HES2014 is actively prepared!

Check http://2014.hackitoergosum.org/ for more information and follow us on twitter to get updates @hesconference.

Best,
Hackito Ergo Sum organization team.

 

Some slides and audio recording are available here :
http://2013.hackitoergosum.org/presentations/

A big thank you to all speakers !

We will add more presentations later.

You can find almost 5 hours of Mumpi’s and Joernchen’s DJ set played during the last Hackito Ergo Sum’s 2013 party.
A big thanks to them for being there!
http://82.94.215.218/download/misc/HES2013/

It’s the end of Hackito Ergo Sum 2013.

See you next year for Hackito Ergo Sum 2014 !

Audio and slides will be available soon on the website.

Hackito Ergo Sum Party

With :
MUMPI (PHONEDELIT)
JOERNCHEN (PHONEDELIT)

 

Where ?
Artistic Squat “Le BLOC”
58 rue Mouzouaia
75019 PARIS

Metro: 7bis stop “Pré St-Gervais’


Agrandir le plan

/// Communiqué de presse /// Pour diffusion immédiate ///

Hackito Ergo Sum – Conférence Internationale
2 – 4 Mai 2013
Cité des science de la Villette, Paris, France.
http://2013.hackitoergosum.org/

Hackito Ergo Sum ouvre ses porte les 2, 3 et 4 mai prochains pour sa 4eme édition, en un moment historique, celui de la décision entre offenseur ou défenseur dans la sécurité informatique, celui de la mise en œuvre de nos connaissances pour la communication et l’exploration; ou pour celle de la restriction et du traçage.

La conférence présentera entre autres comment les hackers changent le monde par exemple avec le project HackRF “Jawbreaker” [1] qui propose de ne plus seulement écouter et recevoir les ondes radios numériques, mais aussi de les émettre. Qu’est-ce que cela change? Cela veut dire que le matériel radio n’est désormais plus l’apanage de gros fabricants de matériel. N’importe qui peut décider, pourvu qu’il se soit assez penché sur le sujet, de fabriquer le prochain Wifi, la 5G. Qui a dit, “5G, la mobilité sans opérateur?”. Nous parlerons exactement de cela.

Nous montrerons aussi comment des systèmes dit inviolables comme celui de l’iPhone [2] (et de toutes les iChoses) se retrouve aussi cracké que les alarmes et serrures de voitures, parfois grâce à une simple montre [3].

Mais le débat de fond, c’est celui comme nous le disions historique du moment ou beaucoup de hackers sont face à un choix, un dilemme pour certains, de travailler pour la sécurité et la protection de la vie privée de chacun, ou de monétiser leur techniques d’attaques pour fabriquer ces “Exploits militarisés” qui peuvent valoir jusqu’à 500 000 euros l’unité.

Et cela pourquoi? Tout simplement parce que de nouveaux acteurs majeurs de la cyberdéfense sont apparus. Exit les société d’armement des années 90. Les états eux mêmes vont au “pair à pair” en achetant ces codes d’attaques à des individus ou des sociétés. L’objectif final est simple: Amesys a montré ses limites. Les vrais dissidents, les vrais opposants se cachent dans le réseau, protègent leur communication, et la seule manière maintenant efficace pour les espionner est de pénétrer leurs ordinateurs, ou celui de leurs fournisseurs d’accès et opérateurs, afin d’espionner leur communications directement à la source. Qui est visé? L’homme ou la femme politique émergente, qui dérange à gauche comme à droite? Le journaliste qui fait réellement son travail au lieu de reprendre maquillé la dépêche de l’Agence France Pwouesse? L’activiste qui pose les questions qui dérangent?

