Unlock your Brain, Harden your System

https://www.unlockyourbrain.bzh

The wildest infosec event in the West!

The 9th edition of "Unlock Your Brain, Harden Your System" will be held on the 8th and the 9th of November 2024 in Brest ⋅ France

Program: https://www.unlockyourbrain.bzh/en/programme-eng/

  • Friday 8 Nov 2024 from 10 AM to 6 PM - dedicated to workshops

  • Friday 8 Nov 2024 afternoon from 2:00 PM to 7:00 PM - Bug Bounty

  • Saturday 9 Nov 2024
    Conferences from 9:00 AM to 06:30 PM - Lunch included
    Social Event: Closing Party from 7:00 PM to 0:00 AM

This event is organized jointly by La Cantine Numérique de Brest & DIATEAM

Where does the event happen? Workshops: CCI Brest, 1 place du 19e RI, 29200 Brest
Bug Bounty: Salle des Records, Marina du Château, 29200 Brest
Conference: Javouhey High School, rue de l'Église, 29200 Brest

When does the event happen?
Begin:
End:
Add to Calendar

Conference #UYBHYS - Brest - France

..:: Saturday 9th of November 2024 from 9:00 AM::..

Conference Ticket

Conference Ticket

Ticket valid only for the day of conference Saturday 9th November 2024

Lunch included
1 T-Shirt included


Place : Lycée Javouhey address : rue de l'Église, 29200 Brest.

from €22.00 to €84.00
Standard Ticket

37 currently available

€42.00 incl. 20% T.V.A

Standard Ticket for student & job seeker

Discount for unemployed persons, students and minimum income beneficiaries.
Proof of entitlement must be presented at the entrance to the conferences, otherwise the difference with the full price will be charged.

37 currently available

Original price: €42.00 New price: €22.00 incl. 20% T.V.A

Supporter Ticket

You should choose a supporter ticket if you want to specially support us organizing UYBHYS.

37 currently available

Original price: €42.00 New price: €84.00 incl. 20% T.V.A

Workshops - Friday 8 Nov 2024 - AM

Please pay attention to the schedule: some workshops run simultaneously, so please select only non-overlapping ones!

2 hour workshop: Natural Language Processing (NLP) for Threat Intelligence - Pauline Bourmeau

[EN or FR]
Level: beginners ★★
Language: English or French, depending on the public
Duration: from 10:00 AM to 12:00 PM
 
Natural language processing is a subfield of AI. It is at the core of large language models.
In this workshop you learn how to break AI into tools and build your first NLP program. You learn to use natural language processing to extract knowledge and uncover patterns in text data.
 
This workshop provides you with practical knowledge and skills that you can apply in your daily practice as a security professional.
 
It is designed for beginners, you will be introduced to the foundations of NLP and gain practical experience in text pre-processing, representation, and classification.
 
Goals:

  • Learn how to leverage natural language processing for Threat Intelligence and investigation in cybersecurity.
  • Acquire practical skills to allow you to build your own pipelines.
  • Guide you to an intuitive path for learning NLP and integrate it progressively to your daily tasks.

 
Program:

  • Build a sentiment analysis pipeline using pre-trained models and industry-standard libraries.
  • Learn the essential steps of text pre-processing by practicing on a real dataset.
  • Explore different methods of representing text data.
  • Build a simple text classifier using popular techniques.
  • Learn to measure accuracy of your model.
  • Discussions and resources to go further.

 
Conclusion:
We quickly discuss diverse ranges of applications of NLP, including Open-Source Intelligence (OSINT), Security research and Incident Response.
And finally, we highlight the significance of working with structured and unstructured data.
 
Requirements:
Knowledge in Python, no prior experience in AI is required.
 
About the speaker:
Pauline Bourmeau (Cookie): Pauline’s focus gravitates towards offensive cybersecurity, artificial intelligence, the hacker culture, cognition as well as the human element of cybersecurity.
 
She has a diverse background with experience in various fields including linguistics, criminology, cybersecurity, computer engineering, and education. Employing a transversal approach, she draws upon both humanistic and technical insights to provide a comprehensive understanding of cyber threats and their evolution.
 
