Hackito Ergo Sum 2011

Hackito Ergo Sum 2011

Hackito Ergo Sum est le rendez-vous international que vous fixe le hackerspace /tmp/lab. L’édition 2011 se tiendra du 7 au 9 avril et reunira, on peut leur faire confiance, de nombreux talents pour offrir des interactions de haut niveau. L’appel à participation vient tout juste d’être lancé. Si vous avez des choses à partager, qu’il s’agisse de code ou de bidouille matérielle, cet événement est un incontournable : conférences de haut niveau, capture the flag, des rencontres qui s’adressent aussi bien aux bidouilleurs qu’aux institutionnels ou représentant d’organisation gouvernementale.

La HADOPI ne sera surement pas oubliée, quelque part entre le hacking d’Echelon et de SCADA, un set « Governmental firewall and their limits (Australia, French’s HADOPI, China, Iran, Denmark, Germany, …) » est prévu et je ne saurai trop recommander aux représentants de la HADOPI d’y participer pour comprendre que les limites ne sont pas que philosophiques et que les dangers sont bien réels.

HES 2011 c’est aussi et surtout l’espoir de voir un jour la France rattraper son retard historique sur les autres pays européens en matière de hacking. Faut il encore préciser que le hacking est une discipline noble, utile, favorisant l’innovation et la créativité, indiscociable de la recherche informatique ou de la recherche en général, et qui ‘na rien à voir avec le « piratage ».

A noter que HES2011 se cherche encore des sponsors, n’hésitez pas à les contacter si vous pensez que l’image de votre institution ou de votre entreprise peut trouver une cohérence à s’associer avec un évènement de ce type dont on sait par avance qu’il ne peut être qu’une réussite vu le sérieux reconnu du /tmp/lab pour l’organisation d’évènements (comme le Hacker Space Festival) et sa faculté à regrouper aisément des spécialistes très reconnus dans leur discipline.

