We are already in November, fall is back! This is also the sign of the new edition of hack.lu, a classic security conference organized in Luxembourg. The first day started with workshops. I attended the crypto analysis workshop prepared by Eric Filiol, an expert in this domain. Cryptography is certainly
Search Results for: hack.lu
hack.lu Day #3
Already the last day of the conference! I could say that hack.lu was a “festival of calc.exe” this year! They popped up from everywhere 😉 We started with Ilja van Sprundel who talked about exploiting Delphi/Object Pascal. Applications written in Delphi are not often targets of attacks but interesting stuff
hack.lu Day #2
After some coffee and croissants, the second day started with a speech of the Minister of the Economy and Foreign Trade, Jeannot Krecké. He spoke about the importance of security awareness on the Internet and IT infrastructure mentioning the Cyberworld Awareness Security Enhancement Structure (“CASES“) active in Luxembourg. Due to
hack.lu Day #1
Go to Luxembourg for the new edition of hack.lu. A three days conference about computer security and impacts on the society. This is the second edition for me. The first day started with workshops. I attended the one about DAVIX: “a live CD for data analysis and visualization that brings
hack.lu Part #10
Here we go! Last half-day which started with “Browser Rootkits” presented by Julien Lenoir and Christophe Devaux (both from Sogeti). As already said yesterday, browsers are now fully part of the users desktop and installed by default. They presented their rootkits developed for Internet Explorer and Firefox! First idea: “browser
hack.lu Part #9
Back from coffee break, let’s play with hardware now. Philippe Teuwen talked about smart cards and how they are protected. First attack is performed via the power line but recent smart cards are quite well protected. Flash attacks and electromagnetic attacks are other possibilities. Philippe’s slides were based on nice
hack.lu Part #8
Welcome back to the last day of hack.lu! First presentation was made by Philippe Langlois about the diversity of network perimeters available for companies today. Philippe was a founder of Qualis! Today everybody uses SS7 networks! Do you remember phreaking using blue boxes? SS7 was deployed by operators and prevented
hack.lu Part #7
Last presentation on the planning: Patrick Hof and Jens Liebchen, from Redteam Pentesting, presented slides about JBoss and its configuration. The goal was to explain how to exploit a JBoss server and got a shell on the server. They got it! Jboss is based on a complex architecture and is
hack.lu Part #6
Back from lunch, the conference continues with ligthing talks… First one, “NF3D and associates, firewalls get fun” from Eric Leblond, INL. NF3D is a vizualization tool for Netfilter logs. Logs (packets logged by Netfilter) are displayed in three-dimension like a GANTT diagram. Ulogd2 is a userspace logging daemon for Netfilter.
hack.lu Part #5
Back to the presentations… Ezequiel David Gutesman from Core Security Technologies presented a web application fuzzer. Why? Because web applications are very common (used everywhere) and consequences in case of attacks can be dramatic (loss of data, data theft, …) for companies. Countermeasure are WAF’s (Web Application Firewalls) coupled with