Conference Schedule 2015


The conference will take place March the 20th.

Track 1 (room K) Track 2 (room F) Track 3 (room G)
9h30 – 10h15 Intro
Paul Such
Keynote: CYCO – Fighting cybercrime in Switzerland – Tobias Bolliger (Deputy Head of CYCO) and Gilles Zürcher (CYCO Investigator)
10h15-10h45 coffee break
10h45-11h30 An overview of all security programs run by Google for bringing
more security to the Interwebs

Nicolas Ruff, Google
Pawn Storm: What’s Up on iOS devices? (EN)
Axelle Apvrille
L’importance d’une approche suisse dans le proxy et le filtrage
11h45-12h30 Mimikatz, de sekurlsa à la compromission Active Directory (FR)
Benjamin Delpy “Gentilkiwi”
The evolution of 0days market (EN)

Raoul Chiesa
Incident Response: From the Front Lines (EN)
Mathias Fuchs, Mandiant/Fireeye
12h30-14h00 lunch
14h00-14h45 Automotive security (EN)
Chris Valasek
Copy & Pest – A case-study on the clipboard,
blind trust and invisible cross-application XSS (EN)

Mario Heiderich
The usual suspects A quick look at the issues of the Insider and
Ex-Employee Threats and Demo of the Wallix AdminBastion (EN)

Grant Burst WALLIX
15h00-15h45 Information Security for the United Nations (EN)
Thomas Braun
Pwning (sometimes) with style – Dragons’ notes on CTFs (EN)
Gynvael Coldwind & Mateusz “j00ru” Jurczyk
Fortinet’s Strategic Mission as Cyber-Security Leader (EN)
Darren Turnbull, Fortinet
15h45-16h coffee break
16h15-17h Setting-up a cool Infosec Lab at home, tips and tricks,
for your eyes only ! (EN)

Bruno Kerouanton
Machine Learning for Security (EN)

Josiah Hagen, DVLabs Security (HP Enterprise Security)

Speaker : Chris Valasek

Chris Valasek serves as Director Vehicle Security Research at IOActive, an industry leader in comprehensive computer security services. In this role, Valasek is responsible for guiding IOActive’s vehicle security research efforts. He is also heavily involved in bleeding-edge automotive security research.
Valasek specializes in offensive research methodologies with a focus on reverse engineering and exploitation. Known for his extensive automotive field research, Valasek was one of the first researchers to discuss automotive security issues in detail. His release of a library to physically control vehicles through the CAN bus garnered worldwide media attention. Valasek is also known for his exploitation and reverse engineering of Microsoft® Windows. As a Windows security subject matter expert, he is quoted in several technology publications and has given presentations on the subject at a number of conferences. He is also the Chairman of SummerCon, the oldest US hacker conference

Talk description : Automotive security

Automotive security is now on the forefront of the security landscape, but access to modern vehicles and equipment is very expensive. This talk will focus on the ability to assess the security of the modern connected car with minimal financial investment. The presentation will go through methods of acquiring, analyzing, and assessing various automobile components without the expense of owning the actual vehicle. As always, stay until the end, as there’s always something special to talk about.

Language : English

Speaker : Mario Heiderich

Mario Heiderich, handsome heart-breaker, bon-vivant and (as he loves to call himself) “security researcher” is from Berlin, likes
everything between lesser- and greater-than, leads the small yet exquisite pen-test company called Cure53 and pesters peaceful
attendees on various 5th tier conferences with his hastily assembled powerpoint-slides. Other than that, Mario is a very simple person and only parses three-word sentences so don’t even bother addressing him with complex topics or rhetoric

Talk description : Copy & Pest – A case-study on the clipboard, blind trust and invisible cross-application XSS

