2.0 -//Pentabarf//Schedule//EN PUBLISH RWCWKL@@cfp.pass-the-salt.org -RWCWKL RF Swift: A Swifty Toolbox for All Wireless Assessments en en 20250701T141000 20250701T144500 0.03500

RF Swift: A Swifty Toolbox for All Wireless Assessments

PUBLIC CONFIRMED Talk https://cfp.pass-the-salt.org/pts2025/talk/RWCWKL/ Amphitheater 122 Sébastien Dudek PUBLISH 8WLTNS@@cfp.pass-the-salt.org -8WLTNS The Last Resort: Debugging Embedded Systems with Unconventional Methods en en 20250701T144500 20250701T152000 0.03500

The Last Resort: Debugging Embedded Systems with Unconventional Methods

This talk offers an overview of low-level concepts related to interrupts, followed by a detailed guide on building an on-chip debugger, addressing the various choices and challenges that may arise during the process. To begin with, a communication channel is required, preferably one that remains operational even during a debug interrupt. An initial breakpoint must be set on the target to trigger the debugger. A debug handler, ideally written in assembly, needs to be implemented and configured to listen for commands responsible for reading and writing memory and register contents. An intermediate server between GDB and the target must also be created. Several open-source skeletons are available to assist in this task. In addition, the talk places special emphasis on designing a lightweight debugger, as it is intended for embedded targets. It will therefore present techniques to keep the code as minimal and efficient as possible. PUBLIC CONFIRMED Talk https://cfp.pass-the-salt.org/pts2025/talk/8WLTNS/ Amphitheater 122 Vincent Lopes (Security Engineer, Quarkslab) PUBLISH CWYMPY@@cfp.pass-the-salt.org -CWYMPY LabCyber - a FabLab dedicated to cybersecurity en en 20250701T152000 20250701T154000 0.02000

LabCyber - a FabLab dedicated to cybersecurity

During this talk we will succintly present pilot projects of varied nature: - entrepreneurial prototyping - multipartner academic projects - production of commons with work groups as well as our range of equipement and the eligibility criteria for new projects. As a Fablab we are willing to promote an open science approach by : - Listing and advocating for open tools - Sharing the results or the methodologies with communities as wide as possible - Initiating open hardware projets related to security PUBLIC CONFIRMED Short Talk https://cfp.pass-the-salt.org/pts2025/talk/CWYMPY/ Amphitheater 122 Aline Becq Fabien Caura PUBLISH HL8QKR@@cfp.pass-the-salt.org -HL8QKR OpenRelik: a containerized incident response processing pipeline en en 20250701T155500 20250701T163000 0.03500

OpenRelik: a containerized incident response processing pipeline

This talk will cover: * OpenRelik: what is it, who is it for, how do we use it? * lessons learnt from the past: Turbinia, its architecture, and why that wasn’t cutting it anymore * Architecture: decentralized workers via containers, redis pub sub channel, shared file system, mediator server * life of a workflow: how we go from uploading evidence to retrieving results. * How OpenRelik integrates with other tools such as Timesketch and Yeti. How to write a worker that integrates with your tools. PUBLIC CONFIRMED Talk https://cfp.pass-the-salt.org/pts2025/talk/HL8QKR/ Amphitheater 122 Thomas Chopitea (Digital Forensics, Google) Johan Berggren (Digital Forensics, Google) PUBLISH SB7BEZ@@cfp.pass-the-salt.org -SB7BEZ End-to-end processing of malware samples using open source technologies en en 20250701T163000 20250701T170500 0.03500

End-to-end processing of malware samples using open source technologies

PUBLIC CONFIRMED Talk https://cfp.pass-the-salt.org/pts2025/talk/SB7BEZ/ Amphitheater 122 Frederic Baguelin Matt Muir PUBLISH WAKGHJ@@cfp.pass-the-salt.org -WAKGHJ Practical intro to deeplearning: chihuahuas vs muffins en en 20250701T141000 20250701T171000 3.00000

