Workshops
Microsoldering workshop for bidouillerz
Description
Ever wondered how to sniff on communications between components of, say, an IoT device? This very practical workshop will teach you how to solder 0.1 mm microwires on PCB tracks equally thin with the assistance of a microscope and how to use a logic analyzer to intercept and interpret data. You'll get plenty of time to practice under our supervision and to learn our tips & tricks.
Prerequisites
A steady hand but no need for prior knowledge in electronics. A PC (lin/mac/win) is welcome to operate the logic analyzer, but you can also just skip the hands-on of that small part of the workshop.
Biography
Philippe Teuwen (@doegox) and Guillaume Heilles (@PapaZours) are software & hardware security researchers / engineers at Quarkslab after having spent about 15 years in the industry.
Pentesting Industrial Control Systems: Capture the Flag!
Description
Many people talk about ICS & SCADA security nowadays, but only a few people actually have the opportunity to get their hands dirty and understand how these systems work. Have you ever wanted to know how to make a train derail, or stop a production line? Well, this workshop is made for you!
The goal of this workshop is to give you the knowledge required to start attacking SCADA networks and PLCs, and give you hands-on experience on real devices by hacking our model train!
In this workshop, we will cover the main components and the commonly associated security flaws of industrial control systems, aka SCADA systems. We will then focus on their key assets, Programmable Logic Controllers (PLCs), and discover how they work, how they communicate to learn the methods and tools you can use to pwn them.
Then we will move on to real-world by attacking real PLCs from two major manufacturers on a dedicated setup featuring robot arms and a model train! Let's capture the flag!
Biography
Alexandrine Torrents is a cybersecurity consultant at Wavestone, a French consulting company. She is specialized in penetration testing, and performed several security assessment on ICS. She worked on a few ICS models to demonstrate attacks on PLCs and she developed a particular tool to request Siemens PLCs. Moreover, she is also working at securing ICS, in the scope of the French military law, enforcing companies offering a vital service to the nation to comply to security rules.
Arnaud SoulliƩ(@arnaudsoullie) is a manager at Wavestone, performing security audits and leading R&D projects. He has a specific interest in Active Directory security as well as ICS, two subjects that tend to collide nowadays. He teaches ICS security and pentests workshops at security conferences (BlackHat Europe 2014, BSides Las Vegas 2015/2016, Brucon 2015/2017, DEFCON 24) as well as full trainings (Hack In Paris 2015).
Software-Defined Radio
Description
This workshops is for beginners and curious in the domain of Software-Defined Radios. It will show the purpose and behaviors of oscillators, mixers and filters.
You will be making a narrow band quartz filter, attenuators, oscillators tuning, saturation level measuring, etc.
Participation fee advised, but non mandatory, as a 10€ donation to Electrolab.
No hardware required. If you have a laptop, you might install LinHPSD (compile it from source).
Biography
Marc OlaniƩ, journalist specialised in french litterature from 18th century, fell by chance in electronics when he was a child. Since, he tries to connect computers and radios in any way possible. Guilty to write articles in CNIS-Mag, he co-animates the "Software Defined Radio" section of Electrolab (Nanterre's Hackerspace). Particular signs: prefers side-channel to pass the hash, spectrum analyser to Wireshark.
Bruno is a curious guy. Curious in many fields because in a strong belief curiosity is far from a bad sin, he finds funny, useful and wise to understand and learn what surrounds him. So he plays with anything, randomly, as various as XVII century mathematics, XVIII century litterature, XIX century diplomacy and consularities, XX century computing machines such as the Commodore LXIV, XXI century Thinks and Thanks, blinking and buzzing electronics, and from time to time CyBeer Security : He even sometimes disguises himself as a CISO, so to say ;-)
IVRE: Internet-wide scanning
Warning: the content of this workshop will be close to the ones presented at GreHack'15, '16 and '17. Therefore, if you already attended this workshop previously, we highly advise you to pick another workshop.
