During this summer, I went to SANSFire, Defcon and BSidesLV. Usually, the month of September is lighter without big events for me. This is to prepare for the next wave of conferences ahead! Of course, BruCON will be held on the first week of October but, especially, Hack.lu which remains one of my favourite years after years. First of all, because the relaxed atmosphere is favourable to networking: I meet friends on a yearly basis at hack.lu and there are here and there meetups like the Belgian dinner which is organized for a few years mainly between Belgian Infosec people (but we remain open to friends 😜). The second reason (the official one) is also the number of high-quality talks that are scheduled on a single track. The organizers told me that they received a huge amount of replies to the call-for-papers. It was not easy to prepare the schedule (days are not extensible!).
The agenda has been published today and I already made my list of favourite sessions. Here is the list of topics:
- Ransomware and their economic model (how to quantify them)
- MONARC, a risk analysis framework and the ability to share information
- Threat intelligence in the real world or the gap that exists between what the security community think users need, what users think they need and what they actually need
- Klara, the Kaspersky’s open source tool which allows building a YARA scanner in the cloud
- Neuro-Hacking or how to perform efficient social-engineering
- “WHAT THE FAX?!” or how to pwn a company with a 30-years old technology
- DDoS or how to optimize attacks based on a combination of big-data analysis and pre-attack analysis to defeat modern anti-DDoS solutions
- Vulnerabilities related to IPC (“Inter-Process Communication) in computers
- How to improve your pentesting skills
- Privilege escalation and post-exploitation with bash on Windows
- Relations between techies and users in the world of Infosec
- How to find the best threat intelligence provider?
- Boats are also connected, “How to hack a Yacht?”
- How to discover API’s?
- Data exfiltration on air-gapped networks
- Presentation about the Security Information Exchange (S.I.E.)
- Practical experiences in operating large scale honeypot sensor networks
- An overview of the security industrial serial-to-ethernet converter
Here is a link to the official agenda. Besides the presentations, there are 18 workshops scheduled across the three days. I’ll be present to write some wrap-up’s! (Here is a list of the previous ones starting from 2011). See you there!