge to compare and show best practises from the tracking field to help OSINT investigators. Robert lowers the curtain on the skillsets and approach real trackers take. This includes everything from detecting state of mind to sign cutting concepts. This talk will allow you to see what was previously invisible to you.

 Robert Sell

Robert Sell

Robert is the founder and president of the Trace Labs, a non profit organization that crowdsources open source intelligence (OSINT) to help locate missing persons. He is also the founder of his new project, the Alpha Omega Agency which focusses on teaching how to defend against corporate espionage. He has spoken at conferences and podcasts around the world on subjects such as social engineering, open source intelligence, physical security, insider threats, operational security and other topics. In 2017 and 2018 he competed at the Social Engineering Village Capture the Flag contest. He placed third in this contest (both years). In 2018, he actually ran his own Trace Labs OSINT CTF while participating (and placing 3rd) in the SECTF at Defcon Vegas. Robert is also a ten year volunteer with Search and Rescue in British Columbia, Canada. In his search & rescue capacity, Robert specializes in physically tracking lost persons and teaching first responders how to leverage OSINT. https://www.tracelabs.org/ https://www.linkedin.com/company/tracelabs/
14:30 - 15:30 UNO Reverse Card: Exposing threat actors Through Their Own Infected Devices EN

Zone 3 - Louis Armand Conference Room

This talk presents an original investigation at the crossroads of OSINT and cybercrime: the analysis of stealer logs — not from victims, but from the cybercriminals themselves.
Infostealers are malware designed to exfiltrate sensitive data to Command-and-Control (C2) servers. However, our research reveals that due to negligence or lack of operational security, some threat actors end up falling victim to their own tools. By analyzing these “leaked” or compromised stealer logs, we’ve been able to profile a wide range of actors — from inexperienced users exposing their personal credentials, to advanced operators managing multiple malware campaigns simultaneously.
Through concrete case studies, we will demonstrate how OSINT techniques can be used to turn attackers’ tools against them, exposing their practices, mistakes, and even parts of their infrastructure. This talk offers a rare behind-the-scenes look at the infostealer ecosystem and highlights how intelligence gathering can reveal the human flaws behind cybercrime.

 Estelle Ruellan

Estelle Ruellan

Estelle is a Threat Intelligence Researcher at Flare. With a background in Mathematics and Criminology, Estelle lost her way into cybercrime and is now playing with lines of codes to help computers make sense of the cyber threat landscape. Estelle presented at conferences like NorthSec2025, ShmooCon 2025, Hack.lu 2024, eCrime APWG 2024 in Boston and the 23rd Annual European Society of Criminology Conference (EUROCRIM 2023) in Florence.

 Oleg O.

Oleg O.

Oleg O. is a French cyber threat intelligence analyst specializing in Russian-speaking cybercrime and the broader Russian-language cybercriminal ecosystem. His research focuses on all aspects of this underground ecosystem, including ransomware operations, underground forums, bulletproof hosting services (BPH), illicit cryptocurrency exchanges, and money laundering techniques. He is the founder and editor of CybercrimeDiaries.com blog, where he publishes in-depth analyses and case studies based on my investigations. He is also a member of the Curated Intelligence research group, a collective of threat intelligence professionals sharing open-source research. LinkedIn: https://www.linkedin.com/in/oleg-oleg/ Blog: https://www.cybercrimediaries.com/ X/Twitter: https://x.com/Cyber_0leg
15:30 - 16:30 Hunting the Fake Brad Pitts: OSINT Against a Global Romance Scam EN

Zone 3 - Louis Armand Conference Room

In this talk, Marwan Ouarab, founder of Find My Scammer, reveals how open-source intelligence (OSINT) techniques helped him uncover the real identities behind a global romance scam in which fraudsters posed as Brad Pitt to deceive and extort victims worldwide. By tracing digital breadcrumbs, analyzing infrastructure, and pivoting through online identities, Marwan dismantled a network of scammers who operated with shocking coordination. This talk dives into the technical methods, investigative challenges, and the human stories at the heart of one of the most bizarre celebrity impersonation scams in recent years.

