Hack.lu 2019 – Day (3)

The last day of Hack.lu was on Thursday, I am a bit late with the blog post because I was exhausted after we finished for the day and had to take some rest. I was a bit late to the conference because I overslept (sigh) but I didn’t miss any important moments.

In the last day, I decided to participate in workshops instead of attending talks. I had my eyes on two workshops. The first one was the “Junior CTF Install Party” workshop, and the second one was the “Practical Incident Response” workshop.

Credit: All videos are recorded and uploaded by the amazing @cooper. You can find the full list on his website: https://administraitor.video/edition/Hack.lu/2019

I attended two talks before joining the first workshop. The first talk was Beyond Windows Forensics with Built-in Microsoft Tooling by Thomas Fischer who presented a cool project he’s been working on that uses Microsoft tools and features to query and find information that might be of interest in the security context. As he said, it feels like a mini EDR written in PowerShell.

The second talk was Effectiveness in simplicity: The Taskmasters APT and it was presented by Elmar Nabigaev. The talk was simple and easy to follow. The presented an account of his work tracking and analyzing the Taskmasters APT and many of the interesting he learned while doing the research.

The Junior CTF Install Party

I have been talking to a coworker about organizing a CTF for high school kids in our town so when I saw this workshop on the schedule, I knew I had to participate in it to have a better idea of what can be done in similar CTFS.

The workshop was taught by Axelle Apvrille who told us about the idea behind the JuniorCTF and why she created it. We then moved on to installing CTFd along with some other dependencies before finally installing and running a local version of the JuniorCTF.

Overall, it was a very informative workshop. I got a few pointers that will definitely help me with organization of the CTF I had in mind. I will also try and contribute to the JuniorCTF git repo, and you can do that too, check out the repo here.

Practical Incident Response, With Automation and Collaboration Inside

This was a three hours long workshop filled with information and hands-on exercises. The workshop was taught by Saad Kadhi (from TheHive team). The first hour was a theoretical introduction to the Hive, Coretex, and other aiding tools that can be used to streamline incident handling in organizations.

Now, when the practical part started, trouble came knocking. I can’t express how frustrated I was because of what happened next. We got a VM from the team to use in the workshop. It had special configurations so we had no other choice than using it. I am using Linux on my laptop and I prefer to use KVM for virtual machines so I had neither VMware Workstation, Player, or VirtualBox installed on my laptop. In theory, this shouldn’t be a problem since I can import the OVA into a VM without any issues.

Well, I was wrong. The VM refused to work correctly despite all my futile attempts. At some point I gave up and installed VirtualBox but little did I know that I will just be adding a whole new load of issues. As the workshop progressed I became super frustrated so at some point, I made sure I understood the information that was presented and left.

Since I left a bit early from the workshop, I got to attend the two final talks of the conference. The first one was DOS Software Security: Is There Anyone Left to Patch a 25-year old Vulnerability? presented by Alexandre Bartel who took us on a fascinating adventure in the DOS world. He explained how he identified a vulnerability in a widely used software which allowed him to do all kinds of cool stuff on machines running DOS.

The last talk of Hack.lu 2019 was about DNS hijacking actors “DNS on Fire” and it was presented by Rascagneres Paul and Warren Mercer from Talos. They told us about different DNS hijacking threat actors and how they detected them. There was a lot of interesting information and I was kinda shocked to see my home country on the list of countries where targeted attacks were directed.

The End

That’s it. Hack.lu 2019 ended after a short prize ceremony for those who participated in the escape room and CTF games. It was a great experience for me, I learned a lot and talked to many amazing people. I am looking forward to the next edition. If you ever meet one of the organizers, make sure to thank them for creating such an inclusive and relaxed conference that fosters the development of information security in Europe and the entire world.