Talks and workshops

Keynotes

From zero to sixty in three years

It takes time to build a mature security program, particularly at rapidly-growing companies that are innovating. In addition, cloud computing enables innovation and scale but does not necessarily simplify a company’s security needs and strategy. In this keynote, we look at some of the security and privacy challenges that young companies face today. We share some anecdotes and lessons learned from our own experiences as we grew rapidly in a cloud-first environment.

Photo of

Jad Boutros

Chief Security Officer
Snapchat, Inc.

Jad Boutros joined Snap Inc. in 2014, where he serves as the Chief Security Officer. Jad is responsible for information security, privacy engineering, and spam and abuse.

Jad has over twenty years of experience in software development and security. Prior to joining Snap Inc., Jad worked in information security at Google for over nine years, and led the security efforts for Google+ since the project’s inception. Jad holds a bachelor’s degree in computer engineering from McGill University and a master’s degree in computer science from Stanford University.

16 ans de (cyber)-sécurité en Suisse Romande : évolutions, perspectives

This presentation will try to present and illustrate the evolution of the IT-security landscape in Switzerland. What challenges we had to face, what are the ones we still need to address.

Photo of

Paul Such

CEO
Hacknowledge

Paul Such is an engineer and entrepreneur passionate about IT-security. He founded SCRT in 2002 and managed the company durning 15 years.

Paul is now the CEO of Hacknowledge, a managed detection response Swiss company.

Track "attacks"

Fingerprint all the things with scannerl

Scannerl (https://github.com/kudelskisecurity/scannerl) is a modular distributed fingerprinting engine implemented by Kudelski Security. It can fingerprint thousands of targets on a single host, but can just as easily be distributed across multiple hosts by leveraging the power of Erlang and its actor model.

Photo of

Adrien Giner

Kudelski Security

Security researcher and author of scannerl.

Security review of proximity technologies: beacons and physical

With the growing expansion of the IoT, proximity technologies are becoming more and more important to interact with things around us. Apple and Google have released their own beacon protocol, namely iBeacon and Eddystone, but are they really secure for any kind of use? We will study thoroughly both protocols and their capabilities, and discuss several vulnerabilites, illustrating them with live demos. Additionally, we will see that future protocols will unfortunately allow very long-range fingerprinting and attacks on most IoT devices, so we will give recommendations to reduce these threats.

Photo of

Renaud Lifchitz

Information Security Consultant
Econocom Digital Security

Renaud Lifchitz is a FR senior IT security consultant. He has a solid penetration testing, training and research background. His main interests are secure programming, protocol security (authentication, cryptography, protocol security, information leakage, zero-knowledge proof, RFID security) and number theory. He currently mostly works on wireless protocols security and was speaker for many international conferences. Renaud's significant security studies are about : contactless debit cards, GSM geolocation, blockchain, RSA signatures, Sigfox, LoRaWAN, Vigik access control and quantum computation.

Locky Strike: Smoking the Locky Ransomware Code

Locky born early 2016 had quickly become one of the prevalent pieces of ransomware in the wild having massive campaigns that landed on at least 90,000 PCs per day [1] around the world on its early debut. It was clear during that time that Locky would be a major ransomware threat that both end-users and enterprises would be facing.
More than a year and a half later, Locky continues its massive ransomware attacks at a scale of 23 million infected emails being circulated in just 24 hours [2]. Locky also holds majority of the ransomware profit with a conservative figure of $7.8 million [3] in it’s less than 2 years of operation. The more revenue Locky ransomware generates, equates to more it can invest in it being effective and being distributed more widely.
The talk will detail the result of the continuous monitoring of Locky. This will delve into the technical details of the Locky ransomware. It will focus on three technical aspects: its system behaviour, its configuration, and C&C communication.
Initially, the topic will talk about Locky’s prevalence in the wild and how it behaves on landing on a PC. An overview on the timeline of Locky’s changes and improvements to remain effective will be presented.
The talk will also have a detailed understanding of the configuration of Locky, this would include the automation on extracting said configuration.
The talk will also explore Locky’s obfuscated C&C communications including its parameters, encryption and decryption. As a result of these findings we will have a better understanding on how Locky communicates to its C&C and the data being sent on every request.
Finally, using the technical knowledge acquired in the research, the talk will conclude with some insights into Locky's operation and how these findings ultimately translate to actionable threat intelligence that can be used to protect users.
This research has been co-authored by the speaker and his teammate Floser Bacurio Jr.