Practical intro to deeplearning: chihuahuas vs muffins

Agenda: • Short introduction to deep learning • Setting up the environment • Hands-on session: we’ll experiment with image classification • Hands-on session: we build a web app with Gradio We’ll also be discussing applications to cybersecurity you can prototype, deep learning and training methods, cool the hype and discuss realistic LLM capacities. PUBLIC CONFIRMED Workshop https://cfp.pass-the-salt.org/pts2025/talk/WAKGHJ/ Room LW109 Pauline Bourmeau, Cubessa William Robinet (Conostix S.A.) PUBLISH WLKAH9@@cfp.pass-the-salt.org -WLKAH9 Building Efficient Verifiable Logs: Introducing Trillian Tessera and TesseraCT en en 20250702T091500 20250702T095000 0.03500

Building Efficient Verifiable Logs: Introducing Trillian Tessera and TesseraCT

PUBLIC CONFIRMED Talk https://cfp.pass-the-salt.org/pts2025/talk/WLKAH9/ Amphitheater 122 Philippe Boneff (Certificate Transparency Tech Lead, Google) Roger Ng PUBLISH DCMUBQ@@cfp.pass-the-salt.org -DCMUBQ Working towards digital archive transparency en en 20250702T095000 20250702T101000 0.02000

Working towards digital archive transparency

PUBLIC CONFIRMED Short Talk https://cfp.pass-the-salt.org/pts2025/talk/DCMUBQ/ Amphitheater 122 The Terrible Archivist PUBLISH YKXAKR@@cfp.pass-the-salt.org -YKXAKR My friends have phone numbers, not public keys en en 20250702T101000 20250702T104500 0.03500

My friends have phone numbers, not public keys

In 2023, in an effort to secure the distribution of its users public keys, WhatsApp announced [Key Transparency](https://engineering.fb.com/2023/04/13/security/whatsapp-key-transparency/). This aims to automatically verify a secure connection, without user interaction, such as scanning a QRCode. Similar effort have been shared by [iMessage](https://security.apple.com/blog/imessage-contact-key-verification), and [Proton Mail](https://proton.me/support/key-transparency). This talk goes over how key transparency works, how it is implemented today, and the challenges and improvements. It builds on deployed systems such as [WhatsApp](https://engineering.fb.com/2023/04/13/security/whatsapp-key-transparency/) or [Cloudflare](https://blog.cloudflare.com/key-transparency/), and on on-going standardisation efforts at [IETF](https://datatracker.ietf.org/wg/keytrans/about/) and [C2SP](https://github.com/C2SP/C2SP). PUBLIC CONFIRMED Talk https://cfp.pass-the-salt.org/pts2025/talk/YKXAKR/ Amphitheater 122 Thibault Meunier (Research, Cloudflare) PUBLISH LEMGYM@@cfp.pass-the-salt.org -LEMGYM Always more secure? Analyzing user migrations to federated e2ee messaging apps en en 20250702T110000 20250702T113500 0.03500

Always more secure? Analyzing user migrations to federated e2ee messaging apps

With the current massive user migration from X and Meta to decentralized social media such as Mastodon, the interest in federated communication infrastructures is gaining traction. We have been documenting similar tendencies since 2018 already, analyzing how users in various contexts shift their preferences in terms of secure messaging applications. In the context of a longitudinal study of secure messaging apps users and developers this presentation proposes to analyze several waves of user migrations and suggests an analytical framework to understand the changes in the perception of what’s a “good secure messaging app” with a particular attention to federated architectures and their potential. The “Signal gate” has shown that cryptographic properties of a messaging app per se do not offer a guarantee of security, and many other (sometimes even non-technical) qualities enter the game. We propose to understand digital security as an evolving sociotechnical process of adjusting tools and behaviors and to question the race for an “always more secure” messaging app. We argue that infrastructural choices (centralized vs decentralized vs distributed) and social practices (such as contact discovery) matter. PUBLIC CONFIRMED Talk https://cfp.pass-the-salt.org/pts2025/talk/LEMGYM/ Amphitheater 122 Ksenia Ermoshina PUBLISH SYFQXB@@cfp.pass-the-salt.org -SYFQXB Messaging Layer Security (MLS) – towards more end-to-end encryption en en 20250702T113500 20250702T121000 0.03500