She works today on subjects related to information security, artificial intelligence and education. She also dedicates a portion of her work to information sharing.

from €15.00 to €30.00
Regular Ticket

0 currently available

€30.00 incl. 20% T.V.A

SOLD OUT
Students & Job Seekers Ticket

This reduced price is available for full-time students, Jobs Seekers and people receiving minimum social benefits.
* A receipt will be requested at the entrance.

0 currently available

Original price: €30.00 New price: €15.00 incl. 20% T.V.A

SOLD OUT

2 hour workshop: Detecting and exploiting prototype pollution in JavaScript applications - Lucas Philippe (BitK)

[EN or FR]
Level: intermediate ★★★
Language: English or French, depending on the public
Duration: from 10:00 AM to 12:00 PM
 
Prototype pollution is a critical vulnerability in JavaScript applications, exploiting the prototype inheritance feature to introduce malicious properties. This workshop will provide an in-depth, hands-on experience to help participants understand, identify, and mitigate prototype pollution vulnerabilities.
 
Workshop Objectives:

  • Understand JavaScript prototypes and prototype pollution attacks.
  • Learn to identify prototype pollution vulnerabilities in JavaScript codebases.
  • Use our custom-developed tool to assist in identifying gadgets and vulnerabilities.
  • Perform a live demo targeting popular JavaScript libraries to showcase the tool's effectiveness.
  • Equip researchers and developers with practical skills to secure JavaScript applications against prototype pollution.

 
Workshop Outline:
1. Introduction to JavaScript Prototypes and Prototype Pollution
 

  • Overview of JavaScript prototype inheritance
  • Explanation of prototype pollution
  • Real-world impacts of prototype pollution vulnerabilities

 
2. Identifying Prototype Pollution Vulnerabilities

  • Common patterns and indicators of prototype pollution
  • Manual techniques for detecting vulnerabilities in code

 
3. Introducing pp-finder for Gadget Identification

  • Overview of the tool's features and capabilities
  • Instrumentation techniques used in the tool
  • Benefits of using the tool for whitebox audits

 
4. Using the tool

  • Setting up the tool in a development environment
  • Instrumenting a sample codebase
  • Identifying and analyzing potential gadgets and vulnerabilities

 
5. Targeting Popular JavaScript Libraries

  • Demonstration of the tool on well-known JavaScript libraries
  • Step-by-step walkthrough of identifying and exploiting a vulnerability

 
Prerequisites:

  • Basic understanding of JavaScript
  • Familiarity with JavaScript objects and inheritance
  • Laptop with a development environment set up (Node.js, preferred text editor/IDE)

 
About the speaker:
I’m Lucas also know as BitK, I am 28 y/o. I’m a French guy who lives in Lyon. If you play CTF we have probably already met during an on site event as I play a lot of them with the French team Hexpresso.
 
Before joining YesWeHack I was writing / reversing software for power plants.
 
I’m also a bug hunter, I’ve been in the top 10 hackers on YesWeHack Bug Bounty platform since the launch of the platform.

from €15.00 to €30.00
Regular Ticket

0 currently available

€30.00 incl. 20% T.V.A

SOLD OUT
Students & Job Seekers Ticket

This reduced price is available for full-time students, Jobs Seekers and people receiving minimum social benefits.
* A receipt will be requested at the entrance.

0 currently available

Original price: €30.00 New price: €15.00 incl. 20% T.V.A

SOLD OUT

2 hour workshop: GO FIGUR by yourself - Darcosion

[FR]
Level: beginners ★★
Language: French
Duration: from 10:00 AM to 12:30 PM
 
It all starts with a small spam campaign to sell fake drugs on Facebook. And it ends with a multinational infrastructure of spam, account creation farms, identity theft, and black SEO.
 
On the agenda: OSINT, web infrastructure analysis, SOCMINT, GEOINT, IMINT, and plenty of bonus content specific to this field.
 
