SATURDAY, NOVEMBER 9, 2024

The Unlock Talks

How to break into organizations with style: hacking access control systems

Julia ZDUŃCZYK

English

10:00 AM – 10:45 AM

Have you ever wondered how Red Teamers manage to get access to high-security areas in buildings? This talk is your chance to learn about the tools, tactics, and techniques we use to break access control systems.
The presentation is based on the experience and examples collected during the Red Team assessments and gathers in one place the knowledge needed to gain access to places protected by access cards.

When my network appliance cheats on me

Félix AIMÉ

French

10:45 AM – 11:15 AM

Network appliances (edge devices such as routers, NAS, mail gateways, VPNs, etc.) have become the new eldorado for cybercriminal groups and state actors. These devices not only serve as entry points or persistence mechanisms in certain information systems but also support operations by enabling the setup of low-cost anonymization infrastructures.

Insecure time-based secret in web applications and Sandwich Attack exploitation

Tom CHAMBARETAUD

French

11:15 AM – 12:00 PM

Following discoveries during bug bounties, I have focused my research on poor practices related to time-based secrets in web applications. This presentation aims to provide an overview of these poor practices and show how to detect and exploit them.

Through the creation of an open-source tool [Reset Tolkien], a demo with practical cases, similar to those found in discovered bugs, will be presented.

The ORC that hides the forest

Wandrille KRAFFT

French

01:45 PM – 02:15 PM

CSIRT LEXFO has developed a tool for processing traces collected with DFIR-ORC, a “live” trace collection method released by ANSSI. The tool from CSIRT LEXFO, which will soon be available as open-source, aims to extract archives collected by ORC and organize the collected files according to the same directory structure as the source system. The extracted collections are more easily exploitable and can be processed by tools such as Plaso. After an introduction to trace collection in the context of a DFIR service, the presentation outlines the project’s origins using a use case.

Construction of attack paths by graph generation in a Kubernetes cluster

Warren POSTDAM

French

02:15 PM – 03:00 PM

Kubernetes is a cloud-native system that enables container orchestration based on a wide range of components, some of which are referenced in the CNCF. In the telecommunications sector, clusters run a very large number of pods with different privilege levels. It is therefore complex for an auditor to quickly identify the most dangerous attack paths within a beneficiary’s cluster, as audits are time-limited. Inspired by BloodHound, OSAKA is a tool that allows for the construction and analysis of attack paths by generating graphs from a Neo4j database.

ACECrypter: anatomy of a packer

Pierre LE BOURHIS

French

03:00 PM – 03:30 PM

The presence of packers, also known as “crypters,” is undeniable in today’s cybercrime landscape. This presentation will focus on the analysis of packers within the context of threat intelligence, using the “as-a-service” crypter named ACECrypter as a running example.

Having been around since at least 2016, ACECrypter has facilitated the distribution of numerous other malware families, such as stealers (Redline, Raccoon), ransomware (Stop, DejaVue), RATs (Remote Access Trojans) and loaders (SmokeLoader, Amadey). To understand how this service has managed to persist, we will conduct a technical analysis of the packer. This analysis will present the various stages that compose it and help the audience better understand the different elements of a packer. It is also essential to identify its capabilities and functionalities to improve its detection and automate its processing in future investigations.

Lurking in the Directory: Stealthy LDAP recon for Red Teams

Paul SALADIN
Vincent GOURVENNEC

French

04:00 PM – 04:45 PM

When gaining access to an internal network, Active Directory domain reconnaissance is one of the most common action performed by attackers. It enables the acquisition of a large amount of information in a short space of time on the breached infrastructure.
Recent security solutions include various detection mechanisms for those actions, making the use of well-known tools such as SharpHound detecteable rather quickly.
During our Red Teaming engagements, we have to deal with such solutions and we therefore had to find news ways to fly under the radar to perform LDAP reconnaissance.
Several LDAP reconnaissance and detection methods within an Active Directory will be presented throughout this talk.

Reality check: Vulnerability management under the Cyber Resilience Act

Rayna STAMBOLIYSKA

French

04:45 PM – 05:15 PM

The Cyber Resilience Act (CRA), or CRA for short, is about to become EU law. It’s a big deal: the CRA aims to stop products with known security holes from being sold in Europe. But how can we make sure that happens? What does the CRA actually say, and who will it affect? This talk will dive deep into the technical side of the CRA, especially when it comes to cloud computing.

Get ready for the Cyber Resilience Act (CRA)! This new EU law is going to change the game for digital products. The CRA wants to make sure that products sold in Europe are safe. But how can we make that happen? What does the CRA mean for businesses and consumers? In this presentation, we’ll explore the technical challenges and opportunities of the CRA, focusing on cloud environments.