{"id":228093,"date":"2017-12-11T14:14:07","date_gmt":"2017-12-11T13:14:07","guid":{"rendered":"http:\/\/securite.intrinsec.com\/?p=3595"},"modified":"2017-12-11T14:14:07","modified_gmt":"2017-12-11T13:14:07","slug":"botconf-2017-jour-1","status":"publish","type":"post","link":"https:\/\/www.intrinsec.com\/en\/botconf-2017-jour-1\/","title":{"rendered":"Botconf 2017 \u2013 Day One"},"content":{"rendered":"<h1>Introduction<\/h1>\n<p>The fifth edition of Botconf took place in Montpellier from December 6th to 8th. A look back at this defensively oriented event, which focused on malware analysis and the fight against cybercrime.<\/p>\n<p>Links to the reports for each day:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.intrinsec.com\/en\/2017\/12\/12\/botconf-2017-jour-2\/\">Botconf 2017 \u2013 Day Two<\/a><\/li>\n<li><a href=\"https:\/\/www.intrinsec.com\/en\/2017\/12\/13\/botconf-2017-jour-3\/\">Botconf 2017 \u2013 Day Three<\/a><\/li>\n<\/ul>\n<h1>Malware clustering at scale<\/h1>\n<p>S\u00e9bastien Larinier \u2022 <a href=\"https:\/\/twitter.com\/Sebdraven\">@Sebdraven<\/a><br \/>\nRobert Erra \u2022 LSE, EPITA<\/p>\n<p>The speakers presented a clustering and classification project addressing the challenge of handling a dataset containing hundreds of millions of malware samples. The idea was to leverage the <em>machine learning<\/em> to identify similarities between samples. The algorithms to be used for processing the dataset were chosen empirically, by observing the most satisfactory results.<\/p>\n<p>The processing is performed on the metadata of the files: classic and &quot;fuzzy&quot; cryptographic hashes (ssdeep), <em>import hashes<\/em>, executable headers, import tables, certificates, etc.<\/p>\n<p>By leveraging a moderately powerful laboratory infrastructure, the existing architecture can process the initial dataset in a few hours. From there, newly added samples will be analyzed almost instantly.<\/p>\n<h1>Get rich or die trying<\/h1>\n<p>Or Eshed \u2022 <a href=\"https:\/\/twitter.com\/EshedOr\">@EshedOr<\/a> \u2022 Checkpoint<br \/>\nMark Lechtik \u2022 <a href=\"https:\/\/twitter.com\/_marklech_\">@_marklech_<\/a> \u2022 Checkpoint<\/p>\n<p>While browsing a list of spam emails, the presenters&#039; interest was piqued by a subject line mentioning the company ARMACO (a petrochemical company), at a time when the news was rife with stories involving this company and Saudi Arabia. Given this particular context, the presenters suspected it might be a somewhat sophisticated attack.<\/p>\n<p>Upon beginning to analyze the infrastructure linked to this spam, analysts discovered that it was distributing relatively common RAT (Remote Access Trojan) malware: NetWire and ISR Stealer. They also identified the distribution of Hawkeye, a keylogger. Analysis of this malware allowed them to discover the credentials of an SMTP server to which the recorded data was sent.<\/p>\n<p>Access to the server allowed them to trace the attacker. It turned out that he was infected with his own malware; the analysts were then able to obtain numerous screenshots of the attacker&#039;s system and report the operation to the local authorities.<\/p>\n<p>Ultimately, the campaign was the work of a single individual, far from sophisticated\u2026 But it still allowed him to reach many victims.<\/p>\n<p><a href=\"https:\/\/www.botconf.eu\/wp-content\/uploads\/2017\/12\/2017-OrEshed-MarkLechtik-get_rich_or_die_trying.pdf\">Presentation support<\/a><\/p>\n<h1>Exploring a P2P transient botnet<\/h1>\n<p>Raimir Holanda \u2022 Morphus Lab<br \/>\nRenato Marinho \u2022 <a href=\"https:\/\/twitter.com\/renato_marinho\">@renato_marinho<\/a> \u2022 Morphus Lab<\/p>\n<p>The speakers&#039; initial research involved analyzing Mirai&#039;s behavior by installing a honeypot on a Raspberry Pi with default credentials. They quickly observed communications attempting to download and execute malware different from the expected type. Since communications to the C&amp;C servers were conducted over HTTPS and relied on a client certificate, they had to implement a system using a local proxy (in this case, Burp) to decrypt the traffic and alter the commands.<\/p>\n<p>This analysis allowed researchers to register machines in the botnet as C&amp;C, in order to analyze the scope of the infections.