Photo of

Rommel Joven

Fortinet

Rommel Joven is a Malware Researcher at Fortinet. He finished his Bachelor’s degree in electronics engineering at Saint Louis University in 2012.
Prior to joining Fortinet, he started his early career in cybersecurity and learning reverse engineering at Trend Micro as a threat response engineer. As a novice, he has developed strong interest and become keen to learn more about cybersecurity. He is now further involved in hunting new malware ranging from ransomware to targeted attacks.
He is a regular contributor to Fortinet's Security Research blog where he writes about up to date malware such as MacRansom a first in OSX ransomware in 2017. During his spare time, he enjoys sports activities like basketball and playing online games.

Java JSR 241 and 341 - RCE state of mind

Over the year, Java Specification Requests have been appeared such JSR 241 (Groovy) or JSR-245 (Unified Expression Language) to fit some needs like scripting, separating Java code in controllers from view and to allow easier access to Java components in MVC web applications.
Different libraries have been developed to implement these requests and all of them allow runtime code execution in some of their functions. Developers willing to support functionalities needing runtime execution have heavily used them. This wide usage and the lack of knowledge of developers on the sensitivity of these functions have led to the introduction of notable remote code execution vulnerabilities.
During this presentation we will cover the different libraries by showing previous vulnerabilities that affected applications using them. We will also cover how to safely use these libraries.

Photo of

Gregory Draperi

Gregory has been in the IT field for 10 years with various experiences in application Security, IAM and organizational security. He has been focused in application security for the past five years and involved himself in security researches mainly in Java security. During this time, he has been able to find critical issues in a high number of products covering a large portfolio of companies (Cisco, Google, JBoss, Sophos, Trend Micro).

Exploiting hash collisions

When a hash function is first broken, the restrictions on the colliding PoCs pair are very complex: it’s not uncommon that the first public PoCs are just random-looking blocks, with no impact whatsoever on any system, besides being different and with the same hash. In some cases, an identical prefix can be present on the start of both files of the colliding pair, and the collisions blocks are calculated on this exact prefix. It’s then possible to plan in advance a file structure, and craft a prefix that, despite all the randomness of the collision blocks, will lead to a pair of valid files, reliably working, with different and arbitrary contents.
A world of prettifying academic results to convince people to deprecate algorithms, where file formats rules have to be bend to play along with cryptographic restrictions, where PoCs are planned several years before they can be implemented, with a lot of computing power at stake.

Photo of

Ange Albertini

Google

Reverse engineer - author of Corkami

Parsing JSON is a Minefield

JSON is the de facto standard when it comes to (un)serialising and exchanging data in web and mobile applications. But how well do you really know JSON?

I examined closely JSON specifications, wrote a corpus of test cases and tested various libraries against them. It turns out that JSON is not an easy and harmless format as many do believe. Indeed, I did not find two libraries that exhibit the very same behaviour.

Moreover, I found that edge cases and maliciously crafted payloads can cause bugs, crashes and denial of services, including a stack overflow in SQLite. This is because JSON libraries rely on specifications that have evolved over time and that left many details loosely specified or not specified at all.

This talk shows how to find bugs by reading RFCs and raises awareness about the risks of simple specifications.

Photo of

Nicolas Seriot

Swissquote Bank

10+ years of professional programming on Apple platforms.
Still fascinated by bad code, stupid process, ambiguous specifications and everything that goes wrong.

