Skip to content
BLACKOUT

No Metadata No Problem, Predicting photo locations from pixels using AI

By FINTCH

Date: 06/07/2024
Time: 11:00 > 12:00
Location: Zone 3 - OSINT Village - Louis Armand conference stage
Field type not supported.
Field type not supported.
Field type not supported.
Have you ever wanted to find out where a photo posted online was taken? In this talk I will demonstrate the abilities of modern photo location AI systems, how they function and how you can build these AI systems for yourself. I will also give an overview of where the field of photo geolocation is […]

Cracking the Code: Decoding Anti-Bot Systems!

By FINTCH

Date: 06/07/2024
Time: 10:00 > 11:00
Location: Zone 3 - OSINT Village - Louis Armand conference stage
Field type not supported.
Field type not supported.
Field type not supported.
Web scraping is gaining momentum, particularly with the advent of Large Language Models (LLMs). Access to data is being thwarted more and more by companies implementing anti-bot protections. This talk aims to shine a spotlight on a uniquely rare subject, focusing on strategies to circumvent these mechanisms.

The XE-Files: Trust No Router

By FINTCH

Date: 05/07/2024
Time: 15:30 > 16:30
Location: Zone 3 - OSINT Village - Louis Armand conference stage
Field type not supported.
Field type not supported.
Field type not supported.
Exploring the world of compromised IOS XE devices. On the 16th October 2023 Cisco Talos shared intelligence about a handful of compromised routers discovered while resolving customer support requests. As the full story unfolded, a few backdoored devices turned into tens of thousands, and the massive mobilisation of incident response teams as patches were applied […]

Telling the big stories with a bit of help from AI

By FINTCH

Date: 05/07/2024
Time: 14:30 > 15:30
Location: Zone 3 - OSINT Village - Louis Armand conference stage
Field type not supported.
Field type not supported.
Field type not supported.
In an era where technology is reshaping the way we engage with information, the relationship between Artificial Intelligence and Journalism has become a focal point of exploration. This track will uncover the multifaceted landscape of AI’s role in journalism, offering a comprehensive examination of its potential, risks, challenges, and real-world applications through the lens of […]

Where do the guns go? Mapping Arms Flows with OSINT: Opportunities and Challenges

By FINTCH

Date: 05/07/2024
Time: 13:30 > 14:30
Location: Zone 3 - OSINT Village - Louis Armand conference stage
Field type not supported.
Field type not supported.
Field type not supported.
In light of recent political developments, the topic of tracing arms flows has gained significant interest from both researchers and the media. This talk will explore the opportunities and limitations of using Open Source Intelligence (OSINT) to track the movement of arms, both legal and illicit. The speaker will showcase projects undertaken by the Small […]

RE-TOUR DE CLEFS – L’EXPO

By lehackadmin

Start date: 05/06/2024
End date: 06/06/2024
All-day event
Location: Zone 2 - Workshop Rooms
Field type not supported.
Field type not supported.

Serrurier et collectionneur ,chercheur et grand découvreur de ces petits détails qui font la différence, Jean-christophe vous enjoint à observer en taille réelle les quelques trouvailles, réalisations et improbables Mécaniques sorties du cerveau humain aux seules fins de "hacker" les serrures du quotidien censées nous isoler en une révolution de clef.

OSINT field stories and future considerations

By FINTCH

Date: 06/07/2024
Time: 15:30 > 16:30
Location: Zone 3 - OSINT Village - Louis Armand conference stage
Field type not supported.
Field type not supported.
Field type not supported.
As we navigate through the rapidly altering landscape of Open-Source Intelligence, Nico will try to sharpen your focus on the contemporary and upcoming trends, making a deep dive into the potential that OSINT harbors. But, it's not just about the sunny side. With every stride forward, there come challenges waiting to be addressed. Through a […]

Disinformation as Infrastructure

By FINTCH

Date: 05/07/2024
Time: 10:00 > 11:00
Location: Zone 3 - OSINT Village - Louis Armand conference stage
Field type not supported.
Field type not supported.
Field type not supported.
Disinformation has flooded social networks. Once posted, it is sometimes too late to react. Investigating open sources infrastructure can help anticipate the threat. This presentation will present a return of experience on the interest of such investigations.

