Workshops/tutorials
List of workshops:
- Breaking white-box crypto : no sweat
- Ivre
- Miasm
- LockPicking - Ouverture Fine
- Playing with software defined radio (SDR)
- Radare2
- Scapy hands-on
- ZAP: Zed Attack Proxy by OWASP
Breaking white-box crypto : no sweat
Description
It has never been so easy to break white-box implementations. Besides academic attacks against white-box crypto designs, we'll see how we can re-use and transpose attacks against physical smartcards to break white-box implementations. One of the attacks, the "Differential Computation Analysis", was presented at CHES2016 and the other one we'll use is the "Differential Fault Analysis". Tools are freely available on https://github.com/SideChannelMarvels.
Prerequisites
We'll do some practical exercises so to participate actively, come with a laptop able to load a Docker image. Exercises are somehow doable under Docker for Windows but it's strongly advised to use a linux-based machine, especially to run the graphical tools. Alternatively you can install directly the tools from Github but don't use those Docker images, they're not up to date, we'll provide you a fresh image.
Biography
Philippe Teuwen
and
Charles Hubain
are security researchers at Quarkslab
Twitter:
@doegox
and
@haxelion
IVRE - Large Scale Network Recon
Warning: the content of this workshop will be close to the one presented at GreHack'15. Therefore, if you already attended to it last year, we highly advise you to attend to another workshop.
Description
This workshop covers the tools used for network recon (Nmap, Zmap, Masscan) and the challenges to address to (efficiently) run country-, AS- or Internet-wide scans, depending on the scan objectives. While it focuses on the open source network recon framework IVRE, the concepts discussed can be applied using other tools.
References
- IVRE - network recon framework
- IVRE - source code, issues
- Scanning Internet-exposed Modbus devices for fun & fun
- Mining public keys with IVRE
Prerequisites
- A basic knowledge of network protocols (IP, TCP, UDP and most common applications: HTTP, DNS, etc.), Nmap and Linux is required.
- Come with a (recent enough) laptop running Linux with
- recent versions of Docker and Vagrant installed and IVRE's Docker
images downloaded (just run
for i in agent base client db web; do docker pull ivre/$i; done
) - or IVRE properly installed (we will not deal with installation issues during the workshop)
- if you have troubles getting IVRE installed on your computer, contact the developers or open an issue on Github
- recent versions of Docker and Vagrant installed and IVRE's Docker
images downloaded (just run
- Bring a USB flash drive (to exchange results with other participants).
- A remote Linux host to run scans (no scan can be run from the Internet access provided during the workshop) would be really great even if not absolutely necessary. Linode provides cheap servers you can use for that purpose; their hardware and prices are good, their staff is great and they accept network scans from their hosts provided you handle quickly abuse e-mails.
Biography
IT security research engineer at CEA/DAM, pentester, intrusion hunter, Unix & network enthusiast.
Miasm
Warning: the content of this workshop will be close to the one presented at GreHack'15. Therefore, if you already attended to it last year, we highly advise you to attend to another workshop.
Description
This Miasm workshop will focus on a real world shellcode study through three main steps:
- Symbolic execution for information retrieving;
- PE reconstruction for setting a "soft and cozy binary" for tools;
- Shellcode analysis in an emulated Windows environment for highlighting relevant information (C&C, ...) and automation.
Prerequisites
- Running a Linux environment (Host or VM)
- Having Miasm installed, with regression tests running (ie, tests/test_all.py fully working - Jittests fully working (using either gcc or tcc) , no need of llvm)
- Basic knowledge in reverse engineering field (this is not an intro to reverse, but an intro to Miasm for resolving common reverse engineering issues)
Biography
Desclaux Fabrice and Mougey Camille are the main Miasm developers.
They both work as infosec engineer at CEA/DAM, mainly working on reverse engineering topics.
Desclaux Fabrice previous talks include a presentation on reverse engineering Skype at BlackHat EU 2006 and another one on Miasm at SSTIC 2013 and 2015.
Mougey Camille previous talks include a presentation on execution trace for disobfuscation
at SSTIC 2014 and another one on DRM analysis at ReCON 2014.
Twitter: @commial
Lockpicking - Ouverture Fine
Description
This workshop is organised by OFC, in association with "L'Association des Crocheteurs de France". Come to discover how (physical) locks work, and the basis of lockpicking, in order to improve your own safety or to improve intrusion tests by adding a physical component to the global security of a system.
Prerequisites
Nothing is required for this workshop, but you are encouraged to come with
- your own lockpicking tools if you have
- your questions
Biography
Alexandre Triffault, trainer and regular lecturer specialized in lockpicking, CEO of OFC, is specialized in physical intrusion. Co-author of the book "Le manuel du serrurier", he trains professionals and forces of and Law Enforcement Agencies in order to answer their needs of protection and physical intrusion.
Radare2
Description
This radare2 workshop will focus on the basics of radare2, and how to use it in the real world through three main steps:
- "how to use and script radare2" or "Who needs a GUI anyway?"
- "practical use of radare2 to do some proper reverse engineering" or "Who needs the source code anyway?"
- "using radare2 during ctf" or "radare2, for fame, glory and shells"
Prerequisites
- Having a virtual machine : we'll give you a virtual-machine with radare2 on it.
- Being able to run `git clone https://github.com/radare/radare2 && cd radare2 && ./sys/install.sh`
- Super-basic knowledge in reverse engineering field (being able to answer the question "What is a stack and what is a register" is enough)
Biography
Julien Voisin is a long-time radare2 contributor, that did several trainings and talks about it around the world. Florent Jaquet took part in a (successful) Radare Summer of Code, implementing new features and fixing bugs.
Playing with software defined radio (SDR)
Description
How to choose a SDR? What are the major differences between an entry level software radio and a real “full fledge” SDR for field operation signal analysis? What are the main technical trends, their cost, performances and limitations? We will also compare several rigs (receivers and transmitters), either home-brewed or commercial.
References
- Spectrum Analyzer 0/3 GHz
- Power SDR Transceiver
- Signal treatment
- Initiation to SDR servers on Linux (as an example - deprecated)
Prerequisites
Participants could play with:
Biography
Marc Olanié is a journalist working for a Web magazine specialized in InfoSec (CNIS-Mag). Member of the Electrolab hackerspace in Nanterre, he coordinates radio-oriented projects.
Scapy hands-on
Description
Scapy (http://www.secdev.org/projects/scapy & https://github.com/secdev/scapy) is a powerful Python-based interactive packet manipulation program and library. It can be used to forge or decode packets for a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more.
This workshop will describe its main features step by step, and will let you explore the following topics:
- packets manipulation
- sending & receiving packets
- visualization
- IPv6 and TLS support
- implementing a new protocol
- answering machines
- automaton
- pipes
Prerequisites
- a laptop running Linux (native or virtualized)
- a fresh Scapy install from github
Biography
Guillaume Valadon is an Internet professional that works for ANSSI and holds a PhD in networking. He likes looking at data and crafting packets. In his spare time, he co-maintains Scapy and tries to learn reversing stuffs. Also, he still remembers what AT+MS=V34 means.
ZAP: Zed Attack Proxy by OWASP
Description
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.
Prerequisites
- A laptop with ZAP installed
- A VM will be provided