Workshops


Initiation à Tox with Hackira

at 9:30 PM

Zone 1

Présenter, installer, expliquer le fonctionnement de Tox, un système de messagerie acentré et sécurisé (actuellement en version Alpha).


How to bullshit your way through datascience with mandarine

at 12:00 AM

Zone 1

When bullshit isn't enough, add maths to it!

Data scientists are the new leaders of a data driven world. More and more, we are asked to provide graphs and data to justify our decisions. Some of them are real and some of them are like me ... and it's hard to know which is what!

This workshop shows how to manipulate great looking fake numeric data in order to convince anyone that you're right. Manipulated formulas, colors and scales, use of 3D, and biased datasets are as many tools that are available to the bullshit professional we all are inside.


Workshop Console with Xavbox

at 3:00 PM

Zone 2

Puçage, changement d'écrans, hacks divers et variés par XavBox.


Make you own Arduino with DTRE

at 8:00 PM

Zone 2

This Workshop will make people discover the technology behind the very popular Arduino development board by letting them create one using raw components such as an ATmega328P microcontroller. This Workshop is a good way to quickly and easily learn electronics, also it can helps people save a lot of money by using their knowledge to replace an Arduino with more cost efficient designs.


Wireless = Flawless ? with DTRE

at 8:00 PM

Zone 2

In this workshop people will have to build an IR emitter using an Arduino board and find the good sequence in order to hack a remote controlled door. Be creative to get the good code, bruteforce isn't the only way, social engineering can work surprisingly well !


The hands of the hacker with DTRE

at 8:00 PM

Zone 2

This Workshop will challenge you. Your goal : find the vulnerabilities we introduced while we designed 2 robotic arms and take control of them. Each arm as a different security level and you need to hack the first one if you want to try and hack the last one.


NDH Bot with DTRE

at 8:00 PM

Zone 2

In this workshop you will have to take hack the NDH Bot a dog sized robot which can be controlled using bluetooth. If you are good enough to break our security you will be able to drive our robot and show us your talent as a pilot.


Workshop Drone with FAQ-DRONE

at 3:00 PM

Zone 2

Nous présenterons différents aspects des drones, à quoi ça sert, est-ce sécurisé, peut-on le hacker ou se faire hacker en vol ? Vous allez pouvoir tester vos talents de pilotes de drones grâce au simulateur de vol qui sera mis en place comme l'année dernière, nous passerons quelques vidéos de courses de drones en mode « stars wars », introduction au vol en immersion total (c'est-à-dire avec des lunettes FPV pour piloter comme si vous étiez à bord du drone), construction d'un drone de A à Z en mode DIY (Do It Yourself) et programmation de celui-ci ainsi que de sa radiocommande. Il y aura plusieurs sessions afin qu'un maximum de personnes puissent voir et poser des questions facilement.

Conseils et vente de drones de tout genres et pleins de surprises…


Hack, brute, root, crash... and start again ! with Guillaume Prigent & Johanne Ulloa

at 10:00 PM

at 2:00 AM

Zone 1

Bruteforce , Heartbleed , Shellshock , Scada scan & Schneider Modicon remote start / stop ... Come on and do it yourself immersed in a real infrastructure and with your own network . The objective of this workshop is to show, step by step, how an attacker is able to implement these exploits on vulnerable machines and how to try to limit the damage (or not) .

Technical Illustration of compromise

Didactic presentation by Johanne Ulloa scenarios and exploit the system by penetration and privilege escalation.

Do it yourself ! - Technical labs

Led by Guillaume Prigent, just implement yourself IT and SCADA network operation with metasploit framework following three use-cases:

  • Heartbleed ;
  • Shellshock ;
  • TCP / Modbus - Schneider Remote Start / Stop

Prerequisites:

  • Laptop with Windows 32/64 bit and Linux 32/64 bit with a RJ45 Gigabit NIC

OWASP ZAP FÛ

at 9:30 PM

Zone 1

Zed Attack Proxy is an OWASP flagship project. This multiplateform scanner have been designed to assist you in your Audits,regression testing etc. and to fit in your code development life cycle.

The forthcoming version comes with loads of ameliorations, fuzzing, more client side control, and as always more scripts.


Initiation Arduino & Electronique with TixLeGeek, virtualabs, y0n0, unixity

at 8:00 PM

Zone 2

L'objectif de ce workshop est de réaliser un pendentif animé à base de matrice de leds et d'arduino en mode wearable (https://learn.adafruit.com/trinket-slash-gemma-space-invader-pendant), à la sauce HZV (côté design & firmware).

On fournit les fers à souder, les pinces, l'étain, et le kit. Inscription via crowdfunding, a priori 30 places de dispo par groupe de 10 (3 sessions dans la nuit).

Seront abordés:

  • la circuiterie électronique
  • la board trinket/gemma (selon appro.) d'adafruit (arduino + configuration de developpement + exemples)
  • le principe du pendentif animé
  • le montage (assemblage et soudure)
  • la programmation du pendentif

Les participants repartent avec:

  • le pendentif assemblé et fonctionnel
  • un chargeur LiPo usb pour la batterie (ça peut aider)

Rien de bien compliqué, mais une bonne entrée en matière dans le monde des micro-controleurs et des systèmes embarqués =)

Les inscriptions au workshop se déroulent à l'adresse suivante : http://fr.ulule.com/hardware-hacking2015/


Atelier de Lockpicking (crochetage) with OFC

at 3:00 PM

Zone 2

Apprenez les bases du crochetage et exercez-vous sur des serrures plus ou moins résistantes !


Réalisation d'une station de soudage OpenSource compatible Weller with Electrolab

at 8:00 PM

Zone 2

Réalisez une station de soudage régulée à base d'Arduino, compatible avec les pannes Weller, pour moins de 100€ !


The confessional with Zataz

at 3:00 PM

Zone 2

Come to confession in the confessional of Zataz For 18 years, the site allows users Zataz, those who want to help, to alert businesses, associations of vulnerability, data leakage. Mission, it corrected quickly and well before a pirate passes by. In 18 years, the zataz.com alert protocol has helped more than 60,000 people.

This year the NDH receives Zataz in a confessional. Come bring your "alert", it does the rest. It will ask you anything else, you will keep the mystery of your identity and will leave no traces (perhaps DNA on the glass we drink together)


Radare2, a concrete alternative to IDA with Maxime Morin

at 9:30 PM

Zone 1

When it comes to messing with binaries, IDA Pro is the tool of trade, but it has a lot of drawbacks, like being non-free and super-expensive; this is why we have radare2!

The radare project started in February 2006 aiming to provide a free and simple command line interface for a hexadecimal editor supporting 64-bit offsets to search and recover data from hard-disks.

Since then, the project has grown with a different aim, in order to provide a complete framework for analysing binaries with some basic NIX concepts in mind like ‘everything is a file’, ‘small programs that interact together using stdin/out’ or ‘keep it simple’.

Initially a one-man project, it has now grown into a community-powered one, able to

  • Disassemble (and assemble for) many different architectures
  • Debug with local native and remote debuggers (gdb, rap, webui, r2pipe, winedbg, windbg)
  • Run on Linux, BSD, Windows, OSX, Android, iOS, Solaris and Haiku
  • Perform forensics on filesystems and data carving
  • Be scripted in Python, Javascript, Go and more
  • Support collaborative analysis using the embedded webserver
  • Visualize data structures of several file types
  • Patch programs to uncover new features or fix vulnerabilities
  • Use powerful analysis capabilities to speed up reversing
  • Aid in software exploitation
  • And much more