The descriptions and details will be added soon!
Most of the companies are adopting serverless technology to eliminate maintaining managed server and paying only for required resources. However one should not consider that there won't be threats considering any managed server. This workshop will talk about possible threats and will also teach different ways to implement security. This hands-on workshop will be teaching implementing authentication and authorization for web and mobile using Amazon Cognito.
Overall Contents (not limited to):
Attendees will be provided with (by the trainer):
Swaroop Yermalkar works as a lead security engineer with a diverse skill set focused on Mobile App Pentest, Web, API and AWS Pentesting. In addition, he has authored the book “Learning iOS Pentesting” and lead an open source project - OWASP iGoat which is developed for iOS security. He is one of the top researchers worldwide, working with Cobalt.io, Synack.inc. He has given talks and workshops at many security conferences including AppSec Israel 2018, AppSec USA 2018, AppSec USA 2017, BruCON, SEC-T, EuropeanSec, Hacks in Taiwan (HITCON), GroundZero, c0c0n, 0x90, GNUnify, etc. More details at https://swaroopsy.com/.
ICS cybersecurity has been a new subject for years now, especially since Stuxnet. Has the security level of ICS improved? Well, even if ICS are more and more interconnected, we can probably say yes for network segmentation, as well as patching. And it is mostly true for critical infrastructures that must comply with multiple laws around the world. But what about the most critical components such as PLCs?
In this workshop, you will learn how to attack PLCs, by attacking ICS protocols: a well-known legacy protocol, Modbus, as well as an open source protocol considered as the future of ICS communications, OPC-UA. And to do so, what could be better than giving you hands-on experience on real devices by hacking our model train?
We will start by defining industrial control systems and its main components, as well as explaining the key risks and vulnerabilities that affect them. We will then focus on their key assets, Programmable Logic Controllers (PLCs), and discover how they work, how they communicate, how they can be programmed to learn the methods and tools you can use to p*wn them.
Then we will move on to real-world by attacking real PLCs from two major manufacturers on a dedicated setup featuring robot arms and a model train! And to conclude, probably the most difficult, let's discuss how to secure ICS communications.
Although our workshop last year included some slides on OPC-UA, this new ICS workshop is more focused on OPC-UA.
Antoine Guillot is a consultant at Wavestone, where he conducts cybersecurity audits, including on ICS environments. He worked on several PLCs to test their vulnerabilities and developed a dedicated tool to scan and interact with OPC-UA servers. In addition, he has carried out several risk analyses on the use of smart objects in an industrial context.
Alexandrine Torrents is a cybersecurity consultant at Wavestone, a French consulting company. She is specialized in penetration testing, and performed several security assessment on ICS. She worked on a few ICS models to demonstrate attacks on PLCs and she developed a particular tool to request Siemens PLCs. Moreover, she is also working at securing ICS, in the scope of the French military law, enforcing companies offering a vital service to the nation to comply to security rules.
Arnaud Soullié is a manager at Wavestone, performing security audits and leading R&D projects. He has a specific interest in Active Directory security as well as ICS, two subjects that tend to collide nowadays. He teaches ICS security and pentests workshops at security conferences (BlackHat Europe 2014, BSides Las Vegas 2015/2016, Brucon 2015/2017, DEFCON 24, DEFCON 26) as well as full trainings (Hack In Paris 2015 and 2018, BlackHat Asia 2019).
When you are driving a car today, you are driving a hugely powerful computer system that happens to have wheels and steering. There’s nothing on a car that is not mediated by a computer. At the core of all this is the Controller Area Network or CAN bus called as the central nervous system of a car which does intra-vehicular communication. But CAN is inherently insecure and fails to implement basic security mechanisms. This talk is going to be a practical guide on reverse-engineering the CAN bus packets using Instrument Cluster Simulator called ICSim. The workshop is going to introduce you to Vehicle Network, ECU, vehicle Protocols, CAN Bus protocol, Reverse Engineering of CAN bus, identification of the arbitration ID of a specific vehicle event, replay attacks, send commands on your CAN Bus and also an introduction to several hardware tools needed. This workshop will also teach, how to build your own CAN device.
Yogesh is currently working as a Security Analyst at Tata Consultancy Services, Cyber Security Unit, India where his primary research areas focus on IoT Security, hardware hacking and Mobile Application Security. He is responsible for corporate information security, including assessment and penetration testing. He is an active speaker in the community with talks accepted at several conferences like HITB Abu Dhabi, FOSS Asia Singapore, Open Source Summit China, Sector Canada, ThreatCon Nepal, KazHackStan Kazakstan, etc. Apart from that, he is an avid developer who works on multiple projects that make use of machine learning, IoT, and Robotics.
This Miasm workshop will focus on a last year's GreHack challenge. It will be analyzed and resolved using: The disassembling / CFG and the SSA simplified form of the targeted function. The symbolic execution engine to retrieve the constraints and the final equation to be resolved. Links with z3, a SMT solver, to compute the final flag. Binary emulation, to test the recovered flag. Depending on the time, we may also cover the fully automated way using the DSE (Dynamic Symbolic Execution) engine. These analysis and methods are meant to be re-used, for instance on this year challenges :). Note: Except for the last edition, if you already attended to one of the firsts Miasm's workshop at Grehack, this year content will be different.
