conference

[CONFERENCE] HACK-IT-N

HACK-IT-N, organisée par TEHTRIS et l’ENSEIRB-MATMECA, est une conférence française annuelle qui aborde la sécurité informatique sous les aspects techniques, organisationnels et également sociétaux. L’édition 2019 a eu lieu mardi 10 décembre 2019 à Bordeaux dans les locaux de l’école d’ingénieurs. Après un bref discours d’introduction de Laurent OUDOT, Président de TEHTRIS, et Toufik AHMED, Directeur de la Recherche, de l’Innovation et du Transfert à l’ENSEIRB-MATMECA, c’est Bernard Barbier, l’ancien Directeur Technique de la DGSE, qui a pris la parole pour donner sa vision de la cyberguerre permanente que nous vivons en ce moment.

Continue reading

[CONFERENCE] SIGSEGV2

L’événement SIGSEGv2, organisé par l’association Read The Fancy Manual (RTFM) est une conférence française annuelle sur le thème de la sécurité informatique dont le mot d’ordre est de “promouvoir la pratique du hacking sous toutes ses formes”. Cette deuxième édition, pour laquelle Randorisec était sponsor, a eu lieu le samedi 30 novembre 2019 dans les locaux d’Epitech Paris. L’évènement SIGSEGv2 a pour objectif de : Partager des connaissances Montrer le niveau de la France dans le secteur de la sécurité informatique et du hacking Proposer des épreuves de hacking Soutenir des projets innovants L’événement s’est déroulé en deux parties :

Continue reading

[Training/Conference] DeepSec 2019

Training During the DeepSec event, we gave our Mobile Hacking training (this training was also provided at Hack In Paris). This training presented the toolset needed when assessing mobile applications (such as adb, Apktool, Jadx, Androguard, Cycript, Frida, Needle and MobSF) and, also, the techniques to help you to work faster and in a more efficient way in the mobile ecosystem. This 2-days training focused on Android and iOS applications.

Continue reading

[CONFERENCE] CERT-EU 2019 ANNUAL CONFERENCE

RandoriSec was at CERT-EU 2019 Annual Conference. It was our first time attending this conference and probably not the last one as the speakers line-up was impressive ! We cannot share details like we used to do as it was a closed, invitation-only event and many talks had a TLP GREEN, AMBER or even RED but we can give you the agenda excluding for the TLP AMBER and RED talks.

Continue reading

[Conference] Hack.Lu 2019

RandoriSec was at Hack.lu for its 15th edition and as you can imagine it was super interesting. In addition this year, RandoriSec sponsored the CTF! If you’ve never heard of Hack.lu, it’s a 3 days IT security conference held in Luxembourg every year. The conference is attended mostly by cybersecurity professionals from all over the globe. Several subjects are discussed including malware analysis and reversing, forensics, network, mobile and web security and incident response.

Continue reading

[Training/Conference] DeepSec 2019 - Mobile Hacking / Abusing Google Play Billing

RandoriSec is going back to DeepSec (Vienna, Austria) this year. Guillaume Lopes will give a talk about abusing the Google Play Billing API and he’ll give a training with Davy Douhine. The Mobile Hacking training, running the 27 and 28 November, is intended for penetration testers, bug bounty researchers or just curious who would like to improve their security testing skills applied to the mobile ecosystem. The objective of the course is to introduce the basic toolset (Adb, Apktool, Jadx, Cycript, Drozer, Frida, Hopper, Needle, etc.

Continue reading

[Conference] HITB Amsterdam 2019

Again, RandoriSec was at Hack In The Box for the 2019 edition in Amsterdam! It was really great! The first 3 days of the event are dedicated for the trainings. About that, we heard that the training from Nicolas Grégoire (aka @Agarri) was really great and got very good feedback from the attendees. If you want to improve your skills on Burp Suite Pro, you should attend this training.

Continue reading

[Conference] CLUSIF - Gestion des incidents de sécurité : résilience et amélioration

La semaine dernière j’ai participé à la table ronde de la conférence du CLUSIF “Gestion des incidents de sécurité : résilience et amélioration.” Mon intervention présentait un travail de recherche effectué en 2016-2017, qui peut se résumer par une question: comment éviter que des biais cognitifs ou organisationnels n’impactent la gestion de la sécurité? En général les décisions en sécurité se prennent sur la base d’avis d’experts, de fournisseurs, de benchmarks ou de discussions avec les pairs.

Continue reading

[Conference] BSides Dublin 2019 – Abusing Google Play Billing for fun and unlimited credits!

The March 23th, Guillaume Lopes gave a talk at BSides Dublin about how to bypass the payment on Google Play Billing API. Synopsis: In 2017, the estimated global in-app purchase revenue was projected to exceed $37 billion. Just in the Google Play Store, for 2018, more than 200 000 apps are offering in-app purchases. However, the Google Play Billing API is not offering a sufficient level of protection in order to ensure the security of the payment transactions.

Continue reading

[Conference] Industrial Hacking at DeepINTEL

We will be speaking about Industrial Hacking at DeepINTEL in Vienna this week! Here is the pitch: A few months ago a client asked us to assess the security of the ICS (Industrial Control Systems) of a brand new datacenter. As we were no industrial guys we discovered a whole new world and we tried and failed many times before owning the system. ”_Industrial DIY_“ tries to show how a small team of pentesters managed to assess the security of industrial systems (ICS/SCADA/BMS) and how to protect these critical infrastructures against a few major threats.

Continue reading