La 16ème édition de la Nuit Du Hack se tiendra les 30 juin et 1er juillet 2018. Après de bons moments passés ensemble à Disneyland Paris, la Nuit Du Hack relève cette année un nouveau défi, en vous offrant un nouveau lieu.
Pour la toute première fois depuis sa création, la Nuit Du Hack se déroulera à La Cité des Sciences et de l’Industrie en plein Paris ! Toute la team HZV est fière de pouvoir vous accueillir dans ce lieu unique et plus particulièrement au Centre de Congrès de la Cité des
A votre disposition : 3 niveaux en mezzanine, un amphithéâtre de 900 places, 2000m2 de surface d’exposition, le loft : 1000m2 entièrement dédié au Wargame, des espaces réservés aux workshops et bien plus encore !
En 2018, la Nuit Du Hack, ce sera toujours : des conférences, des challenges, des workshops mais aussi des nouveautés et surprises à venir !
Les places pour la Nuit du Hack sont SOLD OUT ! Imprimez ou enregistrez vos QR codes afin de pouvoir accéder à l’événement ainsi qu’aux retraits de vos goodies.
Rappel : Les goodies seront à retirer sur place lors de la Nuit du Hack, HZV ne procédera à aucun envoi.
Vous pouvez désormais proposer vos propres challenges pour le wargame de la Nuit du Hack. Envoyez-nous vos épreuves ainsi qu’un writeup et une estimation de la difficulté du challenge sur une échelle de 1 à 10.
Planning des conférences :
- 10:00 am Keynote par Gaël Delalleau
- 10:30 am Lancement du Bug Bounty
- 10:45 am [FR]USB-HID l’ami de la “Red Team” par Jérôme Poggi
- 11:30 am [FR] Virtualization In-app sous Android afin de maîtriser l’exécution des applications virtualisées with Julien Thomas
- 12:15 pm [FR] A story of metadata par Alexandre Pujol
- 2:00 pm [FR] La Surprise du Chef
- 2:15 pm [FR] Qu’est-ce que le hacking social ? par Gull et Viciss
- 2:45 pm [FR] Breaking privacy in software par Maria Christofi
- 3:30 pm [FR] (Not) All Quiet on the Eastern Front par Maliciarogue
- 5:15 pm [FR] Attacking systems without using classic inputs and outputs par Renaud Lifchitz
- 6:00 pm [FR] From corrupted memory dump to rootkit detection par Stéfan Le Berre
- 6:45 pm [EN] Side-channel Attack of a Quantum Key Distribution System with Martina Bodini
- 7:30 pm [EN] Hardware Slashing, Smashing, Deconstructing and Reconstruction for root access with Deral Heiland
- 8:30 pm [FR] Smart backdooring 2.0 par Paul Daher
- 10:15 pm [EN]How to borrow a car in 60,000 millisecond par Robert Leale
Planning des Workshops :
- 8:00pm – 6:00am Lockpicking workshop by the ACF – S3
- 8:00pm – 6:00am Gamebuino presentation with the Gamebuino team – S3 Room 4
- 8:00pm – 6:00am Radio workshops with the Electrolab – S3 Room 1
- 12:00am – 6:00am Car hacking 101 with Robert Leale – S2 Room C
- 8:00pm – 10:00pm Introduction to Bro network with David Szili and Eva Szilagyi – S3 Room 2
- 8:00pm – 10:00pm Reverse-engineering Waze: A story about MASF, protobuf and a Raspberry Pi with Maliciarogue – S3 Room 3
- 10:00pm – 12:00am Breaking Apps with Frida with Jahmel Harris – S3 Room 2
- 10:30pm – 12:30am AWS Hardening with Deniz Parlak – S3 Room 3
- 12:00am – 2:00am Automate all the ZAPs with Zack and Daniel Wozniak – S3 Room 2
- 12:30am – 4:00am Reverse Engineering a (M)MORPG with Antonin Beaujeant –
S3 Room 3
Retrouvez toutes les informations utiles : comment venir ? Les consignes de sécurité ? où dormir ? Où manger ? sur la page dédiée sur le site internet : https://nuitduhack.com/fr/
Confesionnal ZATAZ NEW !
