Workshops
There will be one session of workshops at GreHack. All workshops will be scheduled at the same time: you can only attend to one.
- Client-Side JavaScript Hooking with DOMLogger++ - by Kévin GERVOT (@Mizu)
- High ROI Hacking Techniques with Caido - by Justin Gardner (@Rhynorater)
- Reversing Flutter Applications with Blutter and Radare2 - by Axelle APVRILLE (@Cryptax)
- Lockpicking 101 - by Root-Me PRO (@Sud0ck3rs, @Babbou)
- Tracking the World's Most Wanted Criminals in 120 Minutes - by @Palenath
- Enter The Donjon: A practical laser attack on the go - by @Ledger
- Dump all the (ARM) things! - by @Azox, @Balda
- Cryptattacks 101: Learn to Solve Cryptography CTF Challenges Using Python - by Paul Lajoie-Mazenc
- Breaking into Hades' realm: an advanced Kerberos exploitation - by Rayan BOUYAICHE @Rayanlecat, @Volker Carstein
- Introduction to SIGINT and COMINT with RF Swift - by @PentHertz
- The Hard'Way" : Starter kit for harware & embedded exploitation - by Thales Cyber Solutions (Reda Benmoulay, Mathis Lejosne)
- Scapy hands-on - by Guillaume Valadon @guedou
- Low tech music for high tech people : How to write 8 bit music on a gameboy - by @confipop
Workshop descriptions
Client-Side JavaScript Hooking with DOMLogger++ - by Kévin GERVOT (@Mizu)
Summary
DOMLogger++ is a browser extension that allows deep interaction with the JavaScript execution of a website. By providing a custom JSON configuration, you can hook into almost any aspect of the site's JavaScript, making it a powerful tool for discovering client-side vulnerabilities.
This workshop will cover the following topics:
- How to install and use the extension.
- How to create your own configuration files.
- How to detect specific vulnerabilities such as Cross-Site Scripting (XSS), Client-Side Path Traversal (CSPT), Client-Side Prototype Pollution (CSPP), and more.
- How to log specific dangerous patterns, like input taken from
innerTexttoinnerHTML. - The current limitations of the extension.
- Upcoming features and enhancements.
Requirements:
- A laptop.
- A basic understanding of JavaScript and client-side hacking.
High ROI Hacking Techniques with Caido - by Justin GARDNER (@Rhynorater)
Summary
There is a new player in the HTTP Proxy space: Caido.
This new tool is designed for scalable project files, speed, improved manual hacking, and both quick-and-dirty and thorough automation.
In this workshop, we'll show off some of the features and how you can use them to stay organized, efficient, and reduce friction in your hacking workflow.
Requirements:
- A laptop with Caido installed.
Reversing Flutter Applications with Blutter and Radare2 - by Axelle APVRILLE (@Cryptax)
Summary
Flutter is an open-source UI software development kit (SDK) that allows developers to create applications for Android, iOS, and various non-mobile platforms using a single codebase. Its performance is optimized through ahead-of-time (AOT) native compilation in release builds.
From a reverse engineering perspective, Flutter presents unique challenges due to its custom binary format, specific registers, and unique representation of integers, which are not readily supported by standard disassemblers.
In this workshop, we will:
- Learn how to reverse engineer Flutter applications.
- Explore the use of Blutter and interpret its output.
- Load symbols in Radare2 to facilitate binary parsing.
- Patch a game with a native Frida hook to reveal an Easter Egg.!
Requirements:
- A laptop.
- Basic experience in reading Assembly is preferable (fluency is not required).
- If possible, please bring a rooted ARM64 Android smartphone.
- Radare2, Docker, Docker-Compose, Git, Python3, and Zip/Unzip.
Lockpicking 101 - by Root-Me PRO (@Sud0ck3rs, @Babbou)
Summary
Dive into the fascinating world of lockpicking, where you'll learn the basics of different types of padlocks, key boxes and locks, right through to the art of opening a vault!
