en
Display fullscreen
Ticket lost ?
Click here
|
English
Francais
English
Español
Italiano
Deutsch
Português
Dutch
Step
Choice of date
Basket
Options
Details
Checkout
Confirmation
Outils
Last order
Check if there is an order in your name
Last name
First name
Order date
Check
Modify email order
Last name
First name
New email
Submit
Ship the order again
Type the email address used for your order
Cancel
Submit
Download my tickets
Download complete
Email
Last 4 digits of the bank card
Cancel
Download
Conference - 4th & 5th of October 2024 (Sold Out)
Reduced Rate
Ends in 12 days
This ticket is only accessible for Student or Security professional that are not reimboursed by their company.
If you have any question please contact the organization contact@hexacon.fr
Read more
660.00
€
Sold out
A choice will be proposed to you in the next step
Trainings - 30th of September to 3th of October 2024
Espace Vinci, Rue des Jeuneurs, Paris, France
Practical Baseband Exploitation | Pedro Ribeiro & Nitay Artenstein
Ends in 12 days
Baseband exploitation is often considered the cream of the offensive security field. In the last decade, only a handful of such exploits were publicly released. As a result, many researchers view the ability to silently achieve code execution on a victim’s device by emulating a GSM (2G), 3G, LTE (4G), or 5G base station as a difficult objective.
In reality, baseband exploitation is not that challenging! By following a simple list of steps, a baseband platform can be quickly unlocked for research, debugging and exploitation.
In this course, students will learn our systematic approach to baseband security research: from setting up a fake base station using SDR and open-source BTS software, to obtaining and analysing mobile phone firmware and crash dumps, modifying BTS code to trigger bugs and deliver a payload, and finally reverse engineering radio protocols, hunting for vulnerabilities and exploiting them.
By the end of this heavily hands-on course, students will become familiar with two extremely common baseband platforms, Shannon and MediaTek, gain the skills to debug these and other baseband platforms, and learn about previously discovered bugs in basebands, and how they have been exploited.
Each student will be provided with a Software Defined Radio (SDR) board to emulate a base station, and a modern mobile phone to serve as a target.
Read more
4200.00
€
Included
0
1
2
A choice will be proposed to you in the next step
Windows Exploit Engineering Foundation | Cedric Halbronn
Ends in 12 days
This class is meant to show the approach an exploit developer or bug hunter should take in attacking a previously unknown component in the Windows kernel. The training is primarily focused around labs to teach the students what it takes to exploit a real-world vulnerability. This class focuses on exploiting CVE-2018-8611 on Windows 10 x64 1809 (RS5), a complex race condition that leads to a use-after-free on the non-paged kernel pool. The vulnerability is in the Kernel Transaction Manager (KTM) driver (tm.sys), a component that has not received much public scrutiny. Even though students will learn a lot about the KTM component, we focus on our approach for analyzing this component as a new kernel component that we had no prior knowledge about. The methodology can be reused for any other unknown kernel components a student may encounter in the future. We do not specifically focus on tricks or techniques for bypassing specific Windows versions mitigations, but rather on the thought process behind exploring functionality to find useful unmitigated code paths and also abusing the bug in ways that allow to build powerful primitives that would facilitate mitigation bypasses. The tools/VM we provide during this training are generic and can be reused after the class to assist exploiting other Windows kernel vulnerabilities.
Read more
4200.00
€
Included
0
1
2
A choice will be proposed to you in the next step
Attacking Instant Messaging Applications | Iddo Eldor & Jacob Bech
Ends in 12 days
Few publicly-known hacks have inspired the imagination of security researchers as much as exploits against IM (instant messaging) applications. 0-click attacks aimed against applications such as WhatsApp, iMessage, and Telegram have raised unprecedented interest and have often caused political turmoil.
Yet, in sharp contrast with the curiosity that IM exploitation generates, public information about this surface remains scant. This training is our bid to bridge the gap.
This course will provide students with the knowledge and hands-on experience in reverse engineering, vulnerability research, and exploitation of real-world IM applications. The target audience is advanced security professionals.
Options will be available in the next step
Read more
4200.00
€
Included
0
1
2
A choice will be proposed to you in the next step
iOS for Security Engineers | Quentin Meffre & Etienne Helluy-Lafont
Ends in 12 days
During this training, participants will discover the ecosystem and the fundamental bricks of the iOS operating system. They will discover the macOS toolchain used to deploy applications, and the debugging and diagnostic tools.
Participants will be teached fundamentals to reverse-engineer applications and system services: Objective-C internals, IPC mechanisms (XPC, NSXPC) and kernel APIs.
Practical examples and exercices built on iOS 17 will guide them all along the training. Hardware and software security measures unique to iOS will be covered, from both userland and kernel perspectives.