Depuis 5 ans, lors de la Nuit du Hack, le Confessionnal ZATAZ vous propose de venir vous “confesser”. Vous avez découvert une faille et vous avez peur d’alerter l’entreprise ? Vous avez découvert une fuite de données personnelles et vous avez envie de faire remonter l’information ? Le Protocole ZATAZ est là pour vous.
L’idée : aider sans être obligé de se démasquer.
Dès 19h30, c’est Damien Bancal qui vous recevra et qui se chargera d’alerter l’entreprise, l’association, l’ANSSI, la CNIL, … Il ne veut même pas savoir qui vous êtes. Si vous venez, c’est que vous souhaitez aider. Seul impératif, smile, geek and fun ! Bref, parler de chose sérieuse, sans être obligé de se prendre totalement au sérieux.
Cette année, chaque lanceur d’alerte repartira avec des goodies, et à tout moment, une borne d’arcade miniature (et ses 200 jeux) sera offerte à des lanceurs d’alertes différents. Attention, ça sera totalement sans tirage au sort. En 2017, plus d’une centaine de failles/fuites avaient été remontées lors du Confessionnal ZATAZ.
La NDH est organisée chaque année par l’association HZV qui œuvre depuis 15 ans pour la démystification du Hacking par l’éducation et le partage.
Sponsors NEW !
La NDH ne serait pas possible sans le soutien de nos sponsors, depuis toutes ces années.
DIAMOND SPONSORS :
Accenture solves our clients’ toughest challenges by providing unmatched
services in strategy, consulting, digital, technology and operations.
Accenture Security consultants provide our clients with next-generation
cybersecurity that can protect their entire value chain, end-to-end. Our
network of 5000 security professionals relies on the latest technologies
of the market (Cloud, Velocity, Memority, Sailpoint, Splunk …) to
detect risks and protect our clients from cyber-threats.
Founded in 2013, Akerva is a cybersecurity company which provides high
value added security services and technical audits.
Its technical team developed a specific expertise in offensive security
and perform penetration testing and audits to enhance their clients’
data and IT security.
Akerva employs 60 cybersecurity experts based in Paris and Rennes. As
the company is experiencing a strong growth, Akerva recruits numerous
security consultants (pentesters, IoT experts, technical auditors…) to
join its audit team or its SOC (Cyberdefence Center) business unit.
For further information about Akerva, visit akerva.com or meet its team
on the occasion of the next NDH !
Founded in 2015 by a group of IT security experts with the support of
Econocom Group, digital.security (~ 200 experts) aims to offer companies
and government organizations advanced audit and consulting services and
a CERT™ dedicated to the IoT ecosystem. Our experts have strong
expertise in providing Integration & Projects (SSO, IAM, IAG, PKI,
privilege management, Logs collection, analysis and management Data
compliance solutions), and also in Operational Security (outsourcing,
security services center operations, SOC & SIEM management).
MINISTÈRE DES ARMÉES
Under the authority of the Joint Chief of Staff, the Cyber Command
(French COMCYBER) is the Ministry of the Armed Forces ‘cyberdefence
operational unit. The Command ensures the protection and the defence of
the information systems. It also plans, coordinates, integrates,
synchronizes and conducts cyber military operations. Currently, the
French Ministry of the Armed Forces counts more than 3,000 cyber
fighters in its ranks.