This 'workshop' isn't really a workshop in the sense that you won't be doing any hands-on work on your computer. It's more of a deep dive into the world of OSINT in all its forms, even the most unexpected ones. Buckle up. ;-)
 
About the speaker:
Cybersecurity integrator, passionate about OSINT, and CTF competitor, Darcosion has been practicing hacking for about ten years and gives talks related to OSINT, CTI, and cybersecurity in general. Through the OSINT-FR community, Darcosion has participated in several major OSINT-based investigations and has also created his own OSINT CTF, the 'FullDebilosCTF,' which gathered over 200 participants over more than 2 weeks, with a total of 70 challenges.

from €15.00 to €30.00
Regular Ticket

0 currently available

€30.00 incl. 20% T.V.A

SOLD OUT
Students & Job Seekers Ticket

This reduced price is available for full-time students, Jobs Seekers and people receiving minimum social benefits.
* A receipt will be requested at the entrance.

0 currently available

Original price: €30.00 New price: €15.00 incl. 20% T.V.A

SOLD OUT

Workshops - Friday 8 Nov 2024 PM

Please pay attention to the schedule: some workshops run simultaneously, so please select only non-overlapping ones!

2 hour workshop: Natural Language Processing (NLP) for Threat Intelligence - Pauline Bourmeau (2nd session)

[EN or FR]
Level: beginners ★★
Language: English or French, depending on the public
Duration: from 2:00 PM to 4:00 PM
 
Natural language processing is a subfield of AI. It is at the core of large language models.
In this workshop you learn how to break AI into tools and build your first NLP program. You learn to use natural language processing to extract knowledge and uncover patterns in text data.
 
This workshop provides you with practical knowledge and skills that you can apply in your daily practice as a security professional.
 
It is designed for beginners, you will be introduced to the foundations of NLP and gain practical experience in text pre-processing, representation, and classification.
 
Goals:

  • Learn how to leverage natural language processing for Threat Intelligence and investigation in cybersecurity.
  • Acquire practical skills to allow you to build your own pipelines.
  • Guide you to an intuitive path for learning NLP and integrate it progressively to your daily tasks.

 
Program:

  • Build a sentiment analysis pipeline using pre-trained models and industry-standard libraries.
  • Learn the essential steps of text pre-processing by practicing on a real dataset.
  • Explore different methods of representing text data.
  • Build a simple text classifier using popular techniques.
  • Learn to measure accuracy of your model.
  • Discussions and resources to go further.

 
Conclusion:
We quickly discuss diverse ranges of applications of NLP, including Open-Source Intelligence (OSINT), Security research and Incident Response.
And finally, we highlight the significance of working with structured and unstructured data.
 
Requirements:
Knowledge in Python, no prior experience in AI is required.
 
About the speaker:
Pauline Bourmeau (Cookie): Pauline’s focus gravitates towards offensive cybersecurity, artificial intelligence, the hacker culture, cognition as well as the human element of cybersecurity.
 
She has a diverse background with experience in various fields including linguistics, criminology, cybersecurity, computer engineering, and education. Employing a transversal approach, she draws upon both humanistic and technical insights to provide a comprehensive understanding of cyber threats and their evolution.
 
She works today on subjects related to information security, artificial intelligence and education. She also dedicates a portion of her work to information sharing.

from €15.00 to €30.00
Regular Ticket

8 currently available

€30.00 incl. 20% T.V.A

Students & Job Seekers Ticket

This reduced price is available for full-time students, Jobs Seekers and people receiving minimum social benefits.
* A receipt will be requested at the entrance.

8 currently available

Original price: €30.00 New price: €15.00 incl. 20% T.V.A

4 hour workshop: Zeek and Destroy with Python and Machine Learning Workshop - Eva Szilagyi

[EN]
Level: intermediate ★★★
Language: English
Duration: from 2 PM to 6 PM
 
Zeek is an open-source network security monitor (NSM) and analytics platform that has been around for quite some time (since the mid-90s). It is used at large university campuses and research labs, but in the past few years, more and more security professionals in the industry have turned their attention to this fantastic tool.
 
