Conference – slides

Here are some of the slides presented during this 8th edition

An overview of all security programs run by Google for bringing more security to the Interwebs Nicolas Ruff, Google

Machine Learning for Security (EN) – Josiah Hagen, DVLabs Security (HP Enterprise Security)

Pawn Storm: What’s Up on iOS devices? (EN) Axelle Apvrille

Copy & Pest – A case-study on the clipboard, blind trust and invisible cross-application XSS (EN) Mario Heiderich

Keynote: CYCO – Fighting cybercrime in Switzerland – Tobias Bolliger (Deputy Head of CYCO) and Gilles Zürcher (CYCO Investigator)

Thanks again to all the speakers !

Final scoreboard & Writeups

Thank you very much for attending this 8th edition of Insomni’hack.

With more than 750 visitors, this is the biggest Insomni’hack ever.

Here is the final scoreboard for Insomni’hack 2015 :
Congratz to Dragon Sector for winning again this year!

1 Dragon Sector 6035
2 StratumAuhuur 5725
3 int3pids 4800
4 KITCTF 4135
5 0x8F 4105
6 dcua 3255
7 penthackon 3135
8 mushdoom 2660
9 BullShitsecurity 2350
10 RGB 2070
11 13NRV 2060
12 Porc Scanner 2020
13 sec-cured 1780
14 OWE 1645
15 FIXME 1590
16 N05L33P 1515
17 pycured 1470
18 HacKazaar 1265
19 UndefinedBehavior 1265
20 Samurai 1265
21 SeBC 1235
22 Old legends 1230
23 pinkBull 1230
24 waspo 1205
25 Barbah4ck3R2D2 1165
26 H314 1105
27 /dev/null 1055
28 pilons-de-poulet 1030
29 cr4zyg04t0verfl0w 920
30 pic0wn 870
31 NoPwnNoCookie 860
32 […] 845
33 /null/uppercase 810
34 EpsiH4ck 790
35 Soft qui peut 785
36 /null/lowercase 635
37 hard 615
38 C8H10N4O2 480
39 sh0tnb33r 470
40 BlackFox 430
41 KAOS 430
42 unlockedwheel 365
43 vuk 365
44 Epic Hack Battelle 350
45 whoaim 350
46 0x90 310
47 /dev/lowercase 190
48 V3sth4cks153 190
49 eint0 175
50 morb{H}ack 175
51 The_iNeXplication 175
52 theciso 55
53 test 55
54 seultout 55
55 SnakeFeet 55
56  <h1>si 55

The scores have been sent to CTFtime.
Below are some quick stats on the number of solves for each task:

Exploit:
mastermind 9
smtpwn 5
Sql inject flow 2
The Firm(ware) 0
Jurassic Sparc 0
SH1TTY 0
Forensic:
ZoomIn 43
Lost In Memories 26
Elysium ropchain analysis 1
Hardware:
1-2-3-4 3
Mobile:
iBadMovie Season 1 40
iBadMovie Season 2 20
InsomniDroid Phase 1 0
InsomniDroid Phase 2 0
Network:
TimeToLeak 10
Hollywood network 0
Reversing:
Swordfish 43
Swordfish_passwd 12
Shellcoding:
blue pill 8
tldr 6
Web:
n00bs gonna win! 56
Smell of the lamp 32
Hacker News 30
Serial Hackers 19
Smelly lamp got makeup 4
Hacker Idol 2
Jack the clicker 1
Hack like it’s 1999! 0

As you can see a few tasks were not solved during the CTF,  several writeups have already been posted on our company blog : blog.scrt.ch

Insomni’hack finals – smtpwn writeup

Insomni’hack finals – Jurassic Sparc writeup

Insomni’hack finals – SH1TTY writeup

Insomni’hack finals – Hollywood network writeup

Insomni’hack finals – InsomniDroid Level 1 Writeup

Make sure to follow our blog to get the latest updates

Final schedule

We have just posted the final schedule , you can see it on the conference page

 

Updated speaker list

The speaker list has been updated and is new (nearly) final.

The following speakers will also join us

– Gynvael Coldwind & Mateusz “j00ru” Jurczyk (from the Dragon Sector team)

– Mathias Fuchs (Fireeye/Mandiant)

– Axelle Apvrille (Fortinet)

– Thomas Braun (United Nations)

– Bruno Kerouanton (official Insomni’hack mascot)

– Tobias Bolliger (Deputy Head of CYCO) and Gilles Zürcher (CYCO Investigator) (keynote)

– Nicolas Ruff (Google)

More details on the conference page

 

The workshop list is also complete , you have a little more than 2 weeks left to register.

