SAMEDI 4 NOVEMBRE 2023
The Unlock Talks
Capitalizing on foreign digital interference campaigns. Viginum feedback

The Vigilance and Protection Service against Foreign Digital Interference (VIGINUM) has the mission of detecting and characterizing foreign digital interference operations and campaigns. These actions, which can employ different operational modes, are primarily characterized by malicious intent and result in inauthentic behaviors aimed at disseminating content with the purpose of compromising the fundamental interests of the Nation
The proliferation of these campaigns and their potential effects on our democratic functioning and society at large have led many organizations to develop analytical frameworks for describing the behavior of these actors and their campaign objectives. The first analysts who worked on information manipulation campaigns established the ABCDE model. While it remains relevant for recounting the campaign, it does not allow for standardized description. To address this gap, the Disarm framework was developed, drawing on the experience of CTI in general and Mitre Att&ck in particular. However, it is not sufficient when it comes to capturing the entirety of a campaign. To achieve this, it is possible to leverage advancements in the use of the Stix language. This presentation will, therefore, provide an overview of VIGINUM's experience in using CTI-derived tools to enhance information sharing, capitalization, and response in the context of countering foreign digital interference.
________
About the speaker:
Former librarian at the Documentation Center of the Military School, podcast producer (Signal on Noise and Les Fils de la Bagarre), Anaïs Meunier is currently an analyst within the expertise department of VIGINUM. Her research focuses on the connections between Cyber Threat Intelligence and countering information manipulation. In this capacity, she has contributed to the utilization of the Disarm framework through various articles and podcasts. She is also a founding member of the M82 network, a collective that shares resources, analyses, and facilitates discussions on cyber-related issues.
Discovering the Biscuit authentication Token

For as long as I can remember, the issue of securely exchanging information has fascinated me. I first discovered JWT and its many intricacies, and then I was introduced to Macarons, which have the ability to be modified after creation. Today, I would like to present to you, with some simple drawings, the functioning of another Token that aims to combine the strengths of the two previously mentioned. I call it ‘Biscuit!
About the speaker:
I'm a versatile developer from Brest who loves tinkering with things and then explaining them 🙂
{SMS}-[Send MassiVE Sms]
Via video conference

In the midst of the information warfare and an energy crisis, the talk will “lead us” to reflect on these major crises. Through a “Green Hacking” project emerging from the bearded cabin, we will implement a solar-powered system capable of conducting autonomous and anonymous phishing SMS campaigns. We will revisit the methods used in such campaigns and discuss how to protect oneself against them. The presentation will provide a detailed explanation of how to build a device capable of launching SMS volleys on demand.
________
About the speaker:
Geek - passionately ethical - hacker from the Wild West!
In two minutes, a hacker can give you a (digital) makeover
Via video conference

Every day, you unwittingly leave traces on the internet. During this presentation, Baptiste Robert will show you how a malicious individual can, with very little information (name, first name, pseudonym, etc.), come to know almost everything about your life.
About the speaker:
Baptiste Robert is a French cybersecurity researcher and hacker who operates under the pseudonym fs0c131y.
B2B compromise: BOX 2 BACKBONE

The telecommunication networks of internet service providers play a crucial role in our work, lifestyle, and entertainment today. It goes without saying that they are tested and withstand small-scale cyberattacks. Really? In this talk, we will present how we managed to compromise an internet service provider’s network during an engagement. We will also delve into hardware with a quick reverse engineering of an internet box. A little bonus at the end: we went slightly beyond the scope.
Automatic classification and identification of packers based on morphological signatures

Packers are widely used tools to evade the detection and static analysis of malware. It is crucial to detect and identify these packers in order to apply specific extraction procedures while remaining less resource-intensive than dynamic analysis.
To characterize these packers, numerous works exist, established on signatures like YARA or the retrieval of specific characteristics such as section entropy.
Today, we present a new method for building knowledge bases and identifying packers based on an analysis of similarities, using transformed Control Flow Graph (CFG) signatures
________
About the speaker:
Ludovic Robin is the Head of Research and Development at Cyber-Detect and holds a Ph.D. in computer security.
using rust to imprOve your embeDded development

Rust is a very hype programming language that provides good practices to reduce potential attacks opportunities, nevertheless it is far from being perfect. This talk proposes a summary of our lessons learnt while moving some of our embedded code from C/C++ to Rust. It highlights some of difficulties Rust as a language introduces when dealing with low level and hardware components. It also exposes some of the options we implemented to reduce SBOM dependencies and address CVE tracking and CI infrastructure.
About the speaker:
Fulup holds a Master in Computer Science from the Military French School ESAT. His career starts with ten years of research on embedded operating system before joining the Industry; took the technical direction of Wind-River before moving to Sun-Microsystems. Fulup is the founder of IoT.bzh, a software company located in south Brittany that provides Linux long term support for the automotive but also for other mission critical embedded system as maritime, energy, aeronautic.
Cyberattack at Brest University Hospital: hit but not sunK

