Les premiers speakers ont été annncées, tout comme la liste des workshops de cette année. Les inscriptions sont donc maintenant ouvertes pour Insomni’hack 2014!
Continue reading Insomni’hack 2014Category: Insomni’hack
Analyse et détection de cyber-attaques: Import-Module IncidentDetection
Introduction
Le 16 octobre dernier nous avons eu l’opportunité de présenter sur le sujet de la détection d’incidents lors de l’Application Security Forum d’Yverdon. Ce sujet, bien que relativement bien connu est encore trop peu utilisé en entreprise où l’on voit principalement le déploiement de défenses périmètriques, d’antivirus ou encore d’IDS.
Continue reading Analyse et détection de cyber-attaques: Import-Module IncidentDetectionInsomni’hack 2013 – Armory level3
This challenge was the last level on the ARM platform. It was a crackme with a stripped binary including a basic anti-debugging trick. Sadly, only one team managed to complete this challenge before the end of Insomni’hack and another wasn’t far from what we discussed later.
Continue reading Insomni’hack 2013 – Armory level3Insomni’hack 2013 Armory level1 & level2
Level1 should be pretty straightforward. Looking at the assenbly, you can see that it prints the current working directory by using system(“pwd”) and then strcpy user controlled data to a fixed size buffer.
Continue reading Insomni’hack 2013 Armory level1 & level2Insomni’hack 2013 : Armory wargame
As arm CPU are getting more and more used, we decided to create an arm-based wargame consisting of 4 challenges.
The first one, described here, is a reverse engineering challenge that will give you the credentials to access the actual raspberry pi box.
Continue reading Insomni’hack 2013 : Armory wargameInsomni’hack 2013 : Money money money
Money Money Money
Even after "The Event", money is still the key to beat your opponents. Our scouts found an old banking server which should contain information about the accounts and the money they contain, but this old computer used to use perforated cards. Our engineers were able to create an interface to use it on modern technology, but they are not able to break the security system to get the data.Continue reading Insomni’hack 2013 : Money money money
Insomnihack 2013 – Central Directory
And here I was thinking everybody knew SQL injections and that this challenge wouldn’t last an hour. And yet only one team was able to complete it before the end of the contest. o_O
Continue reading Insomnihack 2013 – Central DirectoryInsomni’hack 2013 – recycle.exe
The main idea behind this challenge came after reading an article in Valhalla magazine about inline JScript for implementing cryptography in malwares targeting Windows.
Continue reading Insomni’hack 2013 – recycle.exeInsomni’hack 2013 : The game
A popular game amongst survivors is the Rock-Paper-Scissors-Lizard-Spock game. To gain their respect, we strongly encourage you to be the best at this game. This will strengthen your reputation and will attract new citizens.Continue reading Insomni’hack 2013 : The game
Insomnihack 2013 – Facebookalypse
This challenge was definitely one of the harder web missions and based on a redefined session handler mechanism that was initially discovered in a relatively well-know Firewall brand. It is also very similar to the example you can find on PHP’s own documentation here : http://php.net/manual/en/function.session-set-save-handler.php
Continue reading Insomnihack 2013 – Facebookalypse