Open source analysis in plane crashs

By FINTCH

Date: 05/07/2024
Time: 11:00 > 12:00
Location: Zone 3 - OSINT Village - Louis Armand conference stage
Field type not supported.
Field type not supported.
Field type not supported.
For 15 years, investigation on plane crashs has accelerated thanks to collective intelligence and open source data. Xavier Tytelman, former crew member in the naval aviation and open source investigator in the fields of aeronautical and military, will describe the techniques he uses with his community, to identify the crash causes as fast as possible.

Fingerprinting at the Frontier: How Edge Cases and Ambiguities can help Attribute Digital Attacks

By FINTCH

Date: 06/07/2024
Time: 13:30 > 14:30
Location: Zone 3 - OSINT Village - Louis Armand conference stage
Field type not supported.
Field type not supported.
Field type not supported.
Can an ambiguity in a popular file format be used to geolocate customers of a spyware platform? Can an improperly handled edge case in the IP protocol illuminate exports of network attack tools? Yes, and yes! In this talk, we will present several concrete examples of what we call "fingerprinting at the frontier": building fingerprints […]

Intelligence Agencies Hosting: When Threat Intelligence and OSINT lead to delightful discoveries

By FINTCH

Date: 06/07/2024
Time: 14:30 > 15:30
Location: Zone 3 - OSINT Village - Louis Armand conference stage
Field type not supported.
Field type not supported.
Field type not supported.
This presentation will introduce the world of bulletproof hosting and Intelligence Agencies Hosting (IAH) and how it has been used by the majority of cybercriminals for decades, by both small groups and state actors. Then, we will highlight various examples where OSINT has enabled the discovery of invaluable details to attribute actions to groups, companies, […]

RUMPS Session OSINT et Hacking

By FINTCH

Date: 06/07/2024
Time: 16:30 > 19:30
Location: Zone 3 - OSINT Village - Louis Armand conference stage
Field type not supported.
Field type not supported.
More information and the rules of engagement on the dedicated page: What are RUMP SESSIONS?

Mastering Web Scraping with Scrapoxy

By FINTCH

Date: 06/07/2024
Time: 21:00 > 23:00
Location: Zone 3 - OSINT Village - Louis Armand conference stage
Field type not supported.
Field type not supported.
Field type not supported.
Join me for an incredible tutorial to unlock the full potential of Web Scraping! From novice to virtuoso, you’ll learn advanced techniques for collecting crucial datasets to train AI models. Protection Disclosed 🔒 - Overcome fingerprint challenges and anti-bot measures. - Reverse engineering protection to understand tracking signals Proxy and Browser Farms Adventure 🌐 - […]

OSINT Uncovered: Enhancing Public Investigations with the ObSINT Guidelines

By FINTCH

Date: 07/07/2024
Time: 00:30 > 02:00
Location: Zone 3 - OSINT Village - Louis Armand conference stage
Field type not supported.
Field type not supported.
Field type not supported.
An insightful workshop that delves into the world of open-source intelligence (OSINT) through the lens of the newly established "OSINT Guidelines." Developed by a consortium of experts (EU DisinfoLab, The Atlantic Council’s Digital Forensic Research Lab (DFRLab), OSINT Curious, CheckFirst, Centre for Information Resilience, OpenFacto, and Logically), these guidelines offer a comprehensive framework to elevate […]

How to OSINT in any language

By FINTCH

Date: 07/07/2024
Time: 02:00 > 04:00
Location: Zone 3 - OSINT Village - Louis Armand conference stage
Field type not supported.
Field type not supported.
Field type not supported.
Searching online in a foreign language can seem daunting to most. Others will pivot to the duo "Google Lens" and "Google Translate" which are arguably not bad. The devil, however, is always in the details which are often missed by online translation tools as well as AI. This workshop will present the fundamental steps to […]

Attack Surface Discovery with OSINT

By FINTCH

Start date: 06/07/2024
End date: 07/07/2024
Time: 23:00 > 00:30
Location: Zone 3 - OSINT Village - Louis Armand conference stage
Field type not supported.
Field type not supported.
Field type not supported.
Understanding an attack surface is a necessary first-step to for cyber-defenders looking to protect an organization. With this hands-on workshop you’ll be able to use open-source tools and data and a repeatable process to build an exhaustive list list of an organization’s assets exposed on the Internet - whether your own organization or someone else's.

