Insomni'hack is a security conference organized by SCRT and held in Geneva, Switzerland. This year was the 8th edition.^th edition which took place on March 19 and 20, 2015.

March 19th was reserved for workshops:

1. Linux exploitation, via SCRT
2. Forensic analysis of Windows systems with free tools, by SCRT
3. Understanding malware, reverse engineering 101 applied to malicious code, by Julien Bachmann
4. Hacking web applications, by Alain Mowat

While March 20th was reserved for conferences and the CTF.

This year Intrinsec was represented by Guillaume Lopes and Luc Roudé, who attended the conferences.

Here is a summary of the conferences we attended.

Keynote: CYCO – Fighting cybercrime in Switzerland by Tobias Bulliger and Gilles Zürcher

Presentation slides: https://insomnihackdotme.files.wordpress.com/2015/03/20150320-insomnihackv2.pptx

The purpose of this presentation was to present the work of the Swiss SCOCI (National Coordination Service for Combating Cybercrime), also known as CYCO in English (Cybercrime Coordination Unit) and KOBIK in German.

As its name suggests, this service aims to combat cybercrime on the Internet, and more specifically in the following areas:

• Child pornography
• The fraud
• Harassment

"Traditional" crimes using information and communication technologies are also taken into account. However, it does not deal with cyberwarfare, cybersecurity, or cyberintelligence.

SCOCI was founded in 2003 and originated from an ICT working group. In 2009, SCOCI separated from its intelligence section to become a police branch. It operates at both the national and cantonal levels.

Several SCOCI projects were presented to identify and contain the spread of child pornography:

• National Collection of Files and Hash Values (CNFVH)The idea is to create a database of child pornography images and videos and to assign a unique digital fingerprint to each piece of media. The goal is to reduce the workload of investigations, as well as the psychological burden on investigators when viewing this type of file.
• DNS Blacklist Voluntary blocking of pages containing child pornography hosted abroad. The aim is to block and remove illegal content.
• P2PSCan : Monitoring of several P2P protocols and searching for Swiss users sharing child pornography content.
• Undercover investigations SCOCI investigators pose as children, pedophiles, or cyber police officers to identify pedophiles. Real examples of conversations were presented.

 

An overview of all security programs run by Google for bringing more security to the Interwebs by Nicolas Ruff

Presentation slides: https://insomnihackdotme.files.wordpress.com/2015/03/nicolas-ruff.pdf

As its title indicates, this presentation aimed to showcase the actions implemented by Google to ensure the security of their products, and more generally to protect users.

First of all, Nicolas Ruff started by telling us straight away that passwords were obsolete! It is important and necessary to generalize strong authentication solutions, a process initiated, for example, by the FIDO Alliance. Access to a sensitive service cannot rely solely on knowing a password. For Windows users, it should be noted that Windows 10 will support FIDO standards.

Next, it is important to encrypt all communications (EFF's HTTPS Everywhere projectHowever, it is necessary to follow certain best practices to ensure the confidentiality and integrity of the data:

• Use secure implementations; for example, BoringSSL
• Disable the use of insecure algorithms (MD5, SHA-1, etc.)
• Use security options such as Perfect Forward Secrecy (PFS) or the HTTP Strict Transport Security (HSTS)
• Implement the Certificate Pinning
• Auditing certificates with Certificate Transparency, currently under development
  • https://github.com/google/certificate-transparency

It is also important to use quality products and to identify security flaws in the products. As an example, Nicolas talked about the "« Google Project Zero »", of Google's Web Vulnerability Scanner, as well as the "« Vulnerability Reward Program » implemented by Google to identify vulnerabilities in their products or to reward the implementation of security features in Open Source products.

Of course, it is not possible to fix all the security flaws in a product, hence the importance of hardening the configuration of equipment and applications (sandboxing, Linux kernel features, compilation options, etc).

Despite all these good practices, a compromise is still possible, so it is necessary to have an incident response process in place.

In conclusion, security is a process and not a product (Bruce Schneier).