Track "lessons learned"

Security Breaches: what's your legal obligations and how to survive to a breach?

In Switzerland, the revision of the Data Protection Act will introduce a data breach notification obligation when personal data are at stake, similar to what prevails in most US States and what will be the standard in the EU with the GDPR. This is a huge change of paradigm.

Companies shall be ready and trained to face those new obligations. However, they first need to understand what is mandatory and the risks they are facing. Not disclosing a breach when required is a criminal offense, but the company often does not want to disclose a breach if this is not necessary, or simply prefer to disclose it latter.

We will cover the upcoming legal obligations applicable mainly to Swiss based organizations and the best practices to implement.

Photo of

Sylvain Métille

Attorney-at-law
HDC

Sylvain Métille is a Partner at the law firm HDC in Lausanne (Switzerland). Recognized as a leading lawyer in TMT by Chambers & Partners, Legal500 and the Best Lawyers, he has more than ten years' experience at the bar. As a privacy / data protection and IT / advanced technology specialist, he regularly assists local and multinationals companies when it comes to data, surveillance, IT or computer crime.
Sylvain is also a lecturer at Lausanne University (Computer Crime Law) and at the International Institute of Management in Technology in Fribourg (Data Protection). He regularly publishes and gives conferences. He finally runs a blog about law and information technologies.
He obtained his J.D (2003) and PhD in Law with Honors (summa cum laude, 2010) from University of Neuch‚tel. Admitted to the Swiss Bar in 2005, he gained a solid experience within several law firms. He has been invited as a Visiting Scholar by the Berkeley Center for Law and Technology (University of California) in 2010-2011.

Active Directory Threats & Detection: Heartbeat that keeps you alive may also kill you!

95% of Fortune 500 companies use active directory services, I will share attacks around Active Directory environment, and more specifically how to detect and prevent these actively without giving links to multi-million product vendors. These mitigations are taken from the last 10 years of real world scenarios and my study around this subject.
These are assured takeaways to help your network without much fuss in terms of time and resource investment. C'mon, the humble AD needs your help!

Photo of

Harman Singh

Director & Managing Consultant
Defendza

Harman is a co-founder and director at Defendza, a boutique IT security consultancy based out of the Manchester, UK. His day job involves working with CISO's, security managers to understand their requirements and help secure their most prized assets. Besides performing security assessments for several years, he's delivered trainings at Black Hat USA and corporate teams covering advanced infrastructure security. When he is away from his desk, he loves to play any sport or relax with a pint of beer.

Hydrabus: Lowering the entry fee to the IoT bugfest

The HydraBus is an evolutive multi-tool hardware which help you to Analyze/Debug/Hack/PenTest all types of electronic bus/chipset.
HydraBus is here because today we have plenty of IoT embedded hardware without having good open tools to analyze/debug/hack or test them.
This talk will focus on the hardware and mainly embedded open source firmware(hydrafw) / user commands features to be used by any guys interested in embedded hardware hacking from beginner to experienced hacker.

Photo of

Benjamin Vernoux

Ingénieur
Hydrabus

Benjamin Vernoux created the HydraBus project including main hardware(hydrabus) and firmware(hydrafw) 3 years ago. He also worked on some well known open source software for SDR projects like airspy and hackrf during lot of years.

Fighting Cyber Threats to Switzerland

.

Photo of

Mauro Vignati

Head of Cyber
Swiss Government

Let’s Play with WinDBG & .NET

.NET is an increasingly important component of the Microsoft ecosystem providing a shared framework. Many Microsoft tools, such as PowerShell, rely on the .NET platform for their functionality. Obviously, this makes .NET an enticing language for malware developers too. Hence, malware researchers must also be familiar with the language and have the necessary skills to analyse malicious software that runs on the platform. During the presentation, I will explain how to automate .NET analysis with WinDBG the Microsoft debugger. To illustrate my talk, I will show how to analyse PowerShell scripts with WinDBG and how to automatically unpack a .NET packer family discovered recently. The presentation includes several live demo on WinDBG usage in this specific context.