OSINT et journalisme

By lehackadmin

Date: 06/07/2024
Time: 18:00 > 18:45
Location: Zone 1 - Gaston Berger conference stage
Field type not supported.
Field type not supported.
Reflets.info est un journal qui a été co-fondé par un expert en sécurité informatique et un journaliste. Aujourd'hui les actionnaires sont des journalistes et des "informaticiens talentueux". Nous mettons donc en place des outils numériques d'aide à l'investigation novateurs. Dans cette conférence, Reflets présentera deux d'entre eux. L'un sert à indexer de très gros lots […]

Clés incopiables : contournements, exceptions et paradoxes

By lehackadmin

Date: 06/07/2024
Time: 19:45 > 20:30
Location: Zone 1 - Gaston Berger conference stage
Field type not supported.
Field type not supported.
On nous parle souvent de clés brevetées, clés incopiables, à reproduction interdite ou encore de clés de sécurité. Mais qu'en est-il réellement ? Certaines clés on des billes, des aimants, des anneaux, ou encore des goupilles mobiles. Est-ce que cela complique le crochetage, l'impressionning, ou les autres techniques d'ouverture ? Et surtout, est-ce que l'utilisateur […]

Insert coin: Hacking arcades for fun

By lehackadmin

Date: 06/07/2024
Time: 19:00 > 19:45
Location: Zone 1 - Gaston Berger conference stage
Field type not supported.
Field type not supported.
Field type not supported.
Since we were children we wanted to go to the arcade and play for hours and hours for free. How about we do it now? In this talk I’m gonna show you some vulnerabilities that I discovered in the cashless system of one of the biggest companies in the world, with over 2,300 installations across […]

Take your revenge on this fucking EDR

By lehackadmin

Date: 06/07/2024
Time: 17:15 > 18:00
Location: Zone 1 - Gaston Berger conference stage
Field type not supported.
Field type not supported.
Après avoir un talk l'année dernière sur quelques techniques de contournement d'EDR (unhooking, direct syscalls), cette fois-ci nous nous focaliserons sur l'obfuscation et la post-exploitation, et nous verrons comment extraire les hash du domaine sans déclencher d'alertes au niveau de l'EDR et du SIEM !

A praise to laziness (or why hackers are awesome people) !

By lehackadmin

Date: 06/07/2024
Time: 16:30 > 17:15
Location: Zone 1 - Gaston Berger conference stage
Field type not supported.
Field type not supported.
Nous sommes tous plus ou moins paresseux. On utilise désormais des IA pour générer des textes relativement longs à partir de courts prompts, car rédiger est juste ennuyeux. On demande à ChatGPT de simplifier un long texte car on n'a pas envie de tout lire. On copie/colle du code de StackOverflow au lieu de comprendre […]

Exploration of Cellular Based IoT Technology

By lehackadmin

Date: 06/07/2024
Time: 15:30 > 16:15
Location: Zone 1 - Gaston Berger conference stage
Field type not supported.
Field type not supported.
Field type not supported.
As cellular technologies continue to become more integrated into IoT devices, there has been a noticeable lag in comprehending potential security implications associated with cellular hardware technologies. Furthermore, the development of effective hardware testing methodologies has also fallen behind. Given the highly regulated nature of cellular communication and the prevalent use of encryption, it is […]

Sending network boxes to the edge of the world for fun but mostly profit

By lehackadmin

Date: 05/07/2024
Time: 10:15 > 11:00
Location: Zone 1 - Gaston Berger conference stage
Field type not supported.
Field type not supported.
Have you ever wanted a network device that's small enough to fit in your pocket but just powerful enough for your most challenging pentests? In this talk, I'll showcase a versatile implant based on an industrial Glinet router that you can send to the edge of the world for internal network penetration tests, red team […]

REVOLUTION!!!

