hack.lu 2024

hack.lu 2024 Wraps Up a Thrilling 18th Edition with Global Participation and Networking Highlights

2024-11-04T05:39:55+01:00

Luxembourg, October 26, 2024 – hack.lu, Europe’s central hub for cybersecurity professionals, enthusiasts, and experts, celebrated its 18th successful edition from October 22-25 in Luxembourg, hosting a packed agenda of workshops, trainings, and talks. With over 500 participants from around the world and 75 expert speakers, this year’s conference once again proved to be an essential event in the cybersecurity calendar.

Over the course of four days, hack.lu attendees immersed themselves in topics at the forefront of security, intelligence, and privacy. They enjoyed a packed schedule balanced with ample opportunities to connect over coffee breaks, pastries, and thoughtfully prepared lunches. As a priority for hack.lu, exceptional catering played an essential role in keeping energy high and conversations flowing throughout the event. Attendees also actively participated by presenting 26 lightning talks, each allowing speakers to share their experiences in a concise 5-minute format.

Even before the conference, the renowned hack.lu CTF took place, with 608 teams participating in challenges organized and designed by FluxFingers, the CTF team from Ruhr University Bochum (Germany). During the conference, hack.lu 2024 challenges were organized by the FIRST SecLounge SIG volunteers, offering participants various levels of challenges to play.

The conference organizers hosted a speaker’s dinner on the first evening to recognize and celebrate the event’s contributors. On the second day, participants mingled at an independently organized social event, which included fun activities such as PowerPoint karaoke. The third evening featured an invitation to the Cybersecurity Gala, held in collaboration with Cybersecurity Week Luxembourg.

Sascha Rommelfangen, co-organizer of hack.lu, reflects: “We’ve received tremendous positive feedback for this year’s organization. It’s inspiring to see participants join us from across the globe, from Australia to China, Mauritius to the USA. hack.lu is all about fostering connections in a friendly and inclusive setting, and we’re already looking forward to making next year’s event even more memorable.”

The talks and videos given during the conference are now publicly available on the hack.lu website and as a YouTube channel.

With strong support from 15 sponsors, hack.lu 2024 provided a vibrant atmosphere for collaboration and learning. Sponsors and participants alike appreciated the open setting that encouraged interaction and knowledge exchange on the latest cybersecurity challenges and innovations.

Alexandre Dulaunoy, co-founder and main organizer of hack.lu, sums it up: “hack.lu has always been about creating a space where knowledge flows freely and innovation thrives. This year, we saw remarkable ideas emerge from discussions, workshops, and impromptu conversations over coffee or tea. The diversity of voices – from seasoned experts to emerging talents – made this edition incredibly dynamic. We’re honored to facilitate these connections that not only strengthen our community but also push the boundaries of cybersecurity collaboration on a global scale. We look forward to building and improving on this momentum for hack.lu 2025, continuing to shape a future where security and openness go hand in hand.”

As hack.lu 2024 concludes, the organizers are already setting their sights on hack.lu 2025, scheduled for October 21-24, 2025, promising another year of inspiration, innovation, and community for the global cybersecurity landscape. We would also like to extend our heartfelt thanks to all our sponsors, supporters, volunteers, and participants who helped make hack.lu a remarkable conference.

Hack.lu 2024 - Agenda Published

2024-09-24T11:39:55+02:00

Hack.lu 2024: A Can’t-Miss Cybersecurity Event in the Heart of Europe

The hack.lu 2024 security conference, taking place from October 22nd to 25th in Luxembourg, is shaping up to be an unforgettable event for the cybersecurity community. Whether you’re a seasoned professional, an enthusiast, or someone curious about the field, hack.lu offers an unparalleled opportunity to learn, network, and immerse yourself in the latest trends and challenges in cybersecurity. This year’s agenda is packed with groundbreaking talks, hands-on workshops, and exciting activities like the Capture The Flag (CTF) competition. Here’s a sneak peek at what you can expect.