Face à cela, d’autres hackers continuent la lutte pour une information totale sur les vraies vulnérabilités des systèmes que nous utilisons tous les jours, publiant les vulnérabilités et prouvant les problèmes, forçant les fabricants de matériels et logiciels à corriger les problèmes ainsi mis en exergues, minant et détruisant ainsi les codes d’attaques grâce à la correction des failles, détruisant l’arsenal de codes d’attaques achetés à grand frais par des acteurs gris. Fait intéressant, cette noble quête est partiellement illégale en France et pénalisée par des lois interdisant et sanctionnant la diffusion publique de ces preuves de vulnérabilités, les mêmes utilisés sous forme d’ “exploit” d’attaque par les gouvernements de manière couverte et à leur seule discrétion.

Et bien sur, personne n’est blanc. Les états eux mêmes se font la course à qui accumulera la puissance de frappe en “cyberguerre” la plus imposante, la plus variée, la plus efficace? Les dogmes militaires [4] sur le domaine sont même édités et reconnus. Et les éditeurs de logiciels sont pris entre connivence stratégique avec leur pays père respectifs et la nécessité de répondre et protéger leurs clients en corrigeant les vulnérabilités logicielles précedemment découvertes. Dans ce domaine, nous verrons notamment comment ces mêmes pays font des erreurs monumentales dans la création et le déploiement de leur force de frappe de cyberdéfense grâce à la conférence de Raoul Chiesa [5].

Venez donc voir l’état de l’art, pas seulement de la technologie, mais aussi de la société numérique dans laquelle nous vivons grâce à une quinzaine de conférenciers et d’experts français et internationaux.

Rendez vous le 2, 3, et 4 mai prochain à la Cité des science / UniverScience, Centre de congrès de la Villette, Paris, France.

http://2013.hackitoergosum.org/

Inscriptions:
http://2013.hackitoergosum.org/registration/

[1] Présentation de Benjamin Vernoux sur HackRF Jawbreaker – http://2013.hackitoergosum.org/speakers/#benjamin
“HackRF A Low Cost Software Defined Radio Platform”

[2] Présentation de Adam Laurie sur ChronIC – http://2013.hackitoergosum.org/speakers/#ALaurie
“Rfcat and beyond, how I used my watch to own your devices and your car”

[3] Présentation de Pod2G sur le jailbreak du dernier iPhone ainsi que celle de Matthieu Renard sur le hacking automatisé des iChoses d’Apple – http://2013.hackitoergosum.org/speakers/#gotohack

[4] Manuel de Tallinn – “The Tallinn Manual on the International Law Applicable to Cyber Warfare”

[5] Raoul Chiesa – http://2013.hackitoergosum.org/speakers/#Nobody
“Information Warfare: mistakes from the MoDs”

 

Great new, Hakin9 is the new media partner of Hackito for 2013. Come and checkout the new Hakin9 of this month for FREE:

“No charges, but only the first class Hakin9 tutorials! This month Hakin9 Open will teach you How to Detect System Intrusions. Find out more at
http://hakin9.org/how-to-detect-system-intrusions/

Hakin9

Tal zeltzer

Talk : Virtually Secure, Analysis to Remote Root 0day on an Industry Leading SSL-VPN Appliance

Today most networks present one “gateway” to the whole network – The SSL-VPN. A vector that is often overlooked and considered “secure”, we decided to take apart an industry leading SSL-VPN appliance and analyze it to bits to thoroughly understand how secure it really is. During this talk we will examine the internals of the F5 FirePass SSL-VPN Appliance. We discover that even though many security protections are in-place, the internals of the appliance hides interesting vulnerabilities we can exploit. Through processes ranging from reverse engineering to binary planting, we decrypt the file-system and begin examining the environment. As we go down the rabbit hole, our misconceptions about “security appliances” are revealed.
Using a combination of web vulnerabilities, format string vulnerabilities and a bunch of frustration, we manage to overcome the multiple limitations and protections presented by the appliance to gain a remote unauthenticated root shell. Due to the magnitude of this vulnerability and the potential for impact against dozens of fortune 500 companies, we contacted F5 and received one of the best vendor responses
we’ve experienced – EVER!