Messaging Layer Security (MLS) – towards more end-to-end encryption

PUBLIC CONFIRMED Talk https://cfp.pass-the-salt.org/pts2025/talk/SYFQXB/ Amphitheater 122 Raphael Robert (MLS co-author, CEO of Phoenix R&D) PUBLISH P3DZRZ@@cfp.pass-the-salt.org -P3DZRZ Usable end-to-end security with Delta Chat and Chatmail en en 20250702T140000 20250702T143500 0.03500

Usable end-to-end security with Delta Chat and Chatmail

PUBLIC CONFIRMED Talk https://cfp.pass-the-salt.org/pts2025/talk/P3DZRZ/ Amphitheater 122 Holger Krekel PUBLISH AN9QJ8@@cfp.pass-the-salt.org -AN9QJ8 Matrix French gov deployment: opening a private federation securely en en 20250702T143500 20250702T151000 0.03500

Matrix French gov deployment: opening a private federation securely

PUBLIC CONFIRMED Talk https://cfp.pass-the-salt.org/pts2025/talk/AN9QJ8/ Amphitheater 122 Mathieu Velten Yoan Pintas PUBLISH UATTRT@@cfp.pass-the-salt.org -UATTRT When Priority Isn’t Enough: Exploiting the VRRP Tie-Breaking IP Mechanism en en 20250702T154000 20250702T160000 0.02000

When Priority Isn’t Enough: Exploiting the VRRP Tie-Breaking IP Mechanism

PUBLIC CONFIRMED Short Talk https://cfp.pass-the-salt.org/pts2025/talk/UATTRT/ Amphitheater 122 Geoffrey Sauvageot-Berland PUBLISH EN3WB8@@cfp.pass-the-salt.org -EN3WB8 Wirego, a Wireshark plugin development framework en en 20250702T160000 20250702T162000 0.02000

Wirego, a Wireshark plugin development framework

Developing plugins for Wireshark is quite complex. The API in written in C, dates from 1998 and is quite poorly documented. When working on a protocol, the reverser wants to stay focus on its main task and really doesn't want to go deep inside the Wireshark source code. Wirego is a based on a Wireshark plugin which is ready to use and re-emits the Wireshark calls to a ZMQ (Zero-MQ) endpoint. A package/class/framework for a given language receives these calls and converts them back to simple API calls. The end-user only needs to inherit a class (or implement an interface in Go) with just a few methods in order to develop his plugin. Typically, one will simply implement seven methods in order to define the plugin name, the plugin filter (used to filter packets matching with the protocol), the list of fields eventually returned by the dissector (the parser), three methods for the protocol detection and the dissector itself. A simple Wireshark plugin can be developed using only 100 lines of Python or less. Wirego has been designed to easily allows the integration of additional languages. Wirego is available on github: https://github.com/quarkslab/wirego/ PUBLIC CONFIRMED Short Talk https://cfp.pass-the-salt.org/pts2025/talk/EN3WB8/ Amphitheater 122 Benoit Girard PUBLISH RTTHMW@@cfp.pass-the-salt.org -RTTHMW ROPemporium party en en 20250702T091500 20250702T121500 3.00000