QWANT is the European search engine that protects its users privacy and
cares about providing unbiased results. Qwant never knows who you are,
doesn’t know your search history, and doesn’t collect any personal data
to track you. It simply delivers what you ask for: the most relevant
results for your query. QWANT is also BUG BOUNTY SPONSOR
PLATINIUM SPONSORS :
The Agence nationale de la sécurité des systèmes d’information (ANSSI)
is the French cybersecurity and cyberdefence authority. As such, ANSSI
has three major duties : prevention, defense of information systems and
Since more than 20 years, C2S is Bouygues Group’s Digital Businesses
Services company. With 150 passionate employees interacting essentially
with IT System Departments and Group’s different businesses. C2S acts on
six activities domains: Digital Transformation, Smart
Building/City, IoT, software development, IS Infrastructure/Cloud and
In 2017, C2S Cybersecurity acts both within Bouygues Group subsidiaries
and external clients with missions like: Advice (Risk analysis,
Regulation, Regulation, audits, pentest) / Cyber Defense (ex : CERT,
SOC, Forensics, Digital Investigation) / Security operational services
CEIS is a French strategic consulting firm specialized in risk
management with over 15 years experience in cybersecurity &
cyberdefense. Through our strong cyber intelligence capabilities, we
support companies, government agencies or international organisations in
their cyber risk management & operational IT security services. Our
dedicated team of consultants has developed a unique approach of Cyber
Threat Intelligence and their own methodologies of analysis based on
cyber human investigations. CEIS also produces strategic studies on
cyberdefense & cybersecurity for the ANSSI or the French MoD, and
organizes cyber crisis exercises. With the organisation of the FIC
https://www.forum-fic.com/ and the launching of Bluecyforce, the first
European cyber training center in partnership with Diateam, CEIS plays a
major role in the development of the French cybersecurity industry and
Deloitte is the world leader in security consulting (Gartner Octobre
2014), which combines insight and innovation from multiple disciplines
with business knowledge to help clients, regardless of their size or
industry sector. The relentless pursuit of the highest quality
encompasses the values of our 6 500 professionals and remains the
cornerstone in our firm’s continuing success. Deloitte’s IT Risk
practice in France consists of 200 professionals, of which 80 are
experts in information security and risk management. “Deloitte” is the
brand under which over 8000 IT professionals and 3000 information
security experts collaborate throughout the world. Expert in
cybersecurity advisory since 1989, HSC by Deloitte brings a vision of
the business based on independence, transparency and sharing of
knowledge. Also training institute, HSC by Deloitte deliver technical,
organizational and legal courses based on customers issues and the
feedback and experience of our security consultants.
At Devoteam, we deliver innovative technology consulting for business.
We are 5,200 professionals dedicated to ensuring our clients win their
digital battles. Present in 17 countries in Europe and the Middle East
and drawing on more than 20 years of experience, we improve business
performance making their companies truly digital. We build IT
infrastructure for digital, and make sure people are along for the ride.
Devoteam achieved yearly revenue of €540 million in 2017. At Devoteam,
we are Digital Transformakers.
As the main independent provider of cybersecurity consulting and
technical expertise, Harmonie Technologie partners with key accounts
(mainly from CAC40 and SBF120 companies) to define their cyber
strategies, protect their information assets or manage their cyberrisks.
Working on assignments for Information Security, Risk & Control and CIO
departments, we offer audit, consulting, training and solution
integration services. With dual technical and functional expertise,
Harmonie Technologie addresses the cyber-trust and compliance issues
faced by our clients. We run efficient GDPR compliance programmes and
cyber-crisis simulations. We help you determine your main
vulnerabilities, define your remediation plans or implement IAM or data
protection solutions. With the continual development of our consultants‘
expertise firmly at the heart of our company culture, Harmonie
Technologie focusses on delivering high added value for our customers.