HES 2011 : le call for paper

–[ Synopsis:
Hackito Ergo Sum conference will be held from April 7th to the 9th of 2011 in Paris, France.
Following last edition’s success, HES2011 will be a bigger event with even more talks, focusing on hardcore computer & network security, insecurity, vulnerability analysis, reverse engineering, research and hacking, and will try to keep the high quality content. Our dear Program Committee is there to ensure this.
HES will this year be a fully international-oriented conference, 100% in English, aiming to gather the best security researchers, experts and decision makers in one room.
–[ Introduction:
The goal of this conference is to promote security research, broaden public awareness and create an open forum so that communication between the researchers, the security industry, the experts and the public can happen.
Last year, we pioneered a domain with the first Capture The Flag (CTF) contest on FPGA, with excellent result that exceeded by far our expectations. This year, new contests will run with hopefully even more diverse and new approaches to security. Of course, network-based CTF and lockpicking contest will still happen.
We will have a specific session for new works, including slots for new presenters -i.e. typically people whose personal research are extremely interesting but who do not usually present at conferences- because security innovations occur at the fringe of the security industry, very often by passionate people, and that’s what we are and love. Submissions from students, academics or otherwise passionate people from anywhere on the internet are therefore most welcome.
We will also have an anonymous side track so that people who wish to present sensitive subjects can do so in total freedom. As we believe the academic system as setup a good precedent with anonymous submissions, review and voting, we wish to pursue this direction by providing researcher a way to share important contribution without being concerned with politics and other non-research influences.
This conference will try to take into account all voices in order to reach a balanced position regarding research and security, inviting businesses, governmental actors, researchers, professionals and the general public to share concerns, approaches and interests for this topic.
During three days research conferences, solutions presentations, panels and debates will aim to view and determine the future of IT security.
–[ Content of the Research Track:
We are expecting submissions in English only. The format will be 45 mins presentation + 10 mins Q&A.
Please note that talks whose content will be judged too commercial or biased toward a given vendor will be rejected.
For the research track, preference will be given to offensive, innovative and highly technical proposals covering (but not restricted to) the topics below:
[*] Attacking Software
* Automating vulnerability discovery
* The business of the 0-day market
* Non-x86 exploitation
* New classes of software vulnerabilities and new methods to detect
software bugs (source or binary based)
* Static and Dynamic binary or source-based analysis
* Current exploitation on Gnu/Linux WITH GRsecurity/SElinux/OpenWall/SSP
and other current protection methods
* Kernel land exploits (new architectures or remote only)
* New advances in Attack frameworks and automation
* Secure Development Life Cycle and real-life development experiences
[*] Attacking Infrastructures
* Botnets and C&C abuses
* Exotic Network Attacks
* Telecom (from VoIP to SS7 to GSM & 3G/4G RF hacks)
* Financial and Banking institutions
* SCADA and the industrial world, applied.
* Governmental firewall and their limits (Australia, French’s HADOPI,
China, Iran, Denmark, Germany, …)
* Law enforcement : how to / how to deceive / how to abuse.
* Satellites, Military, Intelligence data collection backbones
(« I hacked Echelon and I would like to share »)
* Non-IP (SNA, ISO, make us dream…)
* M2M
* Wormable vulnerabilities against protocols & infrastructures
[*] Attacking Hardware
* Hardware reverse engineering (and exploitation + backdooring)
* Femto-cell hacking (3G, LTE, …)
* BIOS and otherwise low-level exploitation vectors
* Real-world SMM usage! We know it’s vulnerable, now let’s do something
* WiFi drivers and System on Chip (SoC) overflow, exploitation and backdooring.
* Gnu Radio hacking applied to new domains
[*] Attacking Crypto
* Practical crypto attacks from the hacker’s perspective
(RCE, algo modeling, bruteforce, FPGA …)
* Algorithm strength modeling and evaluation metrics
* Hashing functions pre-image attacks
* Crypto where you wouldn’t think there is
We highly encourage any other presentation topic that we may not even imagine.
–[ Submissions:
[*] Required information:
Submitions must (see RFC 2119 for the meaning of this word) contain the following information:
* Speaker’s name or alias
* Biography
* Presentation Title
* Description
* Needs: Internet? Others?
* Company (name) or Independent?
* Address
* Phone
* Email
* Demo (Y/N)
We highly encourage and will favor presentations with a demo.
Submissions may contain the following information:
* Tool
* Slides
* Whitepaper
[*] How to submit:
Submit your presentation and materials at:
http://hackitoergosum.org/apply/
–[ Workshops:
If you want to organize a workshop or any other activity during the conference, you are most welcome. Please contact us at: [email protected]
–[ Dates:
2010-11-15    Call for Paper
2011-02-20    Submission Deadline
2011-02-21    Acceptance notification
2011-03-01    Program announcement
2011-04-07    Start of conference
2011-04-09    End of conference
–[  Program Committe:
The submissions will be reviewed by the following program committee:
* Tavis Ormandy (Google) @taviso
* Matthew Conover (Symantec) @symcmatt
* Jason Martin (SDNA Consulting, Shakacon)
* Stephen Ridley @s7ephen
* Mark Dowd (AzimuthSecurity) @mdowd
* Tiago Assumpcao
* Alex Rice (Facebook) facebook.com/rice
* Pedram Amini (ZDI) @pedramamini
* Erik Cabetas
* Dino A. Dai Zovi (Trail Of Bits) @dinodaizovi
* Alexander Sotirov @alexsotirov
* Barnaby Jack (IOActive) @barnaby_jack
* Charlie Miller (SecurityEvaluators) @0xcharlie
* David Litchfield (V3rity Software) @dlitchfield
* Lurene Grenier (Harris) @pusscat
* Alex Ionescu @aionescu
* Nico Waisman (Immunity)  @nicowaisman
* Philippe Langlois (P1 Security, TSTF, /tmp/lab) @philpraxis
* Jonathan Brossard (Toucan System, P1 Code Security, /tmp/lab) @endrazine
* Matthieu Suiche (MoonSols) @msuiche
* Piotr Bania @piotrbania
* Laurent Gaffié (Stratsec) @laurentgaffie
* Julien Tinnes (Google)
* Brad Spengler (aka spender) (Grsecurity)
* Silvio Cesare (Deakin University) @silviocesare
* Carlos Sarraute (Core security)
* Cesar Cerrudo (Argeniss) @cesarcer
* Daniel Hodson (aka mercy) (Ruxcon)
* Nicolas Ruff (E.A.D.S) @newsoft
* Julien Vanegue (Microsoft US) @jvanegue
* Itzik Kotler (aka izik) (Security Art) @itzikkotler
* Rodrigo Branco (aka BSDeamon) (Checkpoint) @bsdaemon
* Tim Shelton (aka Redsand) (HAWK Network Defense) @redsandbl4ck
* Ilja Van Sprundel (IOActive)
* Raoul Chiesa (TSTF)
* Dhillon Andrew Kannabhiran (HITB) @hackinthebox
* Philip Petterson (aka Rebel)
* The Grugq (COSEINC) @thegrugq
* Emmanuel Gadaix (TSTF) @gadaix
* Kugg (/tmp/lab)
* Harald  Welte (gnumonks.org) @LaF0rge
* Van Hauser (THC)
* Fyodor Yarochkin (Armorize) @fygrave
* Gamma (THC, Teso)
* Pipacs (Linux Kernel Page Exec Protection)
* Shyama Rose @shazzzam
–[ Fees:
Business-ticket (3 days)                                         120 EUR
Public entrance (3 days)                                         80 EUR
Discount for Students below 26  (3 days)                         40 EUR
Discount for CVE publisher or exploit publisher in 2010-2011(3d) 40 EUR
One-day pass                                                     40 EUR
Volunteers (Must register, see below)  (3 days)                   0 EUR
–[ Trainings
The list of trainings for HES2011 will be announced shortly after CFP publishing. You can still send us training description to hes2011-orga AT_lists.hackitoergosum.org if you want to offer some training. Trainings will happen from Monday 4th of April until Wednesday 6th of April, just before the conference.
–[ Sponsors:
We are looking for sponsors. Entrance fees and sponsors fees are used to fund international speakers travel costs and hosting facility. Please ask for the HES2011 Sponsor Kit at hes2011-orga __AT__ lists.hackitoergosum.org.
–[ Volunteers:
Volunteers who sign up before 2011-03-01 get free access and will need to be present onsite two days before (2011-04-05) if no further arrangement is made
with the organization.
–[ Journalists:
Journalists are welcome, but are required to comply with simple rules to ensure the mutual respect among adults we aim to bring in hackito. In particular, filming or taking pictures of attendees without their prior agreement is totally prohibited. « We shall respect privacy and people » is the only motto.
–[ Greetz:
We would like to thank the HES2010 Team, its reviewing committee and all the volunteers for their time and dedication in making this event a success. Thumbs up to the /tmp/lab hackerspace for their support and the final HES party which was a tremendous success.
We would also like to greet all the speakers of last year’s edition for the quality of their presentation and the great time we shared in Paris : you are all most welcome back in Paris for the 2011 edition.
Likewise, we’d like to thank last year’s sponsors for their unconditional support. Feel free to support us again for this 2011 edition.
Finally, we would like to thank all the people that participated to last years edition : the conference is the people 🙂 See you all in April !

