A few impressions of #CYBSEC15

The event was a great success. We hope that the participants enjoyed it! The organization committee thanks all participants, speakers, partners, and sponsors. Do not forget to save the date for the next edition:

#CYBSEC16 will be held in Y-PARC on November 1st-3rd, 2016!

 

Venue

Staff

Trainings

Opening

Conferences

Participants

Business event :
"La protection des données, un enjeu sensible pour les PME suisses"

Y-NOT-CTF

Rump session

Evenings

Program 

Tuesday Nov 3, 2015: Trainings

08:00 - 08:45 Welcome and coffee
08:45 - 10:15 T1
Web Application Security Lab with Hacking-Lab.com
Alexandre Herzog
(Compass Security)
Antoine Neuenschwander
(Compass Security)
T2
OSINT: from theory to practice, hands-on sessions and team challenges
Raoul Chiesa
(Security Brokers)
Paolo Giardini
(Security Brokers)
T3
Hands-on Wireshark:
Speed up your forensics
and network analysis

Thomas Baudelet
(iwaxx Sàrl)
10:15 - 10:30 Coffee break
10:30 - 12:00 T1 T2 T3
12:00 - 14:00 Lunch
14:00 - 15:30 T1
 
T2
 
T4
Hands-on Wireshark:
Capture and analyze
802.11 traffic

Thomas Baudelet
(iwaxx Sàrl)
15:30 - 16:00 Coffee break
16:00 - 17:30 T1 T2 T4
17:30 - 18:00 Aperitif

Wednesday Nov 4, 2015: Conferences

08:00 - 09:00 Welcome and coffee
09:00 - 09:15 Opening
09:15 - 10:00 KEYNOTE: Security: a new hope? (FR)
Fred Raynal (QuarksLab)
10:00 - 10:30 Coffee break
10:30 - 11:15 Bug Bounty programs: the good, the bad and the ugly. (EN)
Noelle Murata (Square, Inc.)
11:15 - 12:00 Hacking like in the movies : Insomni'hack 2015 CTF writeups (FR)
Adrien Stoffel et Michael Zanetta (Insomni'hack, SCRT)
12:00 - 13:30 Lunch
13:30 - 14:15 Airport IT Security: pentesting a large European international airport (EN)
Raoul Chiesa (Security Brokers)
14:15 - 15:00 Social Engineering: The devil is in the details (EN)
Ivano Somaini (Compass Security)
15:15 - 15:45 Coffee break
15:45 - 16:30 What is data from a legal perspective? (FR)
Sylvain Métille
16:30 - 17:00 Coffee break - Welcome Innovaud Y-NOT-CTF (free registration)
Ethical hacking contest
17:00 - 18:30 Business event: (free registration)
La protection des données, un enjeu sensible pour les PME suisses (FR)
18:30 - 19:30 Aperitif
19:30 - 20:00 Travel (bus or personnal car)
(Bus departure at 19:40)
20:00 - 23:00 Castle evening (Château de Grandson)

Thursday Nov 5, 2015: Conferences

08:00 - 09:00 Welcome and coffee
09:00 - 09:45 KEYNOTE: Lawful interception - Police work challenges in the digital future (FR)
Julien Cartier (Police Cantonale Vaudoise)
09:45 - 10:30 When providing a native mobile application ruins the security
of your existing Web solution
(FR)
Jérémy Matos (Jérémy Matos Securing Apps)
10:30 - 11:00 Coffee break
11:00 - 11:45 IRMA : Incident Response and Malware Analysis (FR)
Fred Raynal (QuarksLab)
11:45 - 12:30 Hacking like in the movies : Insomni'hack 2015 CTF writeups (FR)
Adrien Stoffel et Michael Zanetta (Insomni'hack, SCRT)
12:30 - 14:00 Lunch
14:00 - 14:45 Protecting infrastructure secrets with Keywhiz (EN)
Sarah Harvey (Square, Inc.)
14:45 - 15:30 WebSSO - The API gateway approach (FR)
Florent Martin (SmartWave)
15:30 - 16:00 Coffee break
16:00 - 16:45 Detecting and monitoring a targeted threat (FR)
Marc Doudiet (Kudelski Security)
16:45 - 17:30 Breaking white-box cryptography (FR)
Philippe Teuwen (NXP Semiconductors)
17:30 - 19:00 Aperitif and rump session
19:30 - 23:00 Yverdon evening (La Promenade)
(Bus departure at 19:15)

Partners and sponsors 

Gold sponsor

Silver sponsors

Bronze sponsors

Network event 1 sponsor

Network event 2 sponsor

Become a sponsor

We offer sponsoring packages. Please check the different packages here: 

CyberSecConference2015-Sponsoring.pdf

Contact us at sponsors[at]cybersecurityalliance[dot]ch.

Conferences

All supports and slides will be in english.

The speakers will talk in english or in french.