Bio :

Tal Zeltzer is an Israeli security researcher, reversing by day and hacking by night. Tal has a history of 0days behind him, ranging from his latest PCAnywhere findings to embedded systems and web applications. He spends most of his free time conducting research and developing research tools. He tweets under @talzeltzer and blogs at http://exploit-code.com

Click here to discover our other speakers here.

Glenn Wilkinson

Talk : The Machines that Betrayed their Masters: Mobile Device Tracking & Security Concerns

The devices we carry betray us to those who want to invade our privacy and security by emitting uniquely identifiable signals. The most common example is that of the wireless signals emitted by your mobile phone (even whilst tucked safely into your pocket), but as new technologies develop so do new signatures. Such signals may be used to track you, or be used toward more malicious intent.

The risk of an attack on these implementation flaws was first demonstrated in 2004 with the Karma exploit, however, the flaws still exist and have become more numerous as the number of WiFi enabled devices has grown. What’s more the privacy risks have not been fully explored until now.

This talk will discuss the process the author has gone through to build a resilient, modular, reliable, distributed, tracking framework. Data captured from several security conferences will be explored and discussed.

While Snoopy has been presented before, it was still in the earlier stages of development. Since then, a significant amount of work has been put into the framework (e.g XBee, SnooPi, and Quadcopters), and much experience gained in its use. A live demonstration will be given during the talk.

Bio :

Glenn currently works at SensePost with his role divided between penetration testing, training, and research. He holds two masters degrees from the University of Oxford.

Click here to discover our other speakers here.

http://2013.hackitoergosum.org/HES2013-CFP.txt

Hackito Ergo Sum 2013 – Call For Paper – HES2013 CFP

** http://hackitoergosum.org **

2-4 May 2013 / Paris / France

11111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111111111111111
11111111111111111000000111111111111111111000000111111111111111111
11111111111111111000000111111111111111111000000111111111111111111
11111111111111111000000111111111111111111000000111111111111111111
11111111111111111000000111111111111111111000000111111111111111111
11111111111000000000000000000000000000000000000000000111111111111
11111111111000000000000000000000000000000000000000000111111111111
11111111111000000000000000000000000000000000000000000111111111111
11111111111000000000000000000000000000000000000000000111111111111
11111000000000000111111111111000000111111111111000000000000111111
11111000000000000111111111111000000111111111111000000000000111111
11111000000000000111111111111000000111111111111000000000000111111
11111000000000000111111111111000000111111111111000000000000111111
11111000000000000000000000000000000000000000000000000000000111111
11111000000000000000000000000000000000000000000000000000000111111
11111000000000000000000000000000000000000000000000000000000111111
11111000000000000000000000000000000000000000000000000000000111111
11111000000000000000000000000000000000000000000000000000000111111
11111000000000000000000000000000000000000000000000000000000111111
11111000000000000000000000000000000000000000000000000000000111111
11111000000111111000000111111000000111111000000111111000000111111
11111000000111111000000111111000000111111000000111111000000111111
11111000000111111000000111111000000111111000000111111000000111111
11111000000111111000000111111000000111111000000111111000000111111
11111111111000000111111000000111111000000111111000000111111111111
11111111111000000111111000000111111000000111111000000111111111111
11111111111000000111111000000111111000000111111000000111111111111
11111111111000000111111000000111111000000111111000000111111111111
11111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111111111111111
111111111111111111111111111111111111111111111
111111111111111111111111111111111111111111111 HES 2013
111111111111111111111111111111111111111111111 Paris, 2-4 May 2013
111111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111111111111111

–[ Synopsis:

Hackito Ergo Sum is an international conference focused on
security and hacking breakthroughs from many different
perspectives: corporate, hackers, industry, governments,
academics. Diversity and creativity in this domain are the key
words. HES2013 will have for its 4th edition some of the best
hacking talents in the world.

–[ Venue:

Hackito Ergo Sum 2013 will take place in Paris, France from the
2nd to the 4th of May, 2013, at Cite des sciences et de
l’industrie.