Read more
4200.00
€
Included
0
1
2
A choice will be proposed to you in the next step
Software Deobfuscation Techniques | Tim Blazytko
Ends in 12 days
In this training, we get to know state-of-the-art code obfuscation techniques and look at how these complicate reverse engineering. Afterwards, we gradually familiarize ourselves with different deobfuscation techniques and use them to break obfuscation schemes in hands-on sessions. Thereby, participants will deepen their knowledge of program analysis and learn when and how (not) to use different techniques.
Read more
4200.00
€
Included
0
1
2
A choice will be proposed to you in the next step
Introduction to Browser Exploitation | Javier Jimenez
Ends in 12 days
The browser training starts with a JavaScript crash course where we discuss several objects related to JavaScript and their implementations on a JavaScript engine. Next, we go over the commonalities of a browser's architecture, and look at the renderer and the sandbox, using Chrome as an example. Our emphasis is on the JavaScript engine in the renderer process. We develop a birds-eye understanding of it and observe how the peculiarities of the JavaScript language influence the design of a JIT compiler.
Important structures and key concepts such as Object shapes, SSA, IR, Inline Caches, and a few other fundamental concepts relevant to JavaScript engine exploitation are explained in detail. The course dives into the environment of v8, ranging from the execution pipeline to recent mitigations. Once the basics of browsers and JIT are laid out, we use a simple case study to illustrate a browser vulnerability. This is followed by an explanation of JavaScript exploitation primitives. Two real-world vulnerabilities are introduced, and the student is expected to solve simple challenges that will help in the understanding of the inner workings of the exploit. The course will emphasize the similarities and differences of the two vulnerabilities, with the first one serving as a foundation for the second. The challenges will be supported by the theory all along the course. Finally, a quick overview on fuzzing JavaScript engines and browser mitigations is covered.
After attending this fast-paced course, a student can expect to have dropped a foundational anchor on browser security research that enables them to further pursue its depths.
Read more
4200.00
€
Included
0
1
A choice will be proposed to you in the next step
Advanced Active Directory and Azure exploitation | Hugo Vincent & Wilfried Becard
Ends in 12 days
Active Directory and Azure are the heart of identity and access management for many companies and their ubiquity within information systems makes them prime targets during red team engagements. While their security is vastely explored within the public space, mature environments may prove more challenging for operators, requiring advanced exploitation techniques to lead the intrusion to its success. With a focus on hands-on practice (70%), this training will deepen your intrusion skills on modern and mature organizations, with discretion in mind. Each student will access an individual and realistic corporate network to study advanced techniques of reconnaissance, lateral movements, elevation of privileges, extraction of secrets and persistence, within Active Directory and Azure.
Read more
4200.00
€
Included
0
1
2
A choice will be proposed to you in the next step
Hypervisor development for security analysis | Satoshi Tanda
Ends in 12 days
This class teaches you how hypervisors and hardware-assisted virtualization technologies work. You can use this knowledge to build your hacking hypervisors for research and to study, customize, and break existing hypervisors.
We achieve this by developing lightweight, UEFI module-based hypervisors using Intel VT-x and analyzing various advanced hypervisor applications, such as fuzzing and system hardening. The knowledge we acquire applies to kernel module (driver)- based hypervisors and AMD processors.
The class is hands-on oriented; we will spend 30-40% of the time with excesses.
Read more
4200.00
€
Included
0
1
2
A choice will be proposed to you in the next step
Android Kernel Security | Vitaly Nikolenko
Ends in 12 days
Kernel exploitation on Android devices still presents a relatively new unexplored research area due to its diverse range of hardware options and hardware/software exploitation mitigations implemented by vendors or the Linux kernel itself. Similar to other operating systems, Android provides several common user-space exploitation mitigations and attacking the kernel is an appealing option to obtain full access on the device bypassing any user-space exploitation mitigations.
Read more
4200.00
€
Sold out
A choice will be proposed to you in the next step
Discount code
You can enter your code just before payment
Secure payment - Billetweb
Secure payment - Billetweb
None
The number of elements to select is
Please choose at least one of the following
If you do not complete all of the choices now, you can do so from the link at the bottom of your purchase confirmation email.
The minimum number of selectable elements is
The maximum number of selectable elements is
Maximum amount for card payment is
You must select at least one product
Minimum amount is not reached
Your browser blocks cookies. Please enable cookies from billetweb.fr in order to use the box office.
Your browser blocks cookies from third parties. Please allow these cookies in order to use the box office.
Your browser blocks cookies. Allow cookies or
Click here
A choice will be proposed to you in the next step
These products cannot be purchased alone
Next
You can enter your code just before payment