Archives for category: Uncategorized

HES2014 is actively prepared!

Check for more information and follow us on twitter to get updates @hesconference.

Hackito Ergo Sum organization team.


Some slides and audio recording are available here :

A big thank you to all speakers !

We will add more presentations later.

You can find almost 5 hours of Mumpi’s and Joernchen’s DJ set played during the last Hackito Ergo Sum’s 2013 party.
A big thanks to them for being there!

It’s the end of Hackito Ergo Sum 2013.

See you next year for Hackito Ergo Sum 2014 !

Audio and slides will be available soon on the website.

Hackito Ergo Sum Party

With :


Where ?
Artistic Squat “Le BLOC”
58 rue Mouzouaia
75019 PARIS

Metro: 7bis stop “Pré St-Gervais’

Agrandir le plan

Great new, Hakin9 is the new media partner of Hackito for 2013. Come and checkout the new Hakin9 of this month for FREE:

“No charges, but only the first class Hakin9 tutorials! This month Hakin9 Open will teach you How to Detect System Intrusions. Find out more at


Tal zeltzer

Talk : Virtually Secure, Analysis to Remote Root 0day on an Industry Leading SSL-VPN Appliance

Today most networks present one “gateway” to the whole network – The SSL-VPN. A vector that is often overlooked and considered “secure”, we decided to take apart an industry leading SSL-VPN appliance and analyze it to bits to thoroughly understand how secure it really is. During this talk we will examine the internals of the F5 FirePass SSL-VPN Appliance. We discover that even though many security protections are in-place, the internals of the appliance hides interesting vulnerabilities we can exploit. Through processes ranging from reverse engineering to binary planting, we decrypt the file-system and begin examining the environment. As we go down the rabbit hole, our misconceptions about “security appliances” are revealed.
Using a combination of web vulnerabilities, format string vulnerabilities and a bunch of frustration, we manage to overcome the multiple limitations and protections presented by the appliance to gain a remote unauthenticated root shell. Due to the magnitude of this vulnerability and the potential for impact against dozens of fortune 500 companies, we contacted F5 and received one of the best vendor responses
we’ve experienced – EVER!

Bio :

Tal Zeltzer is an Israeli security researcher, reversing by day and hacking by night. Tal has a history of 0days behind him, ranging from his latest PCAnywhere findings to embedded systems and web applications. He spends most of his free time conducting research and developing research tools. He tweets under @talzeltzer and blogs at

Click here to discover our other speakers here.

Glenn Wilkinson

Talk : The Machines that Betrayed their Masters: Mobile Device Tracking & Security Concerns

The devices we carry betray us to those who want to invade our privacy and security by emitting uniquely identifiable signals. The most common example is that of the wireless signals emitted by your mobile phone (even whilst tucked safely into your pocket), but as new technologies develop so do new signatures. Such signals may be used to track you, or be used toward more malicious intent.

The risk of an attack on these implementation flaws was first demonstrated in 2004 with the Karma exploit, however, the flaws still exist and have become more numerous as the number of WiFi enabled devices has grown. What’s more the privacy risks have not been fully explored until now.

This talk will discuss the process the author has gone through to build a resilient, modular, reliable, distributed, tracking framework. Data captured from several security conferences will be explored and discussed.

While Snoopy has been presented before, it was still in the earlier stages of development. Since then, a significant amount of work has been put into the framework (e.g XBee, SnooPi, and Quadcopters), and much experience gained in its use. A live demonstration will be given during the talk.

Bio :

Glenn currently works at SensePost with his role divided between penetration testing, training, and research. He holds two masters degrees from the University of Oxford.

Click here to discover our other speakers here.

Friends Of Hackito