Photo of

Paul Rascagneres

Senior Software Engineer
Cisco Talos

Paul is a security researcher within Talos, Cisco’s threat intelligence and research organization. As a researcher, he performs investigations to identify new threats and presents his findings as publications and at international security conferences throughout the world. He has been involved in security research for 7 years, mainly focusing on malware analysis, malware hunting and more specially on Advanced Persistence Threat campaigns and rootkit capabilities. He previously worked for several incident response team within the private and public sectors.

Leveraging threat modelling for improved information risk management

Threat modelling is about using models to find security problems. In other words, it provides a methodical approach to performing a security evaluation. Some of the existing models such as Adam Shostack's STRIDE have become popular within the software development industry. Thus, threat modelling is today considered as a key activitty within secure software development methodologies. In this presentation, we propose to provide return on experiencce about how threat modelling can be leveraged in organisations to perform risk assessments and improve security management. Available methodologic variants, expected benefits of threat modelling, approach limitations and possible issues, existing tools, we will try to draw an accurate picture of where threat modelling currently stands. The presentation will be illustrated by concrete examples. As a second step we will explore possibilities to industrialise threat modelling, integrate it into a global risk management framework and make it an efficient process in the corporate environment for the sake of information security.

Photo of

Stéphane Adamiste

Information Security Consultant
ELCA Informatique SA

Stéphane is an information security and privacy consultant currently working for one of the main Swiss software development and integration company. In his daily work, he collaborates with projetcs delivered by his colleagues, taking in charge the security assurance part and delivers consulting mandates on various security-related topics directly to customers.

Turla APT - Attack against Ruag Conf

The Turla actor group has successfully attacked the MFA in Switzerland as well as defense company RUAG. Since then, GovCERT.ch has been analyzing the tactics and toolbox of this group. We are going to present the malware involved, detection possibilities, as well as defense strategies. The talk is based mainly on the already published report about the Ruag incident (https://www.govcert.admin.ch/blog/22/technical-report-about-the-ruag-espionage-case).

This talk is held under TLP RED, so no recording or broadcasting possible.

Photo of

Andreas Greulich

MELANI/GovCERT.ch

Andreas Greulich was born in 1967 and studied Applied Mathematics at the University of Berne, which he finished with his PhD about genetic algorithms in 1995. He then joined the Swiss Federal Office of Information Technology, Systems and Telecommunication (FOITT), and changed to the Federal IT Steering Unit a few years later, with focus on network security. Since 2007, he's malware researcher at GovCERT.ch, which is part of MELANI, the Reporting and Analysis Centre for Information Assurance. Besides, he's giving courses in Reverse Engineering at the University of Applied Science in Berne.
Photo of

Reto Inversini

MELANI/GovCERT.ch

Reto Inversini was born in 1971 and studied Geography / Climatology at the University of Berne and Information Technology at the University of Applied Science. He worked for Amnesty International as a Network Engineer and for the Swiss Federal Office of Information Technology, Systems and Telecommunication (FOITT) as a Security Architect. Currently he works in a double role as a Security Officer and Technical Analyst at GovCERT.ch. He is a part time teacher at the University of Applied Science in Bern and Biel in the domains of Security Incident Response, Network Design and Security Architecture.

Down The Rabbit Hole: How Hackers Exploit Weak SSH Credentials To Build DDoS Botnets

DDoS attacks are one of the most prominent threats on the Internet nowadays. In this talk, we explore how hackers exploit servers with weak SSH credentials to build an army of botnets, later used to run high-volume DDoS attacks. After showcasing an experimentation where a honeypot was used to understand the attack pattern and collect relevant malware samples, we reverse engineer the Xor DDoS malware and break down its obfuscation mechanisms, the communication with its command and control server, and how it spreads in a vulnerable system.