This workshop aims to teach how software-defined radio works and to get primary reflexes when testing real world connected devices. Attendees will have the possibility to play with pre-recorded samples, but also capture, demodulate, decode and analyze communications of current targets. If you have any curious device at home you want to play with, just bring it into this workshop to have fun and try to PWN it!
Sébastien Dudek is an information security expert working for the Synacktiv company. For over 7 years he has been particularly passionate about flaws in radiocommunication. Author of several presentations on mobile security (Baseband fuzzing, interception, mapping, etc.) and in data transmission systems with power lines (Power-Line Communication, HomePlug AV). He is also interested in other sort of practical attacks on various technologies such as Wi-Fi, RFID and other emission systems that he encounters during his Red Team penetration tests performed professionally.
No money to buy IDA, no java to run Ghidra, no time to write Binary Ninja plugins to make it useful, failed to get a seat at the miasm workshop? Want to reversing things without leaving your beloved terminal, and use all those crazy vim keybindins that you spent months to muscle-memorize? Wait no more, and come spend 3h of your time learning how to use the equivalent of Dwarf Fortress for reversing: radare2! The workshop will cover the basics, then show how to use it for reversing and pwing, in CTF setups. We'll also digress on the emulations capabilities, the graphical interface, crazy architecture support, tips and tricks, … it's going to be fun!
You should have:
jvoisin is known for making poor life choices, like giving radare2 workshops around the world for something like 7 years, messing with PHP7's internals (he now has a nice stash of interesting anecdotes about them, ask him if you dare), waste nights reversing crapwares, playing then hosting world class™ CTF, maintaining an old-school Java-powered trash-fire on his free time, managing large Tor exit nodes, … Nowadays, he's paid to take care of massive-scale open-source software fuzzers, pretending to make the internet a bit more reliable and safe. Details and assorted lies might be found on dustri.org
smagnin (Simon Magnin-Feysot) Simon is a Sysadmin interested in anonymisation and security issues. He enjoys doing some reverse engineering during his free time.
Warning: the content of this workshop will be close to the ones presented at the previous GreHack conferences. Therefore, if you already attended this workshop previously, we highly advise you to pick another workshop.
This workshop covers the tools used for network recon (Nmap, Zmap, Masscan) and the challenges one needs to address to (efficiently) run country-, AS- or Internet-wide scans, depending on the scan objectives. While it focuses on the open source network recon framework IVRE, the concepts discussed can be applied using other tools.
A basic knowledge of network protocols (IP, TCP, UDP and most common applications: HTTP, DNS, etc.), Nmap and Linux is required. Come with a (recent enough) laptop running Linux. IVRE installed. Read and follow the get started section If you have troubles getting IVRE installed on your computer, open an issue on GitHub (before the workshop!). Recent versions of Nmap and Masscan installed. Bring a USB flash drive (to exchange results with other participants). A remote Linux host to run scans (no scan can be run from the Internet access provided during the workshop) would be really great even if not absolutely necessary. Linode provides cheap servers you can use for that purpose; their hardware and prices are good, their staff is great and they accept network scans from their hosts provided you handle quickly abuse e-mails.
Guillaume and Phil will guide you through the latest tips and tricks of the Proxmark3 RDV4, the hacking tool to tamper with various RFID and NFC technologies and which has encountered numerous improvements in the past months. The workshop is meant to be very practical: several Proxmark3 RDV4 devices and tags will be shared and a few challenges are waiting for you. If you already have a Proxmark3, old or new, bring it, as well as any tag you're curious to learn more about.
To avoid losing too much setup time, come with the RRG github repo (https://github.com/RfidResearchGroup/proxmark3) installed on your machine as well as its software requirements. Easiest is to use Linux or WSL. OSX and older Windows are also supported but require more setup. Read carefully the guides available in the RRG repository.
Guillaume Heilles (@PapaZours) and Philippe Teuwen (@doegox) are software and hardware security researchers / engineers at Quarkslab after having spent about 15 years in the industry. They organized numerous trainings, workshops and CTFs about RFID/NFC, automotive, microsoldering, cryptography as well as various talks and publications.
This workshop aims at introducing participants to OSINT-powered inquiries and investigative approaches. OSINT stands for Open Source INTelligence, thus indicating that input is from publicly available information. The latter, however, is challenging to navigate: answering a specific question is more often than not encountered with too many details, too scarce direct evidence, unclear links between items, etc. Tools help, but cannot accomplish miracles if the investigator is ill-equipped to collect, filter, qualify, evaluate, enrich, connect, ponder, analyse,... and adequately document the process. We will, therefore, focus on methodology: how do we wander the complex realm of information without being lost?
Rayna (@MaliciaRogue) is a risk and crisis management consultant with an active research and investigation background. Before writing "La face cachée d'Internet", she used to work as an international expert for anti-corruption and due diligence operations with a specific focus on the MENA, CEE and Central Asia.