The clipboard is one of the most commonly used tools across operating systems, window managers and devices. Pressing Ctrl-C and Ctrl-V has become so fundamentally important to productivity and usability that we cannot get rid of it anymore. We happily and often thoughtlessly copy things from one source and paste them into another. URLs into address-bars, lengthy commands into console windows, text segments into web editors and mail interfaces. And we never worry about security when doing so. Because what could possibly go wrong, right? But have we ever asked ourselves what the clipboard content actually consists of? Do we really know what it contains? And are we aware of the consequences a thoughtless copy&paste interaction can have? Who else can control the contents of the clipboard? Is it really just us doing Ctrl-C or is there other forces in the realm who are able to infect what we believe to be clean, who can desecrate what we trust so blindly that we never question or observe it? This talk is about the clipboard and the technical details behind it. How it works, what it really contains – and who can influence its complex range of contents. We will learn about a new breed of targeted attacks, including cross-application XSS from PDF, ODT, DOC and XPS that allow to steal website accounts faster than you can click, turn your excel sheet into a monster and learn about ways to smuggle creepy payload that is hidden from sight until it executes. Oh, and we’ll also see what can be done about that and what defensive measures we achieved to create so far.

Language : English

Speaker : Raoul Chiesa

Raoul “Nobody” Chiesa was born in Torino, Italy. After being among the first italian hackers back in the 90’s (1986−1995), Raoul decided to move to professional InfoSec, establishing back in 1997 the very first vendor-neutral Italian security advisory company.

Raoul is among the founder members of CLUSIT (Italian Information Security Association, est. 2000) and he is a Board of Directors member at ISECOM, OWASP Italian Chapter, and the Italian Privacy Observatory (AIP/OPSI); he’s one of the coordinators of the WG “Cyber World” at the Center For Higher Studies (CASD) at the National Security Observatory (OSN) driven by Italy’s MoD. He is a member of ENISA Permanent Stakeholders Group (2010−2015), a Special Advisor on Cyberprofiling for the UN agency UNICRI and a Memnber of the coordination group of the APWG European chapter, Anti-Phishing Working Group, acting like a “Cultural Attachè”.

Raoul publishes books and white papers in English and Italian language as main author or contributor, and he’s a regular contact for worldwide medias (newspapers, TV and bloggers) when dealing with Information Security issues and IT security incidents.

Talk description : The evolution of 0days market

This presentation will introduce the audience to the 0days market, a very complex ecosystem with different actors, being sellers, buyers or middle-entities.
The speaker will initially provide an high view analysis of this market, then he will zoom into the known and the unwritten rules.

Language : English

Speaker : Benjamin Delpy “Gentilkiwi”

Benjamin Delpy, est un chercheur en sécurité informatique connu sous le pseudonyme de `gentilkiwi` Il a notamment participé aux conférences PHDays, ASFWS, St’Hack, BlackHat/DefCon, BlueHat, NoSuchCon …Passionné de sécurité, il publie des outils et articles afin d’informer autour de faiblesses produit et prouver quelques théories.Mimikatz a été son premier programme à traverser les frontières. Il est maintenant reconnu comme un outil d’audit de sécurité Windows –

Talk description : Mimikatz, de sekurlsa à la compromission Active Directory

Depuis sa première visite en Suisse en 2012 ; Mimikatz a su évoluer afin d’exposer de plus en plus de données d’authentification. Les Hash LM/NTLM sont toujours sources d’attaques, et les mots de passes en clair ont permis d’attirer l’attention des DSI Kerberos était encore trop peu étudié. Ces derniers mois ont étés très difficiles pour ce protocole sous Windows… du pass-the-ticket à la Skeleton Key, en passant par les mystérieux Tickets d’Or (Golden Tickets), le tout avec quelques particularités Microsoft (MS14-068 ? ;)). Rien ne vous sera épargné !

Language : Français

Speakers : Gynvael Coldwind & Mateusz “j00ru” Jurczyk

Gynvael Coldwind is a computer security researcher and Dragon Sector team captain. His main areas of interest are low-level security (kernel, OS, client), web security and reverse-engineering. He is currently working as an Information Security Engineer at Google.

Mateusz “j00ru” Jurczyk is the Dragon Sector team vice-captain and a big fan of memory corruption. His main areas of interest are client software security, vulnerability exploitation and mitigation techniques, and delving into the darkest corners of low-level kernel internals with a very strong emphasis on Microsoft Windows. He is currently working as an Information Security Engineer at Google.