Photo of

Christophe Tafani-Dereeper

Master Student
EPFL

Christophe Tafani-Dereeper is an information security enthusiast and master student at the Swiss Federal Institute of Technology (EPFL). He holds a [blog] where he writes about his main interests that are information security, malware analysis, and linux administration.

Improvements to Internet Voting in Geneva

The voting and election processes are the backbone of Swiss democracy and threats to those processes are not to be taken lightly. For this reason, the Federal Chancellery introduced new rules and requirements on Internet Voting systems back in 2014, defining thresholds on the availability of Internet Voting, subjected to three increasing compliance levels.
This talk will introduce some of the security properties defined in the federal requirements, and summarize the work done in collaboration between the eVoting group at the Berner Fachhochschule and the State of Geneva.

Photo of

Thomas Hofer

Technical expert
Etat de Genève

Thomas Hofer studied at EPFL, where his master thesis received the Kudelski Award, for its significant contribution to information systems security. After some experience as a Java Consultant, he started working on Internet Voting for the State of Geneva, where his responsibilities shifted from software developer to in-house security and cryptography expert. In his free time, he is co-chapter leader for the OWASP Geneva Chapter.

Snuffleupagus - Killing bugclasses in php7, virtual-patching the rest

Suhosin is a great php module, but unfortunately, it's getting old, new ways have been found to compromise php applications, and some aren't working anymore; and it doesn't play well with the shiny new php7. As a secure web-hosting company, we needed a reliable and future-proof solution to address the flow of new vulnerabilities that are published every day. This is why we developed Snuffleupagus, a new (and open-source!) php security module, that provides several features that we needed: passively killing several php-specific bug classes, but also implementing virtual-patching at the PHP level, allowing to patch vulnerabilities in a precise, false-positive-free, ultra-low overhead way, without even touching the applications' code.

Photo of

Julien Voisin

NBS System

Julien (jvoisin) Voisin used to pwn and reverse stuff while contributing to radare2, he nowadays focus on protecting web stuff while keeping his own bug alive on websec.fr and writing stuff on dustri.org
Photo of

Sébastien Blot

NBS System

Sébastien (blotus) Blot is a pretty cool guy

Event: "Cyber-sécurité pour les entreprises"

Cyberattaques : état de la menace pour les entreprises en Suisse

A l'heure actuelle, l'entreprise est une cible de choix pour des attaquants aux modes opératoires et buts variés, allant de l'espionnage à la criminalité au sens strict du terme. La présentation visera à dresser un état des lieux des cyberattaques en cours en Suisse actuellement. Elle s'attachera également à clarifier le champ d'activité et les possibilités d'action de MELANI face à cette menace.

Photo of

Mathieu Simonin

Analyste senior
MELANI

Mathieu Simonin est titulaire d’un Bachelor en science politique et d’un Master en criminologie de l’Université de Lausanne. Depuis 2013, monsieur Simonin occupe la fonction d’analyste à MELANI, la centrale d'enregistrement et d'analyse pour la sûreté de l'information. Il y est notamment responsable de l’évaluation des menaces, de la conception de rapports d’analyse et des relations avec les partenaires romands du service. Monsieur Simonin représente MELANI et intervient lors de différentes conférences ou groupes de travail au niveau national et international.

Quelle stratégie de sécurité pour protéger efficacement les données de l'Etat de Vaud ?

Cette intervention présentera les défis et les réponses mises en œuvre par le Canton pour faire face à l’évolution des cyber-risques.
Attentif à l’évolution de ces menaces, le canton de Vaud est aujourd’hui un canton leader de Suisse en matière de cyber-sécurité. Pour rappel, l’Etat de Vaud dispose depuis 2015 de son propre centre de sécurité informatique : le Security Operation Center (SOC). Ce service veille en mode 7/24 sur ces cyber-risques et se tient prêt à intervenir pour réduire l’impact des incidents de sécurité.

