Workshops
Internet-wide scanning: why & how?
Warning: the content of this workshop will be close to the one presented at GreHack'15 and GreHack'16. Therefore, if you already attended to it in previous years, we highly advise you to attend to another workshop.
Description
This workshop covers the tools used for network recon (Nmap, Zmap, Masscan) and the challenges to address to (efficiently) run country-, AS- or Internet-wide scans, depending on the scan objectives. While it focuses on the open source network recon framework IVRE, the concepts discussed can be applied using other tools.
Prerequisites
- A basic knowledge of network protocols (IP, TCP, UDP and most common applications: HTTP, DNS, etc.), Nmap and Linux is required.
- Come with a (recent enough) laptop running Linux
- IVRE installed. Read and follow the get started section
- If you have troubles getting IVRE installed on your computer, contact the developers or open an issue on GitHub (before the workshop!)
- Recent versions of Nmap & Masscan installed
- Bring a USB flash drive (to exchange results with other participants).
- A remote Linux host to run scans (no scan can be run from the Internet access provided during the workshop) would be really great even if not absolutely necessary. Linode provides cheap servers you can use for that purpose; their hardware and prices are good, their staff is great and they accept network scans from their hosts provided you handle quickly abuse e-mails.
Biography
Scapy hands-on
Warning: the content of this workshop will be close to the one presented at GreHack'16. Therefore, if you already attended to it last year, we highly advise you to attend to another workshop.
Description
Scapy (http://www.secdev.org/projects/scapy & https://github.com/secdev/scapy) is a powerful Python-based interactive packet manipulation program and library. It can be used to forge or decode packets for a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more.
- packets manipulation
- sending & receiving packets
- visualization
- IPv6 and TLS support
- implementing a new protocol
- answering machines
- automaton
- pipes
Prerequisites
- a laptop running Linux (native or virtualized)
- a fresh Scapy install from github
Biography
Guillaume Valadon is an Internet professional that works for ANSSI and holds a PhD in networking. He likes looking at data and crafting packets. In his spare time, he co-maintains Scapy and tries to learn reversing stuffs. Also, he still remembers what AT+MS=V34 means.
Miasm
Warning: the content of this workshop will be close to the one presented at GreHack'15 and GreHack'16. Therefore, if you already attended to it in previous years, we highly advise you to attend to another workshop.
Description
- Symbolic execution for information retrieving;
- PE reconstruction for setting a "soft and cozy binary" for tools;
- Shellcode analysis in an emulated Windows environment for highlighting relevant information (C&C, ...) and automation.
Prerequisites
- Running a Linux environment (Host or VM)
- Having Miasm installed, with regression tests running (ie, tests/test_all.py fully working - Jittests fully working (using either gcc or tcc) , no need of llvm)
- Basic knowledge in reverse engineering field (this is not an intro to reverse, but an intro to Miasm for resolving common reverse engineering issues)
Manticore - Experiments with symbolic execution
Description
This workshop introduces Manticore, a Python tool for binary symbolic execution that supports x86/64 and ARMv7. We will start with a basic introduction to symbolic execution, cover how Manticore can be used to symbolically explore binaries, and work on a number of examples. We will finish with a brief walkthrough of Manticore's internals and how you can modify and expand Manticore's behavior.
Prerequisites
- A Linux host or vm with Manticore installed, follow the installation guide
- Some background knowledge of assembly (instructions, cpu registers, calling conventions, etc), and operating systems (system calls, process virtual memory maps, etc).
Biography
Yan Ivnitskiy (@yan on Twitter/GitHub) is a Principal Security Engineer at Trail of Bits and one of the core Manticore developers.
Radare2
Description
- "how to use and script radare2" or "Who needs a GUI anyway?"
- "practical use of radare2 to do some proper reverse engineering" or "Who needs the source code anyway?"
- "using radare2 during ctf" or "radare2, for fame, glory and shells"
Prerequisites
- Having a virtual machine : we'll give you a virtual-machine with radare2 on it.
- Being able to run `git clone https://github.com/radare/radare2 && cd radare2 && ./sys/install.sh`
- Super-basic knowledge in reverse engineering field (being able to answer the question "What is a stack and what is a register" is enough)
Biography
Julien Voisin is a long-time radare2 contributor, that did several trainings and talks about it around the world. Florent Jaquet took part in a (successful) Radare Summer of Code, implementing new features and fixing bugs.
Maxime Morin is a French IT Security Consultant living in Amsterdam, working for FireEye in the i3 team and performing general technical threat analysis (Malware analysis, etc.). He's interested in Reverse Engineering especially Malware related analysis. He is a modest contributor to Radare2 and part of the core-group. He mainly works on the regressions-test suite and mentors a student for Google Summer of Code for the project this year.
Hello, Android Malware Reversing!
Description
Basics
- What's an APK? What's inside?
- Tools to disassemble or decompile Android apps
- Reading and understanding Dalvik bytecode
- Understanding the Android Manifest
- Spotting the main activity
- Finding who's using this or that code
Dynamic analysis
- Using the Android emulator: installing apps, reading system logs...
- Patching an APK
- Reading incoming and outgoing SMS
Prerequisites
- Be at ease with Unix command, basic programming skills in Java and scripting will help
- A 64-bits laptop
- Either VirtualBox or Docker installed
- A USB key with the virtual image, Docker container and Android samples will provided during the workshop.
However, as copying the images and installing takes time, it is preferable if attendees are able to download the VirtualBox image or docker container beforehand.
- Virtual Box image
- For docker, simply run `docker pull cryptax/android-re`
Biography
Axelle Apvrille (@cryptax) is a happy senior researcher at Fortinet. Her research focuses on any strange virus on so-called 'smart' devices, ranging from smartphones to IoT. She enjoys CTFs, especially at Hack.Lu, Ph0wn and perhaps GreHack among the pic0wn team, though her best achievements are at drawing comic strips about it.
Microsoldering workshop or how to spy on the memories of the Internet of Trucmuches?
Description
Firstly, we will demonstrate two techniques to spy on EEPROMs/MCUs: by soldering in live microwires on a data bus with a microscope, and by creating an adaptation PCB and moving the chip to this PCB. After that, everyone will be able to try by herself to move a BGA (Ball Grid Array) MCU: desoldering, cleaning, reballing, hot air soldering.
Biography
Philippe Teuwen (@doegox) and Guillaume Heilles (@PapaZours) are software & hardware security researchers / engineers at Quarkslab after having spent about 15 years in the industry.
ZAP: Zed Attack Proxy by OWASP (and Security Shepherd)
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.
Prerequisites
- A laptop with ZAP installed
- A VM will be provided
By Tarik El Aouadi (OWASP).