Wednesday Nov 3, 2015

Security: a new hope? (Keynote)

During this conference, we will see what changed over the last 15+ years in the hype of “cybersecurity”. It is said that who has not failed has actually not tried. But did we really try to fight and provide working solutions to security issues? Did we really address the right problems?  We will discuss about lemons and cherries, planes, hardware and try to imagine new ways to deal with security. 

Language: French

Fred Raynal (QuarksLab)

Fred Raynal
(QuarksLab)

Fred Raynal, PhD, is the founder and CEO of QUARKSLAB. Previously, he worked 3 years at EADS, including working as a core member of EADS IW, then created the SOGETI ESEC R&D (lab) team he managed for 5 years. He also is founder of the french conference SSTIC and magazine MISC. He is a regular speaker at many conferences (HITB, CanSecWest, Pacsec, hack.lu, …), Beside "founding", he enjoys both technical hacking, information warfare and finding ways to combine both in order to create different (and hopefully better) ways to do information security., 
 

Bug Bounty programs: the good, the bad and the ugly 

At Square, we have several bug bounty programs. In this tech talk, we will go over how we organized them. We will discuss good practices to keep researchers engaged and how to ensure engineers prioritize fixing our products as quickly as possible. We will also present responses which lead to frustration from the bug bounty participants point of view.

Language: English

Noelle Murata (Square, Inc.)

Noelle Murata
(Square, Inc.)

Noelle is a member of the security engineering team at Square. Her responsabilities includes interfacing with third party security researchers (bug bounty) and engineers.
 

Airport IT Security: pentesting a large European international airport

During this talk I will bring to the audience a very recent experience (October 2015) lasted 3 months, while along with my team we deeply pentested one of the largest Europe's international airports. 

Language: English

Raoul Chiesa (Security Brokers)

Raoul Chiesa
(Security Brokers)

Raoul "Nobody" Chiesa was born in Torino, Italy.  After being among the first Italian hackers back in the 80's and 90's (1986-1995), Raoul decided to move to professional InfoSec, establishing back in 1997 the very first vendor-neutral Italian security advisory company; he then left it in 2012, establishing "Security Brokers", a visionary joined stock company providing niche, cutting-edge security consulting services and solutions.
Raoul is among the founder members of CLUSIT (Italian Information Security Association, est. 2000) and he is a Board of Directors member at ISECOM, OWASP Italian Chapter, and at the Italian Privacy Observatory (AIP/OPSI); he has been one of the coordinators of the Working Group "Cyber World" at the Center for Defence Higher Studies (CASD) between 2010 and 2013 at the National Security Observatory (OSN) at Italy's MoD. He is a former member of the ENISA Permanent Stakeholders Group (2010-2012 and 2013-2015), a independent "Special Advisor on Cybercrime and Hacker's Profiling" at the UN agency UNICRI, and a Member of the Coordination Group and Scientific Committee of APWG European chapter, the Anti-Phishing Working Group, acting like a "Cultural Attaché" for Italy. Since July 2015 heís a Board Member at AIIC, Italian Experts Association on Critical Infrastructures.
Raoul publishes books and white papers in English and Italian language as main author or contributor, a worldwide known and appreciated Key Note and Speaker, and he's a regular contact for worldwide medias (newspapers, TV and bloggers) when dealing with Information Security issues and IT security incidents.
 

Social Engineering: The devil is in the details

Information security threats to organisations have changed completely over the last decade, due to the complexity and dynamic nature of infrastructures and attacks. Successful attacks cost society billions a year, impacting vital services and the economy. New attacks cleverly exploit multiple organisational vulnerabilities, involving physical security and human behaviour. Defenders need to make rapid decisions regarding which attacks to block, as both infrastructure and attacker knowledge change rapidly.

The speaker, Ivano Somaini from Compass Security, was a member of the amateur acting group at the Cantonal School of Graubünden at Chur. With his Master in Information Security at ETH Zurich, he found the perfect way to combine those interests: Social Engineering.

You will learn more about the methodologies of a professional Social Engineer as well as the newest attack vectors available. Ivano Somaini will present you several attack scenarios he successfully executed in real companies during his four years of Social Engineering experience. All those scenarios exceeding known approaches such as e-mail phishing by far. He will explain how even the smallest and seemingly least relevant information revealed is enough to break into financial institutions and steal industrial Know-How.

Language: English

Ivano Somaini (Compass Security Schweiz AG)

Ivano Somaini
(Compass Security Schweiz AG)

Ivano Somaini was already interested in IT Security during his youth and studied the topic further during his IT studies at ETH Zurich with focus on information security. During his studies he deepened his knowledge in topics such as cryptography protocols, network security and e-privacy. His master thesis deals with the theoretical aspects of security. Ivano modelled and verified the cryptographic protocol Kerberos. Beside his studies, he worked as developer for AdNovum Informatik AG and afterwards as IT-Supporter for ETH Zurich. Since March 2011 Ivano Somaini is employed as Security Analyst at Compass Security. In 2013 he formed Compass Security's branch office in Bern and has been leading it ever since.
 

What is data from a legal perspective?