–[ Synopsis:
Hackito Ergo Sum conference will be held from April 7th to the 9th of 2011 in Paris, France.
Following last edition’s success, HES2011 will be a bigger event with even more talks, focusing on hardcore computer & network security, insecurity, vulnerability analysis, reverse engineering, research and hacking, and will try to keep the high quality content. Our dear Program Committee is there to ensure this.
HES will this year be a fully international-oriented conference, 100% in English, aiming to gather the best security researchers, experts and decision makers in one room.

–[ Introduction:
The goal of this conference is to promote security research, broaden public awareness and create an open forum so that communication between the researchers, the security industry, the experts and the public can happen.
Last year, we pioneered a domain with the first Capture The Flag (CTF) contest on FPGA, with excellent result that exceeded by far our expectations. This year, new contests will run with hopefully even more diverse and new approaches to security. Of course, network-based CTF and lockpicking contest will still happen.
We will have a specific session for new works, including slots for new presenters -i.e. typically people whose personal research are extremely interesting but who do not usually present at conferences- because security innovations occur at the fringe of the security industry, very often by passionate people, and that’s what we are and love. Submissions from students, academics or otherwise passionate people from anywhere on the internet are therefore most welcome.
We will also have an anonymous side track so that people who wish to present sensitive subjects can do so in total freedom. As we believe the academic system as setup a good precedent with anonymous submissions, review and voting, we wish to pursue this direction by providing researcher a way to share important contribution without being concerned with politics and other non-research influences.
This conference will try to take into account all voices in order to reach a balanced position regarding research and security, inviting businesses, governmental actors, researchers, professionals and the general public to share concerns, approaches and interests for this topic.
During three days research conferences, solutions presentations, panels and debates will aim to view and determine the future of IT security.

