- Reverse malware 101 - by Marion Lafon
- Web security for interns - by Hacktory
- Hardware Hacking on the cheap - by Lukasz Siewierski
- Scapy hands-on - by Guillaume Valadon
Reverse malware 101 - by Marion Lafon
The workshop will be about reversing several malwares to learn static and dynamic analysis. This is a beginner workshop. First we will analyze a .Net funny ransomware, then we will look at several downloader and trojan malwares. At the end we will try to unpack malwares.
Prerequisite : VirtualBox. You will be asked to download and run a Windows 10 VM with IDA free, Ghidra, dotPeek, x86dbg, an hexadecimal editor and miasm.
Web security for interns - by Hacktory
You will learn main (well- and little-known) threats to web application security. To avoid expatiating on the topic, we will explore vulnerabilities and reports published on HackerOne and Bugcrowd and solve several real-life tasks.
You will find out what requires attention when it comes to testing and implementing various functionalities in web applications and what can happen in case of untimely use of certain functions.
Who is it for? IT and cybersecurity specialists, developers, QA experts, system administrators, and novice bug hunters.
Hardware Hacking on the cheap - by Lukasz Siewierski
This workshop will introduce people to the idea of hardware hacking by looking at a password checking code uploaded to the Arduino Uno board.
- Introduction to the Arduino Board.
- Introduction to serial communication.
- Writing a password checking routine and uploading it to Arduino Uno.
- Performing a timing attack on the password check.
- Changing the password checking routine so that it's resilient against a timing attack.
- Introduction to power analysis.
- Using power analysis data to crack the password.
- Summary and Q&A.
This structure is based on the training available on GitHub. All the logic analyser dumps needed for the workshop will be supplied to the participants before the training so that they can download them in their own time.
Prerequisite: Computer with Windows, MacOS or Linux. Python 2. I mean 3. Yes, definitely 3.
Scapy hands-on - by Guillaume Valadon
Scapy (http://www.secdev.org/projects/scapy & https://github.com/secdev/scapy) is a powerful Python-based interactive packet manipulation program and library. It can be used to forge or decode packets for a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more.
This workshop will describe its main features step by step, and will let you explore the following topics:
- packets manipulation
- sending & receiving packets
- IPv6 and TLS support
- implementing a new protocol
- answering machines
Prerequisites: a laptop running Linux (native or virtualized) and a fresh Scapy install from github