In spite of being central to everything that is going on in IT security, the concept of "exploit" is surprisingly poorly formalized and understood only on an intuitive level by security practitioners. This lack of clear definition has all sorts of negative side-effects: From ineffictive teaching to muddled thinking about mitigations.
In this talk, I will make an attempt to more clearly define what it is that attackers do when they write an exploit - and then talk about what this means for mitigations and secure coding.
During the design, the implementation and the integration of an IoT product, many questions arise about the reliability and security of wireless communications. One of the most used, long-range, IoT protocol, Sigfox, is proprietary with no specification nor security review. We will explain all the internals of this protocol that we have reverse-engineered...
C'est quoi un "Bug Bounty" ? Après une démystification de l'approche cette keynote abordera son histoire, son fonctionnement, les avantages et inconvénients ainsi que les contraintes légales actuelles et risques. Ces points seront illustré par des retours d’expérience de plusieurs entreprises ayant mis en place un programme de Bug Bounty.
This presentation will discuss real world examples of ransomware attacks against enterprise customers. We will explain the newest tactics attackers use to infiltrate enterprises and install threats, including the use of psexec and TeamViewer with stolen credentials. We will highlight methods deployed by ransomware targeted towards corporate environments, such as encrypted web files and database entries. Different use cases for ransomware, including cases where it has been used as a diversion or to cover the attacker's tracks, will be assessed in order to better understand the issue.