Address:
30 Avenue Corentin Cariou
75019 Paris
FRANCE

It is easily accessible via public transport with metro line 7,
at the Porte de la Villette, or by car using orbital motorway
(Multiverse level I / 61d8327deb882cf99).

Map and pictures are available here:

https://plus.google.com/110203164083435669962/about?gl=fr&hl=fr

–[ Introduction:

It’s 2013 and we’re alive! Awesome! Let’s have a look at what
hacking future we have.

From the tectonic shift of forces from the West to the East, the
rise of military-powered attack software, and the evermore
sophisticated games of spooks, yesteryear’s “cloak-and-dagger”
has come to the hacking world. This is a game of mapping
individuals and their influences at hacking conferences,
cancelling Visas of potential future-enemies in a the
foreshadowed “cyber-war”, buying AND selling 0-days to identify
hidden networks of the underground, raising their filternet,
establishing red-button routers, identifying challenge winners
and profiling their hacking methodologies, and owning botnets for
sheer firepower.

We are in deep shit.

But hey, wait, that’s FUN! No matter the forces that threaten our
liberties and trace our modems, we still have not and will not
loose our passion to tinker, to explore, to peal back the layers
of technological reality. We have not lost the Will to Hack.

For the rest of us, we’re still all alike when we read media and
government propaganda: hackers intruding everything and waging
cyberwar, panic-spreading, FUD-driven definition of us as bad
guys, mafia, and evil-doers. All alike.

Our world is the world of hack, of the beauty of the baud and the
sheer madness of the screaming electron, (respect to Phrack and
The Mentor), and we won’t change it for anything. Because it is
the most immense and yet most fragile human creation; it is our
world and we own it.

If a khaki-pants warmonger or a 3-piece suit master-of-the-world
wannabee wants to confiscate it from us, restrict our freedom,
ban our activities, turn the public opinion to follow their
agenda, well, they may try, they may block some of us, they may
even put some of us out of the circuit, but they can’t replicate
our passion, our energy, our love of what we do, our insane
attention to the detail and effectiveness of our techniques.

Because in end, we’re all alike. And we’re damn ALIVE!

Now for the enlightened, our shared future is full of
opportunities, the humbling discoveries of others, and open
projects that inspire us to join and create together. Our futures
is limited only by our capability to collaborate in great
projects, and also to leave space for the others. TOR is kicking
and OONI roaring; TRAILS offers OS privacy and security for who
needs it; many conferences are being born everywhere; Frida IRE
is an amazing reversing tool; Qubes provides long sought-out
tough security; plenty of new tools are being released to reveal
unique weaknesses and failures. This furious creativity and
ecosystem gives birth to world-changing start-ups, vital
resources, must-have open source projects, and of course, one of
the most open and creative cultures. All this, against all odds,
exists and develops without bias nor prejudice. Just like it is.

So for Hackito Ergo Sum 2013, we want to see you exactly in the
same way: just like you are (ALERT: if you think about food here
you need to smash your TV and DNS bind youtube.com to
github.com), new or old school, skiddie or security professional,
n00b or l33t, to share and show diversity, and, most of all, to
LEARN. It is therefore our utmost pleasure to welcome you to this
4th edition of HES!

Since 2010, the goal of Hackito Ergo Sum has been to promote
security research, broaden public awareness, and create an open
forum so that communication between researchers, the security
industry, experts, and the public can happen.

Like every year, we offer the possibility to hackers, security
researchers, students, and academics to present their projects
and research.

During the three days of HES, research conferences, solutions
presentations, panels, debates, AND PARTIES will aim to share,
mix, and determine the future of IT security & hacking.

–[ Content of the Research Track:

We are expecting submissions in English only.
The format will be 45 minutes presentation + 10 minutes Q&A.

Please note that talks whose content will be judged too
commercial or biased toward a given vendor will be rejected.

We will have slots for AnonConf — that is, speaking about topics
for which improved anonymity and freedom of speech is imperative.
(Write Anon in email, use PGP).