Description
This workshop covers the tools used for network recon (Nmap, Zmap, Masscan) and the challenges one needs to address to (efficiently) run country-, AS- or Internet-wide scans, depending on the scan objectives. While it focuses on the open source network recon framework IVRE, the concepts discussed can be applied using other tools.
Prerequisites
- A basic knowledge of network protocols (IP, TCP, UDP and most common applications: HTTP, DNS, etc.), Nmap and Linux is required.
- Come with a (recent enough) laptop running Linux.
- IVRE installed. Read and follow the get started section
- If you have troubles getting IVRE installed on your computer, open an issue on GitHub (before the workshop!).
- Recent versions of Nmap & Masscan installed.
- Bring a USB flash drive (to exchange results with other participants).
- A remote Linux host to run scans (no scan can be run from the Internet access provided during the workshop) would be really great even if not absolutely necessary. Linode provides cheap servers you can use for that purpose; their hardware and prices are good, their staff is great and they accept network scans from their hosts provided you handle quickly abuse e-mails.
Biography
Pierre (pl) is an IT security research engineer at CEA/DAM, pentester, intrusion hunter, Unix & network enthusiast.
Vivien Venuti is an IT security research engineer at CEA/DAM. He is suspected to be actually a robot. He has no Internet access, blog or social network account. Some people say he has a cellphone, but no evidence supporting this claim has ever been released.
Introduction to Smart Contracts Vulnerabilities
Description
This workshop will start with a basic introduction to blockchain and smart contracts. The attendees will then discover hands-on how to find and exploit a vulnerability in a smart contract.
No prior experience with smart contracts development or exploitation is required.
Biography
Josselin Feist is a senior security engineer at Trail of Bits where he works on the design of automated bug-finding tools.
Miasm
Description
This Miasm workshop will focus on a last year's GreHack challenge. It will be analyzed and resolved using:
- The disassembling / CFG and the SSA simplified form of the targeted function.
- The symbolic execution engine to retrieve the constraints and the final equation to be resolved.
- Links with z3, an SMT solver, to compute the final flag.
- Binary emulation, to test the recovered flag.
Depending on the time, we may also cover the fully automated way using the DSE (Dynamic Symbolic Execution) engine.
These analysis and methods are meant to be re-used, for instance on this year challenges :).
Note: if you already attended to one of the previous Miasm's workshop at Grehack, this year content will be different.
Prerequisites
- Running a Linux environment (Host or VM)
- Having Miasm installed, with regression tests running (ie, `tests/test_all.py` fully working - Jittests fully working, using either GCC or LLVM)
- Basic knowledge in reverse engineering field (this is not an intro to reverse, but an intro to Miasm for resolving common reverse engineering issues)
Biography
Fabrice Desclaux and Camille Mougey are IT security research engineers at CEA/DAM.
- Blog: http://miasm.re/
- Twitter: @MiasmRe
Radare2
Description
This radare2 workshop will focus on the basics of radare2, and how to use it in the real world through three main steps:
- "how to use and script radare2" or "Who needs a GUI anyway?"
- "practical use of radare2 to do some proper reverse engineering" or "Who needs the source code anyway?"
- "using radare2 during ctf" or "radare2, for fame, glory and shells"
Prerequisites
Having a virtual machine : we'll give you a virtual-machine with radare2 on it.
OR
Being able to rungit clone https://github.com/radare/radare2 && cd radare2 && ./sys/install.sh
AND
Super-basic knowledge in reverse engineering field (being able to answer the question "What is a stack and what is a register" is enough.)
Biography
Maxime Morin is a French IT Security Consultant living in Amsterdam, working for FireEye in the i3 team and performing general technical threat analysis (Malware analysis, etc.). He's interested in Reverse Engineering especially Malware related analysis. He is a modest contributor to Radare2 and part of the core-group. He mainly works on the regressions-test suite and mentors a student for Google Summer of Code for the project this year.