Main Track Overview

The main track at hack.lu is always a crowd-pleaser, and this year’s lineup promises to be no different. Here is the complete list of talks:

APT28: Following bear tracks back to the cave by Golo
Artemis: how CERT PL improves the security of the Polish internet by Krzysztof Zając
Automating Dark Web CTI Reports with RAG Insight for MISP Sharing by Shing-Li Hung
Back to the failure - Did your physical security really evolved in the last 40 years? by Simon Geusebroek
Blowing up Gas Stations for fun and profit by Pedro Umbelino
CSIRT and the Chocolate Factory by Didier Stevens
Cyber Threats to Advanced Intelligent Connected Vehicle Systems by Shihao Xue, Yuqiao Ning
DFIQ - Codifying digital forensic intelligence by Thomas Chopitea
Decoding Galah: an LLM powered web honeypot by Adel Karimi
Detection And Response for Linux without EDR by Hilko Bengen
Disconnecting games with a single packet: an Unreal untold story by Hugo Bertin
Dredge: An Open Source Framework for Cloud Incident Response by Santi Abastante
Empowering Cybersecurity Outreach and Learning through Collaborative Challenge Building, Sharing, and Execution by Alexandre Dulaunoy, David Durvaux
From 0 to millions: Protecting against AitM phishing at scale by Jacob Torrey
Ghosts’n’gadgets: common buffer overflows that still haunt our networks by Stanislav Dashevskyi
I Need Access: Exploit Password Management Software To Obtain Credential From Memory by Efstratios Chatzoglou
In-Depth Study of Linux Rootkits: Evolution, Detection, and Defense by Stephan Berger
Insights from Modern Botnets by Miguel
Internal Domain Name Collision 2.0 by Philippe Caturegli
IoT hacks humans - unexpected angles of Human Process Compromise by Vladimir Kropotov
Keys to the City: The Dark Trade-Off Between Revenue and Privacy in Monetizing SDKs by Dimitrios Valsamaras
KubeHound: Identifying attack paths in Kubernetes clusters at scale with no hustle by Julien
Lessons Learned from (almost) 8 Years of Sigma Development by Thomas Patzke
Making IOT great again by David Durvaux, Marc Durvaux
Malware and Hunting for Persistence: How Adversaries Exploit Your Windows? by cocomelonc
Mercator - Mapping the information system by Didier Barzin
NeuroCTI - a custom LLM for CTI - benchmarking, successes, failures and lessons learned (updates) by Aaron Kaplan
New features in the Zeek Network Monitor by Christian Kreibich
Nothing to see here! On the awareness of and preparedness and defenses against cloaking malicious web content delivery by Jeroen Pinoy
Predictive Analytics for Adversary Techniques in the MITRE ATT&CK Framework using Rule Mining by Tristan MADANI
Quantum Cybersecurity - Pioneering a Secure Future by Samira Chaychi, Sharif Shahini
Reverse engineering Android apps with ACVTool by Aleksandr Pilgun
Revolutionizing IoC Sharing: MISP, ZMQ and the Power of Smart Workflows & Taxonomies by Mike
SQL Injection Isn’t Dead: Smuggling Queries at the Protocol Level by Paul Gerste
Scam as a Service powered by Telegram by Aurimas Rudinskis
Securing the Stars: Comprehensive Analysis of Modern Satellite Vulnerabilities and Emerging Attack Surfaces by Vic Huang
Sigma Unleashed: A Realistic Implementation by Mathieu LE CLEACH
Spicy — Generating Robust Parsers for Protocols & File Formats by Benjamin Bannier
TODDLERSHARK: Kimsuky’s Hastily Built Variant of BABYSHARK Deployed Using an 1-Day Exploit by George Glass
Tales of the Future Past by Saâd Kadhi
The Gist of Hundreds of Incident Response Cases by Stephan Berger
The Ouroboros of Cybercrime: Witnessing Threat Actors go from Pwn to Pwn’d by Estelle
The Web of cognitive warfare by Jindrich Karasek
The XE Files - Trust No Router by James Atack
The good, the bad, and the ugly: Microsoft Copilot by Michael Bargury, Inbar Raz
Trying Gateway Bugs: Breaking industrial protocol translation devices before the research begins by Claire Vacherot
Understanding file type identifiers & scanners by Ange Albertini
You just got a CTI program funded - now what? by Lukas Vytautas Dagilis

