We are pleased to announce the program of GreHack'19. Beware that schedule precise times are not definitely set yet and may vary a bit.
Abstract of talks to come...
|09:15am||(keynote) Optimize your way to RCE with Chakra||Bruno Keith|
|10:45am||Atomic Threat Coverage: cover threats before they will cover you!||Mateusz Wydra, Daniil Yugoslavskiy and Mikhail Aksenov|
|11:30am||Hunting for Bugs, Catching Dragons||Nicolas Joly|
|2:00pm||VBA for the masses||Jonas Zaddach|
|2:45pm||Wombat: one more Bleichenbacher attack toolkit||Olivier Levillain and Aina Toky Rasoamanana|
|4:00pm||The rise of evil HID devices||Franck Bitsch and Arthur Villeneuve|
|4:30pm||IOT Security : Hack the Damn Vulnerable IoT Device||Arnaud Courty|
|05:00pm||Delayed Memories Requiem||*anonymous pwners*|
|06:00am||Last flag submission - CTF|
While browser and plugin exploits are frequent, it’s less common to see exploits affecting targets without scripting capabilities. Are these worth attacking? How do we proceed? How do we identify valid entry points and bugs? This talk will cover some research done at Microsoft on Outlook and Exchange and discuss the results. Scary dragons will be spotted in this tour, hopefully you’ll catch some too.
Nicolas Joly is a security engineer at the Microsoft Security Response Center in the UK. He has more than 10 years of experience at reverse engineering and vulnerability discovery, and is now focused on finding and exploiting bugs. Prior to this, he used to hunt bugs for bounties and won several times pwn2own with Vupen Security. He also holds a master's degree from the Ensimag.
Even though VBA macros have been a major entrance route for malware for quite some time, little work has been published on analysis tools. Malware authors are eschewing static pattern-based signatures with relatively simple string obfuscation, but since Microsoft Office is de-facto the only platform to execute VBA macros, dynamic analysis requires a full VM with Office. As a result, observables are noisy and course-grained, mostly limited to file system and network activity. This talk proposes a sandboxed interpreter for VBA macros. The interpreter is more faithful in its behavior than any other VBA analysis tool currently available, allowing it to execute most macro code in the wild. It is fast, delivering results in a few seconds. The Java code is easily extensible to cover new VBA functions used by malware. In summary, this VBA interpreter is an open source solution to identify malicious VBA macros in Microsoft Office documents. It is much faster than current solutions based on full VM emulation, more faithful than approximative approaches to malicious macro detection such as SpiderMonkey’s constant propagation, and outputs observables such as generated files, accessed URLs and invoked command lines for further processing.
Jonas Zaddach is a malware and security researcher for Cisco Talos. He received his Ph.D. from Telecom ParisTech, with a thesis focusing on automated dynamic analysis of embedded software. Now, he is carrying on his passion for automating malware analysis inside Talos.
Despite being more than 40~years old, RSA is still a widely used cryptographic algorithms. PKCS\#1~v1.5, an old standard which defines how to use it in practice, is even present in current specifications (e.g.~TLS up to TLS~1.2), although most of its implementations are naturally vulnerable to an attack devised by Daniel Bleichenbacher in~1998. To be able to assess the prevalence of such a vulnerability in various protocols, we are developing Wombat, one more Bleichenbacher attack toolkit.
Olivier Levillain is an associate professor in cybersecurity at Télécom
SudParis. Before that, he has been in charge of the cybersecurity
training center at ANSSI (the French cybersecurity agency). He also
used to work in ANSSI laboratories on various subjects, ranging from
attacks on low-level harsware mechanisms to public key
infrastructures. More recently, he has been working on secure network
protocols (and particularly on SSL/TLS) and on programming languages
("Mind Your Languages").
Aina Toky Rasoamanana is a PhD candidate in cybersecurity at Télécom SudParis. Last year, he has done a master in Cryptography at Rennes 1 University. He did his internship with Olivier Levillain around a cryptographical attack.
The DVID project is a fully opensource project. The main objective is to provide to interested people a designed vulnerable board to improve their skill in IoT Hacking. Composed by simple component like Atmega328p, AT-09 and ESP8266, each training offers a specific vulnerable environment to learn to exploit well known vulnerabilities. After a retrospective of real life example from Top10 OWASP IoT, I will present the DVID project, its timeline (conception, building, manufacturing and shipping), show live demo of a well known vulnerability and give details about future features like an Escape Game.
About Arnaud Courty:
Researcher and IoT Hacker, my main mission is to evangelise companies to take care about security from the design step. I work on internal and external offensive security analysis and assessment of security maturity of embedded systems upstream their industrialization. Since the beginning of IoT, I specializes myself in vulnerabilities research adapted to the embedded systems but also awareness of designers, developers and integrators. I take advantage of security events and working groups to campaign for a less vulnerable IoT world.