Data is not defined by law as something clear or unique. There is indeed different data subject to totally different rules. Personal data requires a justification to be processed, electronically stored or transmitted data is protected against copy or damages by the criminal code, health data is usually personal data with stringent rules. In addition, sectorial laws restrict the transmission and disclosure of data, or require certain technical and organizational security measures, like banking law, professional or official secrecy, etc.

With this talk, we want to help people who daily processes data to assess the categories of data they are dealing with and the different responsibilities it might trigger.

Language: French

Sylvain Métille

Sylvain Métille

Sylvain Métille, Ph.D. in Law, is a Lecturer at University and a Partner at HDC Law firm in Lausanne.
He is a recognized data protection and new technologies lawyer, with more than ten years’ experience at the bar. He regularly assists local and multinationals companies when it comes to personal data, surveillance, IT or computer crime.
 

Thursday Nov 5, 2015

Lawful interception - Police work challenges in the digital future
(Keynote)

The cyberspace entered since the last 10 years in everybody's life. The way Law enforcement authorities should work in order to achieve their investigations is changing quicker than ever. What are the challenges of the police work in our digital future? Are these challenges the ones we could think of?    

Language: French

Julien Cartier (Police Cantonale Vaudoise)

Julien Cartier
(Police Cantonale Vaudoise)

Julien Cartier, Ph.D., is a forensic scientist, graduated from the University of Lausanne which has the world oldest academic forensic science school created in 1909 by Rudolphe Archibald Reiss. 

Julien Cartier started working in the criminal police of the Police cantonale vaudoise 15 years ago. As a criminal analyst he worked 5 years in the organised crime unit and since 10 years in a dedicated operational support unit, who deals with criminal analysis, IT forensics and interception. 

 

When providing a native mobile application ruins the security
of your existing Web solution

Providing a native mobile application in addition to an existing web solution, whether it is for usability/performance/connectivity reasons, has far more security implications than it may seem. Very often the mobile integration moves logic from server to client side, but this code cannot be considered secret anymore. We will see with the exploitation of real world Android application how it is possible to

  • retrieve documents without paying for them
  • decrypt and use them on any device despite the DRM in place

The approach will combine some Java reverse engineering and HTTP monitoring, enabling to understand how basic cryptography is used by the server authentication logic. The various vulnerabilities discovered, at design or code level, will be detailed and serve as examples not to follow. Then it will be explained how to use them altogether to collect and decrypt unauthorized resources via a Python script.

To conclude, practical recommendations will be provided to address those common categories of issues.

Language: French

Jérémy Matos (Jérémy Matos Securing Apps)

Jérémy Matos
(Jérémy Matos Securing Apps)

Jérémy Matos has been working in building secure software for almost 10 years. With an initial academic background as a developer, he has a clear insight of what is a software development lifecycle in practice. It also enables him to gain the trust of other programmers by speaking the same language and understanding their day-to-day activities, providing an efficient channel to increase their security awareness.
Designing and developing for a two-factor authentication product during 6 years made him deal with challenging threat models, particularly when delivering a public mobile application. And also practice extensively secure coding guidelines, as the solution was regularly reviewed and penetration tested by 3rd parties. Being responsible for the integration and deployment with customers was for him a great opportunity to work with diverse production infrastructures and security providers, in critical sectors such as banking, health or industry. Understanding the various stakeholders constraints was key to reduce operational costs as much as possible.
His experience was used in both internal and external consulting roles. He helped in the security requirements definition and implementation, including cryptographic protocols, for applications where the insider is the enemy. 
He also led code reviews and security validation activities for companies exposed to reputation damage. In addition, he participated in research projects to mitigate Man-In-The-Browser and Man-In-The-Mobile attacks.
 

IRMA : Incident Response and Malware Analysis

Malware has been a pain for years. Thanks to marketing, we thought anti-virus would be enough to deal with them. Now, we all know there is not a unique solution, and that it is illusionary to expect a network without malware. So, a team of analysts in a CERT or a SOC for instance must be able to quickly sort a file: it is safe, it is an already known malware (no need to be analyzed), the file is unknown. In order to fulfil its mission, the analysts team must quickly remove file that does not need any analyze, so that the team can focus on unknown file.

IRMA provides a quick way to do that. It performs different analysis (which we call probes) of a file, through multiple anti-virus engines, sandbox, external information and specialised probes (PEiD or PDF for instance).

We developed IRMA focusing on 2 goals:
1. It must be easy to install.
2. It must be easy for everyone to add new probes.

We will see how IRMA can be used as a sortage system when dealing with permanent malware attacks so that you can focus where it really matters.

Last but not least, if you want to build your own customized instance of IRMA in order to avoid sharing sensitives files with AV editors or Google, this talk is definitely for you.

