General Informations
There will be one session of workshops at GreHack. All workshops will be scheduled at the same time: you can only attend to one.
- Automation tricks for Burp Suite Pro - by Nicolas Grégoire (@agarri)
- Car Hacking 101 - Hands-on Basics with CAN Bus & UDS Protocols - by @hippie
- Exegol bootcamp - now's the time to hack things the right way - by Charlie Bromberg (@shutdown)
- ICS Protocols 101 - by @Root-Me PRO - Adel ALLAM (@apges01)
- Own the Domain: Active Directory Pwning - by Rayan Bouyaiche (@rayanlecat)
- GO FIGUR by yourself - by @darcosion
- Speech recognition attack through psychoacoustics - by Théo Yvinec (@ToG)
- Enter The Donjon: A practical laser attack on the go - by @Ledger
- Hardware Hacking - Getting a root shell via UART - by Noë Flatreaud (@beemo)
- Payload Obfuscation for Red Teams - by Duncan Oglivie (@mrexodia)
- A Practical Session on (pen)testing Embedded Targets with AI-based EDR - by Lalie Arnoud (CEA-Leti) and Ulysse Vincenti (CEA-Leti)
- Game Hacking with Cheat Engine - by Lucas Parsy (@Tuxlu)
Burp Suite is the de facto standard for Web application pentesting.
Nearly everybody uses this tool, but few people really master it.
Some of the under-used features are related to automation, usually for multi-step workflows and dynamic data (think CSRF tokens and JWT-based authentication).
I aim to solve that by mixing theory and practice, as done during the renowned 4-day course I offer, titled "Mastering Burp Suite Pro".
After introducing session handling rules (concepts, terminology et limitations), we'll cover session management for Web apps (when authentication relied on cookies) and for APIs (where headers like "Authorization" are used instead of cookies).
We will also cover some scenarios that can't be solved using only built-in features (for example, extracting a CSRF token from a response and later using it in a JSON request). For that, we'll use extensions like ATOR, Stepper, reShaper or TokenJar.
Requirements:
Perks:
This workshop introduces participants to the fundamentals of automotive security through hands-on exploration of the Controller Area Network (CAN bus) and Unified Diagnostic Services (UDS). They provide an entry point to understanding in-vehicle communications, but remains only the foundation of a much broader ecosystem of protocols and potential security weaknesses present in modern platforms.
By working with simulated ECUs traffic and interactive challenges, participants will learn how to sniff, analyze, and inject messages.
This workshop will cover the following topics:
Requirements:
Infosec is a serious industry now. Professional ethics and robust methodologies are critical to stand out in a field crowded with newcomers. Exegol delivers battle-ready, customizable setups made for professionals. In this 90-minute workshop, you'll get your hands on Exegol and learn to use it confidently, enabling you to deploy it daily and perform with greater speed, security, and efficiency in your work.
Requirements:
This workshop will introduce you to ICS environment security. The main objective will be to discover a few protocols used in this world.
A large part of this workshop will be on practical challenges. The players will have to complete each challenge to get the flag.
During the workshop, the following topics will be discussed:
Requirements:
In this workshop, you will get hands-on experience compromising an Active Directory domain in a realistic internal pentest scenario. Each participant will have their own lab with multiple paths and challenges designed for all skill levels, from beginner-friendly steps to advanced techniques for experienced attendees. The ultimate goal is to become Domain Admin. You will practice real-world Active Directory attack techniques, learn how to choose the right approach at each stage, and gain practical experience in a realistic lab. There will be no slides, only practice. This workshop is open to everyone, whether you are new to Active Directory security or looking to sharpen your skills. Requirements:
GO FIGUR is the result of a 2-year investigation into a commercial disinformation network selling fake medicines. This network had the good taste to have made every possible OpSec (Operational Security) mistake, illustrating numerous OSINT, GEOINT, IMINT, SOCMINT and even FININT techniques. This conference offers a RETEX of this investigation, as well as a series of short exercises in digital investigation and OSINT techniques... And many more of the same, some of which are even part of a challenge ;)
Guided workshop on understanding and attacking speech recognition models.
The workshop is designed for all levels with several exercises and examples.
During this workshop, we will cover the following topics:
Requirements:
Optional but recommended:
The Ledger Donjon will bring to you its mid-cost transportable laser bench in
order to present how an fault injection attack on a secure memory as performed
in their Hardware Lab.
After a presentation of the principles of hardware fault injections and
a practical example of attack performed last year, you will be able to see this
attack live!
The target is an ATECC 608A configured to have a protected slot that can
be unlocked thanks to perturbations induced by Laser. We will present the
methodology to perform the attack, and will let attendees to manipulate the
bench.
As key takeways, you will get an awareness of existing hardware fault
injection attacks, get the principles and the methodology to perform it, and
actually see a bench performing this attack.
In this sessions you'll learn and see how to analyse and exploit hardware via exposed interfaces. You'll probe, connect, and exploit 5 real devices using dirt-cheap tools. No prior soldering needed—just curiosity and a laptop.
In this workshop you will learn how to obfuscate your payloads with a custom VM. This will help to evade signature detections and make reverse engineering more difficult. The format will be a hands-on workshop and participants will walk away with new tooling they can try out in the field right away!
In this workshop we will leverage the RISC-V architecture and the LLVM ecosystem to build a simple obfuscation pipeline. The VM interpreter code is small and once it is loaded, you do not need to allocate additional executable pages to execute arbitrary payloads.
Covered topics:
Requirements:
11
Breaking Into The AI-protected Realm: A Practical Session on (pen)testing Embedded Targets with AI-based EDR - by @CEA-Leti (Lalie Arnoud, Ulysse Vincenti)
An organization's IT infrastructure is usually protected by a Security Information and Event Management system (SIEM), which collects and analyzes information on machines and network activities to detect malicious behavior. Usually, rules are defined manually by an operator, who determines which actions are authorized and which are prohibited. This work can be long and tedious, and an oversight from the operator could still allow an attacker to compromise at least part of the infrastructure.
The growing professionalism of cyberattacks is leading to the development of new intrusion detection methods, using more sophisticated algorithms such as those proposed in the field of Machine & Deep Learning. Today, the use of artificial intelligence is often limited to the use of language models, enriching alerts with a more human explanation, and to data analysis, but often in an opaque way. However, research is very active in this field, and several intrusion detection methods using artificial intelligence models have been developed by researchers, even though they have a too high false alarm rate to be used as such in real infrastructures without a human double-check.
In this workshop, we would like to present these new advances in artificial intelligence applied to cybersecurity to an interested audience, through the use case of a simulated hydroelectric dam, whose control system is equipped with an intrusion detection system (IDS).
Participants will be able to:
Come discover heavy client pentesting video game hacking with Cheat Engine!
A practical and fun overview of the tool's features, from the basics to some lesser-known features!
On the agenda: memory value search, code filter, LUA, and autoassembler!
Requirements:
Feel free to get a head start