We will also consider new and first time presenters, so that
anyone can get his/her foot in the door. Don’t be shy, just say
“It’s one of my first conf submission”, and we’ll be kind.

For the research track, preference will be given to offensive,
innovative, and highly technical proposals.

As a suggestion, we would love to see things about:

* SIPRnet, NIPRnet & other defense networks funny stories
* LTE radio and signaling abuses and/or real life hacks
* 4G, Diameter & GRX/IPX hacks
* Exploit style stylography
* CTF Antiforensics: Detection of Intelligence gathering CTFs
* Government filternets (formerly known as Internet, R.I.P)
* x86/64 & Non-x86 exploitation
* New methods to detect software bugs (source or binary based)
* Funky Kernel land exploits
* Offensive forensics
* Current kernel buffer overflows exploit techniques for your
grandmother
* SAT solving your ROP gadgeting and chaining
* Real life hack automation (yeah, default passwords and reuse DO
work better than overflows in a kernel 3.x world)
* IOS vuln research & vulndev
* Identifying tainted 0-day sploits for government-sponsored grey
market tracing
* Mobile Botnets and Overlay networks-based C&C
* IPv6 & “Carrier Grade NATs” advances
* M2M Machine Type Communication
* Sound hacking: binaural, brown, …
* UEFI malware writing
* Android, RIM, Bada, IOS Mobile applications & OS hacks
* TPM and Secure Boot kitting & knifing
* FPGA backdoors
* Automated Hardware reverse engineering
* Hardware security & lockpicking in 2013

We will also have a Zero Day Show, as last year, at the end of
the conference so that people can share (love/kindness) or show
(salivate/envy) their new babies to the world. Prepare! Zombie
Exploitocalyps incoming :)

We highly encourage any other presentation topic, especially the
one we may not even imagine.

If you want to share skills on a specific subject during a
workshop, feel free to contact us.

–[ Submissions:

[*] Requested information:

Submissions must contain the following information:

* Speakers name or alias
* Presentation Title
* Description
* Needs: Internet? Others?
* Demo (Y/N)
* Company (name) or Independent? (optional)
* Address (optional)
* Phone (optional)
* Email (optional)
* Biography (optional)

We highly encourage and will favor presentations with demos.

Specify if submission contains any of the following information:
* Tool
* Slides
* Whitepaper

[*] How to submit:

Submit your presentation and materials by sending an email to:

hes-cfp@lists.hackitoergosum.org

–[ Dates:

2013-02-04 Call for Paper
2013-03-31 Submission Deadline
2013-04-04 Acceptance notification
2013-04-07 Program announcement
2013-05-02 Start of conference
2013-05-04 End of conference

–[ Program Committee:

The following program committee will review the submissions:
– Tavis Ormandy (Google) @taviso
– Mark Dowd (AzimuthSecurity) @mdowd
– Alex Rice (Facebook)
– Barnaby Jack (IOactive) @barnaby_jack
– Charlie Miller @0xcharlie
– David Litchfield (V3rity Software) @dlitchfield
– Nico Waisman (Immunity) @nicowaisman
– Philippe Langlois (P1 Security) @philpraxis
– Laurent Gaffie @laurentgaffie
– Julien Tinnes (Google)
– Brad Spendler (aka spender) (Grsecurity)
– Silvio Cesare (Deakin University) @silviocesare
– Carlos Sarraute (Core security)
– Itzik Kotler (aka izik) @itzikkotler
– Jason A. Donenfeld (ZX2C4) @zx2c4
– Rodrigo Branco (Intel) @bsdaemon
– Tim Shelton (HAWK Network Defense) @redsandbl4ck
– Ilja Van Sprundel (IOActive)
– Raoul Chiesa (tstf)
– Dhillon Andrew Kannabhiran (HITB) @hackinthebox
– Philip Petterson (aka Rebel)
– The Grugq (COSEINC) @thegrugq
– Emmanuel Gadaix (TSTF) @gadaix
– Kugg (/tmp/lab)
– Harald Welte (gnumonks.org) @LaF0rge
– Van Hauser (THC)
– Fyodor Yarochkin @fygrave
– Gamma (THC, Teso) @GammaTHC
– Pipacs (Linux Kernel Page Exec Protection)
– Nico Golde (Qualcomm) @iamnion