By lehackadmin

Date: 05/07/2024
Time: 10:00 > 10:15
Location: Zone 1 - Gaston Berger conference stage
Field type not supported.
Field type not supported.
leHACK is 20 years old. We made a full temporal loop: a full revolution. Future is bright, phear the next revolution. Maybe it's time for an evaluation and to take a moment to congratulate ourselves.

Phishing for Potential: The “RTFM” Guide to Hacking Your Brain-frame

By lehackadmin

Date: 05/07/2024
Time: 11:00 > 11:45
Location: Zone 1 - Gaston Berger conference stage
Field type not supported.
Field type not supported.
Field type not supported.
Openly neurodivergent and navigating a matrix of other personal challenges, K Melton's journey not only shatters conventional barriers but also embodies the realization of their mentor Winn Schwartau's long-standing hiring vision. Dismantling the "unhireable" notion, K reveals how unconventional talent can thrive if provided optimal operating conditions. This presentation goes beyond mere advocacy and memoir, […]

AI for Cybersecurity: Applying Machine Learning to Enhance Malware Analysis

By lehackadmin

Date: 05/07/2024
Time: 11:45 > 12:30
Location: Zone 1 - Gaston Berger conference stage
Field type not supported.
Field type not supported.
Field type not supported.
Malware continues to increase in prevalence and sophistication. VirusTotal reported a daily submission of 2M+ malware samples. Of those 2 million malware daily submissions, over 1 million were unique malware samples. Successfully exploiting networks and systems has become a highly profitable operation for malicious threat actors. Traditional detection mechanisms including antivirus software fail to adequately […]

Découverte du groupe APT-C36 sur les réseaux d’une profession libérale réglementée

By lehackadmin

Date: 05/07/2024
Time: 14:00 > 14:45
Location: Zone 1 - Gaston Berger conference stage
Field type not supported.
Field type not supported.
Depuis fin 2022, l'équipe forensics du CSIRT INQUEST analyse des attaques informatiques sur des entreprises de profession réglementée. Depuis cette date plus d'une quinzaine de cas ont été découverts. Après diverses corrélations et à l'aide de leur base CTI enrichie avec leurs recherches, il s'avère que les attaques seraient menées par le groupe APT-C-36. Cette […]

Lock designs and security vulnerabilities: What can go wrong

By lehackadmin

Date: 05/07/2024
Time: 14:45 > 15:30
Location: Zone 1 - Gaston Berger conference stage
Field type not supported.
Field type not supported.
Field type not supported.
Locks, whether mechanical, electro-mechanical, or electronic, are complicated and are designed to protect people, assets, and information. Manufacturers and designers continue to miss vulnerabilities in what they produce, which can lead to insecurity and compromise. Marc Tobias will discuss critical areas that are analyzed in his new book on the subject, and what security experts […]

Physical intrusion: Defeating On-Site Security

By lehackadmin

Date: 05/07/2024
Time: 15:30 > 16:15
Location: Zone 1 - Gaston Berger conference stage
Field type not supported.
Field type not supported.
Aujourd'hui, l'intrusion physique est devenue un sujet de plus en plus abordé dans le domaine du Pentest/Red Team. Mais quelles sont les implications concrètes de cette pratique ? Comment se prépare-t-on pour une mission de ce type ? Souvent négligée, cette facette de la sécurité présente pourtant des risques majeurs pour les entreprises. Dans ce […]

The Metawar Thesis: How To Adapt to and Coexist with the Technologies We Have Created

By lehackadmin

Date: 05/07/2024
Time: 16:30 > 17:15
Location: Zone 1 - Gaston Berger conference stage
Field type not supported.
Field type not supported.
Field type not supported.
“There are two ways to be fooled. One is to believe what isn’t true; the other is to refuse to believe what is true.” (Kierkegaard) At Le Hack 2023, Winn Schwartau introduced us to The Art & Science of Metawar: Reality Distortion, Dis-information Warfare, Cognitive Infrastructure Manipulation, and Hacking Control of the Human Experience for […]

