The 11th edition of hack.lu closed after 4 days of workshops, presentations, networking and fun. The next edition is already announced and will take place on October 18-20, 2016 in Luxembourg. This year again, more than 400 world-class security professionals from around 40 different countries met in Luxembourg for one of the oldest and largest conferences in Europe on Information Security. Hack.lu is truly unique and allows professionals to openly talk about security vulnerabilities and to present their own discoveries.
“We are really proud of this edition that gathered world class experts and speakers and received an amazing international press coverage”, says Alexandre Dulaunoy from CIRCL. (see more here: https://securitymadein.lu/a-successful-first-day-for-hack-lu/)
The First MISP Summit
The hack.lu opened with a side event, the first ever Malware Information Sharing Platform (MISP) Summit. The aim of this advanced platform is to share, store and correlate Indicators of Compromises from attacks and cyber security threats. The presentations covered the upcoming versions and improvements, the legal framework and some technical aspects.
This year again, hack.lu had some key highlights and topics.
The Internet of Things was majorly covered with talks like the one from Marie Moe, a scientist, who was forced to become a human part of the Internet of Things due to her pacemaker, which has a wireless interface for remote monitoring.
Axelle Apvrille also presented findings showing that the Fitbit Flex can be hacked using its Bluetooth radio. She was able to use the Fitbit to deliver code to a computer. The attacker is thus able to infect a Fitbit device from anywhere within Bluetooth range (i.e. about 15 feet) and in only 10 seconds.
Yaniv Balmas talked about Key-Logger, Video, Mouse (KVM) and how to “turn a KVM into a raging key-logging monster”. He also presented a live demo of the POC code to show that air-gapped networks might not be segregated and that malware code could actually reside outside the computer, persisting through reboots, wipes, formats, and even hardware replacements.
For more in-depth reading, find all the presentations here: http://archive.hack.lu/2015/
Capture The Flag: “I have never let my schooling interfere with my education”, Mark Twain
One of the main highlights of the conference was the Capture the Flag (CTF) contest, reconciling the theme around education, which has enrolled more than 300 teams this year.
The winner is a Polish team called Dragon Sector, followed by two American teams, PPP and Samurai. The first on-site teams are ranked 4th, Shellpish (USA); 5th, More Smoked Leet Chicken (Russia), and 10th, Pollypocket (BE)
As part of this education/schooling theme, a side event, CryptoParty4Kids, gathered more than 20 children, aged from 8 to 12 years old. This event allowed children to make their first steps in the hacking culture and get introduced to the basics of practical cryptography. The aim of a CryptoParty is to present the most basic cryptography software and the fundamental concepts of their operation to the general public.
Conference sponsoring is already open for 2016. For more information, please contact the hack.lu team at: info(AT)hack(DOT)lu