Talk description : Pwning (sometimes) with style – Dragons’ notes on CTFs

Denial, anger, bargaining, depression, acceptance – anyone who has ever played security CTFs must be very familiar with those feelings. While always thrilling, the competitions also have elements of surprise, rivalry and race. Sometimes, tasks can be solved in elegant, universal ways; at other times, you spend 20 hours writing code you would never show to your friends with a straight face. In this talk, we will share some stories of victory and defeat, talk about our thoughts on playing Capture The Flag contests and discuss some of the most amusing or technically interesting tasks of the recent months, together with their solutions.

Language : English

Speaker : Mathias Fuchs

Located in Austria, Mathias is an Incident Response Consultant and Penetration Tester. He investigates major security breaches in enterprises all over the world. In Penetration testing he focuses on Red Teaming exercises where he adopts real attackers behavior to uncover technical and organizational vulnerabilities in the targeted companies.

Mathias has deep background in Digital Forensics, Incident Response and Penetration testing. Ha has been handling forensic cases and teaching forensic procedures for customers in all businesses including law enforcement and military. He has deep expertise in incident response, forensic investigations, software development methodologies, and large scale database implementations. He is also a very capable programmer.

Prior to joining Mandiant, Mathias was a Security Consultant for T-Systems International, division of Deutsche Telekom Group,handling Penetration Testing, Incident Response and forensic assignments. Previously, he was working in a regionalconsulting and training firm in Innsbruck, Austria building up their security portfolio

Talk description : Incident Response: From the Front Lines

From the people behind APT1, Mathias Fuchs, Incident Response Consultant and Penetration Tester at Mandiant will discuss how breaches continue to be inevitable – but by understanding the hallmarks of an attack, the lifecycle of a breach and best practices for incident response can help companies identify and stop an attacker before they reach their objective. In this talk, Mathias will outline the 4 steps of the incident response process, from preparation, detection, hunting and remediation. He will explain the challenges of each step, the value of intelligence and how important it is to recognize the threat and take appropriate actions.

Using a case study illustration of a breach of a 50,000 system network, Mathias will outline how an APT (advanced persistent threat) actor successfully infiltrated a network and stole data. He will share the lessons learned and investigative tips from a real incident response investigation, tools and techniques used, how the breach was detected, prevention measures as well as remediation recommendations.

Language : English

Speakers: Tobias Bolliger (Deputy Head of CYCO) and Gilles Zürcher (CYCO Investigator)

Tobias Bolliger serves as Deputy Head of the Swiss Cybercrime Coordination Unit (CYCO), which is part of the Swiss Federal Police in Berne. After studying the law at the University of Fribourg and spending a few years as a legal counsel at Swisscom, he joined CYCO in 2009. Since then fighting cybercrime has not only become a 24/7-task for Bolliger – but a matter truly dear to his heart. Among other things, he’s deeply involved in the implementation of the National Strategy to protect Switzerland from Cyber-Risks (NCS) in the field of law enforcement. Hereby he’s focusing on the drafting of a national concept concerning a case overview and the coordination of counter-cybercrime within Switzerland. As a law enforcement expert on cybercrime, he’s also representing Switzerland on different high-level conferences world-wide (EUCTF, Global Alliance against Child Sexual Abuse Online, #WeProtect Children Online and more). On one side lawyer and cop, but on the other side technology enthusiast, he believes, that the internet is one of the greatest inventions of mankind – a mirror of society, with all its good and bad issues.

Gilles Zürcher travaille comme enquêteur pour le SCOCI depuis bientôt 4 ans. Après des études en informatique de gestion à Neuchâtel, il a été engagé comme administrateur système par le canton de Berne. Son objectif a toujours été de pouvoir s’engager dans une unité cyber de la police. Ce passionné d’informatique qui se présente comme un ‘généraliste’ dans le domaine est désormais engagé dans la lutte contre les pédocriminels sur Internet en collaborant sur des projets variés comme le blocage des sites pédopornographiques, la surveillance des réseaux P2P ou les investigations secrètes.