Workshops to Boost Your Skills

In addition to the main track talks, hack.lu 2024 offers a series of hands-on workshops designed to deepen your technical skills or learning new techniques:

Chrome V8 exploitation training for beginners by hoseok Lee
Cryptography: from zero to dont-shoot-yourself-in-the-foot by Lorenzo Nicolodi
Defeating Encryption By Using Unicorn Engine by Balazs Bucsay
Dissecting the Threat: A Practical Approach to Reverse Engineering Malicious Code by Ankshita Maunthrooa
Exploring Firmwares: Tools and Techniques for (New) Cartographers by Eloïse Brocas
Exploring OpenSSH: Hands-On Workshop for Beginners by William Robinet
From protocol analysis to actionable algorithmic and signature detection with Suricata by Eric Leblond, Peter Manev
Hands-on Kubernetes security with KubeHound (purple teaming) by Julien
Lookyloo, Pandora, and all the bells and whistles to go with them. by Raphaël Vinot
MISP Kickstart by Shanna Daly, James Garratt
Malware Development and Persistence by cocomelonc
NLP deep-dive: Transformers for Text Mining and Text Generation in Cybersecurity by Pauline Bourmeau (Cookie), William Robinet
Open source Intelligence and Command line based BGP Hijacking Detection by Joon Kim
Operationalization of Sigma Rules with Processig Pipelines by Thomas Patzke
ROP on ARM64 - a hands-on tutorial by Saumil Shah
Reversing Flutter with Blutter and Radare2 by Axelle Apvrille
Scanning with the Artemis security scanner by Krzysztof Zając
The Heist: get your hands on the goods! by Stijn Tomme
Unleashing the power of purple teaming with OpenTIDE by Remi Seguy, Amine Besson
XOR Cryptanalysis by Didier Stevens
Zeek and Destroy with Python and Machine Learning Workshop by Eva Szilagyi, David Szili
iOS Compromise Detection using open source tools by David Durvaux, Christophe Vandeplas

Capture The Flag (CTF) Competition

No hack.lu is complete without the legendary Capture The Flag (CTF) competition. The hack.lu CTF is known for its challenging and creative puzzles that test participants’ problem-solving and hacking skills across a range of categories, including cryptography, web security, forensics, and more. This year, we are thrilled to have the famous FluxFingers team, known for their innovative and exciting challenges, organizing the CTF once again. With new puzzles designed to push even the most experienced players to their limits, this CTF promises to be an unforgettable experience. Whether you’re competing solo or as part of a team, the hack.lu CTF is an excellent opportunity to hone your skills and have some fun. Additional smaller challenges will take place during the hack.lu conference for the ones who don’t want to invest too much time into the CTF.

Sponsorship Opportunities

Hack.lu provides an opportunity for companies looking to showcase their products and services to a highly engaged audience of security professionals and enthusiasts. Sponsoring hack.lu is not just about brand visibility; it’s about becoming part of a community that values innovation, knowledge-sharing, and collaboration. Sponsors have the opportunity to engage directly with attendees through dedicated booths and active networking during the event.

By supporting hack.lu, sponsors help foster a cybersecurity community and contribute to the event’s unique family atmosphere of learning and exchange. Interested in becoming a sponsor? More details can be found https://hack.lu/sponsoring/.

Why You Should Attend

Hack.lu is more than just a conference; it’s a gathering of minds dedicated to pushing the boundaries of cybersecurity with a strong open source mindset. The sessions and workshops are tailored to provide deep insights and practical skills that you can apply in your work or research. The CTFs are a thrilling test of your abilities, and the networking opportunities are second to none. Plus, to keep your energy levels high, hack.lu offers lunch, beverages, refreshments, and pastries throughout the four days. There’s also a social event where all participants can relax, connect, and exchange ideas in a more informal setting.

Whether you’re there to present, participate, or just soak in the knowledge, hack.lu 2024 offers an unparalleled experience and a great opportunity to meet new friends. Don’t miss your chance to be a part of this exciting event. Tickets are still available, so be sure to grab yours https://hack.lu/info/.