Language: French

Fred Raynal (QuarksLab)

Fred Raynal
(QuarksLab)

Fred Raynal, PhD, is the founder and CEO of QUARKSLAB. Previously, he worked 3 years at EADS, including working as a core member of EADS IW, then created the SOGETI ESEC R&D (lab) team he managed for 5 years. He also is founder of the french conference SSTIC and magazine MISC. He is a regular speaker at many conferences (HITB, CanSecWest, Pacsec, hack.lu, …), Beside "founding", he enjoys both technical hacking, information warfare and finding ways to combine both in order to create different (and hopefully better) ways to do information security., 
 

WebSSO - The API gateway approach

An insurance company wanted to extend their services online to Partners and Customers. Each population having its own identity data store, ranging from dedicated Identity Providers (IdP) and social networks’IdPs to local directories, they where in a siloed identity environment with no single unified authoritative source. To face the common issues of siloed identity environment, this insurance company retained a federated identity architecture, to provide the populations with SSO.

The first challenge to face in this project was the heterogeneity of the authentication methods. Web applications and services support different authentication methods and these methods can evolve regarding the internal or external access to application. This is where the API gateway approach makes sense. It provides with a loose-coupled approach to authentication with a perimetric layer in charge of the federation with different IdPs, an outbound layer in charge of the authentication to applications and in between a core layer in charge of token translation. Moreover, this solution enables us to handle the second challenge of this project, the Kerberos authentication for external users, using a dedicated service from the API gateway.

Language: French

Florent Martin (SmartWave)

Florent Martin
(SmartWave)

Florent Martin, PhD : Experienced IT engineer.

He received main degrees in executive education, a master degree from the Conservatoire National Des Arts et Métiers and a Phd in data mining, in a collaborative context within industry and university of Grenoble. 

I started my carrier in manufacturing industry, working in automation and electronics, before moving to research in data mining, software integration and finally Identity and Acces Management. All of these experiences where focused on the providing services in the manufacturing domain. I developed a deep knowledge in software development ranging from embedded to large business solutions development, integration and support. Through the integration of embedded devices such as acquisition systems, badge readers and terminals with business solutions, I developed a strong knowledge in securing information flows and managing identities. Thus, I moved to the actual manager position in the area of Identity and Access Management.

 

Protecting infrastructure secrets with Keywhiz

At Square, our number one priority is security. We needed something to protect secrets, especially as their number increased with our adoption of micro service architecture.

Although protecting infrastructure secrets is a common need, we weren’t able to find an adequate secret management system. So, we built Keywhiz.

Keywhiz is a secret management and distribution service that is now open source. Keywhiz helps us with infrastructure secrets, including TLS certificates and keys, GPG keyrings, symmetric keys, database credentials, API tokens, and SSH keys for external services. Automation with Keywhiz allows us to seamlessly distribute and generate the necessary secrets for our services, which provides a consistent and secure environment, and ultimately helps us ship faster.

Language: English

Sarah Harvey (Square, Inc.)

Sarah Harvey
(Square, Inc.)

Sarah is a security engineer at Square. She is responsible for various backend systems (written in Java and other languages), most of which play a critical role processing our customers payments.
In the past, she worked at Facebook on production engineering and Google on Chrome OS systems security.
 

Detecting and monitoring a targeted threat

In today’s world, companies need to assume that they are compromised. The challenge now is to reduce the time between the breach and the detection. During this talk, Marc Doudiet will come back on a targeted attack (APT) case detected by the Cyber Fusion Center from Kudelski Security and show how to detect, monitor and eradicate such threats.

Language: French

Marc Doudiet (Kudelski Security)

Marc Doudiet
(Kudelski Security)

Marc is a senior security analyst at Kudelski Security working in the Cyber Fusion Center, a new-generation Security Operations Center (SOC). 

His day to day job involves hunting intruders, reverse engineering binaries and researching methods to detect cyber criminals. 

Nothing makes him happier than adding another sample to his collection of weird binaries and strange exploits.

 

Breaking white-box cryptography

Although all current scientific white-box approaches of standardized cryptographic primitives are broken, there is still a large number of companies which sell "secure" white-box products. A new approach to assess the security of white-box implementations is presented which requires neither knowledge about the look-up tables used nor any reverse engineering effort. The differential computation analysis (DCA) attack is the software counterpart of the differential power analysis attack as applied by the cryptographic hardware community.

Language: French

Philippe Teuwen (NXP Semiconductors)

Philippe Teuwen
(NXP Semiconductors)

Philippe Teuwen is Principal Researcher at the Innovation Center Crypto & Security in the Business Unit Security & Connectivity of NXP Semiconductors. He's a regular speaker on NFC security and privacy and loves CTF challenges.

Training 1

Web Application Security Lab
with Hacking-Lab.com

Content:

This training is based on the Hacking-Lab.com platform, providing an online lab with several hundreds of different security challenges.

Participants of this training will be granted access to several challenges in Hacking-Lab.com, where they can exercise their skills or learn with step-by-step instructions on how to exploit vulnerable web applications. After a common introduction, participants can select the desired difficulty level and solve the proposed challenges at their own pace, with the support of two trainers.

A virtual machine, including all required tools, is provided as working environment. Participants are required to bring their own laptop with the provided virtual machine image installed.