ROPemporium party

During this workshop, we'll work together to solve some of the exercises on the site. The aim is to give you enough theoretical and practical knowledge to be able to extend the experience by doing all the exercises proposed afterwards. The site offers exercises on intel x86-64, x86-32, ARM and MISP executables. After a presentation of the platform, and the main concepts involved in ROP, you'll be able to learn from the exercises : - Get to grips with the tools to discover an initial function calling technique. - Call a function with a parameter already present in the executable. - Master the convention of passing parameters for more complex calls. - Learn how to place some data in the memory and pass it as a parameter - Search for usable gadgets when the most obvious are not available. - Finally, we'll create a slightly more complex ROP chain using a pivot technique. As an epilogue, if time permits, we'll take a look at ARM binary exploitation with qemu, to encourage you to extend the experience. The workshop is ideally aimed at people familiar with x86 assembler and the basics of binary exploitation with buffer overflow. To carry out the exercises you will need a Linux machine with the following open-sources tools : - gdb - a gdb extension such as GEF or pwndbg - python3 - pwntools - radare2 - ropper ou ROPGadget and optionally - 32-bit libraries (libc6-i386) - qemu A docker image containing the required tools will be made available and its use encouraged. <b>Docker is therefore the main requisite.</b> By the way, to avoid clogging up the network and save time at the beginning of the workshop, please, try to anticipate to download the materials : <code> git clone https://github.com/cdpointpoint/ropemporium_party.git cd ropemporium_party ./run_ptsrew.sh </code>. The run script will pull the 2 Go docker image the fist time. It is also possible to follow the workshop without carrying out (all) the manipulations during the session and keep focus on explanations or exchanges. PUBLIC CONFIRMED Workshop https://cfp.pass-the-salt.org/pts2025/talk/RTTHMW/ Room LW109 Jean-Côme Estienney (CNAM) PUBLISH K3MKZQ@@cfp.pass-the-salt.org -K3MKZQ MISP for analysts en en 20250702T140000 20250702T163000 2.03000

MISP for analysts

Outline Introduction to MISP - Overview of MISP and its features - Presentation of the example case Getting Started - Create and populate a MISP event - Generate a report - Publish the event General Usage - Working with data: enrich, collaborate, export - Best practices Recap and resources PUBLIC CONFIRMED Workshop 2h30 https://cfp.pass-the-salt.org/pts2025/talk/K3MKZQ/ Room LW109 Pauline Bourmeau, Cubessa William Robinet (Conostix S.A.) PUBLISH CSHGVJ@@cfp.pass-the-salt.org -CSHGVJ Bluetooth Low Energy hacking with WHAD en en 20250702T091500 20250702T121500 3.00000

Bluetooth Low Energy hacking with WHAD

### Workshop objectives * Discover WHAD, a flexible wireless hacking Python framework and some of its key features * Learn how to easily scan, connect and interact with a BLE device using WHAD tools * Learn how to spoof any BLE device using WHAD * Learn how to create Python scripts using WHAD to automate BLE analysis and vulnerability exploitation * Hack a BLE smartband for fun and profit ! ### Prerequisites * A laptop with Virtualbox or VMWare virtualization software installed (host OS does not really matter) * We will provide a pre-configured VM a few days before the workshop * Administrative rights may be required for the VM to access the host's USB interfaces and HCI adapters * At least 2 free USB ports required on the host machine to plug some hardware devices, bring a USB hub if needed * A good knowledge of the Python programming language (Python 3.x) * A smartphone with Nordic Semiconductor's *nRF Connect* application installed (not mandatory but could be useful) * You can also bring any Bluetooth Low Energy device you think may be fun to fiddle with ;) ### Workshop agenda * I. What is WHAD ? * I.1. Introducing WHAD (purpose and global design) * I.1.1. Supported protocols/modulations * I.1.2. Combining simple tools to create complex tools * I.1.3. Python API * I.1.4. Examples of tools/research based on WHAD (quick demos) * I.1.5. Pros and cons * I.2. Core concepts * I.2.1. Getting protocol processing out of firmware * I.2.2. WHAD host/interface protocol * I.2.3. Interfaces and connectors * I.2.4. Tool chaining * I.2.5. Scripting * I.3. Installing WHAD * I.3.1. Installing and running WHAD in a VM (we provide a VM image) * I.3.2. Installing and running WHAD on your host computer (for the braves) * I.3.3. First contact with WHAD * II. Discovering BLE devices * II.1. Using wsniff to scan for BLE devices * II.2. Using wble-central to discover devices * II.3. Exporting a device profile to a file (for later user or reporting) * III. Interacting with a BLE device (hands-on) * III.1. Interactive mode using wble-central * III.1.a. Services and characteristics discovery * III.1.b. Reading and writing to characteristics * III.1.c. Subscribing for notifications or indications * III.1.e. Real-time monitoring with Wireshark * III.2. Scripting with WHAD and wble-central * III.2.a. Creating a script to avoid getting disconnected * III.2.b. Running a script with wble-central * III.2.c. Exporting and importing a BLE device's GATT profile for better speed * IV. Creating fake BLE devices (hands-on) * IV.1. Interactive mode using wble-periph * IV.1.a. Creating a device from scratch in interactive mode * IV.1.b. Scripting wble-periph to quickly setup a device * IV.1.c. Monitoring live with wireshark * IV.1.d. Dumping traffic to PCAP file * IV.1.e. Populating services and characteristics from exported GATT profile * IV.2. Scripting with WHAD and wble-periph * IV.2.a. Creating a script to advertise a specific peripheral * IV.2.b. Combining saved GATT profile and scripting for efficiency * V. Python scripting (hands-on) * V.1. WHAD Python API 101 * V.1.a. Connecting to a BLE device * V.1.b. Reading and writing to characteristics * V.1.c. Subscribing to notifications or indications * V.1.d. Sending handcrafted PDUs * V.1.e. Exporting traffic to PCAP * V.2. Final challenge * V.2.a. Discovering a vulnerable smart band * V.2.b. Writing an exploit with Python and WHAD * V.2.c. Hack all the smart bands ! PUBLIC CONFIRMED Workshop https://cfp.pass-the-salt.org/pts2025/talk/CSHGVJ/ Room LW112 Damien Cauquil (R&D Engineer at Quarkslab) Romain Cayre PUBLISH DEKPBL@@cfp.pass-the-salt.org -DEKPBL Make better shells with rcat en en 20250703T093000 20250703T095000 0.02000