But Zeek is so much more than just a NIDS generating alerts (notices) and log files! Zeek's scripting language allows security analysts to perform arbitrary analysis tasks such as extracting files from sessions, detecting brute-force attacks, or, most importantly, interfacing with external sources, such as Python! The Zeek Python bindings allow us, the analysts, to use powerful Python libraries such as Numpy, Pandas, and Tensorflow and apply machine learning-based detection on network traffic.
 
During this four-hour workshop, we will learn about the following topics:

  • Super fast introduction to Zeek (architecture, events, logs, signatures, etc.)
  • Using machine learning and data science tools on Zeek logs (as an example, we will use Fourier Analysis to detect C2 beaconing)
  • Super fast crash course in Zeek scripting (just enough to understand how to create new logs)
  • Connecting Zeek and Python via the Zeek Broker Communication Framework
  • Using machine learning tools in Python on the data we receive from Zeek for detection (as an example, we will use convolutional neural network and random forest models to compare them, and then use them to find unknown malware in live network traffic)

 
Requirements for the workshop:

  • A laptop with at least 16 GB of RAM and more than 50 GB of free disk space (VT-x support must be enabled on the host system).
  • Application to run Virtual Images (type-2 hypervisor): VMWare Workstation Pro (recommended), VMWare Workstation Player, VMWare Fusion, or VirtualBox.
  • Only 64-bit Intel-compatible (Intel or AMD) processors are supported. WARNING: ARM-based (like Apple Silicon, Qualcomm Snapdragon, some Microsoft Surface laptops) devices cannot perform the necessary virtualization and therefore cannot be used for the workshop.

 
About the speaker:
Eva Szilagyi is managing partner and CEO of Alzette Information Security, a consulting company based in Luxembourg. She has more than 8 years of professional experience in penetration testing, security source code review, digital forensics, IT auditing, telecommunication networks and security research. Previously, she was working for companies like Vodafone Hungary, Ernst & Young Hungary and Deloitte Luxembourg.
 
Eva has master’s degrees in electrical engineering and in networks and telecommunication. She also holds several IT security certifications such as GSEC, GICSP, GSSP-JAVA, GWAPT, GMOB, eWPT, and eJPT. Eva is also a member of the organizer team of BSidesLuxembourg.

from €15.00 to €30.00
Regular Ticket

6 currently available

€30.00 incl. 20% T.V.A

Students & Job Seekers Ticket

This reduced price is available for full-time students, Jobs Seekers and people receiving minimum social benefits.
* A receipt will be requested at the entrance.

6 currently available

Original price: €30.00 New price: €15.00 incl. 20% T.V.A

4 hour workshop: Deserialization attacks: exploit research and development - Vincent Michel & Gaëtan Carabetta

[FR]
Level: intermediate ★★★
Language: French
Duration: from 2 PM to 6 PM
 
Unsafe code deserialization attacks are one way to achieve remote command execution on a system. You could say that deserialization exploits are the equivalent of ROP chains but at higher application layers.
 
This type of vulnerability is often identified during source code audits, but also during vulnerability research phases in open-source applications. When a public gadget chain exists in the application, it can be used directly. But what if it doesn't? What if the public gadget chain doesn't work?
 
During this workshop, participants will:

  • Understand the mechanisms of deserialization applied to the PHP language</il>
  • Learn the methodology for researching and constructing a gadget chain</il>
  • Perform a basic attack on a demo application using a simple gadget chain</il>
  • Use the phpggc tool</il>
  • Tackle challenges on applications of increasing difficulty</il>

 
Prerequisites for participants:

  • Basic knowledge of object-oriented programming (ideally PHP)</il>
  • Workstation</il>
  • VM or Linux host (e.g., Debian) with Docker installed</il>

 
About the speakers:
Vincent works as a pentester in a cyber security company. He likes sharing his thoughts and experiments on different topics if it can help otheres: web and internal penetration tests, vulnerability research, write-ups, exploit development, security best practices, tooling, and so on... He previously worked as a senior software developer and switched to this wonderfull land of security :)
 
Gaëtan, naturally curious, began his professional career in construction before transitioning to the digital field, specifically into infosec within a pure-player cybersecurity firm. A consultant by day, game hacker by night, he isn't afraid to tackle hexadecimal instructions and enjoys the company of debuggers and disassemblers during his learning sessions. Always seeking new challenges, 'impossible' is not a word in his vocabulary.

from €15.00 to €30.00
Regular Ticket

1 currently available

€30.00 incl. 20% T.V.A

Students & Job Seekers Ticket

This reduced price is available for full-time students, Jobs Seekers and people receiving minimum social benefits.
* A receipt will be requested at the entrance.

