Keynotes
Strategic cyber threat analyst, Coline Chavane is part of the Threat Detection & Research Team of Sekoia.io. She focuses on state-sponsored threats and geopolitical analysis. She had previous experiences working at the French National Cybersecurity Agency and at Thales.
Amaury-Jacques Garçon is a cybersecurity engineer working as technical Threat Intelligence analyst and focusing on the investigation of state-sponsored threats, currently at Sekoia.io . With professional experience in open source investigation, he has worked for the French Ministry of Armed Forces.
2024 Elections in the Crosshairs: Cyber Threats and Influence Operations
2024 is election year for a number of countries including the US, the EU, Moldova and India. This presentation will provide an analysis and feedback on the cyber threats targeting this year's electoral processes, based on the report "Guarding Democracy: Assessing Cyber Threats to 2024 Worldwide Elections" from Sekoia Threat Intelligence & Research (TDR). We will focus in particular on influence campaigns affecting elections, and deep-dive with our investigation on the DoppelGänger group.
Language: French (subtitled in English)
Elisa Chiapponi is a Security Researcher in the Global Security Operations of Amadeus (France). In 2023, she obtained her Ph.D degree in Cryptography and Security from Sorbonne Université (France) with a thesis titled "Detecting and Mitigating the New Generation of Scraping Bots" working on her research project in the Digital Security Department of EURECOM (France). In the spring of 2022 and 2023, she was a visiting researcher at the Resilient Computing and Cybersecurity Center (RC3) of King Abdullah University of Science and Technology (Saudi Arabia). In 2024, she was awarded Microsoft Partners Woman Role Model in the category Young Talent. In 2023, she obtained the second place at the Cyber Woman Researcher European Award by CEFCYS. Her domains of interest and expertise are Network and Application Security, Internet Measurements, Bot Mitigation and Proxy Identification.
Countering Residential IP Proxies: Detection Techniques and Strategic Insights
Residential IP Proxies (RESIPs) enable proxying requests through large networks of residential devices used concurrently by genuine users. These proxies are attractive to malicious actors because of their advantages in automated campaigns, including access to reputable residential IPs and integrated services like automated CAPTCHA solving. In this talk, we will showcase various types of attacks that exploit these proxies and introduce new methods to detect and prevent their activity on the server side. We will present successful results from applying these techniques in both semi-controlled and real-world environments. Additionally, we will offer new insights into the inner working and modus operandi of RESIPs, derived from our data collections.
Language: English (subtitled in French)
Mike Eftimakis has an extensive background in the electronics industry with 30 years in senior technical and business roles. He has been innovating with companies like VLSI Technology, NewLogic or Arm. He is now VP Strategy and Ecosystem at Codasip, where he drives the long-term vision and its day-to-day implementation. In parallel, he is a Founding Director of the CHERI Alliance.
The CHERI Alliance
The worldwide cost of cyberattacks now reaches an estimated $10 trillion per year. Memory safety issues continue to be the main source of cyber security problems and have consistently represented ~70% of vulnerabilities over the past 20 years. Therefore, there is a strong and increasing interest in CHERI (Capability Hardware Enhanced RISC Instructions), a technology that mitigates memory safety vulnerabilities by design. It provides security features at the hardware level that can be leveraged by the software to provide more robust security. It has been developed by University of Cambridge and other research labs, and after 14 years of improvement and tuning, it is now ready to go into products. However, getting the industry to adopt a new security technology requiring new hardware, is not something that will happen without a proactive and coordinated effort. This is the goal of the CHERI Alliance, a non-profit organisation created to accelerate the adoption of the technology. This talk provides an overview of the CHERI technology: the benefits it provide, an overview of how it works, and the constraints associated with its integration. It also introduces the CHERI Alliance: its objectives, its means and its roadmap.
Language: French (subtitled in English)
Sébastien Brillet
Cybersecurity Expert DGA France
Cybersecurity Expert DGA France
After gaining experience in industrial R&D (Mitsubishi, Renesas) and academic research (Inria), Sébastien Brillet joined the French Ministry of Armed Forces' Defense Procurement Agency (DGA) in 2015. His work focuses on the internal architecture of the Windows operating system, as well as the security mechanisms involved in PC boot processes.