<\/p>\n<h1>RetDec: an open-source machine-code decompiler<\/h1>\n<p>Jakub K\u0159oustek \u2022 <a href=\"https:\/\/twitter.com\/JakubKroustek\">@JakubKroustek<\/a> \u2022 Avast<br \/>\nPeter Matula \u2022 Avast<\/p>\n<p>The speakers highlighted the benefits of automating decompilation in the context of daily malware analysis: obtaining easily understandable code without needing to be familiar with the machine instructions of the multitude of architectures currently in use (Intel, ARM, 32 and 64-bit platforms, etc.).<\/p>\n<p>Products already exist, such as Hex-Rays, Hopper, Snowman, and BinaryNinja. The speakers&#039; ambitious goal was to create a generic decompiler capable of handling both executables and raw code from various architectures. The task was far from trivial, requiring consideration of different architectures, binary formats, compiler processing, and the obfuscation and packing techniques frequently encountered in malware analysis.<\/p>\n<p>The project is now available online at the following address: <a href=\"https:\/\/retdec.com\">https:\/\/retdec.com<\/a>.<\/p>\n<p>The source code has been published on GitHub:\u00a0<a href=\"https:\/\/github.com\/avast-tl\/retdec\">https:\/\/github.com\/avast-tl\/retdec<\/a><\/p>\n<p><a href=\"https:\/\/retdec.com\/web\/files\/publications\/retdec-slides-botconf-2017.pdf\">Presentation support<\/a>.<\/p>\n<h1>BotLeg project<\/h1>\n<p>Karine e Silva \u2022 <a href=\"https:\/\/twitter.com\/kar1nekks\">@karunekks<\/a> \u2022 Tilburg University<\/p>\n<p>The speaker presents a research project concerning information sharing between private actors and law enforcement. The central question is: how can information acquired at the edge of legality be shared? It doesn&#039;t take much searching to find presentations or publications where security researchers &quot;gain access&quot; to systems controlled by cybercriminals. Strictly speaking, under the laws of some countries, this type of action is illegal and can raise legitimacy issues.<\/p>\n<p>The aim of the project will therefore be to consider a method of sharing and communicating information that guarantees fair treatment of the different parties.<\/p>\n<p>Furthermore, frameworks are emerging to protect researchers. For example, in Europe, Article 6.1.e of the GDPR states that the processing of personal data will be considered lawful if it is carried out in the context of a &quot;task carried out in the public interest&quot;.<\/p>\n<h1>Use your Enemies: tracking botnets with bots<\/h1>\n<p>Jaros\u0142aw Jedynak \u2022 <a href=\"https:\/\/twitter.com\/msmcode\">@msmcode<\/a> \u2022 CERT-PL<br \/>\nPawe\u0142 Srokosz \u2022 <a href=\"https:\/\/twitter.com\/_psrok1\">@_psrok1<\/a> \u2022 CERT PL<\/p>\n<p>The speakers have set up an infrastructure dedicated to botnet analysis. It incorporates an iterative process based on two fundamental steps: the first (called &quot;ripper&quot;) consists of extracting indicators of competence (IoCs), classifying malware, and defining relationships with other samples. The second (called &quot;mtracker&quot;) is a modular platform relying on dynamic analyses to identify characteristics specific to the botnet (webinjects, email spam, etc.).<\/p>\n<p>An interesting feature of &quot;mtracker&quot; is its integrated passive DNS infrastructure, allowing it to study the behavior of malware whose domains have been seized or are no longer active. The architecture also includes features to mitigate the potential overhead inherent in dynamic malware analysis.<\/p>\n<ul>\n<li>The output throughput is limited to reduce the potential for a DDoS bot; ;<\/li>\n<li>An emulation mechanism allows the use of certain commands (e.g., sending emails) to be recorded without actually executing them.<\/li>\n<\/ul>\n<h1>SOCKS as a Service, botnet discovery<\/h1>\n<p>Christopher Baker \u2022 Dyn<\/p>\n<p>The speaker presents the results of his team&#039;s research on black markets for web proxies, widely used by cybercriminals to circumvent blacklists, geoblocks and generally conceal their activities.