The 2017 edition was full, and it was the first time we had to stop accepting registration, leading to a change of room size for the 2018 edition!


We recorded most of the talks and published them on youtube :

There are also pictures of the event available here : https://insomnihack.ch/gallery/inso2017/


Welcome to Insomni’hack – Alain Mowat
Bridging the gap between ICS(IoT?) and corporate IT security
– Stefan Lüders
DevOops Redux – Chris Gates & Ken Johnson
Automating Computer Security – Why we need computers, and why they still need us – Tyler Nighswander
Modern reconnaissance phase on APT – protection layer – Paul Rascagnères
RHME2 challenges and solutions – Eloi Sanfelix
La sécurité de l’information pour les managers – Georges Torti
From your PC to your nearest ATM – a history of the sneakiest financial malware – David Sancho
Dissecting a Metamorphic File-Infecting Ransomware – Raul Alvarez
How we hacked Distributed Configuration Management Systems – Francis Alexander & Bharadwaj Machiraju
A new Source of trouble – Remote exploitation of the Valve Source game engine – Amat Cama
On the Need for Integrated Circuit Security – Olivier THOMAS
The State of Security: Securing today’s elastic IT assets – Jens Freitag
Locked Shields – Cyber Defence Exercise & RUAG’s Cyber Training Range – Peter Hladký

Most of the talks are available in the YouTube playlist linked above


The 2017 edition marked the inception of our escape room where you had to solve puzzle tasks in a closed room and ultimately get the final solution in under 15 minutes to qualify for a prize.

To celebrate our 10th birthday, a 3d First Person Shooter hackable game was created where players could cheat in order to get otherwise unobtainable flags. A detailed writeup is available here :


The CTF was once again won by Dragon Sector for the 4th time! A detailed result page is available here : https://insomnihack.ch/?p=662


Insomni’hack 2016 was held at Palexpo like the previous years, on March 17 and 18 2016. The contest gathered around the same amount of people as last year.


We’ve also published some pictures of the event : http://insomnihack.ch/gallery/inso2016/index.html#/0


A Hippocratic Oath for Connected Medical Devices – Beau Woods
Crypto code: the 9 circles of testing – JP Aumasson
IAEA – The role of the IT security specialists at the International Atomic Energy Agency – Massimiliano Falcinelli
Unboxing the White-Box – Eloi Sanfelix
Criminal Hideouts for Lease: Bulletproof Hosting Services – Maxim Goncharov
Million Dollar Baby: An “angr”y Attempt at Conquering the DARPA CGC – Nick Stephens
Building Trust by Design – Hoang Bao
8 security lessons from 8bit games – Florian Hammers
Beating the trust out of the root of trust – Frederic Jacobs
Cyber criminalité, recrutement djihadiste : “le facteur humain” dans les affaires cyber – Frank Decloquement
Reversing Internet of Things from mobile applications – Axelle Apvrille
DDoS Surviving or mitigating – René Luria
Is Ransomware coming to IoT devices? – Candid Wueest
Lessons learnt from the history of vulnerabilities in hypervisors – Rafal Wojtczuk
From Bored Hacker to Board CISO – Bruno Kerouanton


The contest was won once again by Dragon Sector! The complete scoreboard is available on ctftime.


Insomni’hack 2015 was held at Palexpo, Geneva on the 19th and 20th of March 2015. The conference gathered around 750 participants with nearly 400 for the CTF.



Tobias Bolliger (Deputy Head of CYCO) and Gilles Zürcher (CYCO Investigator) – Keynote
Nicolas Ruff, Google – An overview of all security programs run by Google for bringing more security to the Interwebs
Axelle Apvrille, Fortinet – Pawn Storm: What’s Up on iOS devices?
Benjamin Delpy aka Gentilkiwi – Mimikatz, de sekurlsa la compromission Active Directory
Raoul Chiesa – The evolution of 0days market
Chris Valasek – Automotive security
Mario Heiderich – Copy & Pest: A case-study on the clipboard, blind trust and invisible cross-application XSS
Thomas Braun – Information Security for the United Nations
Gynvael Coldwind & Mateusz “j00ru” Jurczyk – Pwning (sometimes) with style: Dragons’ notes on CTFs
Bruno Kerouanton – Setting-up a cool Infosec Lab at home, tips and tricks, for your eyes only !
Olfeo – L’importance d’une approche suisse dans le proxy et le filtrage
Mathias Fuchs, Mandiant/Fireeye – Incident Response: From the Front Lines
Grant Burst WALLIX – The usual suspects: A quick look at the issues of the Insider and Ex-Employee Threats and Demo of the Wallix AdminBastion
Darren Turnbull, Fortinet – Fortinet’s Strategic Mission as Cyber-Security Leader
Josiah Hagen, DVLabs Security (HP Enterprise Security) – Machine Learning for Security


