Skip to content

2025 edition !

ConferencesCTF
9h - 18h20h - 6h
Cité du vinLes salons de la mairie

CFP

CFP is open ! Submit your talks : staff[at]sthack[dot]fr

Program

TimeLocationTitleAuthorAbstract
9:00 - 9:45Cité du vinBreakfast/
9:45 - 10:15Cité du vinKeynoteJeremy Fetiveau
10:20 - 11:05Cité du vinPivoting on EvolutionsJared WilsonIn 2023 Mandiant released Permhash, an extensible framework to hash declared permissions to empower researchers to perform clustering, hunting, and pivoting. Permhash is currently applied to over 29 million samples. Since its release I have been using Permhash to help identify groups of functionality that are suspicious. I would like to share one highly interesting and novel permhash investigation that led to the identification of an active Android-based credential theft campaign targeting users associated with a South Asia Government and the Financial Sector. Using Permhash to perform this clustering, we identified this new malware family: SILENTSTEP. SILENTSTEP is an Android Package (APK) credential theft malware family that uses SMS for command and control. This research will include how Mandiant has closely tracked the evolutions of SILENTSTEP over the past three months and will dive into the specifics of these technical advancements - demonstrating how detection in depth can be applied to allow for persistent pursuit.
11:10 - 11:40Cité du vinRétro-ingénierie de code Objective-CVictor Cutillas
11:45 - 12:05Cité du vinA look at the security model of the Trezor Safe familyMarion Lafon & Charles Christen
12:15 - 14:00TBD
14:00 - 14:45Cité du vin
14:50 - 15:25Cité du vinTesla WallconnectorDavid Berard
15:30 - 16:15Cité du vin
16:20 - 17:05Cité du vin
RUMPSCité du vinYouPrepare your best rump !
20:00 - 6:00Salons de la mairieLet's have some CTF tasks ! Beers and Food are waiting for you

CTF

"Capture the Flag" is a kind of compeon where people can practice offensive IT security. The "Flags" are passwords participants can obtain after having successfully exploited vulnerabilities in applications specifically developed for the challenge, they simulate confidential information. The Flags cost points, and the team that earns the most of point win the compeon.

At Sthack, teams are made up of 5 members max which fight for 12 hours. The points are calculated taking account of the teams that hack the challenge (Chall01 = 50*(NbTeams-NbTeamsThatSolvedChall01)). You can expect web applications, network forensic, reverse engineering, steganography and software exploitation.

Sponsors

Sponsor the event

orangeBetclicCloudflare
NystekRandorisecSynacktiv
CarrefourQuarkslabMarl
hack4values