 Marwan Ouarab

Marwan Ouarab

Marwan Ouarab is an OSINT investigator and founder of Find My Scammer, an independent investigation unit focused on uncovering online fraud and cybercrime. He specializes in tracking digital scammers across international borders, helping victims seek justice, and raising awareness of how social engineering schemes operate. His work has led to the exposure of multiple large-scale fraud networks — including the high-profile case of scammers impersonating actor Brad Pitt to manipulate victims emotionally and financially. LinkedIn: linkedin.com/in/marwanouarab Twitter/X: twitter.com/FindMyScammer Website: findmyscammer.com
17:00 - 21:00 Tracelabs Search Party CTF IRL EN

Zone 3 - Louis Armand Conference Room

We'll be running Tracelabs Search Party CTF live in Paris during leHACK! The event will be live from 17:00 to 21:00 Paris time and will be available only for in-person attendees. More details will come soon.Cost: FreeRegistration: To be definedWe need volunteer OSINT CoachMore information : https://docs.google.com/forms/d/e/1FAIpQLScKCb7108-BxouwkQv7SHGrCbztsxFTSey45QEd-tzyzSv31A/viewform

28/06/2025

10:00 - 11:00 “AI-Freak”: An Informational Modus Operandi EN

Zone 3 - Louis Armand Conference Room

Since the disappearance of Yevgeny Prigozhin in August 2023, the future of the Wagner PMC's digital influence operations—particularly in Africa—has raised many questions. Recent analyses suggest that these activities persist, though in a transformed manner, and now appear to be integrated into the Russian state’s broader informational influence strategy.

A key player in this new dynamic is African Initiative, a Russian news agency founded in Moscow in September 2023. It presents itself as an information bridge between Russia and Africa. Through its various channels, it disseminates pro-Russian and anti-Western content in multiple languages, including French.

This talk will detail the TTPs (Tactics, Techniques, and Procedures) of the “AI-Freak” modus operandi associated with African Initiative and will showcase several original OSINT pivots used in the investigation.

 Herve Letoqueux - Viginum

Herve Letoqueux - Viginum

Hervé Letoqueux is a former judicial investigator and the founder of the association OpenFacto. He currently serves as Head of Operations at VIGINUM, a branch of the SGDSN (General Secretariat for Defence and National Security), which is responsible for detecting and analyzing foreign digital interference.  
11:00 - 12:00 Red Alert in Geneva EN

Zone 3 - Louis Armand Conference Room

The Federal intelligence service says in its annual report around 20% of Russian diplomats in Switzerland are spies. Is it possible to fact-check that using open source information or leaks ? Using the sources we found, we will try to explain our research strategy, the tools we used and who knows, find some guys or interesting profiles.

 Leo and Dimitri from Inpact

Leo and Dimitri from Inpact

Inpact is more know for their leading project All Eyes On Wagner. This project focuses on Wagner and other mercenaries: tracking their activities and verifying claims of human and economic abuses. Inpact team also focuses on investigations related to Russia and its Partners, hybrid warfare. Inpact relies on open source information and witnesses account/leads sent to the team which are collected and verified. Bluesky : @aeowinpact.bsky.social X : @aeowinpact URL : alleyesonwagner.org
13:30 - 14:30 OSINT Goes To War EN

Zone 3 - Louis Armand Conference Room

Bread & butter of defence OSINT, OSINT goes to war in the Black Sea, the risks of revealing sources, and deception & countering OSINT

 H I Sutton

H I Sutton

H I Sutton is an independent defence analyst, writer, and illustrator who specialises in unconventional naval strategy, capabilities and tactics. In particular, submarines and sub-surface systems, and the uncrewed revolution. To do this he combines the latest Open Source Intelligence (OSINT) with the traditional art and science of defence analysis. BlueSky: @covertshores.bsky.social Youtube: @HISuttonCovertShores Website: http://www.hisutton.com
14:30 - 15:30 Scraping the Chinese Internet: Challenges, opportunities and approaches EN

Zone 3 - Louis Armand Conference Room

This talk discusses web scraping techniques for the Chinese internet, covering sources like social media and official government websites. It highlights that, contrary to popular belief, China's political processes do not need to be a black box. Millions of government documents can be found online that can illuminate developments in the country, sometimes even on sensitive affairs. Web scraping techniques can help pry open this black box and help see the forest for the trees. Yet, the talk also focuses on how extensive challenges remain, ranging from geo-blocking to "real-name registration".

 Vincent Brussee

Vincent Brussee

Combining a deep understanding of China’s political and legal system with innovative data-driven approaches, Vincent Brussee helps stakeholders understand crucial developments in China and their impact on the world. His analyses have been featured in popular media like BBC World News and Foreign Policy as well as leading academic journals like The China Quarterly. Most recently, his acclaimed book Social Credit (Palgrave Macmillan, 2023) provides a fresh and engaging analysis of China’s oft-misunderstood Social Credit System.
15:30 - 16:30 OSINT & KLEPTOCRATS EN

Zone 3 - Louis Armand Conference Room

Criminals want to own their villa on french riviera or their apartment in Dubai. No need to have police powers to find out where they invest their money. It only takes some open data and OSINT technics for journalists to follow the money. This talk covers how journalists from Le Monde investigate russian oligarchs, drug traffickers and other kleptocrats real estate assets, and why open source is so important.