–[ Fees:

Here is the list of prices for HES 2013:

* Corporate ticket: 480 EUR
* Security professionals: 160 EUR
* Non security professionals: 70 EUR
* Discount for students below 26: 50 EUR
* Discount for CVE/exploit publisher in 2012-2013: 50 EUR
* Volunteers (Must register, see below): 0 EUR

Corporate tickets are a great way to directly sponsor HES and
help us to continue to organize this event. Special privileges or
goodies may be offer with these tickets.

Buy your ticket online :

http://fr.amiando.com/NGBMIJM.html

–[ Sponsors:

We are looking for sponsors. Don’t forget that sponsors are
essential for events like HES.

Entrance fees and sponsors fees are used to fund international
speakers travel costs and hosting facility. Please ask for the
HES2013 Sponsor Kit at
hes2013-orga@lists.hackitoergosum.org.

–[ Volunteers:

Volunteers who sign up before 2013-04-07 get free access and will
need to be present onsite two days before (2013-04-30) if no
further arrangement is made with the organization.

–[ Journalists:

Journalists are welcome, but are required to comply with simple
rules to ensure the mutual respect among adults we aim to bring
in Hackito. In particular, filming or taking pictures of
attendees without their prior agreement is absolutely prohibited.
“We shall respect privacy and people” is the only motto.
Register here: http://2013.hackitoergosum.org/press/

–[ Challenges

Of course, there will be an online challenge during the
conference, hosted and animated by Over The Wire. We will
announce the country of honor for that regard shortly.

We will also have a new Hacker & Vendors challenge:

-^-^-^- The Fuzzor -^-^-^-

This challenge will enable the ultimate test between offensive
and defensive people. If you think you can hack anything, you’re
offensive. If you think your product is so secure it won’t suffer
a hack, you’re defensive. And we’ll get the two groups to meet on
a neutral ground, in a never-done before fashion.

Hackers: Register to the conference and prepare your Hacking
tools.
Vendors: Prepare your software to be tested like never before.

We will give more details before the conference. This new
challenge will rock your underwear!

–[ Security Vacation Club – Hackito Tour

After Hackito Ergo Sum, we will need to rest from the intensity
of the conference.

That’s why we’re organizing a Hackito tour!

Beach, clubs, code, meeting great people and party. We will go
from Paris to Ibiza to Berlin and back to Paris. For the lucky
few, one sponsored Villa will host us in Ibiza. See you there.

–[ Anti-sexism and LGBTA Friendly:

This conference is open to any sex, any color, any genre, any
alienness, whatever it may be.

–[ Greetz:

We would like to thank the HES2013 Team, its reviewing committee
and all the volunteers for their time and dedication in making
this event a success.

We would also like to greet all the speakers of last year’s
edition for the quality of their presentation and the great time
we shared in Paris: you are all most welcome back in Paris for
the 2013 edition.

Likewise, we’d like to thank last year’s sponsors for their
unconditional support. Feel free to support us again for this
2013 edition.

Finally, we would like to thank all the people who participated
to last years edition: whatever different views of the world,
communication and exchange is probably what makes people human,
and that’s why we make Hackito happen. See you all in May! Peace,
Love, Passion.

–[ Contact:

hes2013-orga@lists.hackitoergosum.org

Please submit via hes-cfp@lists.hackitoergosum.org

Hackito Ergo Sum 2013 conference – http://hackitoergosum.org

— [ Social Media:

Keep in touch with the HES Organization via Twitter!

Website: http://2013.hackitoergosum.org

@hesconference on Twitter ! – https://twitter.com/hesconference

-[EOF]-

 

Friends Of Hackito