1 currently available

Original price: €30.00 New price: €15.00 incl. 20% T.V.A

3 hour workshop: Exploring OpenSSH: Hands-On Workshop for Beginners - William Robinet

[FR]
Level: beginners ★★
Language: French or English, depending on public
Duration: from 2 PM to 5 PM
 
During this workshop, you will learn how to use the various tools from the OpenSSH suite. We will start with a presentation of the problems that are solved by OpenSSH, then we will dive into the details of its most important and useful features.
 
Among the topics covered, we will discuss about remote host authentication, password and public key client authentication, key generation, local and remote port forwarding, forward and reverse SOCKS proxying, X11 forwarding, jumphosts, connection to legacy systems, and more.
 
Hands-on exercises will be proposed throughout the exploration of the tool suite using real-life scenarios. There will be space for questions and discussion.
 
This workshop is intended for beginners who wants to improve their practical knowledge and experience with OpenSSH.
 
Basic networking and Linux shell knowledge are required in order to follow this workshop. Each participant will need a Linux machine (on which they have root access) with Docker pre-installed and Internet access.
 
Workshop's outline:

  • Workshop author presentation
  • Illustration of the confidentiality, authenticity, and integrity issues related to the use of network communications with traditional tools such as telnet
    • Lab: Generate traffic with telnet or netcat and dump it with Wireshark/tcpdump
  • SSH & OpenSSH history
  • Presentation of the OpenSSH tool suite
  • Remote machine authentication
  • Client authentication methods: password & public key
    • Lab: Login using a password, generate a keypair, configure it, and use it
  • SOCKS proxying (forward & reverse)
    • Lab: Reach an internal web application (via its DNS name) through a SOCKS proxy on the remote machine
    • Lab: Provide Internet access to a remote isolated machine
  • Local port forwarding
    • Lab: Reach an internal web application via a local port forwarding (-L)
  • Remote port forwarding
    • Lab: Reach a local netcat server from the remote machine through a remote port forwarding (-R)
  • Jumphost
    • Lab: Reach the shell of an internal machine with a single command (-J)

 
And if time permits, we will discuss some other points:

  • Graphical application forwarding
    • Lab: Start a graphical application remotely (-X)
  • Legacy systems
    • Lab: Show how to connect to legacy SSH implementations
  • Honeypot
    • Lab: Demonstrate the use of an SSH honeypot
  • Quick introduction to tmux
    • Lab: Demonstrate the use of tmux

 
A Linux machine (VM or physical) with root access and Docker pre-installed is required for the labs.
This machine will need Internet access with at least TCP port 22 being open to the outside.
 
About the speaker:
William manages the technical team behind AS197692 at Conostix S.A. in Luxembourg. He’s been working with free and opensource software on a daily basis for more than 25 years. Recently, he presented his ASN.1 templating tool at Pass The SALT 2023 in Lille, and his OpenSSH workshop at Hacktivity 2023 in Budapest and CONFidence 2024 in Krakow. He contributed to the cleanup and enhancement efforts done on ssldump lately. He particularly enjoy tinkering with ML and open (and not so open) hardware.

from €15.00 to €30.00
Regular Ticket

9 currently available

€30.00 incl. 20% T.V.A

Students & Job Seekers Ticket

This reduced price is available for full-time students, Jobs Seekers and people receiving minimum social benefits.
* A receipt will be requested at the entrance.

9 currently available

Original price: €30.00 New price: €15.00 incl. 20% T.V.A