2025 edition !
Conferences | CTF |
---|---|
9h - 18h | 20h - 6h |
Cité du vin | Les salons de la mairie |
CFP
CFP is open ! Submit your talks : staff[at]sthack[dot]fr
Program
Time | Location | Title | Author | Abstract |
---|---|---|---|---|
9:00 - 9:45 | Cité du vin | Breakfast | / | |
9:45 - 10:15 | Cité du vin | Keynote | Jeremy Fetiveau | |
10:20 - 11:05 | Cité du vin | Pivoting on Evolutions | Jared Wilson | In 2023 Mandiant released Permhash, an extensible framework to hash declared permissions to empower researchers to perform clustering, hunting, and pivoting. Permhash is currently applied to over 29 million samples. Since its release I have been using Permhash to help identify groups of functionality that are suspicious. I would like to share one highly interesting and novel permhash investigation that led to the identification of an active Android-based credential theft campaign targeting users associated with a South Asia Government and the Financial Sector. Using Permhash to perform this clustering, we identified this new malware family: SILENTSTEP. SILENTSTEP is an Android Package (APK) credential theft malware family that uses SMS for command and control. This research will include how Mandiant has closely tracked the evolutions of SILENTSTEP over the past three months and will dive into the specifics of these technical advancements - demonstrating how detection in depth can be applied to allow for persistent pursuit. |
11:10 - 11:40 | Cité du vin | Rétro-ingénierie de code Objective-C | Victor Cutillas | |
11:45 - 12:05 | Cité du vin | A look at the security model of the Trezor Safe family | Marion Lafon & Charles Christen | |
12:15 - 14:00 | TBD | |||
14:00 - 14:45 | Cité du vin | |||
14:50 - 15:25 | Cité du vin | Tesla Wallconnector | David Berard | |
15:30 - 16:15 | Cité du vin | |||
16:20 - 17:05 | Cité du vin | |||
RUMPS | Cité du vin | You | Prepare your best rump ! | |
20:00 - 6:00 | Salons de la mairie | Let's have some CTF tasks ! Beers and Food are waiting for you |
CTF
"Capture the Flag" is a kind of compeon where people can practice offensive IT security. The "Flags" are passwords participants can obtain after having successfully exploited vulnerabilities in applications specifically developed for the challenge, they simulate confidential information. The Flags cost points, and the team that earns the most of point win the compeon.
At Sthack, teams are made up of 5 members max which fight for 12 hours. The points are calculated taking account of the teams that hack the challenge (Chall01 = 50*(NbTeams-NbTeamsThatSolvedChall01)). You can expect web applications, network forensic, reverse engineering, steganography and software exploitation.
Sponsors
![]() | ![]() | |
![]() | ![]() | ![]() |
![]() | ![]() | ![]() |
![]() |