Make better shells with rcat

Today, most reverse shells are done via an unencrypted TCP connection using `netcat` (looking at you https://revshells.com). We will see how to easily create __encrypted reverse shells__ (without installing tools on the targeted server). We will also discuss what is are _pseudo-TTY_, and how `rcat` makes it easier to transfer files over a TCP connection. https://github.com/0xfalafel/rcat PUBLIC CONFIRMED Short Talk https://cfp.pass-the-salt.org/pts2025/talk/DEKPBL/ Amphitheater 122 Olivier Lasne PUBLISH XE9K9T@@cfp.pass-the-salt.org -XE9K9T Hooking Windows Named Pipes with thats_no_pipe en en 20250703T095000 20250703T101000 0.02000

Hooking Windows Named Pipes with thats_no_pipe

- A quick introduction of the speaker. - A quick introduction of Windows Named Pipes APIs. - An overview of common attacks against Named Pipes. - Common mitigations against MitM attacks, and how to bypass them. - Live demonstration of the tool. PUBLIC CONFIRMED Short Talk https://cfp.pass-the-salt.org/pts2025/talk/XE9K9T/ Amphitheater 122 Thomas Borot (Pentester @Synacktiv) PUBLISH XZGSN8@@cfp.pass-the-salt.org -XZGSN8 Vesta Admin Takeover - Exploiting reduced seed entropy in $RANDOM en en 20250703T101000 20250703T103000 0.02000

Vesta Admin Takeover - Exploiting reduced seed entropy in $RANDOM

Vesta is a lightweight, web-based control panel that simplifies Linux server management, appealing to users seeking an intuitive alternative to traditional platforms like cPanel and Plesk. This presentation will examine a critical flaw in Vesta: an admin takeover exploit resulting from reduced seed entropy in the Bash $RANDOM variable. By transforming what was once a theoretical attack into a practical one, we successfully reduced the brute force domain of the seed by over 98%. This allows attackers to generate predictable random values, compromising the security of passwords and tokens. We will discuss the implications of this vulnerability and highlight best practices for enhancing server security in real-world applications. PUBLIC CONFIRMED Short Talk https://cfp.pass-the-salt.org/pts2025/talk/XZGSN8/ Amphitheater 122 Adrian Tiron PUBLISH 9ZCTRE@@cfp.pass-the-salt.org -9ZCTRE Auditing Keycloak Configurations with Neo4j en en 20250703T104500 20250703T110500 0.02000