Talk description : CYCO – Fighting cybercrime in Switzerland

Founded in 2003, the Cybercrime Coordination Unit Switzerland (CYCO) is Switzerland’s central office for reporting illegal subject matter on the Internet. After conducting an initial analysis of the incoming report and securing the relevant data, CYCO forwards the case to the appropriate law enforcement agencies in Switzerland and/or abroad. The Cybercrime Unit also actively searches the Internet for illegal subject matter and carries out in-depth analyses of cybercrime. Tobias Bolliger and Gilles Zürcher will be giving an insight on their mission, technical projects, national coordination and international cooperation with Interpol and Europol.

Language : English

Speaker: Thomas Braun

Thomas currently heads the Information Security and Architecture Section in the Office of Information and Communications Technology of the United Nations. Based at its headquarter in New York his team is responsible for setting and maintaining the Organisation’s enterprise architecture and information security frameworks and overseeing their global implementation. Prior to joining the United Nations he was a founding member of the network security team at Cornell University in Ithaca, NY, and served as the first Information Security Officer of the World Trade Organization in Geneva, Switzerland.

Talk description : Information Security for the United Nations

Language : English

Speaker: Axelle Apvrille

Axelle Apvrille is a senior antivirus researcher at Fortinet. Senior hopefully meaning she’s experienced, but not that old 😉 She specifically looks into mobile malware, but is also having fun with Internet of Things.

She enjoyed speaking at several past InsomniHack editions, but also at Hack.Lu, Black Hat Europe, Hashdays etc.

Known in the community by her more or less mysterious handle “Crypto Girl”, she also is a member of the pic0wn CTF team and (tries to) solve challenges for fun (and no profit).

Talk description : Pawn Storm: What’s Up on iOS devices?

Although there are far less known malware on iOS devices, quite a couple have been discovered since last year: UpdateSrv, WireLurker, Pawn Storm…

After a brief overview of existing iOS malware, we focus on the most recent one: Pawn Storm, discovered in February 2015. This one is particularly interesting because quite advanced and probably part of a larger espionage operation.
We get our hands into the code, and down to the disassembly of Objective C to understand how it works (which commands it responds to, how it detects it is jailbroken, how it hides), but also to collect some ‘intelligence’ information on its author.

We also highlight some recent trends concerning iOS malware, such as the development of Mobile Substrate extensions, or the potential use of adhoc provisioning to infect devices.

Language : English

Speaker: Bruno Kerouanton

Bruno is the official Insomni’hack mascot , do we really need to present him ? He is the only speaker that did all the previous editions.

Talk description : Setting-up a cool Infosec Lab at home, tips and tricks, for your eyes only !

If you ever wondered what are the cool applications to have when you want to do malware or more generally infosec research, I’m going to give you the keys of my home environment, and show you what could fit into
your basement to setup a great infosec lab, without disturbing other members of your family and kids with weird experiments. Apart from being a CISO, my decades of experience in Infosec led me to acquire and set-up a cool home infrastructure, multi-purpose but mostly Infosec research
I hope my talk will give you some clues and wise advises if you want to follow, and most of all will help you to avoid crapware, bad infrastructure design, and poor choices. Please note I won’t present many slides, as I expect you to take your laptop and follow my interactive talk, that’s always more fun !

Language : English

Speaker: Isabelle Dubois, Ad Hoc Resolution & Alexandre Souillé Olfeo

Alexandre Souillé est le créateur de la société indépendante Olfeo.

Olfeo a pour particularité d’éditer des solutions de proxy et de filtrage de contenu web avec une approche multi-locale. Elle propose une version dédiée à la Suisse afin de prendre en compte les particularités juridiques, les centres d’intérêts helvétiques et les contraintes particulières de sécurité.

Isabelle Dubois, associée chez Ad Hoc Resolution, est expert en protection des données personnelles.

Isabelle Dubois a été 1ère Préposée genevoise à la protection des données et à la transparence, titulaire du brevet d’avocat et médiatrice et chargée d’enseignement HES-SO, elle accompagne aujourd’hui les entreprises et administrations sur le chemin de la conformité juridique et de la sûreté.