The contest was won again this year by Dragon Sector. The complete scoreboard is available on ctftime.
Solution from the CTF can be found in our CYBSEC presentations :

Hacking Like In The Movies

Hacking Like In The Movies – Teaser


Insomni’hack 2014 was held again at Palexpo, Geneva on the 20th and 21st of March 2014. The contest gathered nearly 350 participants to work on various security oriented challenges while the speakers presented their latest research findings to the attendees.



Mikko Hypponen – Keynote
Michele Orru, Krzysztof Kotowicz – When you can’t afford 0days.Client-side exploitation for the masses
Nicolas Rosenthal – Enjeux juridico-organisationnels et Contractuels du Cloud computing
Ricky “HeadlessZeke” Lawshae – Mapping malware infections
Nicolas Gregoire – Lurking in clouds: easy hacks for complex apps
Sébastien Bombal – Deploying cyberdefense measures and Policies in a Critical Infrastructure Sector
Mario Heiderich – JSMVCOMFG? To sternly look at JavaScript MVC and Templating Frameworks
Ange Albertini – Binary art – funky PoCs & visual docs
Axelle Apvrille – Dalvik Executable (DEX) Tricks
Adam Laurie – RFIDler
Bruno Kerouanton – I’ve got ARGuments for YOU !


The contest was won by Dragon Sector, a great polish CTF team. The complete scoreboard is available on ctftime.


Insomni’hack 2013 was held at Palexpo, Geneva on the 21st and 22nd of March 2013. The contest gathered nearly 300 participants to work on various security oriented challenges while the speakers presented their latest research findings to the attendees.


Charlie Miller – Hacking phones with Near Field Communication
Ian Pratt – The Soul of the New Machine: The Role of Hypervisors in Next Gen Information Security
Mario Heiderich – XSS from 1999 to 2013: The “Doctrine Classique” of Websecurity & The innerHTML Apocalypse – How mXSS attacks change everything we believed to know so far
Stephen Ridley & Stephen Lawler – Advanced ARM Exploitation
Richard Lane – ISC2 : Safe & Secure Online Initiative Educating Children and Preparing Your Future Workforce
Bruno Kerouanton & F6ITU – Software Defined Radio “hacks”
Pascal Junod – Chasse à l’Hash-DoS
Paul Rascagneres – Projet Malware.lu
Patrick Trinkler & Matthieu Legré – Boite à outils de l’espion à l’heure des communications par fibre optique
François Deppierraz & Nicolas Desir – Comment j’ai créé un ISP dans mon garage?
Eloi Sanfelix Gonzalez – Modern embedded systems analysis
Angelo Brancato – How to increase the chance to detect and stop a Targeted Attack AKA Advanced Persistent Threat (APT)
Ruchna Nigam – Guns and Smoke to fight Mobile Malware


A detailed wrap-up and several challenge writeups can be found on SCRT’s blog here : https://blog.scrt.ch/page/3/?s=insomnihack


In 2012, Insomni’hack again took place at the HEPIA in Geneva. In addition to the traditional contest, the following speakers gave talks on various security related topics.

  • Thor Mullen
  • JP Aumasson
  • Axelle Aprville
  • Emmanuel Bouillon
  • Paul Rascagnère
  • Bruno Kerouanton

Writeups for several of the challenges can be found here: http://www.scrt.ch/insomnihack/2012/epreuves


An important year for Insomni’hack as it was the first time speakers were invited to talk at the conference in addition to the traditional contest:

  • Sébastien Bombal
  • Axelle Apvrille
  • Pascal Junod
  • Dominique Climenti
  • Alexandre Herzog
  • Bruno Kerouanton


150 participants for only the 3rd edition of Insomni’hack.

Challenge writeups: http://www.scrt.ch/insomnihack/2010/epreuves


Too big for Préverenges, Insomni’hack moved to Geneva, and more precisely to the HEPIA for it’s second edition.

Challenge writeups are found here: http://www.scrt.ch/insomnihack/2009/epreuves


The beginning of it all! The first edition of Insomni’hack took place in a small cafeteria in Préverenges on the 8th of February 2008.

More information on the challenges can be found here: http://www.scrt.ch/insomnihack/2008/epreuves