About Yann Derweduwen

Chef du département OSINT du C3N, COMCYBERGEND

Just a preliminary word for the HZV team.

HZV is an non-profit organization.

HZV only is able to produce leHACK because of the support of adherent members and hard benevolent work from the team.

If you're interested in supporting HZV, you can...

In the fall of 2017, in response to the WannaCry outbreak, Microsoft implemented Ransomware Protection in Windows 10 as a countermeasure. The basis of the ransomware protection is Controlled Folder Access, but this feature is full of holes and many...

About Marion Lachiver

Analyste CTI au CERT de OWN

Today most of serious mobile applications relay on industrial-grade software protection tools to detect and slow down reverse engineering. It forces attackers to waste a precious time bypassing obfuscation and RASP before deep diving into app speci...

Demonstrate different kind of structures in the binaries as a PE (header and your sessions) , ELF (header and your sessions), PDF(header/ body/cross-reference table/trailer), explaining how each session works within a binary, what are the technique...

Organizations are increasingly relying on cloud services from Azure, as there is native support from Microsoft. After obtaining Domain Admin privileges, it is essential to always think of attack paths or scenarios to escalate our privileges or desc...

About Camille Dolé

Détective privée au sein de l’agence Art’théna Investigations.

More to come.

About Jayson E Street

A "notorious hacker" by FOX25 Boston, "World Class Hacker" by National Geographic Breakthrough Series and described as a "paunchy hacker" by Rolling Stone Magazine. He however prefers if people refer to him s...

About Kevin Limonier

Directeur-adjoint de GEODE - Géopolitique de la Datasphère

Sous Windows, l'authentification est gérée par le processus Lsass. La plupart du temps lorsqu'un attaquant compromet une machine il va tenter de dumper la RAM du processus LSASS dans le but d'en extraire les secrets d'authentification présents. Il...

About Hervé et Hervé de OpenFacto

│║ SAP Focused Run is the brand new product in the SAP world. Introduced in │║ 2020 it is the replacement of the current well known SAP Solution Manager. │║ It is a dedicated type of SAP System to manage all others in the company │║ landscape....

In today's world, we have a modern and stable web application framework to develop on. That is already so much secured from the attacks, regardless of the OS. If you design the system properly, attacker cannot injection the system. Or attacker cann...

Qu'est-ce que l'environnement ICS ? Protocoles différents des protocoles "traditionnels", souvent hérité de communication "bus" non IP Équipements différents : Automates, Convertisseur IP/Série, Capteurs etc... Une maturité cyber très variable Pour...

The talk revolves around one of the most extreme Red team exercises us hackers ever did wherein the target was a billion-dollar pharmaceutical company dealing in all sorts of modern medicine. We were mandated to showcase control of the CROWN JEWELs...

Les service de domaine Active Directory offrent un enchevêtrement de mécanismes et protocoles complexes, dont la délégation Kerberos. Les délégations Kerberos permettent à des services d'obtenir l'accès à des ressources du domaine en tant qu'un aut...

Avoir un shell root sur un équipement connecté via l'exploitation d'une ou de plusieurs vulnérabilités semble être le Graal de tout chercheur en sécurité, qui de fait considère la sécurité du système comme étant complètement réduite à néant une foi...

Créer des comptes sur les réseaux sociaux de manière anonyme et peu coûteuse a toujours été compliqué, au vue du nombre de sécurités mises en place.

Le besoin est pourtant bien présent pour les red teams, investigations osint ou des hacktivistes....

Passwords should be long enough, complex enough, and unique to each site. Unfortunately, our memory is limited and we cannot remember such passwords. This is where password manager come into play. The basis of password manager is that it centrally...

Plusieurs fois par an, ZDI organise un concours appelé Pwn2Own dans lequel des chercheurs en sécurité doivent prendre le contrôle de matériel et logiciel grand public. Cette conférence explique la démarche utilisée par Mitsurugi et xarkes lors de c...

In today modern network, many technologies used to bring a high rate and stable communication between end users. Network infrastructure is heart of communication, which include all nodes and passing traffic. Therefore, it is vital to protect infras...

In this talk, we will try to get a basic understanding of Prototype Pollution: A type of vulnerability that allows attackers to exploit the rules of the JavaScript programming language and compromise applications in various ways. So, how does this...

A talk by Alexandre {MrJack} Triffault // Jean-Christophe {VidoQ} Cuniasse

Les films laissent souvent penser qu'on ouvre un Coffre Fort en écoutant les clics, mais en réalité le plus souvent, c'est à l'oeil et au toucher que le travail se fait.

What we perceive sometimes to be happening sometimes can be the opposite of what is occurring. We are not talking about magic tricks. Just how as humans we tend to see things we expect to see. Like an unknown person in your office with a clipboard...

Malware continues to advance in sophistication and prevalence. Well-engineered malware can obfuscate itself from the user, network, and even the operating system running host-based security applications. But one place malware cannot easily hide its...

Présentation de l'architecture et mécanismes des tags RFID: Disposition et explication de la mémoire d'un TAG RFID; Présentation : 60% théorique et 40% pratique (démos). Durée : 45min Nombre des sessions: A adapter selon les disponibilité Nombre de...

About Hervé & Hervé de Openfacto

Marc OLANIE will held a semi-permanent workshop on RadioFrequencies Tech, theory, protocols, and Hardware Hacking.

About

ELECTROLAB is a well-known Hackerspace located in Nanterre, north of Paris, with a specialization in hardware, RF and elec...

As a hacker you have sinned. Don't lie we see you. we know you have leaked informations, we know you have covertly exploited vulnerabilities in the wild wild web, we know you know gaping holes in big corporations IT.

The ZATAZ confessional is her...

Initiation au crochetage des serrures et présentation de l’Association des Crocheteurs de France + vente d’outils de crochetage.

About

Workshop tenu par l'Association des Crocheteurs de France (ACF)

fa-browser: WEBSITE

Hi, I'm mpgn, developer of the famous CrackMapExec and many other tools !

Creator of the french podcast Hack'n Speak and security constulant at daylight

In this workshop I will present the tool CrackMapExec and how to take adavantage of the to...

3 x 1Hour sessions:

• 21:00
• 00:15
• 01:15

This hands-on workshop deals with the exploitation of less common web vulnerabilities although they can be critical under certain conditions. the practical workshop will be presented in the form of a mi...

Ever wondered how to start with hardware hacking ? This workshop will present you some simple techniques you'll need to get you started. Of course, the best way to learn is by doing so we prepared a target device for you to fiddle with during the w...

During his Black Hat 2015 presentation, James Kettle explained how template injections could lead to code execution

At the end of the talk, he recommended running application in containers with limited privileges and read-only file system.

S...

About khast3x

Description

Les certificats sont des éléments clés dans un domaine Active Directory. Ils sont utilisés pour signer des applications, pour mettre en place du chiffrement TLS, pour les connexions RDP, mais également pour l'authentification d'utilis...

About Camille Dolé

Détective privée au sein de l’agence Art’théna Investigations

Malware continues to advance in sophistication and prevalence. Well-engineered malware can obfuscate itself from the user, network, and even the operating system running host-based security applications. But one place malware cannot easily hide itse...

About Darcosion

L’objectif de ce workshop est de présenter des attaques ciblant les claviers et souris sans fil (MouseJacking), ainsi que l’émulation de clavier virtuel (HID Attack) par l’utilisation de périphériques malveillants. Le workshop sera constituée de de...

About Erys / Aurélie Dumont

Analyste consultante en OSINT