GreHack 2013

Conferences and events Leave a comment

I was in Grenoble on Nov 14-15 for GreHack, a security conference organized by a group of enthusiast students from the local university. (Full disclosure: Kudelski Security was one of the sponsors.) With about 235 attendees to the conference and 37 teams registered to the CTF GreHack was a popular success. I was kindly invited to give the opening speech, where we respected a minute of silence for Cédric Blancher.

The contributed talks covered diverse topics including mobile malware analysis, scanning of 0.0.0.0/0 for vulnerable DNS servers or PLCs, or DDoS using game servers’ amplification. I was especially looking forward seeing my friend Markku and attending his presentation of a “professional” RAT: this custom RAT (and associated C&C) stands out with a secure communication protocol based on Markku’s BLINKER protocol (to be presented at CT-RSA 2014: “BLINKER is significantly faster than SSL to set up (…)”) and on the CBEAM0 sponge-based authenticate cipher (to appear as a CAESAR submission, I presume).

Unfortunately, due to last-minute issues he couldn’t make it to Grenoble and his talk was replaced with Paul Rascagnères’ famous “APT2” operation, which was nominated for the Pwnie Award in the category “Epic 0wnage” earlier this year. Although the targetted group was not APT1 as initially suspected it’s still an amazing work, and I think Paul even had to do some ciphertext-only cryptanalysis of Chinese operating systems.

Other highlights were

  • Herbert Bos’ accessible yet technically satisfying keynote “Tain’t not enough to fuzz all the memory errors”, about formal techniques to detect memory bugs. Based on the techniques presented, Herbert and his team created a fuzzer that discovered buffer overflows in ffmpeg and poppler (see the Usenix Security 2013 paper and presentation).
  • Halvar Flake’s survey keynote “The many flavors of binary analysis”, where we learnt that Microsoft doesn’t backport security patches in Win 8 to Win 7 when the issue was found internally (“free 0days for Win 7”, as he put it).

Leave a Reply