–[ Content of the Research Track:
We are expecting submissions in English only. The format will be 45 mins presentation + 10 mins Q&A.
Please note that talks whose content will be judged too commercial or biased toward a given vendor will be rejected.
For the research track, preference will be given to offensive, innovative and highly technical proposals covering (but not restricted to) the topics below:
[*] Attacking Software   * Automating vulnerability discovery   * The business of the 0-day market   * Non-x86 exploitation   * New classes of software vulnerabilities and new methods to detect     software bugs (source or binary based)   * Static and Dynamic binary or source-based analysis   * Current exploitation on Gnu/Linux WITH GRsecurity/SElinux/OpenWall/SSP     and other current protection methods   * Kernel land exploits (new architectures or remote only)   * New advances in Attack frameworks and automation   * Secure Development Life Cycle and real-life development experiences
[*] Attacking Infrastructures   * Botnets and C&C abuses   * Exotic Network Attacks   * Telecom (from VoIP to SS7 to GSM & 3G/4G RF hacks)   * Financial and Banking institutions   * SCADA and the industrial world, applied.   * Governmental firewall and their limits (Australia, French’s HADOPI,     China, Iran, Denmark, Germany, …)   * Law enforcement : how to / how to deceive / how to abuse.   * Satellites, Military, Intelligence data collection backbones     (« I hacked Echelon and I would like to share »)   * Non-IP (SNA, ISO, make us dream…)   * M2M   * Wormable vulnerabilities against protocols & infrastructures
[*] Attacking Hardware   * Hardware reverse engineering (and exploitation + backdooring)   * Femto-cell hacking (3G, LTE, …)   * BIOS and otherwise low-level exploitation vectors   * Real-world SMM usage! We know it’s vulnerable, now let’s do something   * WiFi drivers and System on Chip (SoC) overflow, exploitation and backdooring.   * Gnu Radio hacking applied to new domains
[*] Attacking Crypto   * Practical crypto attacks from the hacker’s perspective     (RCE, algo modeling, bruteforce, FPGA …)   * Algorithm strength modeling and evaluation metrics   * Hashing functions pre-image attacks   * Crypto where you wouldn’t think there is
We highly encourage any other presentation topic that we may not even imagine.
–[ Submissions:
[*] Required information:
Submitions must (see RFC 2119 for the meaning of this word) contain the following information:
* Speaker’s name or alias* Biography* Presentation Title* Description* Needs: Internet? Others?* Company (name) or Independent?* Address* Phone* Email* Demo (Y/N)
We highly encourage and will favor presentations with a demo.
Submissions may contain the following information:* Tool* Slides* Whitepaper
[*] How to submit:
Submit your presentation and materials at:http://hackitoergosum.org/apply/

–[ Workshops:
If you want to organize a workshop or any other activity during the conference, you are most welcome. Please contact us at: [email protected]

–[ Dates:
2010-11-15    Call for Paper2011-02-20    Submission Deadline2011-02-21    Acceptance notification2011-03-01    Program announcement2011-04-07    Start of conference2011-04-09    End of conference
–[  Program Committe:
The submissions will be reviewed by the following program committee:* Tavis Ormandy (Google) @taviso* Matthew Conover (Symantec) @symcmatt* Jason Martin (SDNA Consulting, Shakacon)* Stephen Ridley @s7ephen* Mark Dowd (AzimuthSecurity) @mdowd* Tiago Assumpcao* Alex Rice (Facebook) facebook.com/rice* Pedram Amini (ZDI) @pedramamini* Erik Cabetas* Dino A. Dai Zovi (Trail Of Bits) @dinodaizovi* Alexander Sotirov @alexsotirov* Barnaby Jack (IOActive) @barnaby_jack* Charlie Miller (SecurityEvaluators) @0xcharlie* David Litchfield (V3rity Software) @dlitchfield* Lurene Grenier (Harris) @pusscat* Alex Ionescu @aionescu* Nico Waisman (Immunity)  @nicowaisman* Philippe Langlois (P1 Security, TSTF, /tmp/lab) @philpraxis* Jonathan Brossard (Toucan System, P1 Code Security, /tmp/lab) @endrazine* Matthieu Suiche (MoonSols) @msuiche* Piotr Bania @piotrbania* Laurent Gaffié (Stratsec) @laurentgaffie* Julien Tinnes (Google)* Brad Spengler (aka spender) (Grsecurity)* Silvio Cesare (Deakin University) @silviocesare* Carlos Sarraute (Core security)* Cesar Cerrudo (Argeniss) @cesarcer* Daniel Hodson (aka mercy) (Ruxcon)* Nicolas Ruff (E.A.D.S) @newsoft* Julien Vanegue (Microsoft US) @jvanegue* Itzik Kotler (aka izik) (Security Art) @itzikkotler* Rodrigo Branco (aka BSDeamon) (Checkpoint) @bsdaemon* Tim Shelton (aka Redsand) (HAWK Network Defense) @redsandbl4ck* Ilja Van Sprundel (IOActive)* Raoul Chiesa (TSTF)* Dhillon Andrew Kannabhiran (HITB) @hackinthebox* Philip Petterson (aka Rebel)* The Grugq (COSEINC) @thegrugq* Emmanuel Gadaix (TSTF) @gadaix* Kugg (/tmp/lab)* Harald  Welte (gnumonks.org) @LaF0rge* Van Hauser (THC)* Fyodor Yarochkin (Armorize) @fygrave* Gamma (THC, Teso)* Pipacs (Linux Kernel Page Exec Protection)* Shyama Rose @shazzzam
–[ Fees:
Business-ticket (3 days)                                         120 EUR
Public entrance (3 days)                                         80 EURDiscount for Students below 26  (3 days)                         40 EURDiscount for CVE publisher or exploit publisher in 2010-2011(3d) 40 EUROne-day pass                                                     40 EURVolunteers (Must register, see below)  (3 days)                   0 EUR
–[ Trainings
The list of trainings for HES2011 will be announced shortly after CFP publishing. You can still send us training description to hes2011-orga AT_lists.hackitoergosum.org if you want to offer some training. Trainings will happen from Monday 4th of April until Wednesday 6th of April, just before the conference.
–[ Sponsors:
We are looking for sponsors. Entrance fees and sponsors fees are used to fund international speakers travel costs and hosting facility. Please ask for the HES2011 Sponsor Kit at hes2011-orga __AT__ lists.hackitoergosum.org.
–[ Volunteers:
Volunteers who sign up before 2011-03-01 get free access and will need to be present onsite two days before (2011-04-05) if no further arrangement is madewith the organization.
–[ Journalists:
Journalists are welcome, but are required to comply with simple rules to ensure the mutual respect among adults we aim to bring in hackito. In particular, filming or taking pictures of attendees without their prior agreement is totally prohibited. « We shall respect privacy and people » is the only motto.

