Hackers visiting Mickey Mouse

We continue a series of articles about trips to various unusual security events. Recently we were able to attend the HackInParis conference, which was held June 17-21 in France, in Paris, in Disneyland! Yes, yes, it is in the center of children's delight, in an amusement park. If it is interesting to you how modern cyber threats and children's squeak and squeal get on together, I ask under kat.

We (Dmitry Evdokimov and Andrey Chasovskikh) spoke at the HackInParis conference with the report “Windows Phone 8 Application Security”, in which we talked about the security model used in Windows Phone 8, a little about how you can explore the insides of this OS, and directly about the applications themselves - how to write them in the 8th version of the new OS and what you should pay attention to in terms of security during their development. At the same time, we made parallels with iOS and Android.
This presentation was a logical continuation of our presentation “Inspection Windows Phone applications” at the BlacHat AbuDhabi 2012 conference. In this study, the focus was on application security in Windows Phone 7. Then we also presented a tool for dynamic analysis of applications for WP7 called Tangerine. Tangerine uses static CIL bytecode to perform its functions. But now we will not go into the issue of application security for WP (we will devote a separate article to this), but we will tell you about the HackInParis conference.
So, the flight from St. Petersburg to Paris took 3 hours, took place at an altitude of 10,500 meters. After landing at Charles de Gaulle airport, we simply entered the subway and drove to Disneyland, marked on the map with the head of Mickey Mouse.


')
We lived in the Sequoia Lodge, and the conference itself was held at the New York hotel, 500 meters from our hotel. And all this - on the territory of Disney Village, next to restaurants, snack bars, souvenir shops and - yes! - amusement rides. Next to Disney Village - DisneyLand and Disney Studio, entrance there is already paid.



So, HackInParis, it can be said, consists of two parts: the first is training, they were held from June 17 to 19, the second part is the conference itself, from 20 to 21 numbers.
Trainings were devoted to writing exploits, digital forensics using open source tools, cracking IPv6 networks and reversing Win32 applications.



The conference itself was held in one stream. The undoubted advantage of this decision is the large number of people at each report. Within two days there were 16 speeches. On the first day, most of the reports were devoted to mobile security (BYOD, Android, Windows Phone 8, MDM solutions), and on the second day, much was said about low-level research (virtualization, rootkits, DBI).
We will not dwell on the reports themselves - they can be downloaded on the Internet, and we will try to convey the atmosphere.
We really felt like guests of Mickey Mouse and his friends. The Disney heroes from Bambi to the Little Mermaid looked out from everywhere: from behind the railings of buildings, from the elevators, they looked at us from the walls of the hotel rooms and from the passing buses. Around were cheerful, carefree faces of children and tired, exhausted faces of adults.



Some of the speakers and attendees came to the conference with their families, while others said that God forbid their children find out where they were on a business trip. It was funny in the morning to talk with the person about the latest trends in rootkit making, and in the evening to meet him with a ball in the shape of Mickey Mouse's head, but in the same T-shirt with the words “Nuit Du Hack”.



Nuit Du Hack is another hacker conference in Disneyland, which takes place immediately after HackInParis. And if HackInParis is an international party with a slight bias in business, then Nuit Du Hack is a local hacker festival, where most of the reports are in French. There is also an exhibition of various high-tech lotions and its own CTF. By the way, this year two teams from Russia participated in CTF - HackerDom and TechnoPands. With its atmosphere and organization, Nuit Du Hack is reminiscent of our Chaos Construction. Only instead of the voice, commenting on the demo, the whole festival is a speaker.
In general, HackInParis is an excellent event, where you can go with the whole family, where everyone will find something interesting for themselves.