List of workshops:

Microsoldering workshop for bidouillerz


Ever wondered how to sniff on communications between components of, say, an IoT device? This very practical workshop will teach you how to solder 0.1 mm microwires on PCB tracks equally thin with the assistance of a microscope and how to use a logic analyzer to intercept and interpret data. You'll get plenty of time to practice under our supervision and to learn our tips & tricks.


A steady hand but no need for prior knowledge in electronics. A PC (lin/mac/win) is welcome to operate the logic analyzer, but you can also just skip the hands-on of that small part of the workshop.


Philippe Teuwen (@doegox) and Guillaume Heilles (@PapaZours) are software & hardware security researchers / engineers at Quarkslab after having spent about 15 years in the industry.

Pentesting Industrial Control Systems: Capture the Flag!


Many people talk about ICS & SCADA security nowadays, but only a few people actually have the opportunity to get their hands dirty and understand how these systems work. Have you ever wanted to know how to make a train derail, or stop a production line? Well, this workshop is made for you!

The goal of this workshop is to give you the knowledge required to start attacking SCADA networks and PLCs, and give you hands-on experience on real devices by hacking our model train!

In this workshop, we will cover the main components and the commonly associated security flaws of industrial control systems, aka SCADA systems. We will then focus on their key assets, Programmable Logic Controllers (PLCs), and discover how they work, how they communicate to learn the methods and tools you can use to pwn them.

Then we will move on to real-world by attacking real PLCs from two major manufacturers on a dedicated setup featuring robot arms and a model train! Let's capture the flag!


Alexandrine Torrents is a cybersecurity consultant at Wavestone, a French consulting company. She is specialized in penetration testing, and performed several security assessment on ICS. She worked on a few ICS models to demonstrate attacks on PLCs and she developed a particular tool to request Siemens PLCs. Moreover, she is also working at securing ICS, in the scope of the French military law, enforcing companies offering a vital service to the nation to comply to security rules.

Arnaud SoulliƩ(@arnaudsoullie) is a manager at Wavestone, performing security audits and leading R&D projects. He has a specific interest in Active Directory security as well as ICS, two subjects that tend to collide nowadays. He teaches ICS security and pentests workshops at security conferences (BlackHat Europe 2014, BSides Las Vegas 2015/2016, Brucon 2015/2017, DEFCON 24) as well as full trainings (Hack In Paris 2015).

Software-Defined Radio


This workshops is for beginners and curious in the domain of Software-Defined Radios. It will show the purpose and behaviors of oscillators, mixers and filters.

You will be making a narrow band quartz filter, attenuators, oscillators tuning, saturation level measuring, etc.

Participation fee advised, but non mandatory, as a 10€ donation to Electrolab.

No hardware required. If you have a laptop, you might install LinHPSD (compile it from source).


Marc OlaniƩ, journalist specialised in french litterature from 18th century, fell by chance in electronics when he was a child. Since, he tries to connect computers and radios in any way possible. Guilty to write articles in CNIS-Mag, he co-animates the "Software Defined Radio" section of Electrolab (Nanterre's Hackerspace). Particular signs: prefers side-channel to pass the hash, spectrum analyser to Wireshark.

Bruno is a curious guy. Curious in many fields because in a strong belief curiosity is far from a bad sin, he finds funny, useful and wise to understand and learn what surrounds him. So he plays with anything, randomly, as various as XVII century mathematics, XVIII century litterature, XIX century diplomacy and consularities, XX century computing machines such as the Commodore LXIV, XXI century Thinks and Thanks, blinking and buzzing electronics, and from time to time CyBeer Security : He even sometimes disguises himself as a CISO, so to say ;-)

IVRE: Internet-wide scanning

Warning: the content of this workshop will be close to the ones presented at GreHack'15, '16 and '17. Therefore, if you already attended this workshop previously, we highly advise you to pick another workshop.


This workshop covers the tools used for network recon (Nmap, Zmap, Masscan) and the challenges one needs to address to (efficiently) run country-, AS- or Internet-wide scans, depending on the scan objectives. While it focuses on the open source network recon framework IVRE, the concepts discussed can be applied using other tools.



Pierre (pl) is an IT security research engineer at CEA/DAM, pentester, intrusion hunter, Unix & network enthusiast.

Vivien Venuti is an IT security research engineer at CEA/DAM. He is suspected to be actually a robot. He has no Internet access, blog or social network account. Some people say he has a cellphone, but no evidence supporting this claim has ever been released.

Introduction to Smart Contracts Vulnerabilities


This workshop will start with a basic introduction to blockchain and smart contracts. The attendees will then discover hands-on how to find and exploit a vulnerability in a smart contract.

No prior experience with smart contracts development or exploitation is required.


Josselin Feist is a senior security engineer at Trail of Bits where he works on the design of automated bug-finding tools.



This Miasm workshop will focus on a last year's GreHack challenge. It will be analyzed and resolved using:

Depending on the time, we may also cover the fully automated way using the DSE (Dynamic Symbolic Execution) engine.

These analysis and methods are meant to be re-used, for instance on this year challenges :).

Note: if you already attended to one of the previous Miasm's workshop at Grehack, this year content will be different.



Fabrice Desclaux and Camille Mougey are IT security research engineers at CEA/DAM.



This radare2 workshop will focus on the basics of radare2, and how to use it in the real world through three main steps:


Having a virtual machine : we'll give you a virtual-machine with radare2 on it.


Being able to run git clone && cd radare2 && ./sys/


Super-basic knowledge in reverse engineering field (being able to answer the question "What is a stack and what is a register" is enough.)


Maxime Morin is a French IT Security Consultant living in Amsterdam, working for FireEye in the i3 team and performing general technical threat analysis (Malware analysis, etc.). He's interested in Reverse Engineering especially Malware related analysis. He is a modest contributor to Radare2 and part of the core-group. He mainly works on the regressions-test suite and mentors a student for Google Summer of Code for the project this year.

Log analysis 101 with ELK


More to come...