Auditing Keycloak Configurations with Neo4j

Key points covered: * Simple export of Keycloak objects (realms, roles, users, groups, etc.) into Neo4j * Using Cypher queries to detect or visualize security gaps * Practical examples of identifying overlooked or excessive privileges * Maintaining a clearer overview of complex IAM configurations * Details on the upcoming open-source release for easy replication PUBLIC CONFIRMED Short Talk https://cfp.pass-the-salt.org/pts2025/talk/9ZCTRE/ Amphitheater 122 Kévin Schouteeten (pentester @Synacktiv) PUBLISH FUL7LS@@cfp.pass-the-salt.org -FUL7LS Putting pacman in jail: a sandboxing story en en 20250703T110500 20250703T114000 0.03500

Putting pacman in jail: a sandboxing story

PUBLIC CONFIRMED Talk https://cfp.pass-the-salt.org/pts2025/talk/FUL7LS/ Amphitheater 122 Rémi Gacogne (Security Team, Arch Linux) PUBLISH C9MMHN@@cfp.pass-the-salt.org -C9MMHN RootAsRole: Simplifying Linux Privileges and Fortifying Ansible Deployments en en 20250703T114000 20250703T120000 0.02000

RootAsRole: Simplifying Linux Privileges and Fortifying Ansible Deployments

RootAsRole is a Rust-based alternative to *sudo* for Linux systems. It allows the definitions of a co-administrated infrastructure with limited privilege sets through a structured role-based access control model and adhering to the principle of least privilege. In this presentation, we’ll explore how *sr* (the name of our tool, for **S**witch-**R**ole) is more secure or/and better than *sudo/doas/su* alternatives, and extends its utility for automation with Ansible and the valuable security insights it offers. PUBLIC CONFIRMED Short Talk https://cfp.pass-the-salt.org/pts2025/talk/C9MMHN/ Amphitheater 122 Yves Rütschlé (Security architect, Airbus Protect) Eddie Billoir PUBLISH PKWQUD@@cfp.pass-the-salt.org -PKWQUD Secrets at Sea: Hunting Exposed Code & Container Registries en en 20250703T140000 20250703T142000 0.02000

Secrets at Sea: Hunting Exposed Code & Container Registries

PUBLIC CONFIRMED Short Talk https://cfp.pass-the-salt.org/pts2025/talk/PKWQUD/ Amphitheater 122 Guillaume Valadon Gaetan Ferry PUBLISH RDEFF3@@cfp.pass-the-salt.org -RDEFF3 Fun with flags: How Compilers Break and Fix Constant-Time Code en en 20250703T142000 20250703T144000 0.02000

Fun with flags: How Compilers Break and Fix Constant-Time Code

PUBLIC CONFIRMED Short Talk https://cfp.pass-the-salt.org/pts2025/talk/RDEFF3/ Amphitheater 122 Antoine Geimer PUBLISH GBEYZP@@cfp.pass-the-salt.org -GBEYZP Analyzing Microarchitectural Side-Channel Attacks Using Open-source gem5 simulator en en 20250703T144000 20250703T150000 0.02000

Analyzing Microarchitectural Side-Channel Attacks Using Open-source gem5 simulator

PUBLIC CONFIRMED Short Talk https://cfp.pass-the-salt.org/pts2025/talk/GBEYZP/ Amphitheater 122 Mahreen Khan PUBLISH MMAXWW@@cfp.pass-the-salt.org -MMAXWW The Even Darker Web - Dirty tricks and questionable code choices on some of the world's largest websites. en en 20250703T150000 20250703T152000 0.02000

The Even Darker Web - Dirty tricks and questionable code choices on some of the world's largest websites.

The talk will cover the three categories of websites we encounter: 1. Phishing and scams: make a quick crime buck. 1. Tracking on legitimate websites: build a user profile over time without getting sued to oblivion 3. WAT: probably AI generated and trying to sell you the memecoin of the day We will go through a few remarkable examples captures on Lookyloo, explain what weird or crazy thing happened from the instant the URL starts to load all the way to when the page is rendered. We'll also look at the data gathered along the way, and search in the existing dataset for similar captures. PUBLIC CONFIRMED Short Talk https://cfp.pass-the-salt.org/pts2025/talk/MMAXWW/ Amphitheater 122 Raphaël Vinot (Developer, Lookyloo) PUBLISH 7K9MEV@@cfp.pass-the-salt.org -7K9MEV Metadata Protection in Instant Messaging Applications: a Review en en 20250703T153500 20250703T161000 0.03500