Table of content:

  • Global information about Hacking-Lab.com
  • Getting familiar with the setup
  • Details about the proposed challenges
  • Participants solve the challenges they desire with the support of the trainer

Audience type:

This training is open to anyone interested in ethical hacking in general and especially in Web security. Some basic knowledge about web applications and Linux is expected.

Requirements:

  • Participants are required to bring their own laptop and install a provided VM in advance
  • Network access via Ethernet (preferred) or Wi-Fi

Trainers:

Antoine Neuenschwander (Compass Security Schweiz AG)

Antoine Neuenschwander
(Compass Security Schweiz AG)

Antoine Neuenschwander worked as a software engineer in the development of security products for several years before joining Compass Security in 2014 as a penetration tester and security analyst. His fields of expertise include web application security in general and authentication protocols in particular. Antoine Neuenschwander holds a MSc degree in Computer Science from the Swiss Federal Institute of Technology in Zurich.
 
Alexandre Herzog (Compass Security Schweiz AG)

Alexandre Herzog
(Compass Security Schweiz AG)

Alexandre Herzog worked as system administrator and developer over 10 years in banks in Switzerland and abroad before joining Compass Security in 2010. His fields of expertise include Microsoft based technologies, from the operating system up to the C# code of (ASP).NET solutions. Alexandre is also interested in Web Security in general and is the author of several security advisories (Microsoft, SAP, AdNovum, United Security Providers, …). His most critical finding was a flaw in Micosoft's .NET framework, allowing remote code execution on various web applications ranging from SharePoint to OWA and many other ASP.NET applications.
Alexandre Herzog, now CTO of Compass Security, finished in 2013 his MAS studies in Information Security at the University of Applied Sciences of Lucerne. His master thesis consisted of an analysis of cryptographic mechanisms in Windows and .NET.
 

Language:

All supports and slides will be in english.
The speakers will talk in english or in french.

Duration:

One session of a full day: from 8:45 to 12:00 and 14:00 to 17:30

Price:

There is a special price in bundle with the conferences:

  • Regular:  only CHF 50.- for the training,
    i.e. CHF 350.- for conference (CHF 300.-) + training 1 (CHF 300.-)
  • Student: only CHF 30.- for the training,
    i.e. CHF 130.- for conference (CHF 100.-) + training 1 (CHF 100.-)

Without conferences, for the full day:

  • Regular: CHF 300.-
  • Student: CHF 100.-

Training 2

OSINT: Open Source Intelligence
from theory to practice,
hands-on sessions and team challenges

Content: 

This course exposes the concepts and basic knowledge for those who look out for the first time in the world of Intelligence and specifically the OSINT (Open Source Intelligence). Course goal is to provide basic knowledge about the world of intelligence, related disciplines, and then focus on the analysis of Open Sources  and its practical applications.

Table of content:

Introduction

  • The world of Intelligence
  • OSINT: history and definitions

Module 1

  • Open sources methodology and characteristics
  • Search strategies

Module 2

  • Standard and not standard search engines: how to best use them?
  • The OSS and commercial search software: pros and cons

Audience type:

Everyone's, from tech guys to journalists, spies (LOL), Law Enforcement (seriously), CEOs, Brand Reputation Managers, etc.

Requirements:

Participants should bring their own laptops to be able to try the techniques and to do the exercices.

Trainers:

Paolo Giardini (Security Brokers)

Paolo Giardini
(Security Brokers)

Paolo Giardini, Director at the OPSI (National Observatory on Privacy and Information Security), an AIP branch (IT Professionals Association, for which he also holds the position of Privacy Officer) deals since more than twenty years with Information Security, Privacy, Open Source and Digital Forensics, carrying out analysis and advice activities and delivering courses and seminars. He works as a Technical Private Expert (CTP) and Technical Court Expert (CTU) at several Public Prosecutors offices and courts. He spends his free time into the organization of the hacker game, "CAT - Crack a Treasury", that he created.
 
Raoul Chiesa (Security Brokers)

Raoul Chiesa
(Security Brokers)

Raoul "Nobody" Chiesa was born in Torino, Italy.  After being among the first Italian hackers back in the 80's and 90's (1986-1995), Raoul decided to move to professional InfoSec, establishing back in 1997 the very first vendor-neutral Italian security advisory company; he then left it in 2012, establishing "Security Brokers", a visionary joined stock company providing niche, cutting-edge security consulting services and solutions.
Raoul is among the founder members of CLUSIT (Italian Information Security Association, est. 2000) and he is a Board of Directors member at ISECOM, OWASP Italian Chapter, and at the Italian Privacy Observatory (AIP/OPSI); he has been one of the coordinators of the Working Group "Cyber World" at the Center for Defence Higher Studies (CASD) between 2010 and 2013 at the National Security Observatory (OSN) at Italy's MoD. He is a former member of the ENISA Permanent Stakeholders Group (2010-2012 and 2013-2015), a independent ìSpecial Advisor on Cybercrime and Hackerís Profilingî at the UN agency UNICRI, and a Member of the Coordination Group and Scientific Committee of APWG European chapter, the Anti-Phishing Working Group, acting like a ìCultural AttachËî for Italy. Since July 2015 heís a Board Member at AIIC, Italian Experts Association on Critical Infrastructures.
Raoul publishes books and white papers in English and Italian language as main author or contributor, a worldwide known and appreciated Key Note and Speaker, and he's a regular contact for worldwide medias (newspapers, TV and bloggers) when dealing with Information Security issues and IT security incidents.

