On the 16th of April, two of us were at the Minet Conference which was organized by students of TélécomSud Paris. During the afternoon, five conferences took place some technicals and some more oriented on global security. This article aims to make a summary of each one.
Security is not only a matter of technology – Jean-Marc Bourguignon (@fo0)
During his conference, Jean-Marc Bourguignon tried to answer this important question :
How to protect population and journalists against state monitoring into countries where human rights are flouted knowing that they are simple users and not security professionals ?
He first talked about risks and issues that journalists encounter during their mission. He gave one big example which was if journalists don’t encode their communications, they can put in danger their life, their job and also the life of their contacts. Thus, in certain situations computer security is a matter of life or death.
Unfortunately, home editorials and journalists are often not aware of this so there is a real need of sensitization. For instance, some of them say the mainstream argument “I have nothing to hide” (which is, in their case close to professional fault…) whereas if a journalist’s computer is infected it can be a huge vector of infection for his parent company.
After exposing the problematic, Jean-Marc Bourguignon gave us some advices about computer hygiene :
As a conclusion to the conference, the speaker point out the lack of sensitization in home editorials and journalism schools and said that regrettably, they put it in place when dramas happened.
Threat intelligence to the rescue of the response to incident – Thomas Chopitea (@tomchop_)
Thomas Chopitea came to conference Minet to present the process put in place during incident response and to show how threat intelligence is useful in this case.
Afer explaining what is an information, he explained the six steps of a response to incident which are :
Then he explained the OODA loop which is the process to apply to analyze facts faster, based on observation and decision.
In the second part of his presentation, he talked about the four categories of intelligence which are :
To conclude, Thomas Chopitea talked about the importance of sharing the intelligence collected between different companies and explain the classification of sharings. Moreover, he pointed out that the feedback step in incident response is too often forgotten even though it’s an important one to be more efficient.
Introduction to reverse engineering – Julien Voisin
With his conference, Julien Voisin aimed to initiate people to reverse engineering more by doing demo than a theoric presentation. To do this, he started by explaining what is assembly language, how the stack works and the difference between decompilation and desassembling.
Then, he answered the question “Why people would do reverse engineering ?”. He gave us several reasons like industrial spying, bugs exploitation, bugs correction, interoperability and mainly for fun.
After he finished the presentation of reverse engineering he threw us in the heart of the matter with two demos. The first one was a demo to show how to bypass the checking of cd-rom by Age of Empire I and thus play the game without any cd-rom.
In the second one he showed us a code containing a BufferOverflow. He explained what a buffer overflow is and then exploited it to open a shell on the computer while the code was just made to enter a name.
He concluded his conference by telling us not to blindly trust softwares or constructors and to be curious of how they work.
Optimization of time search for a compromission – Alexandra Toussaint et Sébastien Larinier – Sekoia (@FliegenEinhorn, @sebdraven, @sekoia_fr)
We were at Conference Minet not only to attend the conferences but also to present our work concerning the sorting of files and how documents can be vectors of infection, espcially pdf.
Our problematic was “When you have to analyze a hard drive disk, what files do you analyze and why ?”.
We first started by enumarating which files we have to keep for analysis and why :
How to hijack mobile traffic when you have no money – Alexis Bonnefoi (@_haplo__)
The purpose of Alexis Bonnefoi with his conference was to show how you can sniff mobile traffic without spending too much money. He started by explaining the fourth sets composing GSM which are :
After this dense presentation, Alexis Bonnefoi explained which hardwares and softwares you can use to sniff mobile traffic and showed us some tricks like retrieving kc to decipher sms with gsm-receive.To conclude his talk, he said to not trust your phones because GSM is open and based on availability not security. Here you can find his slides to have more details ! -> countzero.info/gsm.pdf
Sekoia is creating solutions for cyber-risk prevention and cyber-attack response. Since 2008, Sekoia is developing know-hows and technologies in order to address emerging risks faced by companies in the cyber-space.