The 20th of June 2015, some members of the CERT SEKOIA were at the Nuit du Hack 2015, a French hacking conference inspired by DEFCON. A hacker crew named Hackerzvoice organizes it every year since 2011.
The NDH2k15 was opened by a speech by Guillaume Poupard, director of the ANSSI (National Agency of Information Systems Security).
According to him, the agency’s presence at this event means a true realization that hackers must be the focus of the debate. He came back on the misunderst
anding on the word hacker in France. The agency is looking to recruit hackers for a substantial number of jobs covering various fields such as cryptography, protection of communications, detection within Departments, pentest and incident response.
Then conferences were held one after the other all through the night.
“Trash Robotic Router Platform” by David Mendelez described the making of a drone from the start, using embedded Linux system and low cost equipment. Sadly, the prototype couldn’t work during the conference but the presentation was a good proof of concept.
Guillaume Levrier then presented “Internet of Things and public administrations: can you create a State by hacking?”. He explained how it could be possible to create a State in a region without existing infrastructure (after a natural disaster for example) with low-cost hardware like Raspberry Pi equipped with an e-ink display.
“Profiling criminal: Android malware” by Axelle Apvrille presented statistics collected on one million Android malware.
Boris Simunovic showed to the audience “How to hack an old toy in Martian robot”. This presentation was meant to be accessible to everyone. This was also the final project of Boris and two of his classmates in high school. The goal was to demonstrate that anyone could start hacking things without prior knowledge.
Karsten Nohl carried out a presentation on mobile network attacks. He explained how to simply protect us with an Android application like SnoopSnitch.
Damien Cauquil gave a presentation on Android middleware, followed by an analysis of .NET and PowerShell malware by Santiago Pontiroli and Roberto Martinez.
Then, Alexandre Triffault did a demonstration on key copy with a 3D printer while presenting weaknesses of rather complex keys.
Robert Simmons introduced the Open Source framework PlagueScanner. It can be used to analyse malicious files without posting them on a public platform.
Stephan Le Berre closed the conference with a speech about vulnerability research in Windows binaries with a AFL-like home-made fuzzer. His presentation was reserved to people with a good reverse and debugging understanding.
The NDH2k15 was also marked by different challenges. A Bug Bounty program aiming at rewarding bugs and vulnerabilities discovery in applications was organized in association with companies like Qwant, DenyAll and Yax.it.
There was private a Capture the Flag all night long that opposed teams of hackers who qualified themselves in Mars. A lockpicking challenge which allowed interested people to learn lock cracking was organized and a “defuse the bomb” challenge that simulated the conditions of a countdown system with restricted time to solve the challenges.
Workshops then started everywhere in the venue. This allowed small groups of interested people to interact with experts and to test tools in a guided way.
The edition of NDH2k15 was an interesting experience with a pleasant family atmosphere. It remains one of the most visible hacker conference in France as demonstrates the presence of an institution like ANSSI and some personalities of the French IT bloggers like Korben, Damien Bancal (from Zataz website) and Johanne Ulloa (from No Limit Secu podcast).
Data analyst at CERT SEKOIA