Metadata Protection in Instant Messaging Applications: a Review

This talk covers the obvious issue of long-term identities and the construction of the social graph and how some protections supposed to thwart the social graph recovery are flawed. Some of these attacks are publicly documented and still unmitigated by those affected by them. This talk also dives into less obvious metadata leaks, such as traffic correlation and ciphertext correlation. Finally it also points out that some of the studied instant messaging solutions do not protect all messages and leak metadata to third parties via attachment upload, push notifications, backups and voice/video calls. Sorting out which instant messaging application is the best is a non-goal for this talk. PUBLIC CONFIRMED Talk https://cfp.pass-the-salt.org/pts2025/talk/7K9MEV/ Amphitheater 122 Florian Maury PUBLISH BT3FTH@@cfp.pass-the-salt.org -BT3FTH EXADPrinter: Exhaustive Permissionless Device Fingerprinting Within the Android Ecosystem en en 20250703T161000 20250703T163000 0.02000

EXADPrinter: Exhaustive Permissionless Device Fingerprinting Within the Android Ecosystem

PUBLIC CONFIRMED Short Talk https://cfp.pass-the-salt.org/pts2025/talk/BT3FTH/ Amphitheater 122 Sihem Bouhenniche (University of Lille - Inria) PUBLISH JFTTLJ@@cfp.pass-the-salt.org -JFTTLJ Dive into Delta Chat, Chatmail, webxdc apps and P2P realtime en en 20250703T093000 20250703T123000 3.00000

Dive into Delta Chat, Chatmail, webxdc apps and P2P realtime

PUBLIC CONFIRMED Workshop https://cfp.pass-the-salt.org/pts2025/talk/JFTTLJ/ Room LW109 Holger Krekel Ksenia Ermoshina missytake PUBLISH 7A7B8G@@cfp.pass-the-salt.org -7A7B8G Apkpatcher: Reverse Engineering and Modifying Android Applications Without Rooting en en 20250703T140000 20250703T163000 2.03000

Apkpatcher: Reverse Engineering and Modifying Android Applications Without Rooting

# Objectives Understand the fundamentals of reverse engineering Android applications. Learn to use debugging tools to analyze Android app behavior. Bypass security mechanisms using Frida scripts. Sniff and replay Bluetooth Low Energy (BLE) communications. Modify Smali code to alter app functionality. Reverse engineer native libraries used in Android apps. Perform Man-in-the-Middle (MITM) attacks on HTTPS services. # Workshop Outline 1. Introduction to Android Reverse Engineering - Overview of Android app architecture. - Setting up the environment for reverse engineering. 2. Using a Debugger on Android Applications - Introduction to Android debugging tools. - Practical exercise: Debugging an Android app. 3. Bypassing Security with Frida - Introduction to Frida and its capabilities. - Writing Frida scripts to bypass security checks. - Hands-on: Implementing a Frida script. 4. Sniffing and Replaying BLE Communications - Overview of BLE technology. - Tools for sniffing BLE traffic. - Practical exercise: Capturing and replaying BLE data. 5. Modifying Smali Code - Introduction to Smali and its role in Android apps. - Techniques for modifying Smali code. - Hands-on: Altering app functionality through Smali. 6. Reverse Engineering Native Libraries - Understanding native libraries in Android. - Tools and techniques for reverse engineering. - Practical exercise: Analyzing a native library. 7. MITM on HTTPS Services - Introduction to MITM attacks. - Setting up a MITM proxy for HTTPS. - Hands-on: Intercepting and modifying HTTPS traffic. # Prerequisites Familiarity with command-line tools. Laptop and Android phone # Expected Outcomes By the end of the workshop, participants will have gained practical experience in reverse engineering and modifying Android applications. They will be equipped with the skills to analyze app security and implement modifications without requiring rooted devices. Workshop Duration: 1.5 hours PUBLIC CONFIRMED Workshop 2h30 https://cfp.pass-the-salt.org/pts2025/talk/7A7B8G/ Room LW109 Benoit Forgette