On October 21-24 more than 300 world-class security professionals from around 40 different countries met in Luxembourg for the 10th Hack.lu, one of the oldest and largest conferences in Europe on Information Security. After this year’s success, the team has already announced the dates for the 2015 edition: 20-22 October 2015. Hack.lu is a unique conference in Europe during which professionals openly talk about security vulnerabilities and their own discoveries.
From Cyber-Warfare in Ukraine to the Heartbleed Adventure and State-sponsored Attacks
The conference took place over 4 days with more than 50 speakers and an equivalent number of presentations and workshops. hack.lu website
“The difference with other conferences is that our speakers really show the different evolutions, including successes and failures, they experience when discovering a vulnerability or developing a tool to mitigate, intercept or test a vulnerability. It is about sharing and exposing actions and steps taken on a specific topic”, explains Alexandre Dulaunoy, co-organiser of hack.lu.
As an example, an active member of the IT security community in Ukraine exposed the impact of the actions carried out by Russia during the Ukrainian conflict that resulted in a “ Cyber-Warfare ”. These attacks essentially occurred during the Ukrainian demonstrations and were used to shut down the main Ukrainian media and government websites.
Another presentation showed a new technique that could be used to attack web browsers while staying “invisible”, called “Cross-Container Scripting”. This technique is based on a change in attributes of the header of a JPG, BMP or GIF image. It aims to integrate a JavaScript exploitation code within the image.
A 19 years old engineer presented how he developed the first tool used to test the Heartbleed vulnerability. Approximately 300.000.000 tests from all around the world were carried out in only 14 days.
An interesting presentation about D&D of malware with exotic C&C by two security researchers explained how to detect malware on the network. They also explained how to detect a state-sponsored malware called Regin in internal networks.
Capture The Flag: Wild Wide West & Cowboy style for the 2014 CTF
One of the main highlights of the conference was the Capture the Flag (CTF) contest that has enrolled this year 395 teams, made of 3 to 5 people each. This year’s theme was Wild Wide West and included around 30 different challenges to choose from.
CTF is designed like an educational exercise by the FluxFingers architects from the Ruhr-University Bochum. It is a computer Security competition, which aims to give participants experience in securing a machine, as well as conducting and reacting to real world type of attacks.
The first on-site winner is a Belgian team called “pollypocket”.
Conference sponsoring is already open for 2015. For more information, please contact the hack.lu team at: info(AT)hack(DOT)lu