The conference will take place on March 24 2017, the final schedule is not yet available but here are some of our confirmed speakers.



Title: The Challenges of Securing the LHC

Speaker : Stefan Lüders

Stefan Lüders, PhD, graduated from the Swiss Federal Institute of Technology in Zurich and joined CERN in 2002. Since 2009, he is heading the CERN Computer Security Incident Response Team as CERN’s Computer Security Officer with the mandate to coordinate all aspects of CERN’s computer security — office computing security, computer centre security, GRID computing security and control system security — whilst taking into account CERN’s operational needs. Dr. Lüders has presented on computer security and control system cyber-security topics at many different occasions to international bodies, governments, and companies, and published several articles.


The European Organization for Particle Physics, CERN, is running the world’s most-powerful particle accelerator, the Large Hadron Collider (LHC). Like a production plant, the LHC employs a series, actually more than 125, different commercial and custom-built control systems of different sizes. While its operational efficiency and safe operation is essential, computer security protections must not be neglected. However, as the LHC as well as its four attached physics experiments are one-time prototypes developed under the expertise of a world-wide community of physicists and engineers, who are constantly improving and extending the LHC and its experiments, this computer security must be suitably balanced with the need for academic freedom in research… This presentation will give an overview on LHC technologies and physics, the complexity of control systems needed to run the LHC, and the go’s and no-go’s of securing them.

Title: DevOops Redux

Speakers : Chris Gates (@carnal0wnage) & Ken Johnson (@cktricky)

Ken Johnson, CTO of nVisium, has been hacking web applications professionally for 8 years. Ken is both a breaker and builder and currently leads the nVisium product team. Previously, Ken has spoken at DerbyCon, AppSec USA, AppSec DC, AppSec California, DevOpsDays DC, LASCON, RubyNation, and numerous Ruby, OWASP, and AWS events. Ken is currently investing his time between OWASP’s Railsgoat, Elxir and Go, as well as all aspects of AWS offerings.

Chris Gates has extensive experience in network and web application penetration testing, Red Teaming and Purple Teaming. Chris is currently learning to be a part time fixer instead of full time breaker. In the past he has spoken at the United States Military Academy, BlackHat, DefCon, Toorcon, Brucon, Troopers, SOURCE Boston, Derbycon, LasCon, HashDays, HackCon, Bsides ATL, IT Defense, OWASP AppSec DC, and Devops Days. Chris is also a cofounder of NoVAHackers.


DevOps tool-chains are transforming Modern IT, but hackers can undermine their benefits through poorly implemented or vulnerable DevOps tools. Chris Gates and Ken Johnson will share their collaborative attack research into the technology driving DevOps. They will share an attacker’s perspective on exploiting DevOps organizations and the countermeasures these organizations should employ.

Title: Automating Computer Security – Why we need computers, and why they still need us

Speaker :Tyler Nighswander (@tylerni7)

Tyler has been a computer hacker for several years. While an undergraduate student at Carnegie Mellon University, Tyler was one of the initial members of the hacking team known as the Plaid Parliament of Pwning. This team rose from a small group of students to one of the top competitive hacking teams in the world. After traveling around the world competing in hacking competitions, Tyler settled down and now works on making humans and computers think more like hackers at ForAllSecure. In 2016, the automated system he helped create won the DARPA Cyber Grand Challenge.


Automatic bug finding and exploitation have been something of a Holy Grail for security for some time. Although we have a long ways to go before we’re all out of a job, the recent Cyber Grand Challenge at DEF CON 24 showed that automatic binary exploitation is further along than most people might expect. In 10 hours we saw 7 supercomputers compete in a state-of-the-art capture the flag competition with no humans at all, finding bugs in and patching complex pieces of compiled code. We will discuss this competition and some of the results, and learn about what can be expected of automated systems today and in the near future.

Title: Modern reconnaissance phase on APT – protection layer

Speaker : Paul Rascagnères (@r00tbsd)

Paul is a security researcher within Talos, Cisco’s threat intelligence and research organization. As a researcher, he performs investigations to identify new threats and presents his findings as publications and at international security conferences throughout the world (Recon, Shakacon,, Syscan360…). He has been involved in security research for 7 years, mainly focusing on malware analysis, malware hunting and more specifically on Advanced Persistence Threat campaigns and rootkit capabilities. He previously worked for several incident response teams within the private and public sectors.