–[ Greetz:
We would like to thank the HES2010 Team, its reviewing committee and all the volunteers for their time and dedication in making this event a success. Thumbs up to the /tmp/lab hackerspace for their support and the final HES party which was a tremendous success.
We would also like to greet all the speakers of last year’s edition for the quality of their presentation and the great time we shared in Paris : you are all most welcome back in Paris for the 2011 edition.
Likewise, we’d like to thank last year’s sponsors for their unconditional support. Feel free to support us again for this 2011 edition.
Finally, we would like to thank all the people that participated to last years edition : the conference is the people 🙂 See you all in April !

–[ Contact:

— [ Social Media:

Keep in touch with the HES Organization via Facebook, Twitter and Linkedin !

4 réponses sur “Hackito Ergo Sum 2011”

  1. « c’est aussi et surtout l’espoir de voir un jour la France rattraper son retard historique sur les autres pays européens en matière de hacking »

    Je vais me faire l’avocat du diable, mais tu ne penses pas qu’hadopi peut faire renverser cette tendance?
    Chépa, mais ca pourrais faire naitre des vocations chez les djeuns qui veulent passer outre les interdit.

    (plz ne te fie pas l’adresse ip, je ne suis pas un troll)

  2. Tu devrais *éviter* de citer des sources comme Zataz si tu veux pas passer pour un crétin.

    http://www.dg-sc.org/Manifeste.pdf et https://www.dg-sc.org/blog/index.php?post/2010/03/25/R%C3%A9ponse-%C3%A0-Jean-Bernard-CONDAT et http://fr.wikipedia.org/wiki/Jean-Bernard_Condat (et noway, et des dizaines d’autres sources, y compris des thèses universitaires…) rendent tout aussi bien compte de l’affaire Condat-CCCF-DST. Et ce sont des sources propres.

    Nan parce que bon, utiliser l’intestinal organe de presse de Damien Bancal pour parler de Jean-Bernard Condat, c’est moyen… 🙂

  3. « c’est aussi et surtout l’espoir de voir un jour la France rattraper son retard historique sur les autres pays européens en matière de hacking »

    Ah ? pourtant dans les CTF, c’est tres souvent les francais qui arrivent premier ou second (genre ceux de la defcon). Bizarre, ca me semblait etre des contests de _TRES_ haut niveau.
    J’ai un peu l’impression que tu as une vision plus que biaisee sur les gens faisant de la securite en France. C’est peut-etre parce qu’ils ne bougent pas leur fesses sur scene facon attentionwhore pour trouver du taf.

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.