Time
Location
Title
Author
Abstract
9:00 - 9:45
Cité du vin
Breakfast
Staff
Time for cofee, "cannelés" and "chocolatines"
9:45 - 10:00
Cité du vin
Intro
Staff
We will try to write something :)
Slot 1
Cité du vin
For Science! - Using an Unimpressive Bug in EDK II To Do Some Fun Exploitation
EDK II is the public implementation of UEFI on which a large part of the OEMs rely to craft their own firmware. If a vulnerability were to be found in this project, it could become a huge problem as it could impact many devices. Or... It could be unimpressive and go totally unnoticed because nobody cares. ¯\_(ツ)_/¯ In this talk, we'll present a bug in EDK II which is difficult to leverage in real life but still quite fun to attack. We'll see how we can build an complete exploit solely based on the mechanisms that are present in the public implementation and how we can gain arbitrary code execution in SMM thanks to that.
Slot 2
Cité du vin
Post-quantum crypto is coming!
Should we care about quantum computers? What protocols could they break and not break? What is really "post-quantum crypto"? How reliable is it? Are standards already available? When will quantum computers become useful? This talk will attempt to provide answers to these questions, and more!
Slot 3
Cité du vin
Attaques DMA en pratique
Dans cette présentation nous présenterons le principe des attaques DMA (Direct Memory Access) permettant d'accéder à la mémoire RAM d'une machine (poste de travail, serveur, IoT...). L'objectif de la présentation est de détailler le fonctionnement de ces attaques, le matériel nécessaire afin d'être paré à toute situation et enfin les logiciels à utiliser. Enfin, la présentation se terminera par une présentation des contre-mesures permettant de se protéger contre ces attaques sur des OS modernes.
12:15 - 14:00
TBD
Drink and food
Staff
Of course there will be wine !
Slot 4
Cité du vin
Cyberviolences : état des lieux d'un phénomène répandu
Cyberviolences : état des lieux d'un phénomène répandu
Slot 5
Cité du vin
Trying to break randomness with statistics in less than 5minutes
Pwn2own is a bug bounty competition, many participants are present andonly the first participant gets a reward.It is important to be efficient in your research, a search time thatdoes not lead to exploitation will only be a waste of time.In this competition it is not necessary to be exhaustive but efficient,a vulnerability that cannot lead to a code execution should not beconsidered.To avoid falling into these traps we decided to target vulnerabilitieswith a high chance of leading to code execution and we wanted toindustrialize this research by automatizing it and allowing it toreproduce this search on any firmware.
Slot 6
Cité du vin
Network devices security: Identifying common attack vectors on modern network environments
Pierre Besombes
This talk will focus on the security of network devices. It will provide an overview of the different attack vectors that can be used to target network / packet processing devices, and hopefully help network and security professionals in building more accurate threat models and to better assess their security levels. The talk will also touch on how network devices work and identify some best practices for protecting against common attacks.
Slot 7
Cité du vin
A year of CLFS exploits
After a quick introduction to CLFS internals, vulnerabilities found in the wild will be described and how Microsoft patch them (and fail).Last but not least, we have identified two separate clusters of weaponized exploits that were likely developed by two separate developers, we will show the differences between these two clusters based on code artifacts / exploit strategy.
RUMPS
Cité du vin
RUMP TIME
You
Prepare your best rump !
20:00 - 6:00
Salon de la Mairie
CTF
Staff
Let's have some CTF tasks ! Beers and Food are waiting for you
.png){kind=logo}