First speakers , Networking dinner, Workshops

Speakers

We are very pleased to announce a first set of speakers

Details : conferences page

The full list of speakers will be published within the next weeks.

Final schedule will be posted 2 weeks before the event.

 

Networking dinner

Insomni’hack networking dinner will take place the 19/03/15 at 19h at :

Restaurant Pizzeria la Gioconda
Av Louis-Casai 81
1216 Cointrin

2 menus are proposed :

Menu 1 at 28 CHF : salad , pizza, tiramisu , 1 soft drink

Menu 2 at 40 CHF : antipasto misto, ravioli tomato-basilic, beef steak café de Paris or green peper + fries & vegetables, tiramisu, 1 soft drink

Please register here , limited seats

 

Workshops

the first workshops are also published here

 

Early bird rate

The early bird rate will end next week (15/02) , hurry up !

Standard price for the conferences is CHF 160.

 

Insomni’hack 2015 Registrations are open

We have open the registration on eventbrite for the conference and the contest. The Workshops should follow soon.

Although the contest itself is free, we do require you to signup so we have an idea of how many people will be present.

As a reminder the dates are :

  • 19th March: Workshops
  • 20th March: Conference and Contest

 

CTF Teaser is closed

The teaser has ended but the challenges will stay up for a few days on https://teaser.insomnihack.ch/

Thanks everybody for your participation. Here is the top standing :

  • Dragon Sector - Confirmed
  • Penthackon – Confirmed
  • StratumAuhuur – Confirmed
  • Int3pids – Confirmed
  • Plaid Parliament of Pwning – Declined
  • KITCTF – Confirmed

The main event will be held in Geneva the 20th March

Insomni’App, le CTF de l’AppSec 2014

Pour son édition 2014, l’Application Security Forum en partenariat avec Insomni’hack propose un CTF (Jeopardy-style) d’une durée de 2 heures qui se déroulera le 5 novembre entre 17 et 19h.

Le principe est de résoudre des épreuves dans différents domaines (web, reverse engineering, cryptographie et autres) pour gagner des points . Le vainqueur sera celui qui, à la fin du CTF, aura amassé le plus de points. Il remportera un IPad Mini d’une valeur de 320 frs. Les 2ième et 3ième recevront une YubiKey NEO.

Il s’agit d’un concours individuel, les inscriptions sont d’ores et déjà ouvertes et accessibles ici. Le nombre de place est limité à 80 !

Results of the CTF

Here are the official results !

First 28 teams

score

Dragon Sector

6620

StratumAuhuur

5360

HackingForBeers

4760

More Smoked Leet Chicken

4060

int3pids

4020

dcua

3160

FIXME

2195

HoneyBadgerz

1900

Dulac

1835

mushd00m

1550

insomniacs_II

1455

Porc Scanner

1410

Hackdumb

1300

SeBC

1260

cr4zy g0at 0verfl0w

1200

EHCC1

1200

Bullshit Security

1200

rgb

1165

Candy Eaters

1150

Russian Invaders

1135

Space Cowboys

1095

null.uppercase()

1070

EMXIF

1070

CWP

990

a boire ou on tue le chien

960

NULL.lowercase()

910

/dev/null

860

eteam

800

 

Solo

name

score

eint0

700

david

200

thecis0

170

britney

135

FuZ

75

KBA

60

theciso

0

Riber

0

Imeonthehack

0

 

 

Slides of some of the 2014 conferences

First release of INS14 slides (thanks again to the speakers)

 

Deploying cyberdefense measures and Policies in a Critical Infrastructure Sector, Sébastien Bombal : sebastien-bombal-v3.3

Lurking in clouds: easy hacks for complex apps , Nicolas Gregoire : Easy_hacks_for_complex_apps-INS14

When you can’t afford 0days.Client-side exploitation for the masses Michele Orru, Krzysztof Kotowicz when_you_dont_have_0days-Kotowicz-Antisnatchor-InsomniHack2014

JSMVCOMFG? To sternly look at JavaScript MVC and Templating Frameworks , Mario Heiderich jsmvcomfg

Dalvik Executable (DEX) Tricks Axelle Apvrille hidex-insomni

Enjeux juridico-organisationnels et Contractuels du Cloud computing , Nicolas Rosenthal 20140321_INSOMNI’HACK_Cloud_Computing_Nicolas_Rosenthal_v01

RFIDler , Adam Laurie RFIDler-insomni

Follow

Get every new post delivered to your Inbox.

Join 43 other followers