Photo of

Marc Barbezat

Responsable sécurité
Etat de Vaud

Marc Barbezat est responsable de la sécurité de l’information et de la cyber-sécurité de l’Etat de Vaud. Il a plus de 20 ans d’expérience dans le management des risques IT et de sécurité. Auparavant, Marc a travaillé comme responsable de la sécurité d'une banque privée internationale.
Passionné par l’innovation et les nouvelles tendances, il est également actif pour faciliter le réseautage entre les start-ups et les acteurs économiques locaux et tient un blog personnel sur la cyber-sécurité.

Utilité d’un service de type MDR (managed detection response)

Cette présentation illustrera l’intérêt d’une solution de type MDR (managed detection response).

Photo of

Paul Such

CEO
Hacknowledge

Ingénieur en sécurité, entrepreneur et passionné par la sécurité informatique, Paul fondé et dirigé SCRT pendant près de 15 ans.

Il dirige désormais Hacknowledge, une société spécialisé dans la détection d’incidents de sécurité.

Securing Data on the Cloud: Risks and Challenges

Photo of

Andy Yen

Founder/CEO
Proton Mail

Andy has over 8 years of experience in distributed computing for demanding particle physics applications. Andy was a researcher at CERN from 2009 to 2015, where ProtonMail's founding team met. He has a PhD in Physics from Harvard and a degree in Economics from Caltech.

Securing data even when endpoints or networks get breached

Today we know that breaches are inevitable and when they are finally detected, it’s usually too late: enterprise data is already stolen, corrupted, or destroyed. The overwhelming majority of these attacks happen through endpoints because (1) endpoints grant access to data and (2) attackers have plenty of ways to break into endpoints, like phishing, social engineering, malware, and dozens more. So how do you protect enterprise data when endpoints get breached? This talk will introduce the concept of a data firewall that allows organizations to monitor, control, and regulate access to sensitive information, and protect them against all forms of data theft, compromise and ransomware even under breach conditions. A data firewall isolates critical data from threats even after an endpoint or the network has been breached, long before the attack can be discovered and remediated. This technology has been validated through issued patents and powered one of the finalists of the U.S. Department of Defense’s DARPA’s Cyber Grand Challenge.

Photo of

Cristian Zamfir

Chief Operations Officer
Cyberhaven

Dr. Cristian Zamfir co-founded Cyberhaven and leads operations. Cristian is the inventor of Execution Synthesis, which is an acclaimed technique that automates the debugging of concurrent software. Cristian previously held research positions at UC Berkeley and Microsoft, and earned a Ph.D. in computer science from EPFL.

Workshops

Workshop: Hands-On Security Lab with Hacking-Lab

This training is based on the Hacking-Lab platform (hacking-lab.com), providing an online lab with several hundreds of different security challenges. Participants of this training will be granted access to several challenges in Hacking-Lab, where they can exercise their skills or learn with step-by-step instructions on how to exploit vulnerable web applications. After a common introduction, participants can select the desired difficulty level and solve the proposed challenges at their own pace, with the support of the trainers. A LiveCD environment, including all required tools, is provided as working environment. Participants are required to bring their own laptop with the provided virtual machine image installed (available at media.hacking-lab.com).

This training is open to anyone interested in IT security (e.g. application developers, system administrators, CISOs, etc). The technical level is pretty much open, the trainers provide individual support to the participants during the training. To work with the lab environment, participants are expected to have basic experience working with the linux command line and also have basic knowledge of the HTTP protocol.