This presentation will show how APT actors are evolving and how the reconnaissance phase is changing to protect their valuable 0-day exploit or malware frameworks. This talk will mainly focus on the usage of Office documents and watering hole attacks designed to establish if the target is the intended one (we will mention campaigns against political or military organizations). The techniques and the obfuscation put in place by these actors will be described in detail (techniques based on Macro, JavaScript, PowerShell, Flash or Python). At the end of the presentation, we will show different mitigations to help attendees protect their users.

Title: RHME2 challenges and solutions

Speakers : Eloi Sanfelix (@esanfelix) & Andres Moreno

Eloi Sanfelix works as a Principal Security Analyst at Riscure, where he performs security evaluations on different products ranging from software-based solutions to embedded systems. Most of his working time is currently spent reverse engineering and analyzing protected software such as DRM systems and mobile payment applications, as well as the security of the software and hardware side of Trusted Execution Environments. In the last few years, he has also been involved in evaluating the security of embedded systems and smart card technology, mostly for the PayTV and the payment industries. In his spare time, Eloi enjoys participating in CTF competitions with the int3pids team.

Andres Moreno works as Security Analyst at Riscure B.V. His formal education is on electrical engineering, signal processing, and control. He worked on power systems for some time before moving into security as a full time job. He works mainly with the payment industry evaluating host card emulation solutions, and has worked in the past with embedded systems for the conditional access industry and smart cards.


An embedded CTF called rhme2 (Riscure Hack Me 2) started in November 2016, running until February 28 2017. Riscure prepared a small arduino board with a custom bootloader and shipped it to 500 participants, allowing them to load 22 challenges in the following categories: Side Channel Analysis, Fault Injection, Reverse Engineering, Cryptography, Software Exploitation and Other. In this talk we will take a look at the results of the game, highlight the most interesting challenges and the most surprising solutions we received from the challenge participants.

Title: La sécurité de l’information pour les managers

Speaker : Georges Torti

Georges Torti exerce actuellement en qualité de responsable de la sécurité de l’information et gestion des risques auprès de la Confédération. Avant de réorienter sa carrière professionnelle dans le domaine de la sécurité des systèmes d’information, il a été en charge durant près de 15 ans de la direction des systèmes d’information d’une société d’un groupe international. Il a ainsi une très bonne maîtrise des différents processus d’un département informatique, qu’ils soient stratégiques, tactiques ou opérationnels. Il est entre autres titulaire des certifications CISA (auditeur informatique) et CISM (responsable sécurité).


Quelle que soit sa taille, une PME doit prendre conscience qu’elle peut être à tout moment confrontée à la cybercriminalité. Qu’il s’agisse, par exemple, de malveillances visant à la destruction de données ou d’espionnage économique, les conséquences des attaques informatiques pour les entreprises sont généralement désastreuses et peuvent impacter leur pérennité.
Les directeurs doivent comprendre et appréhender la cyber sécurité comme un problème de gestion des risques à l’échelle de l’entreprise et non la considérer comme une question informatique.
La conférence a pour ambition d’expliquer aux cadres et chefs d’entreprises ce qu’est la sécurité de l’information, les mythes souvent rencontrés dans nos entreprises, ainsi que quelques flashs sur des domaines spécifiques pour mettre en œuvres une sécurité de l’information efficace dans l’entreprise.

Title: From your PC to your nearest ATM – a history of the sneakiest financial malware

Speakers : David Sancho

David Sancho joined Trend Micro in 2002, having fulfilled a variety of technical security-related roles. Currently, his title is Senior Anti-Malware Researcher, and he specializes in web threats and other emerging technologies. In his more than 17 years of experience in the security field, David has written and published a number of research papers on malware tendencies, has been featured in the media, and has participated in customer events where he has presented on business issues and malware-related topics. His interests include web infection methods, vulnerability exploitation, and white-hat hacking in general.


The traditional way of milking dry a bank’s automated teller machine (ATM) was to blow it up. Literally, steel and everything… but there’s a new kid on the block. Modern criminal gangs around the world have now figured out that deploying ATM malware is an easy shortcut to jackpot up to the latest banknote inside. In this talk, we describe all the reasons that have led the criminals to develop their new golden goose, the strategies they use and each of the main malware families in this new battlefield as well as the criminal organizations responsible for this new threat. The challenge these malware writers face is accessing the special hardware of these machines: pinpad, card reader and the cash cassettes. Different malware families solve this their own particular way. The paper describes each family in detail as well as the geographical area it comes from. An overview of the criminal organizations behind these threats is presented. We will conclude with some lessons learned and recommendations on how to protect these very special machines.