Whether you're a beginner, curious or an enthusiast, this exploration will guide you through the mechanics of different locking mechanisms, giving you hands-on experience in unlocking challenges at every level.
Discover the secrets behind these devices and master the skills needed to unlock them, step by step, until you conquer the most secure safes.
Requirements:
- 2 hands and a brain :)
Tracking the World's Most Wanted Criminals in 120 Minutes - by @Palenath
Summary
This workshop will focus on tracking criminals wanted by Interpol and Europol, as well as locating missing persons.
Participants will learn how to use OSINT (Open Source Intelligence) techniques to search for these individuals, utilizing publicly available information and digital tools to uncover clues and leads.
Requirements:
- A laptop.
- A mobile phone.
- A dedicated SIM card for investigations (to create fake accounts).
- Internet connection.
Enter The Donjon: A practical laser attack on the go - by @Ledger
Summary
The Ledger Donjon will bring to you its mid-cost transportable laser bench in order to present how an fault injection attack on a secure memory as performed in their Hardware Lab.
After a presentation of the principles of hardware fault injections and a practical example of attack performed last year, you will be able to see this attack live!
The target is an ATECC 608A configured to have a protected slot that can be unlocked thanks to perturbations induced by Laser. We will present the methodology to perform the attack, and will let attendees to manipulate the bench.
As key takeways, you will get an awareness of existing hardware fault injection attacks, get the principles and the methodology to perform it, and actually see a bench performing this attack.
Dump all the (ARM) things! - by @Azox, @Balda
Summary
This workshop presents the debug interface and protocol used in the majority of ARM-based embedded systems: Serial Wire Debug (SWD).
ARM architecture powers a vast array of devices, from IoT gadgets to mobile phones, making it critical for hardware and security professionals to understand how to extract and reverse engineer firmware effectively.
During this workshop, the following topics will be covered:
- SWD Protocol.
- Global ARM debug architecture (DAP, DP, AP, etc.).
- Protocol and communication between different components.
- Interface and Signals.
- Interface detection.
- Interaction with Memory Space.
- MEM-AP and memory space on Cortex-M0.
- Complete microcontroller dump.
- Reverse Engineering Embedded Software.
- Specificities of binary images (Vector table, memory mapping).
- Importing the extracted binary image into Ghidra.
- Using scripts to simplify reverse engineering (SVD loader, etc.).
By the end of this workshop, participants will have hands-on experience dumping and analyzing firmware from ARM targets and will be equipped with the knowledge to apply these skills to various embedded devices in real-world scenarios.
Requirements:
- A laptop.
- Ghidra and a Linux-like system
Cryptattacks 101: Learn to Solve Cryptography CTF Challenges Using Python - by Paul LAJOIE-MAZENC
Summary
Have you always wanted to solve cryptography CTF challenges but didn't know where to start? Then this workshop is for you!
During this workshop, you will learn:
- How to manipulate Strings, Bytes, Hexadecimal, and Base64 in Python.
- The high-level workings of AES and RSA.
- Just enough theory (but not too much!) to perform attacks on AES and RSA.
This workshop will feature exercises ranging from base64 decoding strings to breaking AES-CTR with nonce reuse.
By the end of the workshop, you should be able to tackle more complex challenges, such as padding oracle attacks, nonce reuse in ECDSA, and dive deeper into the world of cryptography challenges!
Requirements:
- A laptop with Python installed.
- A basic understanding of Python (if you know what a dict is and how to write a function, you have enough knowledge)
Breaking into Hades' realm: an advanced Kerberos exploitation - by Rayan BOUYAICHE (@Rayanlecat), @Volker Carstein
Summary
Originally developed by MIT, Kerberos is widely used in Microsoft Active Directory environments. Therefore, this protocol is a prime target for exploitation, allowing privilege escalation as well as establishing persistence.