Requirements for participants:

  • Laptop
  • Virtual Box or VMWare player
  • Hacking-Lab LiveCD (media.hacking-lab.com)

Photo of

Philipp Sieber

Compass Security

Philipp Sieber is managing director of Compass Security Cyber Defense AG, and responsible for Hacking-Lab. Before joining Compass Security, he worked as a software engineer and security architect, in the field of E-Banking. Philipp Sieber holds a MSc degree in Computer Science from the Swiss Federal Institute of Technology in Zurich (ETHZ), and a CISSP certification.
Photo of

Nicolas Heiniger

Compass Security

Nicolas Heiniger has worked several years as a network & security engineer in public and private companies before joining Compass Security as a security analyst. He is most interested in web application, networks and new challenges. Nicolas Heiniger holds a MSc degree in Computer Science from the Swiss Federal Institute of Technology (ETH/EPF) in Lausanne.
Photo of

Sylvain Heiniger

Compass Security

Sylvain Heiniger works as a Security Analyst for Compass Security. He is interested in testing networks, web applications and new technologies. Sylvain Heiniger holds a MSc degree in Computer Science from the Swiss Federal Institute of Technology (ETH/EPF) in Lausanne with a Minor in Information Security.

Workshop: La ‘santé légale’ des gardiens de vos données vitales ? Le ‘legal hacking’ amène de premières réponses publiques...

Destiné aussi aux cadres de PME possédant peu de compétences informatiques, cet atelier prends le pouls d'organisations médicales pour la conformité aux LPD et GDPR (RGPD).
Des variantess de techniques connues (cf. parties initiales de penetration testing) permettent l'analyse de données accessibles publiquement, des deux points de vue 'défense' et 'attaque', selon l'angle légal.
Les participants à l’atelier seront encouragés à former si possible des duos de compétences sur place (IT + management en entreprise) et prolonger sur leur laptop avec d'autres exemples.

Photo of

Eric Sinot

Conseiller indépendant, Eric Sinot analyse, remodèle et renforce la sécurité IT de PME suisses : audits techniques, organisationnels et légaux (conformité LPD et GDPR), hacking éthique, projets pour Plan de Reprise des Activités (DRP/BCP) et architectures informatiques sécurisées.
Il enseigne aussi régulièrement au niveau Certificat et Brevet Fédéraux.

Workshop: Hydrabus on IoT

The workshop is the continuation of the talk Hydrabus : Lowering the entry fee to the IoT bugfest where the attendance will be able to try by themselves practical examples of physical attacks on small challenges.
A VirtualBox image will be provided so it's highly advised to come with a laptop ready to run such an image. Notions in C language are strongly recommended. The workshop will be organized with a maximum of ten people.

Requirements for participants:

  • Laptop 64bits CPU, 4GB of RAM or more, 10GB free on HDD/SSD and at least 1 free USB Host port
  • An external USB 2.0 Hub(Not USB 3.0 Hub) is also highly recommended (but could be provided)
  • Oracle VM VirtualBox 5.1.x + VirtualBox 5.1.x Oracle VM VirtualBox Extension Pack(Mandatory for USB) preinstalled and tested
The VirtualBox Image (based on Ubuntu 16.x) and materials will be provided to participants at start of workshop.

Photo of

Benjamin Vernoux

Ingénieur
Hydrabus

Benjamin Vernoux created the HydraBus project including main hardware(hydrabus) and firmware(hydrafw) 3 years ago. He also worked on some well known open source software for SDR projects like airspy and hackrf during lot of years.

Black Alps’ badge hacking

Photo of

Nicolas Oberli

Black Alps

CFP

Call For Proposals: Talks and Workshops

Proposal submission

The submission process is now closed (it was open until 31 July 2017).

For any questions regarding the call for proposals, please contact us at .

Program committee

The Program committee is composed of internationally renowned experts in the field responsible for building a program of quality. They will collect the proposals and select the most outstanding ones.

  • Julien Bachmann, Hacknowledge (chair)
  • Pascal Junod, Snap
  • Sébastien Larinier, Sekoia
  • Sylvain Pélissier, Kudelski Security
  • Nicolas Ruff, Google
  • Aurélien Wailly, Amazon Web Services
  • Candid Wüest, Symantec