Talk description : L’importance d’une approche suisse dans le proxy et le filtrage de contenu

Les projets de filtrage ne sont pas à considérer sur les seuls aspects techniques et fonctionnels car leur mise en œuvre associe de nombreuses autres disciplines : droit pénal, droit civil, droit du travail, management, accès aux données personnelles, culture, …. Toutes ces disciplines varient en fonction du pays.

C’est pourquoi les solutions à vision globale ne sont plus adaptées à l’augmentation du niveau d’exigence attendu.

Pour qu’une solution de proxy soit pertinente, elle doit :

  • prendre en compte la législation Suisse pour détecter le surf illégal,
  • connaître les habitudes de surf Suisses et classer les contenus en conformité avec la culture locale,
  • lutter continuellement contre les menaces informatiques localisées sur la Suisse,
  • respecter le droit des travailleurs et la protection de la personnalité des travailleurs.

En quoi la loi Suisse est-elle aussi spécifique ? Vous aurez la réponse lors de notre show !

Language : French

Speaker: Grant Burst WALLIX

Pre-Sales at Wallix, the European leader in Privileged User Management.

International man of mystery with a penchant for Bow Ties, Whisky, Gin and Fine Cigars. In the past people have confused Grant with James Bond, however the years have not been kind and he is more often compared with Jeremy Clarkson

Grant’s career started with a spell in the British Army where his dreams of joining the special forces were cut short due to injury, and he went from being Airborne to Chairborne. He described his time in the first Gulf War as a great beach holiday but it was spoilt by the lack of women and the rumours of giant camel spiders.
Since then he has held positions with a number of national & international companies along with a few interesting contracts and can often be found explaining the difference between Information Assurance and Information Technology

Talk description : The usual suspects A quick look at the issues of the Insider and Ex-Employee Threats and Demo of the Wallix AdminBastion

Who, What, When, Where and Why and how Proper Preparation and Planning can help protect you and your company assets as well as save you weeks of investigation of an incident or have you ready for any audit.

Language : English

Speaker : Josiah Hagen from the DVLabs Security (HP Enterprise Security)

Josiah is a security researcher with HP DVLabs Tipping Point Research Group. He has 100+ dog years of professional software development experience. Josiah used to do AI, with work focused on graph theory, search, and deductive inference on large knowledge bases. As rules only get you so far, he moved from AI to using machine learning techniques identifying failure modes in email traffic. There followed digressions for profit. Current interests include clustering, classifying and understanding network traffic, often aimed at identifying malicious actors.

Talk description : Machine Learning for Security

Applied statistics, aka ‘Machine Learning’, offers a wealth of techniques for answering security questions. It’s a much hyped topic in the big data world, with many companies now providing machine learning as a service. This talk will demystify these techniques, explain the math, and demonstrate their application to security problems. The presentation will include how-to’s on classifying malware, looking into encrypted tunnels, and finding botnets in DNS data.

Language : English

Speaker : Nicolas Ruff (Google)

Nicolas RUFF is a security researcher in Google Security Team. He is fixing the Internet, or at least trying to. Previously working at Airbus Group, he has 15+ years of experience in security assessments, systems hardening and flaw finding.

Talk Description : an overview of all security programs run by Google for bringing more security to the Interwebs

Language ; English

Speaker : Darren Turnbull (Fortinet)

Darren Turnbull is Vice President Strategic Solutions at Fortinet and is based in London. Darren has been an Engineering leader at Fortinet for over 10 years and in the security industry for more than 30 years. His responsibility extends across aspects of software, hardware and services development. Prior to Fortinet, Darren spent nearly 20 years with British Telecom in the UK in a variety of senior operational, network and security design roles.

Talk Description : Fortinet’s Strategic Mission as Cyber-Security Leader

Fortinet will lead the cyber security market with the industry’s fastest and most secure solutions that go beyond traditional security to protect customers everywhere they need to be protected – inside the border and out. As cyber crime evolves, only Fortinet can provide the greatest levels of security and peace of mind for customers in an unpredictable, dynamically changing world. This presentation, targeted at decision makers, explains Fortinet’s vision, mission and inovation.

Language ; English