Language:

All supports and slides will be in english.
The speakers will talk in english.

Duration:

One session of a full day: from 8:45 to 12:00 and 14:00 to 17:30

Price:

Price for the full day of training: CHF 750.-

Trainings 3 and 4

Hands-on Wireshark

There are two trainings:

  • Morning:      [T3] Speed up your forensics and network analysis
  • Afternoon:   [T4] Capture and analyze 802.11 traffic

See details below.

 

Trainer:

Thomas Baudelet (founder of iwaxx Sàrl)

Thomas Baudelet
(founder of iwaxx Sàrl)

Graduated engineer from INSA Rennes (France) in 2003, Thomas worked worldwide during 3 years for Alcatel-Lucent as an integrator of GPRS services (MMS & WAP servers) for national telecom operators in countries such as Russia, Nigeria, Egypt, United Arab Emirates, Thailand, Yemen, Togo, and Sri Lanka.
He faced various system technologies, live networks of millions of users, and developped his taste for problem solving on complex and critical architectures.
In 2006, he joined the Geneva University Hospitals network team and daily worked on network and security technologies: firewall, VPN, routing, administration of a public class B network, wireless, PKI, load balancers, and VoIP. He set up the actual WLAN architecture: 1'800 Access Points located throughout the canton of Geneva and the PKI authentication.
In 2010, he created his own company, iwaxx Sàrl, and since then he has been offering his services in troubleshooting, network analysis, integration and training. His customers include companies such as three different private banks in Geneva, SIG, Etat de Vaud, HUG, Adecco, AVASAD, etc.  

Language:

All supports and slides will be in English.
The speakers will talk in English or in French.

Prices:

T3 only:     CHF 350.-
T4 only:     CHF 350.-
T3 and T4: CHF 600.-


T1 - Hands-on Wireshark: Speed up your forensics and network analysis

Duration:

Morning, from 8:45 to 12:00

Content:

This training will focus on practical behaviors to have with Wireshark in front of a network capture file. The basic usage will be explained and then we'll quickly focus on labs and digging into real life packet captures. For each lab, we'll concentrate on how we should use Wireshark at its best to focus on our problematic.

Table of content:

Part I:
  • Introduction to Wireshark
  • Packet capture techniques
  • Capture and display filters
    Lab: filtering various captures looking for common mistakes, anormal results, misbehaviors of filters
  • Capture filter for forensics
    Lab: analyzing malware traces / scanners' behaviors
  • Create adapted profiles
    Lab: creating the "perfect" analysis profile and populating it all along the training
  • Tshark and command line tools
Part II:
  • Methodology: Steps to follow in front of a capture trace
    Lab: quickly eliminate traffic in a 1 GB packet capture
  • Don't be fooled by Wireshark: avoid spending times on false alarms
    Lab: analyzing common TCP problems
Part III:
  • SSL/TLS decryption
    Lab: Testing various decryption techniques
  • Anonymize your network captures
  • Wireshark v2: the future of Wireshark

Audience type:

This training is opened to all people having a minimum knowledge of networking: knowing the basic purpose of DNS/ARP, the role of a default gateway, a VLAN, etc. People who don't have any experience at all with Wireshark are more than welcomed. Profile is not only restricted to network guys, but also system engineers, technical support team, and developpers.

Requirements:

A laptop with last stable version of Wireshark (currently 1.12.7) running on Windows, OS X or Linux. Although Wireshark 1.99.x is available (soon to be launched as Wireshark 2.0), it’s not quite ready for prime time in this class.


T2 - Hands-on Wireshark: Capture and analyze 802.11 traffic

Duration:

Afternoon, from 14:00 to 17:30

Content:

This hands-on training event is dedicated to capture and analysis of Wi-Fi traffic. After some basic and practical theory, we'll test the different ways of capturing WLAN traffic on Windows, OS X and Linux. We'll face the challenges of these half-duplex communications compared to LAN capture. Most common authentication methods present on corporate networks will be dissected (EAP-TLS, PEAP, PSK) with real-life problems that may appear. We'll finish with the major claim of users: bad throughput troubleshooting and some packet challenges.

Table of content:

Part I:
  • Radio basics in practice
  • What to expect in the air: 802.11 mechanisms and real-life values
  • 802.11 capture techniques on Windows / OS X / Linux
  • 802.11 Frame Types
    Lab: What's around us currently?
Part II:
  • Lab: Analysis of EAP-TLS authentication
  • Lab: Analysis of PEAP authentication
  • Lab: Anatomy of a roaming
  • Lab: Decrypt WPA/TKIP and WPA2/AES PSK traffic
Part III:
  • Lab: Troubleshoot authentication failures
  • Lab: Troubleshoot bad throughput
  • Lab: Consequences of different antennas, gain and position
  • Packet Challenges: find the problem!