Prism, a light BEAM disassembler

By lehackadmin

Date: 05/07/2024
Time: 17:15 > 18:00
Location: Zone 1 - Gaston Berger conference stage
Field type not supported.
Field type not supported.
BEAM (Bogdan/Björn's Erlang Abstract Machine) is a virtual machine designed by Ericsson used to run Erlang applications. We ran into such an application during an assignment and had to disassemble it as well as many libraries, and discovered that the existing tools do not produce a correct and complete disassembly. A lot of valuable information […]

Supply Chain Attack : Le cas du Registre Privé Docker

By lehackadmin

Date: 05/07/2024
Time: 18:00 > 18:45
Location: Zone 1 - Gaston Berger conference stage
Field type not supported.
Field type not supported.
Docker est aujourd'hui un outil de conteneurisation incontournable, largement adopté dans le développement logiciel. Cette expansion a souligné l'importance de sécuriser tous les composants associés, comme le registre privé Docker. Alternative au Docker Hub public, c’est une plateforme open-source où les développeurs peuvent stocker, gérer et distribuer leurs applications localement. Hélas, la documentation officielle et […]

S.E. with A.I. & Defending against it with H.I.

By lehackadmin

Date: 05/07/2024
Time: 18:45 > 19:30
Location: Zone 1 - Gaston Berger conference stage
Field type not supported.
Field type not supported.
Field type not supported.
A.I. may be seen as a cost-effective way to replace workers. We will look closer however and discover the uncomfortable truth behind A.I. and what really powers it. We will also discover how to harness the hidden power propping up A.I. for ourselves & our company’s security. One of the biggest, most advanced, and adaptive […]

The Red and the Blue: a tale of stealth and detection

By lehackadmin

Date: 06/07/2024
Time: 10:00 > 10:45
Location: Zone 1 - Gaston Berger conference stage
Field type not supported.
Field type not supported.
With the evolution of attack surfaces, attacker skills, zero-day exploits and supply chain attacks, it is no longer possible to solely rely on prevention to ensure a company's security. Therefore, it is crucial to use detection mechanisms, as well as response and investigation capabilities. After an overview of Red Team operations and the ecosystem of […]

Be better than the hacktivist: Structure a campagne of Bruteforce on OT equipment in the internet

By lehackadmin

Date: 06/07/2024
Time: 10:45 > 11:30
Location: Zone 1 - Gaston Berger conference stage
Field type not supported.
Field type not supported.
This talk is an attempt to reconstruct the technical approach that hacktivists might take to industrial control equipment. The talk is divided into 4 main parts The importance of using an isolated environment to test this exploit, with the example of an OT lab setup. Explanations of the operating principles of a PLC, and the […]

Enhancing Training and Pentesting tasks with LLMs: what can and can’t be done

By lehackadmin

Date: 06/07/2024
Time: 11:45 > 12:30
Location: Zone 1 - Gaston Berger conference stage
Field type not supported.
Field type not supported.
Au cours de ce talk nous explorerons en détail l'usage de LLMs dans le cadre du pentest et de la formation en sécurité informatique ainsi que leurs limites. C'est un retour d'expérience sur la création d'agents conversationnels permettant de remplacer des quizz ou de faire des exercices de phishing, d'assistants IA connaissant les documentations d'outils […]

Trouver sa place dans l’infosec

By lehackadmin

Date: 06/07/2024
Time: 14:00 > 14:45
Location: Zone 1 - Gaston Berger conference stage
Field type not supported.
Field type not supported.
Aaaaah l'infosec... Ce milieu truffé de codes, d’histoire, de choses à savoir, d'opportunités et de risques. Ce talk, non technique, a pour objectif de partager tout ce que j'aurais aimé savoir à mes débuts, dans la limite de mes connaissances et de mon d’objectivité (ou manque de) : études, job, freelance, salaires, communauté(s), mindset, ressources, […]

Hacking Satellites: From SDR to RCE.

By lehackadmin

Date: 06/07/2024
Time: 14:45 > 15:30
Location: Zone 1 - Gaston Berger conference stage
Field type not supported.
Field type not supported.
Durant cette conférence, nous explorerons les faiblesses des systèmes de satellites et les méthodes pour les exploiter. Nous partirons des bases, en présentant les satellites et leurs vecteurs d'attaque, pour ensuite explorer le potentiel des attaques par radio, ainsi que la recherche de vulnerabilité et leur exploitation.