We create specialized teams to address your cyb
er issues, whether it be to define a transformation programme, assess
the cyber-robustness of an architecture or implement a state-of-the-art
Founded in 1995, Intrinsec is Neurones Group’ subsidiary specialized in
Information Security. Intrinsec develops services lines with the goal of
protecting its customers’ business & being their privileged partner for
cybersecurity problematics. A variety of activities are provided to
build a complete framework : Security assessment : pentesting & audits
(PASSI) / Digital risks management : masterplan, part-time CISO & CISO
coaching, security awareness & trainings / Operations (SOC) : cyber
threat intelligence, incident detection & response, vulnerability
management/ R&D leading player in the industry, Intrinsec also invests
in the community through publications, conferences, courses, animations, …
Born in Paris in 2005, I-TRACING employs today more than 120 consultants
and engineers focusing exclusively on cybersecurity, with complementary
skills and high technology capabilities: data analysts, PMO,
consultants, security engineers, big-data platforms developers, fraud
and security analysts, network and systems engineers, security auditors,
cloud infrastructures specialists, etc.Combining audit, forensic,
consulting & design, solution engineering, security managed services and
SOC (Security Operation Center), I-TRACING is a heaven for passionate
professionals willing to address important cybersecurity projects and
technologically-deep IT security implementations. Our clients are among
the biggest companies and public authorities in France and Europe in all
market environments. Totally independent, I-TRACING is also a
high-growth service company with a 50% average annual growth. Beyond
Paris, the international presence encompasses three subsidiaries in
London, Geneva and Hong-Ko
ng. High expertise, service oriented approach based on commitments
respect, meritocracy in the company management, enthusiasm, passion for
technology and innovation are among our company values.
EC-COUNCIL by IT GNOSIS
EC-Council, owner & creator of the world famous Certified Ethical Hacker
(CEH), Computer Hacking Forensic Investigator (CHFI), EC-Council
Certified Security Analyst (ECSA) programs, is present in more than 110
countries through a network of 720 partners. In France, several European
& African countries, EC-Council is represented by IT-Gnosis. It-Gnosis’
activity is dedicated exclusively to IT security related trainings.
Through partnerships with training centers and schools/universities,
IT-Gnosis offers vendor neutral trainings and certifications, supports
its partners in their development, and provides course materials,
licenses for online Labs and provides on demand the certified trainers
to deliver these courses. For the 10th consecutive time, we are really
proud to be Platinium sponsor of NDH, to support the biggest Hacking &
IT security event in France. Come to visit our booth & meet our team!
With nearly 20 years history, Oppida is now the most experienced
independent consulting company in Information Security. Oppida carries
out audit missions, evaluations and consultancy activities to enhance
security of Information Systems. Oppida is ITSEF accredited, PASSI
qualified, Eidas audit qualified and is also an ARGEL certification
center. Oppida aims at being at the cutting edge where innovation and
quality are concerned. Indeed, Oppida plays an active role in
large-scale research program which involve key stakeholders in industry,
SOC systems and IoT.
Secure your critical data, intellectual property and brand image.
Orange Cybderdefense supports you in every stage of the cyber risk
lifecycle: preparing your security strategy and ensuring it is working,
protecting and monitoring your critical assets, promptly detecting any
breaches, containing and remediating them and preventing digital fraud
and data leaks from propagating.
Benefit from best-of-breed technology, industry-leading threat
intelligence capabilities and an unmatched service layer from our expert
Outscale is a IaaS (Infrastructure-as-a-service) company which relies on
a strong internal R&D team. By developing our own Cloud Manager, TINA
OS, we have complete control over all the various Cloud layers. With
TINA OS, we can also satisfy any specific needs our users express by
developing unique solutions in order to make the most out of their Cloud
deployments. We are passionate about new technologies and the benefits
they bring to our customers. Helping them meet their objectives is what
really matters to us. delivers the most complete calculating, storage
and network infrastructure on the market with support from renowned
partner technology from Cisco, NetApp, Intel, and Nvidia.
