Information systems are evolving very quickly, and its actors must constantly keep themself informed. Night Da Hack is one of the ways you can get up to date and reliable information about technologies for attacking, defending and analysing computer systems security.
We really want to thank all speakers for their work and the quality of their talks. This event brought together professionals and enthusiasts in a warm and relaxed ambience. 14 talks were presented, the main two being "Embedded Security" by George Hotz and "Advanced physical memory analysis" by Matthieu Suiche.
We really want to thank all speakers for their work and the quality of their talks. This event brought together professionals and enthusiasts in a warm and relaxed ambience. 14 talks were presented, the main two being "Embedded Security" by George Hotz and "Advanced physical memory analysis" by Matthieu Suiche.
| Conférences | Autheurs | Synopsis | Slides |
|---|---|---|---|
| Unix Malwares | Julien REVERET | Most Unix users may think they're safe from threats such as viruses and malwares. This talk will prove them wrong, there are many different ways to infect a Unix system. A framework to create malware infected packages for unix platforms will be demonstrated. | Slides |
| Xeek | Emilien GIRAULT | XeeK is an XSS exploitation framework. It aims at poviding a modular and scalable tool to make exploit writing easier. It can trace zombi connections in real time, and let the attacker control the victims' browser. It allow arbitrary JavaScript code execution, spying on the user, XSRF, and bounce attacks. XeeK provides an API that enable it to be scripted and easily interfaced with other pentest tools. This project is still in development, and will be released under the GNU/GPL license during the event. | Slides |
| Antivirus Security is a failure | Stéfan LE BERRE | We often entrust the security of our operating system to anti-virus / firewalls. The question is "Is this a good thing?". We show rapid functional limitations related to anti-virus and firewalls. Even if these systems do not totaly protect us, they should not be a gateway for hackers. Unfortunately today the anti-virus are poorly tested before being put into production. It is a risk for users who paid for theirs protection. The talk will be focused on practical vulnerability research highlighing obvious security holes. | Slides |
| Embedded Security | George HOTZ | The PS3 has been considered unbreakable for 3 years, during which it has not been affected by piracy. On January 23th 2010, and after 5 weeks of research, George Hotz claimed on his blog: "I have read/write access to the entire system memory, and HV level access to the processor. In other words, I have hacked the PS3."In this conference, the author will explain security mechanisms enforced by Sony to protect the console, and how to bypass them. | Keynote Slides
PDF Slides |
| Virtualisation and security | Emmanuel ISTACE | The purpose of this presentation is to give an overview about virtualisation security. Indeed, virtualisation is more and more present in current IT infrastructures, but is frequently misused. Our goal is not to make a demonstration of vulnerabilitiy exploitations, but rather to present the weak points of various virtualization technologies. | Slides |
| Advanced Mac OS X Physical Memory Analysis | Matthieu SUICHE | In 2008 and 2009, companies and governments interests for Microsoft Windows physical memory growled significantly. Now it is time to talk about Mac OS X. This talk will describe basis of Mac OS X Kernel Internals (and not a XNU kernel creation timeline) and how to retrieve various information like machine information, mounted file systems, processes listing and extraction and threads, kernel extensions listing and extraction and Rootkit detection. | Slides |
| Advanced lockpicking techniques | Cocolitos et Mr Jack | Lockpicking is the well-known art of lock-opening but many high-security locks cannot be open this way. This talk will present two particular lockpicking techniques (known as key-impression techniques) plus an innovative and exclusive high-security lock opening technique based on a specifically crafted tool. | Slides |
| GPGPU and its implications on security of encryption systems |
Lucas FERNANDEZ | As video games graphics become more and more complex, graphics cards have turned to parallel computing, by multiplying their c units. Today these cards can be used in additional calculating CPU units. Thus, cryptography so dependent on the power of the machine for the encryption time, is offered new possibilities of bruteforcing with GPGPU technology. | Slides |
| Security vulnerabilities disclosure, challenges and risks |
Jérome HENNECART et Raphael RAULT |
Vulnerabilities disclosure is a critical element of computer security. The speakers will talk, with demonstration, about challenges and risks of computer security vulnerabilities disclosure. | Slides |
| Security vulnerabilities disclosure, challenges and risks II |
Laurence FORAUD et Philipe JOLIOT |
Vulnerabilities disclosure is a critical element of computer security. The speakers will talk, with demonstration, about challenges and risks of computer security vulnerabilities disclosure. | Slides |
| Evolution IT | Gael THEROND | At present, the oldest tool considered a computer is the Antikythera. The Greek Antikythera is an object discovered in 1901 during excavations underwater on a Roman wreck. There is very little time that we know exactly what use this tool. In fact one used in the study of astronomical phenomena, it was used especially to predict eclipses and other astronomical events so amazingly accurate for its time. Have mechanism is so precise and complex relation that the person who created this object has noted the operation on the object itself. | Slides Slides2 |
| HZVault | Majinboo | The HZVault project aims at combining both mobility, flexibility and security. This project is largely inspired from Globull but do not have its software weakness and costs only the price of "mass market" storage. To increase the safety and the performance of solution, the project can be carried on Globul or Datalocker, which makes its force. The goal is to use the chip of crypto of these product to evolve to a global safety and better I/O performances. HZVault was entirely conceived with open source products and will be released under an open source licence. | Slides |
| xdbg, an open-source disassembler and debugger |
Christophe DEVINE | Malicious code analysis requires efficient tools. However at the moment reversers mainly use proprietary and often very expensive tools (in particular IDA Pro, BinDiff, etc.). The goal of the xdbg project is thereforce to create an analysis tool licensed under the GPL, at first targeting the x86 platform. It aims to offer classic features for reverse-engineering and debugging assembly code. | Slides |
| Stack Smashing Protector | RootBSD | Since FreeBSD 8.0, the SSP is activated automatically when compiling the OS. This GCC option, originally developed by IBM, allows to add protection mechanisms regarding buffer overflows. This presentation will come with C sources and a memory study using GDB. | Slides |