This workshop is designed for cybersecurity professionals who seek to deepen their understanding of Kerberos vulnerabilities and the sophisticated techniques used to exploit them. Participants will embark on a comprehensive journey on Kerberos exploitation, starting with the fundamentals of the protocol and moving swiftly into advanced attack strategies. The workshop will primarily cover:
- Abusing delegations
- Forging tickets (especially Diamond and Sapphire tickets)
- *-roasting (well-known variants as well as their newer versions, such as Kerberoasting without pre-authentication)
Throughout the workshop, participants will engage in hands-on labs to reinforce their learning. By the end of the session, attendees will possess a deep understanding of Kerberos exploitation techniques and practical knowledge to effectively conduct these attacks.
Join us to master the art of Kerberos exploitation and fortify your skills to always be Domain Admin on the first day of your pentest engagement 😉
Requirements:
- A laptop with Exegol pre-installed, with the latest nightly image already downloaded
- Basic knowledge of Active Directory and Kerberos protocol.
Introduction to SIGINT and COMINT with RF Swift - by @PentHertz
Summary
RF signals are widely used across many technologies, but because they are invisible, specialized tools are needed to detect and analyze them.
Setting up these tools can be time-consuming and complex, especially for beginners, who often rely on special distributions that require changing the operating system.
These solutions tend to lack flexibility and may result in repeated OS reinstalls when adding new tools. To overcome these challenges, we introduce RF Swift, the ideal RF companion for all types of RF and hardware assessments.
In this session, we will use tools from the RF Swift toolbox to identify and reverse engineer signals over the air.
- A Linux machine is ideal, but Windows users can participate with some limitations. macOS users should run Linux in a virtual machine for optimal performance.
The Hard'Way" : Starter kit for harware & embedded exploitation - by Thales Cyber Solutions(Reda Benmoulay, Mathis Lejosne)
Summary
This workshop is designed for enthusiasts or security professionals who want to deepen their skills in offensive operations targeting IoT and embedded devices.
Whether you're diving into hardware hacking for research purposes or aiming to expand your pentesting toolkit, this session will provide a clear and practical introduction to the world of embedded device exploitation.
Participants will learn the key steps to approach hardware vulnerabilities :
- Different levels of toolkits to acquire (from cheap to pro)
- Techniques to explore PCBs
- Mapping attack surfaces to extract memory and reverse core logic
- Real-world tips and tricks, including how to handle test equipment and practical methodologies used by professionals in the field.
A hands-on test bench will be available, allowing you to practice these concepts in real time, with opportunities to ask questions and solve common hardware manipulation challenges.
By the end of the session, you'll have a clearer understanding of needed tools, offensive embedded security techniques and what can be expected in your futur projects.
- A laptop.
- A virtual machine (or container) with the necessary tools will be provided. Please ensure you have the latest version of VMware Workstation or VirtualBox installed on your machine.
Scapy hands-on - by Guillaume Valadon @guedou
Summary
Scapy is a powerful Python-based interactive packet manipulation program and library.
It can be used to forge or decode packets for a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more.
This workshop will describe its main features step by step, and will let you explore the following topics:
- Packets manipulation
- Sending & receiving packets
- Visualization
- IPv6 and TLS support
- Implementing a new protocol
- Answering machines
- Automaton
- Pipes
- A root access to Linux (either native or virtualized) and a fresh Scapy install from github
Low tech music for high tech people : How to write 8 bit music on a gameboy - by @confipop
Summary
In this workshop, we will see the story of 8 bit music until it becomes for some people Micromusic.
Micromusic is an 8 bit music made for dance floor.
After this introduction, you will learn how to write 8 bit music on a gameboy.
You will see the LSDJ tracker I use on a big screen and you will learn some secret tips !
Bring your gameboy, we will bring the cartridge and our joy to share this with you !
Low tech music for high tech people !!
- Come with a gameboy (old or color), or come without and enjoy !