8 months ago, Brest University Hospital was alerted to a critical security event on its information system. A few hours later, the hospital would be cut off from the internet, and crisis management would begin with one hope: that the attackers had not compromised the entire information system.
During this presentation, we will address the technical aspects of incident management, including the balance between forensics and remediation. We will also explore the perspective of a Chief Information Security Officer (CISO) who must balance the risks of an over-crisis with the need to resume healthcare activities. Finally, we will delve into the human aspects of a digital crisis.
About the speaker:
Jean-Sylvain Chavanne began his career at the National Cybersecurity Agency of France (ANSSI) for over 6 years before returning to his beloved region of Brest. For the past 3 years, he has been the head of information system security for Brest University Hospital and six other hospitals in northern Finistère (with 11,000 employees), spanning from Lanmeur to Crozon.
prompt inJections : impacts sécuritaires sur cas réel

The limitations of GPT-X models have been quickly bypassed by the community through ‘prompt injection’ attacks. However, to date, these attacks have centered around the conversational aspect and the generation of content that goes beyond ethical and moral guidelines.
We present a real-world exploitation case encountered in a Bug Bounty to demonstrate a security impact. We will also study the fine-tuning of injection and the use of third-party plugins. We will conclude the talk by discussing 'danger zones' (false positives, hallucinations, etc.) and areas for future improvement.
________
About the speaker:
Victor Poucheret, ethical hacker, and Technical Director of BZHunt.
The BZHunt team continues to uphold the banner of Ethical Hacking under the colors of Brittany and France on the international stage. Among some notable achievements:
- Victory at the Bug Bounty World Championships 2022 (AWC World Cup 2022)
- Best Team - HackerOne Epic Games - Orlando - 2023
- Best Team - HackerOne Amazon WS - Las Vegas - 2022
- Victories at YesWeHack live events - FIC 2021, 2022, 2023 (Decathlon, Doctolib, JO 2024)...
Our motto is #SharingIsCaring, and that's why we continue to participate in technical conferences to contribute, in our own way, to the community from which we have learned.
Hack The Planet
Beyond modus operandi: apt's criminal signature

Serious and organized cybercrime entities, as well as APT groups, are highly competent ecosystems that adapt to their objectives and their targets’ dispositions. What we do to counter them is to force-feed our SIEMs and EDRs with IoCs or create heuristics from stereotypical TTP playbooks formatted with a linear Cyber Kill Chain. Reflecting on the “Pyramid of Pain,” where the TTP is paramount, a Tactical Threat Intelligence Analyst and a Red Teamer are taking a step back. When you set up or join an offensive operation, you bring your knowledge, your preferences, and your comfort zone, which at a point are absorbed into the offensive organization’s heritage, be it technical, cultural, or organizational.
You are forced to adapt when defenders block your preferred tools or the target displays peculiarities. You know you can't adapt as freely as you want, especially with the adrenaline rush and the cognitive overload provoked by the action. You will script your workaround in your preferred language and resort to the next 'closest' tricks.
Even before the battle, you acknowledge that the sum of your group's best capacities may not fulfill the full requirements of the mission. So, you will complement them with the 'closest' compatible techniques or tools.
We are seeking this 'closeness' that may relate adversary behavior across the linear kill chain, and we have to find them in technical traces, as every action, thought, strategy, and fallback in cyberspace are encoded into zeros and ones.
In our quest to reverse-engineer cyber operations, we encountered a literature gap where academic researchers were using data-driven methods on IoCs to feed various AIs, and practitioners were unaware of what comes behind the modus operandi, aside from cyber-attack attributions.
Thus, we collected over 17,000 cyber-attack reports and articles from cybersecurity vendors, spanning from 2008 to 2021. We extracted the involved groups and identified segments of texts referring to offensive techniques, normalizing them using MITRE ATT&CK v6.2.
We then applied an association algorithm (Apriori) to create pertinent pairs of techniques repetitively used together. The analyst was clueless about the interpretation of the technique pairs, but the Red Teamer was stunned.
Without knowing the pedigree or the potential attribution of the group behind a set of pairs, the Red Teamer was able to qualitatively explain each pair of techniques. He was even capable of formulating hypotheses about the type of mission of the groups, their risk tolerance, or their type of organization.
Our data-driven approach has successfully identified unique 'digital signatures' that cybercriminals leave behind, transitioning the discourse from hypothesis and informal models to a landscape grounded in tangible, statistical empirical evidence.
This paves the way for a more nuanced approach to cyber threat profiling, where the focus shifts from the technicalities to a deeper understanding of the criminal organizational and psychological mindset. This understanding may lead to better predictions and counteractions against cyber operations, thereby fostering more robust and effective cyber defense strategies.
________
About the speaker :
- With a passion for Cyber Threat Intelligence, I developed a taste for APT modus operandi analysis and cyber group organizational theory. In addition, I'm also curious about criminology and cognitive science, which offers a unique perspective and helps me to enrich my analysis and tools.
- After a decade in the cybersecurity industry, I start an entrepreneur journey that leads me to co-found XRATOR, a cybersecurity product-led company which mission is to empowers companies to thrive in hostile environment with a human-in-the-loop cognitive assistant.
- I'm also lecturing and manage curriculum at several French schools, such as the University of South Brittany, ESSEC Business School and the University of Technology of Troyes.