Audience type:

This training is opened to all people having a minimum knowledge of networking: knowing the basic purpose of DNS/ARP, the role of a default gateway, a VLAN, etc ... No specific wireless knowledge is required, but the basics of Wireshark (which will be presented in the morning in another training) is a plus to focus directly on the packets, not the tool.

Requirements:

A laptop with last stable version of Wireshark (currently 1.12.7) running on Windows, OS X or Linux. Although Wireshark 1.99.x is available (soon to be launched as Wireshark 2.0), it’s not quite ready for prime time in this class. People who have Airpcap dongles are invited to bring them. Some dongles will be available but maybe not one per person depending the number of students.

Business Event

La protection des données,
un enjeu sensible pour les PME suisses

Dans le cadre de la CyberSec Conference, événement phare de la sécurité informatique en Suisse romande, un thème concernant toutes les entreprises sera au cœur des débats : la protection des données.

Qu'elles soient de nature économique, personnelle, sur vos collaborateurs ou vos clients, médicale ou de toute autre nature, les données informatiques des entreprises se multiplient et sont toujours plus convoitées.

Leur protection n'est donc plus une option, mais elle est devenue un enjeu stratégique, qui peut parfois s'avérer complexe et onéreux. Les gouvernements créent un cadre réglementaire de plus en plus stricte afin de garantir la sécurité des données.

Venez-vous plonger au cœur de ces préoccupations, découvrir des solutions et technologies qui pourront répondre à vos besoins de sécurité !

Date

Cet évènement se déroule dans le cadre de la CyberSec Conference.

Il est planifié le mercredi 4 novembre 2015, 17h00 – 19h00.

Interventions

Différentes interventions sont prévues.

Au programme, les interventions suivantes sont planifiées :

  • keynote de Me Michel Jaccard, id est avocats,
  • témoignage de la société SICPA : Doron Tenne, Group Security Office & Cyber Affairs Director,
  • témoignage de la société Navixia : Patrick Zwahlen, co-fondateur
  • témoignage de la société Pryv : Pierre-Mikael Legris, fondateur et CTO,
  • témoignage de la société Revapost : Bruno Enten, CEO,
  • ainsi que d’autres intervenants.

L'évènement ainsi que la table ronde seront animés par M. Loïs Siggen Lopez (RTS).

Partenaires

Cet évènement est organisé par les différents partenaires ci-dessous.

Inscription

Entrée libre, mais inscription spécifique obligatoire (inscription ici, gratuite).

N'hésitez pas à vous joindre à nous pour la soirée au château (inscription ici, CHF 60.-).

Ethical hacking


Hacking like in the movies : Insomni'hack 2015 CTF writeups

insomnihack-500px.jpg

The two talks will present this year's Insomni'hack Capture The Flag event and walk the audience through some of the challenge solutions, general tools and techniques. We will reminisce about our successes and failures during the preparation as well as while running the event.


Language: French

Adrien Stoffel & Michael Zanetta (SCRT)

Adrien Stoffel & Michael Zanetta
(SCRT)

Adrien and Michael are security engineers at SCRT, working on penetration tests, forensics and malware analysis.

As part of their job, they are also organizers of the Insomni'hack CTF held in Geneva every year.

During their spare time, they enjoy playing Capture The Flag challenges and participate in a number of events with the 0daysober team.


Y-NOT-CTF

CTF?

In the domain of information security, Capture The Flag (CTF) is a game-like competition where participants are required to attack and defend computer systems in a controlled environment and in a legal way. Various problem solving tasks require from players knowledge in reverse engineering, web application analysis, cryptanalysis, forensics and exploit development among others.

There are mainly two types of CTF competitions:

  • In *Jeopardy-style* competitions participants are given a number of tasks or problems in various categories and points are awarded for problem solving with respect to the task difficulty. The ranking is established according to points obtained by the teams or individual players.
  • In an *Attack-defense* competition participants are provided with vulnerable environments which they need first to analyse and patch. Afterwards teams environments are interconnected and every team would try to exploit each other services and gain points. The team who gets compromised looses points. 

Many CTF competitions are organised regularly online and locally. It is a good educational experience and a perfect way to learn and practice your skills in different security areas in real-world scenarios. 

Contest details

Faithful to last year edition and to other major information security events, we would like to offer our participants a mini-CTF event on Wednesday Nov 4, 2015 from 4:30 pm till 6:30 pm. This is a Jepoardy-style CTF meaning that participants will be required to solve challenges in different categories (binary analysis, exploitation, forensics, web). 

Participation:

  • The participation to the Y-NOT-CTF is open to everyone, conference participants and externals alike. 
  • The participation is free.

Registration:

  • Number of participants is limited to 60.
  • Each participant should register himself by subscribing a free ticket.
    See the page Registration.

