Important Notice: Workshops are limited to 25 participants, first come first served at the registration desk on the 11th, 15 minutes before each workshop. Check the requirements so you're prepared.
Workshops
Cryptanalysis workshop & Challenge (11th November @ 10:30 - 12:30)
Most cryptographic challenges are based on either implementation attacks (the key is somewhere in the working environment), mathematical attacks (finding weaknesses in the encryption algorithm) or on poor key management techniques (weak keys or weak key setup). In this workshop, we deal with a different approach based on a real case. A practical implementation of the Secret Sharing Protocol is presented in which a flaw enables to break the protocol far more efficiently than brute-force. The different steps are the following: - The Linux binaries are provided the day before the workshop. The aim is to play the reverse engineering part for anyone interested. A first prize will be awarded to the first attendee which provide the corresponding source code (assembly or C code) - At the beginning of the workshop the original source code is provided to the audience. The protocol and the code is explained in details (30' long) The attendees have 20' minutes to identify the flaw. A second award is given to the first attendee who identifies the flaw. - Data for the cryptanalysis challenge are given - The audience tries to find how to exploit the flaw and solve the challenge. A third award is given to the first attendee who solve the challenge or provide significant and convincing method to. (30') - The solution is given and presented (20') and a discussion takes part with the audience on the difference between flaws and backdoors Awards could be given either during the session of during the BSides Closing ceremony. The awards are provided by the speaker.
Android Hacking with Frida (11th November @ 13:45 - 15:45)
Have you ever used [Frida](https://frida.re/)? Do you perform security reviews on Android applications? The objective of this hands-on workshop is to walk you through how to use Frida against Android applications. During this workshop, we are going to resolve the OWASP crackmes (from level 1 to level 3) using only Frida. The learning outcomes are: - Set-up your Android environment - Usage of the common tools for Android analysis (adb, JADX and apktool) - Learn to create Frida scripts to place hooks on the fly - Find various solutions for the OWASP UnCrackable Level 1, 2 and 3 applications using Frida - Usage of Frida against non-rooted devices The workshop is suitable for pentesters, reversers, malware analysts, and mobile developers who never used Frida.