Workshops

There will be one session of workshops at GreHack. All workshops will be scheduled at the same time: you can only attend to one.

• System introspection for Web Offensive Research with Sysdig - by Laluka
• Binary Reverse-Engineering and Batch Binary-Diffing - by Robin David & Riccardo Mori
• Scapy hands-on - by Guillaume Valadon
• Analyze, befriend and exploit : Construct targeted social engineering attacks - by Volker
• Roast that host! - Application of current laptop hardware attack - by Olivier Combet & Reda Benmoulay - Thales Cyber Solutions
• CodeQL tailoring: One size does not always fit all - by Tony Torralba

For those unable to attend a workshop, Edmond Kern will give a presentation on the Enigma coding machine at the same time.

Workshop descriptions

System introspection for Web Offensive Research with Sysdig - by Laluka

Learn to use the Sysdig tooling to efficiently find web vulnerabilities and zero-days!

This workshop is an extra-lite version of the trainings I give at offenskill.com, expect low-level tooling allowing an easy high-level application audit and high-fidelity detection of common exploit primitives!

Step-up your introspection game and come break things with me!

Requirements: GreHack_-_WorkShop_Introspection.pdf

Binary Reverse-Engineering and Batch Binary-Diffing - by Robin David & Riccardo Mori

Ever wondered how to start with hardware hacking ? This workshop will present you some simple techniques you'll need to get you started. Of course, the best way to learn is by doing so we prepared a target device for you to fiddle with during the workshop.

When analyzing a system, reverse engineering a program at binary-level is often needed to understand its behavior. A common use-case is malware analysis, or security assessement in order to uncover vulnerabilities. Reverse-engineering usually requires working on the disassembled program to perform manual or automated analysis. Furthermore, we are usually led to analyze a whole bunch of programs and to compare them with binary diffing. The later is essential for comparing variants of a same program or malware. It is also useful to inspect updates published by vendors for the sake of understanding a patch.

This workshop introduces a variety of python programs and libraries that we developed to automate the analysis of disassembled programs, to automate the diffing with Bindiff and to automate the analysis of the differences between the two programs! We will show how to do full firmware diffing.

Requirements: Download and setup the following virtual machine: https://files.quarkslab.com/49cd289f-6dd1-405c-9c19-4d6aff6dccbc/quarkslab-binary-diffing.ova

Riccardo Mori

Riccardo Mori is a security researcher working at Quarkslab in the automated analysis team, his main research topics include binary diffing and binary exporters. He is an active developer of both internal and open-source tools developed in the company.

Scapy hands-on - by Guillaume Valadon @guedou

Scapy (http://www.secdev.org/projects/scapy & https://github.com/secdev/scapy) is a powerful Python-based interactive packet manipulation program and library. It can be used to forge or decode packets for a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more.

This workshop will describe its main features step by step, and will let you explore the following topics:

• packets manipulation
• sending & receiving packets
• visualization
• IPv6 and TLS support
• implementing a new protocol
• answering machines
• automaton
• pipes

A root access to Linux (either native or virtualized) and a fresh Scapy install from github.

Analyze, befriend and exploit : Construct targeted social engineering attacks - by Volker

Nowadays, more than 90% of successful cybersecurity attacks rely at least on one social engineering aspect. Many people know the principles of a phishing attack and some even know about vishing, but have you ever considered spear-phishing attacks ? Or even that your new friend may not be that well intentioned ? In this workshop you will learn about targeted social engineering attacks :

• How to analyze a promising target with the help of OSINT techniques
• Create your persona, pretext and interactions in advance
• Exploit your target for maximum elicitation using human interaction principles and rapport building techniques

We will work on fictive personas as targets and will try to establish a full kill chain for each case.

Requirements:

• A computer or a phone to access the Internet
• A note-taking support
• Sock puppets for major social networks (Optional)

Roast that host! - Application of current laptop hardware attack - by Olivier Combet & Reda Benmoulay - Thales Cyber Solutions

This is encrypted right? In this workshop, we will cover different ways to bypass laptop encryption with current applicable hardware attacks - not because they are easy, but because they are hard...!

Menu :

• DMA attacks (OS authentication bypass & encryption bypass)
• SPI sniffing (case: Bitlocker TPM key retrieve)
• Intel DCI debug (UEFI firmware extraction, reverse and modification of Windows booloader, and Bitlocker key interception)

Allergens :

• Contains electronics
• Reverse stuff
• Murphy'law sensitive hardware setups

Requirements:

• A computer with at least 8GB of RAM
• Download PCILeech (https://github.com/ufrisk/pcileech)
• Download Logic2 (https://www.saleae.com/fr/downloads)
• Basic knowledge of TPM and how Bitlocker works (https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/countermeasures)

CodeQL tailoring: One size does not always fit all - by Tony Torralba

CodeQL is GitHub's expressive language and engine for code analysis, which allows you to explore source code to find security vulnerabilities. CodeQL queries are usually integrated into CI/CD pipelines to automatically detect such issues. However, CodeQL can also serve as an interactive Swiss army knife to support more general code auditing workflows. Since CodeQL makes a program’s AST and dataflow graph queryable, it has the ability to effectively answer many of the general questions that commonly arise when auditing code, such as “what is the attack surface of the application?” or “which APIs are reached by user-controlled input?”.

In this workshop, we will learn the basics of CodeQL and how to extend it for your particular needs.

Bring your own laptop with the following:

• VSCode installed (https://code.visualstudio.com/)
• VSCode CodeQL extension installed (https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/)
• CodeQL binaries installed locally (https://github.com/github/codeql-cli-binaries)
• Clone https://github.com/GitHubSecurityLab/GreHack2023-Workshop locally

Tony Torralba

Tony Torralba is a Software Engineer at Github, currently working in the CodeQL team developing queries for static application security testing. He is passionate about cybersecurity, and is specially interested in vulnerability research and the offensive side of the field. He previously worked as application security analyst and pentester, and holds the OSCP, OSWE, and CRTO security certifications. His recent work has been focused on Android and web application security, where he has used CodeQL to uncover several vulnerabilities in popular open source Java and Kotlin projects.