<\/p>\n<p>By studying proxy sales platforms and their individual characteristics (geographic distribution, ASNs or IP address ranges used, etc.), they were able to classify and identify the platforms according to their usage. The speaker highlighted, for example, the sale of exit points located within mobile operators&#039; address ranges. In this case, vendors emphasize that these addresses are rarely blacklisted, given that operators have a limited number of addresses and use NAT to provide access to their customers.<\/p>\n<h1>Automation of IoT botnets takedown by an ISP<\/h1>\n<p>S\u00e9bastien M\u00e9riot \u2022 <a href=\"https:\/\/twitter.com\/smeriot\">@smeriot<\/a> \u2022 OVH<\/p>\n<p>The speaker explains that DDoS attacks are very frequent and a major concern for hosting providers and ISPs, given that each attack directly impacts the company&#039;s operations. He then discusses IoT botnets and HTTP flood attacks \u2013 which, while not particularly sophisticated, are very effective in undermining the overall security of connected devices.<\/p>\n<p>Companies like OVH are also in a privileged position to limit the damage caused by these threats. The speaker presents the steps implemented to quickly identify bots and C&amp;C attacks linked to their infrastructure:<\/p>\n<ul>\n<li>Open-source searches (e.g., via Shodan) provide results but are not exhaustive; ;<\/li>\n<li>An automated analysis of received samples, focused on the discovery of artifacts such as IP addresses or domain names.<\/li>\n<\/ul>\n<h1>The new era of Android banking botnets<\/h1>\n<p>Pedro Drimel Neto \u2022 InTELL, FoxIT<\/p>\n<p>The speaker presents the various Android malware observed over the past few years and compares them with more recent examples. Historically, families like Perkele, iBanking, and BankBot were poorly obfuscated, if at all. Their operation relied primarily on intercepting SMS messages to obtain and divert the use of tokens provided by banks for transaction validation.<\/p>\n<p>New malware is more sophisticated. It frequently employs anti-analysis techniques (obfuscation, activation only under specific conditions, etc.), and its functionality relies more on pop-ups displayed in front of legitimate applications, or on code injections directly into web pages displayed by a browser or application.<\/p>\n<h1>Hunting down Gooligan<\/h1>\n<p>Elie Bursztein \u2022 <a href=\"https:\/\/twitter.com\/elie\">@elie<\/a> \u2022 Google<br \/>\nOren Koriat \u2022 Check Point<\/p>\n<p>The speakers present feedback on the hunt for an Android malware that steals OAuth tokens.<\/p>\n<p>The initial infection systematically occurs through the installation of an infected APK. This is followed by the decoding of the payload, the downloading of an exploit to root the device, the implementation of persistence mechanisms (which even infect the factory reset script!), and finally the installation of the Gooligan malware itself.<\/p>\n<p>The malware injects itself into the Google Play application and uses the user&#039;s OAuth token to artificially inflate the popularity of specific applications by rating them and simulating their installation\u2026 It is these families of malware that bring malicious clones of popular applications like WhatsApp to the top of search results.<\/p>\n<p>Once the malware was fully analyzed, the botnet could be dismantled. The technical aspect of taking control of the command and control servers was one thing\u2026 But it was also necessary to manage the revocation and renewal of the compromised OAuth tokens, a complex step when the user base is spread across multiple continents and speaks a multitude of languages.<\/p>","protected":false},"excerpt":{"rendered":"<p>Introduction The fifth edition of Botconf was held in Montpellier, from the 6th to the 8th [\u2026]<\/p>","protected":false},"author":1,"featured_media":3599,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,19],"tags":[],"class_list":["post-228093","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cert","category-soc-securite-operationnelle"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.0 (Yoast SEO v27.8) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Botconf 2017 - premi\u00e8re journ\u00e9e - INTRINSEC<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intrinsec.com\/en\/botconf-2017-jour-1\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Botconf 