Insomni’hack 2016 was held at Palexpo like the previous years, on March 17 and 18 2016. The contest gathered around the same amount of people as last year.


We’ve also published some pictures of the event : http://insomnihack.ch/gallery/inso2016/index.html#/0


A Hippocratic Oath for Connected Medical Devices – Beau Woods
Crypto code: the 9 circles of testing – JP Aumasson
IAEA – The role of the IT security specialists at the International Atomic Energy Agency – Massimiliano Falcinelli
Unboxing the White-Box – Eloi Sanfelix
Criminal Hideouts for Lease: Bulletproof Hosting Services – Maxim Goncharov
Million Dollar Baby: An “angr”y Attempt at Conquering the DARPA CGC – Nick Stephens
Building Trust by Design – Hoang Bao
8 security lessons from 8bit games – Florian Hammers
Beating the trust out of the root of trust – Frederic Jacobs
Cyber criminalité, recrutement djihadiste : “le facteur humain” dans les affaires cyber – Frank Decloquement
Reversing Internet of Things from mobile applications – Axelle Apvrille
DDoS Surviving or mitigating – René Luria
Is Ransomware coming to IoT devices? – Candid Wueest
Lessons learnt from the history of vulnerabilities in hypervisors – Rafal Wojtczuk
From Bored Hacker to Board CISO – Bruno Kerouanton


The contest was won once again by Dragon Sector! The complete scoreboard is available on ctftime.


Insomni’hack 2015 was held at Palexpo, Geneva on the 19th and 20th of March 2015. The conference gathered around 750 participants with nearly 400 for the CTF.



Tobias Bolliger (Deputy Head of CYCO) and Gilles Zürcher (CYCO Investigator) – Keynote
Nicolas Ruff, Google – An overview of all security programs run by Google for bringing more security to the Interwebs
Axelle Apvrille, Fortinet – Pawn Storm: What’s Up on iOS devices?
Benjamin Delpy aka Gentilkiwi – Mimikatz, de sekurlsa la compromission Active Directory
Raoul Chiesa – The evolution of 0days market
Chris Valasek – Automotive security
Mario Heiderich – Copy & Pest: A case-study on the clipboard, blind trust and invisible cross-application XSS
Thomas Braun – Information Security for the United Nations
Gynvael Coldwind & Mateusz “j00ru” Jurczyk – Pwning (sometimes) with style: Dragons’ notes on CTFs
Bruno Kerouanton – Setting-up a cool Infosec Lab at home, tips and tricks, for your eyes only !
Olfeo – L’importance d’une approche suisse dans le proxy et le filtrage
Mathias Fuchs, Mandiant/Fireeye – Incident Response: From the Front Lines
Grant Burst WALLIX – The usual suspects: A quick look at the issues of the Insider and Ex-Employee Threats and Demo of the Wallix AdminBastion
Darren Turnbull, Fortinet – Fortinet’s Strategic Mission as Cyber-Security Leader
Josiah Hagen, DVLabs Security (HP Enterprise Security) – Machine Learning for Security


The contest was won again this year by Dragon Sector. The complete scoreboard is available on ctftime.
Solution from the CTF can be found in our CYBSEC presentations :

Hacking Like In The Movies

Hacking Like In The Movies – Teaser


Insomni’hack 2014 was held again at Palexpo, Geneva on the 20th and 21st of March 2014. The contest gathered nearly 350 participants to work on various security oriented challenges while the speakers presented their latest research findings to the attendees.



Mikko Hypponen – Keynote
Michele Orru, Krzysztof Kotowicz – When you can’t afford 0days.Client-side exploitation for the masses
Nicolas Rosenthal – Enjeux juridico-organisationnels et Contractuels du Cloud computing
Ricky “HeadlessZeke” Lawshae – Mapping malware infections
Nicolas Gregoire – Lurking in clouds: easy hacks for complex apps
Sébastien Bombal – Deploying cyberdefense measures and Policies in a Critical Infrastructure Sector
Mario Heiderich – JSMVCOMFG? To sternly look at JavaScript MVC and Templating Frameworks
Ange Albertini – Binary art – funky PoCs & visual docs
Axelle Apvrille – Dalvik Executable (DEX) Tricks
Adam Laurie – RFIDler
Bruno Kerouanton – I’ve got ARGuments for YOU !


The contest was won by Dragon Sector, a great polish CTF team. The complete scoreboard is available on ctftime.


Insomni’hack 2013 was held at Palexpo, Geneva on the 21st and 22nd of March 2013. The contest gathered nearly 300 participants to work on various security oriented challenges while the speakers presented their latest research findings to the attendees.

Speakers and Workshops

Charlie Miller – Hacking phones with Near Field Communication
Ian Pratt – The Soul of the New Machine: The Role of Hypervisors in Next Gen Information Security
Mario Heiderich – XSS from 1999 to 2013: The “Doctrine Classique” of Websecurity & The innerHTML Apocalypse – How mXSS attacks change everything we believed to know so far
Stephen Ridley & Stephen Lawler – Advanced ARM Exploitation
Richard Lane – ISC2 : Safe & Secure Online Initiative
Educating Children and Preparing Your Future Workforce
Bruno Kerouanton & F6ITU – Software Defined Radio “hacks”
Pascal Junod – Chasse à l’Hash-DoS
Paul Rascagneres – Projet Malware.lu
Patrick Trinkler & Matthieu Legré – Boite à outils de l’espion à l’heure des communications par fibre optique
François Deppierraz & Nicolas Desir – Comment j’ai créé un ISP dans mon garage?
Eloi Sanfelix Gonzalez – Modern embedded systems analysis
Angelo Brancato – How to increase the chance to detect and stop a Targeted Attack AKA Advanced Persistent Threat (APT)
Ruchna Nigam – Guns and Smoke to fight Mobile Malware


A detailed wrap-up and several challenge writeups can be found on SCRT’s blog here : http://blog.scrt.ch



In 2012, Insomni’hack again took place at the HEPIA in Geneva. In addition to the traditional contest, the following speakers gave talks on various security related topics.

  • Thor Mullen
  • JP Aumasson
  • Axelle Aprville
  • Emmanuel Bouillon
  • Paul Rascagnère
  • Bruno Kerouanton

Writeups for several of the challenges can be found here: http://www.scrt.ch/insomnihack/2012/epreuves


An important year for Insomni’hack as it was the first time speakers were invited to talk at the conference in addition to the traditional contest:

  • Sébastien Bombal
  • Axelle Apvrille
  • Pascal Junod
  • Dominique Climenti
  • Alexandre Herzog
  • Bruno Kerouanton


150 participants for only the 3rd edition of Insomni’hack.

Challenge writeups: http://www.scrt.ch/insomnihack/2010/epreuves


Too big for Préverenges, Insomni’hack moved to Geneva, and more precisely to the HEPIA for it’s second edition.

Challenge writeups are found here: http://www.scrt.ch/insomnihack/2009/epreuves


The beginning of it all! The first edition of Insomni’hack took place in a small cafeteria in Préverenges on the 8th of February 2008.

More information on the challenges can be found here: http://www.scrt.ch/insomnihack/2008/epreuves