Team compositions:

  • You can participate individually or by team
  • The final registration of yourself/your team is done at the beginning of the CTF. We do not need to know the composition of the teams before the CTF.

Further details:

  • You can only participate locally from CYBSEC15 network. 
  • No network scan. Stick to challenge IPs.
  • No attacks on other players. 
  • No voluntary Denial-Of-Service of CTF infrastructure.

Prizes:

  • The 3 top teams/players will be awarded some cool prizes. 

Why?

Why not? 

Organizing partners 

Rump session

Schedule

The rump session will take place on Thursday, November 5th, between 5:30 and 7:00 pm.

Spirit

Each participant may introduce a topic related to the field of security. It may be a work in progress, a paper that will be published, an event announcement, an anecdote related to the security, or a even subject that have not been accepted into CSA.

Please, no business talk and you should try to be funny ;-)

Every rump should be between 3 and 15 minutes (overtaking is possible but dangerous). 

Submission

If you want to present a topic, send a proposition by email to rump[at]cybersecurityalliance[dot]ch.

Your document must contain the following information :

  • Speaker name
  • Talk title
  • Short description
  • Expected duration: 3, 5, 8, 10, or 15 minutes
    (Submission may be accepted with a shorter duration as expected)

Submissions will be accepted until Wednesday, November 4th at 10 pm.

Program

The final program will be announced Thursday, November 5th at 12 pm.

Evening events

Castle evening - Wednesday (Nov 4th, 2015)

We will share a "fondue Bourguignonne" (meat) in a castle, château de Grandson.

We will meet here at 20h00.

Source : Château de Grandson

Source : Château de Grandson

Source : Château de Grandson

Source : Château de Grandson

Travel:

Each participant may drive from Y-Parc to the castle with their own car.

A bus will be organized from Y-Parc to the castle. Bus departure is planned at 19:40 in front of the conference building (rue Galilée 2).

Website:

Château de Grandson 

 

Location: 

Château de Grandson
Place du Château
CH-1422 Grandson

 

Yverdon evening - Thursday (Nov 5th, 2015)

Source : Café de la Promenade

Source : Café de la Promenade

We will share a "fondue au fromage" (cheese) at the "café de la Promenade".

We will meet here at 19h30.

Travel:

Each participant may drive from Y-Parc to the restaurant with their own car.

A bus will be organized from Y-Parc to La Prairie. Bus departure is planned at 19:15 in front of the conference building (rue Galilée 2).

Website:

Café de la Promenade

 

Location:

Le café de la promenade
Rue des jordils 23
1400 Yverdon-les-bains

Registration

For each evening event, the registration is mandatory and should be done by a ticket.

Register here.

Registration

Please register to any sub-part of the CyberSec Conference 2015 (trainings, conferences, Y-NOT-CTF, evening events, etc.) by purchasing one or several tickets below.

Hotels

We recommend the following hotels:

The committee, staff and speakers will be in the Grand Hotel des Bains.

Organization committee

Sylvain Pasini (HEIG-VD) Co-Organizer Event Manager Program Manager Logisitics Manager Staff coordinator @sylvainpasini


Sylvain Pasini
(HEIG-VD)

Co-Organizer
Event Manager
Program Manager
Logisitics Manager
Staff coordinator

@sylvainpasini

Sandy Wetzel  (Y-Parc SA) Co-Organizer Business event Organizer  


Sandy Wetzel 
(Y-Parc SA)

Co-Organizer
Business event Organizer
 

Arnaud Velten (Independent bloger) Community Manager   @bizcom


Arnaud Velten
(Independent bloger)

Community Manager



 

@bizcom

Organizers

 
Thomas Baudelet (iwaxx sàrl) IT Computer Network Organizer  

Thomas Baudelet
(iwaxx sàrl)

IT Computer Network Organizer
 

Maude Schneider (Y-Parc SA) Catering Organizer Evenings Organizer

Maude Schneider
(Y-Parc SA)

Catering Organizer
Evenings Organizer

Fabrice Caralinda (HEIG-VD) Y-NOT-CTF Organizer Ticketing Manager

Fabrice Caralinda
(HEIG-VD)

Y-NOT-CTF Organizer
Ticketing Manager

Johan Wehrli  (HEIG-VD) Rump session Organizer

Johan Wehrli 
(HEIG-VD)

Rump session Organizer

 

Staff

Gaël Jobin (HEIG-VD)
Saman Handschin (HEIG-VD)
Sébastien Henrioud (HEIG-VD)
Alexandre Karlov (HEIG-VD)
Daniel Ferreira Lopes (HEIG-VD)
Yohan Martini (HEIG-VD)
Calixte Melly
Simone Righitto (HEIG-VD)
Julien Rinaldini (HEIG-VD)

Venue

This edition will be held at Y-PARC - Swiss Technopole, Yverdon-les-Bains, Switzerland.

The complete address is:

Y-PARC
Rue Galilée 13 & 15
1400 Yverdon-les-Bains

More information on the venue here: Plan.

 

Contact

info@cybersecurityalliance.ch