2017 - premi\u00e8re journ\u00e9e\" \/>\n<meta property=\"og:description\" content=\"Introduction La cinqui\u00e8me \u00e9dition de la Botconf s&rsquo;est tenue \u00e0 Montpellier, du 6 au 8 [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intrinsec.com\/en\/botconf-2017-jour-1\/\" \/>\n<meta property=\"og:site_name\" content=\"INTRINSEC\" \/>\n<meta property=\"article:published_time\" content=\"2017-12-11T13:14:07+00:00\" \/>\n<meta name=\"author\" content=\"Intrinsec\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Intrinsec\" \/>\n<meta name=\"twitter:site\" content=\"@Intrinsec\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Intrinsec\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/botconf-2017-jour-1\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/botconf-2017-jour-1\\\/\"},\"author\":{\"name\":\"Intrinsec\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/ade590fbc7ad6f413727bae7cd3fb799\"},\"headline\":\"Botconf 2017 &#8211; premi\u00e8re journ\u00e9e\",\"datePublished\":\"2017-12-11T13:14:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/botconf-2017-jour-1\\\/\"},\"wordCount\":1868,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/botconf-2017-jour-1\\\/#primaryimage\"},\"thumbnailUrl\":\"\",\"articleSection\":[\"CERT\",\"SOC S\u00e9curit\u00e9 Op\u00e9rationnelle\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.intrinsec.com\\\/botconf-2017-jour-1\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/botconf-2017-jour-1\\\/\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/botconf-2017-jour-1\\\/\",\"name\":\"Botconf 2017 - premi\u00e8re journ\u00e9e - INTRINSEC\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/botconf-2017-jour-1\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/botconf-2017-jour-1\\\/#primaryimage\"},\"thumbnailUrl\":\"\",\"datePublished\":\"2017-12-11T13:14:07+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/botconf-2017-jour-1\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.intrinsec.com\\\/botconf-2017-jour-1\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/botconf-2017-jour-1\\\/#primaryimage\",\"url\":\"\",\"contentUrl\":\"\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/botconf-2017-jour-1\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.intrinsec.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Botconf 2017 &#8211; premi\u00e8re journ\u00e9e\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/\",\"name\":\"INTRINSEC\",\"description\":\"Notre m\u00e9tier , Prot\u00e9ger le v\u00f4tre\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.intrinsec.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#organization\",\"name\":\"INTRINSEC\",\"alternateName\":\"ISEC\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/libellule.png\",\"contentUrl\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/libellule.png\",\"width\":1322,\"height\":1322,\"caption\":\"INTRINSEC\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/Intrinsec\",\"https:\\\/\\\/fr.linkedin.com\\\/company\\\/intrinsec\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UC0trUZAHNZOUbxYnNdecM4A\"],\"description\":\"soci\u00e9t\u00e9 de consulting, pure player cybers\u00e9curit\u00e9 fran\u00e7ais et europ\u00e9en depuis plus de 30ans, sp\u00e9cialiste dans la s\u00e9curit\u00e9 offensive & audit (pentest\\\/red team), GRC, et services IMSS comme le SOC, CTI et CERT Intrinsec est qualifi\u00e9 PASSI Elev\u00e9, PRIS Elev\u00e9 et PACS par l'ANSSI\",\"email\":\"contact@intrinsec.com\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/ade590fbc7ad6f413727bae7cd3fb799\",\"name\":\"Intrinsec\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g\",\"caption\":\"Intrinsec\"},\"sameAs\":[\"https:\\\/\\\/www.intrinsec.com\"],\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/en\\\/author\\\/ufhtbqccsz\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Botconf 2017 - Day 1 - INTRINSEC","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intrinsec.com\/en\/botconf-2017-jour-1\/","og_locale":"en_US","og_type":"article","og_title":"Botconf 2017 - premi\u00e8re journ\u00e9e","og_description":"Introduction La cinqui\u00e8me \u00e9dition de la Botconf s&rsquo;est tenue \u00e0 Montpellier, du 6 au 8 [&hellip;]","og_url":"https:\/\/www.intrinsec.com\/en\/botconf-2017-jour-1\/","og_site_name":"INTRINSEC","article_published_time":"2017-12-11T13:14:07+00:00","author":"Intrinsec","twitter_card":"summary_large_image","twitter_creator":"@Intrinsec","twitter_site":"@Intrinsec","twitter_misc":{"Written by":"Intrinsec","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.intrinsec.com\/botconf-2017-jour-1\/#article","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/botconf-2017-jour-1\/"},"author":{"name":"Intrinsec","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/ade590fbc7ad6f413727bae7cd3fb799"},"headline":"Botconf 2017 &#8211; premi\u00e8re journ\u00e9e","datePublished":"2017-12-11T13:14:07+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intrinsec.com\/botconf-2017-jour-1\/"},"wordCount":1868,"commentCount":0,"publisher":{"@id":"https:\/\/www.intrinsec.com\/#organization"},"image":{"@id":"https:\/\/www.intrinsec.com\/botconf-2017-jour-1\/#primaryimage"},"thumbnailUrl":"","articleSection":["CERT","SOC S\u00e9curit\u00e9 Op\u00e9rationnelle"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intrinsec.com\/botconf-2017-jour-1\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.intrinsec.com\/botconf-2017-jour-1\/","url":"https:\/\/www.intrinsec.com\/botconf-2017-jour-1\/","name":"Botconf 2017 - Day 1 - INTRINSEC","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intrinsec.com\/botconf-2017-jour-1\/#primaryimage"},"image":{"@id":"https:\/\/www.intrinsec.com\/botconf-2017-jour-1\/#primaryimage"},"thumbnailUrl":"","datePublished":"2017-12-11T13:14:07+00:00","breadcrumb":{"@id":"https:\/\/www.intrinsec.com\/botconf-2017-jour-1\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intrinsec.com\/botconf-2017-jour-1\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.intrinsec.com\/botconf-2017-jour-1\/#primaryimage","url":"","contentUrl":""},{"@type":"BreadcrumbList","@id":"https:\/\/www.intrinsec.com\/botconf-2017-jour-1\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.intrinsec.com\/"},{"@type":"ListItem","position":2,"name":"Botconf 2017 &#8211; premi\u00e8re journ\u00e9e"}]},{"@type":"WebSite","@id":"https:\/\/www.intrinsec.com\/#website","url":"https:\/\/www.intrinsec.com\/","name":"INTRINSEC","description":"Our job is to protect yours.","publisher":{"@id":"https:\/\/www.intrinsec.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intrinsec.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.intrinsec.com\/#organization","name":"INTRINSEC","alternateName":"ISEC","url":"https:\/\/www.intrinsec.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.intrinsec.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2025\/02\/libellule.png","contentUrl":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2025\/02\/libellule.png","width":1322,"height":1322,"caption":"INTRINSEC"},"image":{"@id":"https:\/\/www.intrinsec.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/Intrinsec","https:\/\/fr.linkedin.com\/company\/intrinsec","https:\/\/www.youtube.com\/channel\/UC0trUZAHNZOUbxYnNdecM4A"],"description":"Intrinsec, a consulting firm and pure-play French and European cybersecurity provider for over 30 years, specializes in offensive security and auditing (penetration testing\/red teams), GRC, and IMSS services such as SOC, CTI, and CERT. Intrinsec is qualified at PASSI High, PRIS High, and PACS levels by ANSSI.","email":"contact@intrinsec.com"},{"@type":"Person","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/ade590fbc7ad6f413727bae7cd3fb799","name":"Intrinsic","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g","caption":"Intrinsec"},"sameAs":["https:\/\/www.intrinsec.com"],"url":"https:\/\/www.intrinsec.com\/en\/author\/ufhtbqccsz\/"}]}},"_links":{"self":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/228093","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/comments?post=228093"}],"version-history":[{"count":0,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/228093\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/media?parent=228093"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/categories?post=228093"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/tags?post=228093"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}