Founded in 1999 by Octave Klaba, OVH is an independent French company
whose headquarters is based in Roubaix. Its specialty: web hosting, is
the number 1 in french and european hosting provider and number 3
worldwide (source Netcraft December 2012). Its activities today now
extended to products and services related to: domain names, e-mail,
VoIP, Internet provider and cloud computing. Because it reinvests all
its profits in R&D, OVH develops solutions more efficient and
environmentally friendly, and undeniably contributes to the development
of the IT sector. As of 2013, OVH is present in 7 cities in France, 15
countries and 3 continents. The success of OVH is based on a unique
culture: each employee makes its contribution to the sustainability of
the company, trying to be the best in their field.
Provadys is a company specialized in IT Security. Our Offensive Security
team is composed of passionate consultants, 100% dedicated to
penetration tests and technical audits. We perform penetration tests on
various scopes (web applications, mobile applications, external or
internal networks, etc.), and our hacking skills are also useful during
reverse engineering missions, source code analysis, configuration
reviews, or Red Team mode attacks.
Sopra Steria proposes a global offering of consulting, solutions
integration and managed services, in response to prevention, protection,
detection & reaction issues, with key expertise in Governance, Risks &
Compliance, Digital trust and SOC. As a Trusted Services Operator, Sopra
Steria relies on 700 highly-skilled experts -300 in France- and an
expanding network of next generation cybersecurity centres in Europe and
Singapore, to protect information heritage and ensure the digital
security of administrations, critical operators and sensitive large
SQUAD is a consultancy company specialized in Cyber Security, Digital
and Virtual Infrastructure. SQUAD unites more than 350 experts all over
France. Conviviality, sharing knowledge and improving skillsets are
capital values! Our Cyber Security team is looking for new talents:
could it be you? Do not hesitate to get in touch! Consultancy Company
created in 2011 – Certified ISO 27001 – GreatPlaceToWork 2017.
Whenever a critical decision need to be made, Thales has a role to play.
Our solutions help customers to make the right decisions at the right
time and act accordingly in challenging environments.
To help create a safer world, we serve five keys sectors : Aerospace,
Space, Ground Transportation, Defence, Security
World-class technology, the combined expertise of 64,000 employees and
operations in 56 countries have made Thales a key player in keeping the
public safe and secure, guarding vital infrastructure and protecting the
national security interests of countries around the globe.
We are proud of the role we play in a world that is increasingly mobile,
interconnected, interdependent and dangerous.
Wavestone is a new consulting brand, formed by the merger of Solucom and
Kurt Salmon’s European business (excluding Consumer Goods and Retail
Consulting activities outside of France) in 2016. Wavestone’s vision is
to enlighten and guide our clients in their strategic, value-adding
decision-making by capitalising on our functional, industry and
technological expertise. Our firm combines the expertise of 2,600 people
across 4 continents. Wavestone is the leader in information security
consulting in France with more than 400 dedicated consultants; we help
major accounts handle risks and steer security projects, with the finest
skills in all aspects of security and risk management: security
governance, data protection, digital trust, business continuity,
identity management, and a dedicated team of 40 people for incident
response (CERT-Solucom), security audits and penetration testing
(PASSI). Wavestone experts also work on various R&D projects (Industrial
Control Systems, Big Data,
Mainframe, Active Directory, …) and share their research and tools at
international conferences (DEFCON, BlackHat, HITB, BruCon, …)
YES WE HACK
Since 2015, YesWeHack connects a community of IT security experts with
organizations or projects willing to better protect their information
assets. YesWeHack is made of 4 interdependent services strengthening cooperation
: the first European Bug Bounty Platform : BountyFactory.io, a jobboard
dedicated to security expertise and a Bug Bounty aggregator :
FireBounty.com. Last but not least, in 2017, YesWeHack launched
ZeroDisclo.com : a non-profit platform providing the technical means and
the required environment for ethical hackers to adopt a coordinated way
for reporting vulnerabilities.
ZenConnect is an IT Service Provider, specialized in WiFi, Internet,
Cloud and network infrastructure for B2B. We help organizations
transition through their digitization projects, thanks to our digital
security & IT skills and our experience in managing complex projects.
Making technology work for YOUR business !