Join us at hack.lu 2024 and become part of the conversation that contributes to the future of cybersecurity!

Call for papers is now open for hack.lu 2024

2024-05-20T11:39:55+02:00

hack.lu 2024 Call for Papers (including cti-summit)

The purpose of the hack.lu convention is to provide an open and free playground where people can discuss the implications of new technologies in society. hack.lu is a balanced mix convention where technical and non-technical people can meet and share all kinds of information freely. The convention will be held in the Grand-Duchy of Luxembourg in October (22-25.10.2024). The most significant new discoveries about computer network attacks and defenses, open-source security solutions, and pragmatic real-world security experiences will be presented in a four-day series of informative tutorials.

Hack.lu includes the Cyber and Threat Intelligence Summit gathering all the experts, analysts, users, and contributors to cyber and threat intelligence at large. A strong focus will be given to projects bridging intelligence communities together and also open-source related projects.

We invite you to submit papers, lightning talks, and workshop proposals for selection by the hack.lu technical review committee.

Topics of Interest

Software Engineering and Security
Social Engineering
Honeypots/Honeynets
Spyware, Phishing, and Botnets (Distributed attacks)
Newly discovered vulnerabilities in software and hardware
Electronic/Digital Privacy
Wireless Network and Security
Attacks on Information Systems and/or Digital Information Storage
Electronic Voting
Free Software and Security
Assessment of Computer, Electronic Devices, and Information Systems
Standards for Information Security
Legal and Social Aspect of Information Security
Security in Information Retrieval
Network Security
Malware Analysis and Reversing
Forensics and Anti-Forensics
Offensive (and counter-offensive) Information Technology
Mobile Communications Security and Vulnerabilities
CSIRTs, Incident Analysis and Response
Information Security and Data Mining
Threats Exchange and Sharing

Open source tooling used in threat intelligence including new tools or development of existing tools
Threat intelligence processes
Successes and failures in creating threat intelligence processes
Use of open-source tools (such as MISP) into SOC, CSIRT, or any security organization or intelligence community to support threat intelligence processes
Interoperability between threat intelligence tools (open source and proprietary)
Improving and evaluating the quality of threat intelligence at large
Share lessons learned in the intelligence domains including analysis processes, analytical methods, and/or techniques
Lessons and challenges while performing intelligence analysis
Successes and failures in data modeling for intelligence
Share experiences in information and intelligence sharing including building communities, tooling, social interactions
Improving skills in intelligence domains such as threat analysis, collection, and dissemination
Integrating OSINT, HUMINT, *INT into threat intelligence processes

The above lists of topics are not exhaustive and other related topics are welcome.

Presentation Format

The format of the talks during hack.lu is composed of a 20-minute maximum presentation with a 10-minute Q&A session. The goal is to foster collaboration and live discussions. The sessions will be video recorded except if the presenter doesn’t accept. Complementary papers, articles, and presentations are highly encouraged for participants who are willing to have more insight about the presentation given.

General Information

Date and Location

The hack.lu conference will take place physically in Luxembourg (October 22 - 25, 2024) at the
Parc Hotel Alvisse, 120 Route d’Echternach, L-1453 Luxembourg
(Long : 49.6399337, Lat : 6.1517228)

Speakers’ Privileges

For the selected talks/presentations/papers, authors will get free access to the conference.
One speaker per talk/workshop.
Accommodation will be provided (up to 4 nights during the conference). Hotel room must be reserved with a dedicated registration code, and paid in advance as guarantee. The money will be reimbursed during check-out.
Lunch, beverages, and more during all days of the conference.
Reimbursement of travel costs up to 300 EUR.

Language

The language of the conference is English.

Publication and Rights

Authors keep the full rights on their publications/papers but give an unrestricted right to redistribute their papers for the hack.lu convention and its related electronic/paper publication.

You can enter proposals until 2024-08-01 08:00 (UTC), 2 months, 1 week from now.

Edit or view your proposals
Submit a proposal

Sponsoring

If you want to support the initiative and gain visibility by sponsoring, please contact us by writing an e-mail to info(AT)hack.lu

For more information about sponsoring options.

CfP Website Submission

CfP hack.lu 2024 submission website