Mimikatz, from sekurlsa to Active Directory compromise by Benjamin Delpy and Sylvain Monné

Benjamin's presentation was similar to the one he gave at CoRIIN. We invite you to refer to the Intrinsec report of Corin.

A demonstration concerning the MS14-068 vulnerability by Sylvain Monné was also carried out.

Automotive Security by Chris Valasek

The purpose of this presentation was to present a research project on vulnerabilities in modern cars: the results, the difficulties encountered and the possibilities of reducing the cost of this type of work.

Before getting to the heart of the matter, Chris reminded everyone of the prerequisites for getting started:

• Having a basic understanding of electronics
• Studying the CAN architecture: this is the bus system implemented to allow the various components of a car to communicate.
• Knowing how to read network diagrams
• Don't be afraid to disassemble a car
• And… patience!

First, the primary obstacle to this type of research is the cost. For their project, Chris Valasek and Charlie Miller began by purchasing two cars, for a total cost of $ 50,000. In their case, the funding was provided by the DARPA.

In order to minimize the cost of the research, they had the idea of buying only the electronic components (ECU: Electronic Communication Unit) which they needed.

The advantage of buying the parts separately is of course the price, but also the ability to test the elements individually.

However, it appears that some elements require information collected by other equipment or probes. To solve this problem, they decided to create: THE CART!

For the moment, it is only a prototype that looks like a go-kart containing all the interesting elements to test and allowing the behavior of a car to be reproduced.

In conclusion, it is possible to conduct research without owning a car! And Chris hopes this will inspire others to participate in improving car safety.

Pwning (sometimes) with style – Dragons' notes on CTFs by Gynvael Coldwind and Mateusz ’j00ru“ Jurczyk

Presentation slides: http://j00ru.vexillium.org/blog/24_03_15/dragons_ctf.pdf

This presentation was an opportunity for the Dragon Sector team to share their experiences on the various challenges CTF (Capture The Flag) in which they participated. As a reminder, Dragon Sector is a team of CTF composed of about ten people. They were first on the site in 2014 CTFTime.org, which lists the results of the different CTF produced around the world. As an aside, Dragon Sector won the CTF of Insomni'hack in 2014 and… 2015.

We strongly encourage you to read the slides, which are difficult to summarize 🙂

Setting-up a cool Infosec Lab at home, tips and tricks,
for your eyes only! by Bruno Kerouanton

For the last conference of the day, we attended Bruno Kerouanton's presentation, who had treated us to a very fine presentation the previous year on the Alternate Reality Game, particularly those featured in the series "« The IT Crowd »(you can reread our report from last year at OSSIR).

This presentation was an opportunity for Bruno to show us his small computer lab set up at home. In addition to photos of his server rack, which he built himself and which his wife decorated, he also showed us some of the tools he used on his computer.

This conference was also an opportunity to win some goodies (mainly t-shirts) to the participants.

Here is a list of some tools used by Bruno:

• True Launch Bar: a utility that replaces the Windows taskbar.
• Web proxies: Fiddler / ZAP Proxy / Burp Suite
• Scrapbook: This is a Firefox extension that allows you to easily save and manage web pages
• Sandboxie: a tool for running a program in a sandbox
• Virtualization: VMWare and VirtualBox
• MalwareBuster
• Process Hacker: a tool for listing running processes
• X-Ways Forensics
• Cryptool
• Outpost Security: Software Firewall
• USBtrace / USBShare Client & Server
• Reflector / EasyPythonDecompiler / AndroChef Java Decompiler / jd
• OllyDBG / IDAPro
• Cerbero Profiler / PEStudio

Challenge

The challenge started around 6:30 pm and ended at 4 am. There were 200 participants and each team could be made up of a maximum of 8 people.

As in previous years, the themes of the challenges were diverse and varied: Web, reverse engineering, exploitation, hardware, etc. A flag had to be found for each challenge.

Just like last year, Dragon Sector won the competition!

Here you will find solutions to the challenges presented:

https://github.com/ctfs/write-ups-2015/tree/master/insomni-hack-ctf-2015