 Jérémie BARUCH

Jérémie BARUCH

Jeremie and Abdelhak are investigative journalists working on financial and white collars crime. They use to work on international collaborative investigations.

 Abdelhak EL IDRISSI

Abdelhak EL IDRISSI

16:30 - 18:30 Russian Embargo: How to Circumvent Sanctions EN

Zone 3 - Louis Armand Conference Room

As OSINT investigative journalists, we sometimes need to combine open-source techniques with on-the-ground reporting to take our investigations further. Journalists from the program SOURCES on ARTE.tv spent months analyzing customs records, European sanctions regulations, and the technical specifications of CNC machines, which are high-precision tools used to manufacture parts for civilian and military applications. Their investigation revealed that European machines were imported into Russia via third countries in Central Asia. However, one European company flatly denied the open-source findings and the customs records available online. That’s when journalist Maëva Poulet traveled to their headquarters. There, she accessed internal documents and used open-source data to prove that the company’s records about the machine and its destination had been forged.

Maëva POULET

Maëva Poulet is an investigative journalist specializing in OSINT techniques. She began her career in 2015 at the international news channel France 24, where she spent seven years reporting on migration in Europe and conducting open-source investigations. In 2022, she joined the CAPA agency to work on Sources, a monthly investigative magazine broadcast on ARTE.TV.
21:00 - 23:55 OSINT 101: an introduction to Windows malware analysis and OSINT EN

Zone 2 - Workshop Rooms

Join us for a thrilling workshop where you’ll learn the basics of Windows malware analysis, OSINT and CTI, by extracting interesting information from a malware and using it to track down cybercriminals.

Ever wondered how people could make malicious binaries talk? Or how from a single string in a code an analyst could find its developer’s favorite music band? We bring you the best of two worlds, malware analysis and OSINT, in this introduction workshop.

By using some basic malware analysis techniques, you’ll be able to easily extract interesting information from a malware and its functionalities. With OSINT methods, you’ll find how to use the information found in the malware to pivot on data from websites, social networks, and media to extract hidden or forgotten information on your target.

With this 3 hours workshop targeting absolute beginners, you won’t become an expert in both fields, but you’ll have the opportunity to better understand how they work and discover how they can interact with each other.

Anso

OpenFacto member and CTI analyst specialised in OSINT investigations. https://bsky.app/profile/openfacto.bsky.social https://www.linkedin.com/company/open-facto/ anso@openfacto.fr

Cora

CTI analyst specialised in malware analysis. cora.reversing@proton.me

29/06/2025

00:05 - 02:00 Tracing Crypto and Understanding Context in a Decentralized World EN

Zone 2 - Workshop Rooms

This workshop introduces the fundamentals of investigating how cryptocurrency moves across wallets, smart-contracts, bridges, and exchanges. You'll learn how to follow transactions on-chain and apply OSINT techniques to extract context and potential control signals. Through hands-on examples, we’ll explore how to interpret what’s really happening behind the data in a decentralized, multi-chain ecosystem.

 Tanguy Laucournet

Tanguy Laucournet

Tanguy is a security engineer currently working as a Blockchain/OSINT expert at FuzzingLabs. He has five years of hands-on experience in blockchain technology, gained through multiple projects at leading tech companies and French research institutions. In addition to his expertise in blockchain, Tanguy possesses a deep knowledge of OSINT. At FuzzingLabs, he focuses on developing tools to facilitate investigations, profiling, and de-anonymization related to blockchains. Tanguy has also given talks and workshops at several conferences, including leHack, Hacklu, CTI Summit, and FirstCTI.

Mohammed Benhelli

Blockchain Security Expert

Jonathan Tondellier

Web3 – Osint
02:00 - 04:00 Phishing detection and investigation with OSINT feeds and free softwares. EN

Zone 2 - Workshop Rooms

--Let me show you how to detect phishing/scam campaigns by analyzing OSINT data and using open-source tools I've created myself over the last few years.

Going even further, let's discover together how to gather information or material on the actors of these campaigns, their infrastructure, the developers of phishing kits, and even the existing marketplaces to fine-tune our knowledge of these threats.

Get a machine capable of running Docker containers, or a VM image. A network connection is required, as well as basic knowledge of the UN*X shell.

 Thomas 'tAd' Damonneville

Thomas 'tAd' Damonneville

Thomas Damonneville is a security expert, founder at StalkPhish, CERT analyst. He do tools, investigations, awareness, since some years now. https://www.linkedin.com/in/thdamon/ https://bsky.app/profile/o0tad0o.bsky.social https://stalkphish.com/ https://www.linkedin.com/company/stalkphish https://bsky.app/profile/stalkphish.bsky.social

Ils soutiennent leHACK