Implants, Bootkits, and Boot Protection
Modern computers are equipped with a significant amount of low-level software, commonly known as firmware, which often initializes before the processor and operating system. This presentation will focus on the UEFI boot firmware, a frequent target for sophisticated cyberattacks. We will explore real-world threats that exploit vulnerabilities in the boot process and discuss the security measures and mitigations designed to defend against these evolving risks.
Language: French (subtitled in English)
Philippe Teuwen (@doegox) is R&D Lead at Quarkslab, happily sailing across the frontier between hardware and software security, having enabled new vector attacks and open source tools such as adaptation of side-channel techniques towards whitebox cryptography, EEPROM tear-off attacks defeating various RFID security features, etc. He's in the editorial team of the International Journal of PoC||GTFO and loves organizing Hardware CTFs.
MIFARE Classic: exposing the static encrypted nonce variant... and a few hardware backdoors
We will present our latest research on a next-generation MIFARE Classic compatible card manufactured by Shanghai Fudan Microelectronics, designed to resist all known card-only attacks. We uncovered several critical vulnerabilities, including a hardware backdoor that enables unauthorized key authentication and user key cracking within minutes. Our findings reveal that a common backdoor key is shared among all FM11RF08S cards, entirely compromising their security. These troubling findings do not stop there, as we also identified similar backdoors in other Fudan and legacy cards, raising further questions.
Language: French (subtitled in English)
Thomas Roche is co-founder and security expert at NinjaLab (ninjalab.io). His research interests lie in all aspects of cryptography with a focus on implementation issues. Thomas hobby these last years: trying to find side-channel vulnerabilities inside the most secure chips available on the market. After his PhD in applied mathematics from Grenoble University and a short postdoc at the university of Paris 8 and Oberthur Technologies (now IDEMIA), Thomas worked 4 years at ANSSI (French Cybersecurity Agency) and 2 years at APPLE prior to founding NinjaLab with Victor Lomné in 2017.
EUCLEAK: Side-Channel Analysis of Infineon Secure Elements, Application to the Yubikey 5 Series
The work presented in this talk reveals a side-channel vulnerability in the cryptographic library of Infineon Technologies, one of the biggest secure element manufacturers. This vulnerability – that went unnoticed for 14 years and about 80 highest-level Common Criteria certification evaluations – is due to a non constant-time modular inversion. Moreover it is shown to be exploitable in practice on a widespread 2FA FIDO security keys: the Yubikey 5 Series. The full technical details of this work were made public on September 3rd 2024 (https://ninjalab.io/eucleak/), we will go over them and what they can tell us about the current state of secure elements and security certifications.
Language: French (subtitled in English)
Bertrand Le Gorgeu is deputy chief of the industry and technology division of ANSSI, the French national cyber agency. Prior to that he was program manager for the Olympics at the agency. For 4 years he coordinated the agency internal and external resources to secure an ecosystem made of over 500 entities. Games time, he was part of the agency strategic operation centre.
Preparing and Conducting a Major Sporting Event from a Cyber Standpoint: ANSSI and the Paris 2024 Olympics
This keynote will focus on ANSSI’s preparation for the Paris 2024 Olympics, covering key milestones since 2018 and the agency's approach to securing such a major event. It will also address how ANSSI has mobilized a diverse ecosystem, including competition venues, event organizers, and private sector actors, to improve cyber maturity and readiness. Finally, the presentation will provide an overview of incidents and events during the Games, sharing important lessons learned to enhance future cybersecurity strategies.
Language: French (subtitled in English)
The National Cyber Unit, established in 2023, operates under the Operations/Employment Division of the Gendarmerie. This unit carries out its missions across the entire national territory, focusing on the prevention and suppression of specialized, organized, or transnational forms of cybercrime. It is also responsible for combating the use of electronic communication networks or digital technologies to facilitate criminal activity. The unit oversees, coordinates, and leads the Gendarmerie Nationale's efforts in the fight against cyber threats.
Feedback on Cyber Threats in France: Overview of Cyberattack Threats and Criminal Trends
This presentation will provide the audience with key statistics and an overview of cybercrime, with a particular focus on the domain of cyberattacks. A concrete case study on the Lockbit gang, which was targeted in a major anti-ransomware operation to which the Gendarmerie contributed, will also be discussed. The presentation will conclude with an analysis of emerging trends in the field of cybercrime.
Language: French (subtitled in English)