Back to top

Important Notice: Workshops are limited to 20 participants, first come first served at the registration desk on the 30th, 15 minutes before each workshop. Check the requirements so you're prepared.


Modern Binary Exploitation Techniques for Linux ()

André Baptista and Federico Bento

We are not in the 90’s anymore. Many memory corruption mitigations were introduced through all these years. Are you a curious person about memory corruption vulnerabilities or you want to learn how to develop exploits that will work in the present? We prepared this workshop for you!

In this workshop we will cover modern exploitation techniques, including: ROP chains, read/write-what-where primitives, return to libc, heap exploitation, use-after-free and kernel exploitation techniques. We will focus on Linux, using simple examples, but these techniques can also be used on other operating systems.


* Basic knowledge about binary exploitation mitigations (ASLR, NX, Stack Canaries)
* Reverse engineering techniques (static and dynamic analysis)
* Debugging on Linux with GDB (GEF - GDB Enhanced Features recommended)
* Pwntools installed on a Linux distribution (Ubuntu 16.04 recommended)

Active Directory security: 8 (very) low hanging fruits and how to smash those attack paths ()

Rémi Escourrou and Nicolas Daubresse

Pentester or attacker often exploit the same obvious vulnerabilities in Active directory. Come learn how to exploit and mitigate them.

Welcome in Noob Firm, the most insecure network ever, we have a very large Active Directory environment and we do no security at all. For now, no one ever hacked our corporate network (at least we hope) but our new CISO requires us to perform a security assessment.
Your mission, should you choose to accept it, is to evaluate our security level and fix the issues.

Detailed content

In this fully hands-on workshop, we’ll guide you through 8 of the lowest hanging fruits weaknesses that we witnessed during numerous penetration tests. You’ll learn how to :
* Spot passwords inside user descriptions
* Find passwords on shared folders
* Spray passwords over accounts
* Quickly detect obsolete workstations and servers
* Get free password hashes by kerberoasting
* Pivot from machine to machine by reusing local credentials
* Spot machines where Domain Admins are connected
* Retrieve Domain Admins credentials in memory

Crackmapexec, Powerview, SharpRoast, Mimikatz will be your best friends during this workshop.
Hand-on exercises will be performed on our lab environnement with more than twenty virtual machines. For each attack, we will also discuss about mitigation techniques.


This training is aimed at people willing to start with Active Directory security and hands-on sessions. There is no specific requirement for attendees except a basic IS and infosec culture.
All attendees will need to bring a laptop capable of running virtual machines (4GB of RAM is a minimum). Each attendee will be given a USB key with a Windows virtual machine with the necessary pentesting tools to perform the lab sessions.

Binary protocol analysis with CANAPE ()

Hans-Martin Münch and Timo Müller

CANAPE is a Windows toolkit for analyzing binary protocols in a graphical environment, written by James Foreshaw. This workshop provides a practical overview by analyzing an example protocol.

CANAPE is a capture and manipulation tool for arbitrary network protocols. It was developed by James Forshaw during his time at Context IS. Simplified, CANAPE can be described as “Burp forbinary protocols”
Sadly, the tool is not well documented, which often causes trouble for users that never worked with CANAPE before. This workshop tries to fix that by providing an practical overview of CANAPE. It is based on a original workshop that James Forshaw hosted in 2014 at 44con.


Participants must have a Windows system (at least Windows 7), Virtual Machines are fine.