Insomni’hack 2014 video

Thank you !



INS2014_InsomniHack_0531 INS2014_InsomniHack_0525 INS2014_InsomniHack_0519 INS2014_InsomniHack_0516 INS2014_InsomniHack_0508 INS2014_InsomniHack_0474 INS2014_InsomniHack_0460 INS2014_InsomniHack_0437 INS2014_InsomniHack_0423 INS2014_InsomniHack_0396 INS2014_InsomniHack_0343 INS2014_InsomniHack_0342 INS2014_InsomniHack_0334 INS2014_InsomniHack_0301 INS2014_InsomniHack_0284 INS2014_InsomniHack_0263 INS2014_InsomniHack_0247 INS2014_InsomniHack_0244 INS2014_InsomniHack_0243 INS2014_InsomniHack_0095 INS2014_InsomniHack_0039 INS2014_InsomniHack_0007

Conference schedule

The conference schedule is now available on the conference page and shown below. Also, please note that the networking dinner location was wrong on our previous post. It has been corrected, the dinner will take place at this address:

Nash Airport Hotel
11 chemin de la Violette
1216 Cointrin

Don’t forget to register for the dinner, workshops, conferences and contest on Eventbrite (and for the AppSec workshops).

For those of you still working on our teaser, know that it will be taken offline tomorrow. So hurry and finish whatever you’re trying to exploit 😉

Track 1 Track 2 Track 3
9h30 – 10h30 Intro
Paul Such
Mikko Hypponen
10h30-11h coffee break
11h-12h When you can’t afford 0days.Client-side exploitation for the masses
Michele Orru, Krzysztof Kotowicz
Enjeux juridico-organisationnels et Contractuels du Cloud computing
Nicolas Rosenthal
Mapping malware infections
Ricky “HeadlessZeke” Lawshae
12h-13h30 lunch
13h30-14h30 Lurking in clouds: easy hacks for complex apps
Nicolas Gregoire
Deploying cyberdefense measures and Policies in a Critical Infrastructure Sector
Sébastien Bombal
14h30-15h30 JSMVCOMFG? To sternly look at JavaScript MVC and Templating Frameworks
Mario Heiderich
Binary art – funky PoCs & visual docs
Ange Albertini
Dalvik Executable (DEX) Tricks
Axelle Apvrille
15h30-16h coffee break
16h-17h RFIDler
Adam Laurie
I’ve got ARGuments for YOU !
Bruno Kerouanton

Final speaker

The speaker that completes our lineup for Insomni’hack 2014 is Adam Laurie, who will come and talk about RFIDler, a project designed to bring the world of Software Defined Radio into the RFID spectrum. As always, you can find more information on the conferences page.

We will be publishing the full conference schedule soon.

Networking Dinner

A networking dinner is planned on the evening of the 20th of March at 19h00

The dinner will be at the Nash Airport Hotel (11 chemin de la Violette, 1216 Le Grand-Saconnex, Switzerland)

You can now register for the event on eventbrite

There will be a fixed menu for the dinner, costing 50 CHF (43 Euros):

 Saladine bressanne

(Salade verte, poulet sauté, maïs, tomate, oeuf et avocat)

Bressanne Salad

(Green salad, fried chicken, corn, tomato, egg and avocado)


Pièce de boeuf rôtie avec sauce Winds

Roasted beef with Winds sauce

ou / or

Filet de canette rôti avec sauce miel et marsala

Roast duck fillet with marsala and honey sauce

**Servi avec Pommes paillasson et jardinière de légume

Served with Darphin potatoes and vegetables of the day


Profiterole sauce chocolat

Profiterole with chocolate sauce

There are a maximum of 50 seats reserved for this dinner, so make sure you register early.

Two more speakers

With the addition of Nicolas Rosenthal, Swiss legal expert, and Ricky “HeadlessZeke” Lawshae, security researcher with TippingPoint’s DVLabs, our lineup for Insomni’hack 2014 is just about complete. Though there may still be a surprise left 😉

As always, you can find more details about them and their talks in our Conferences section.

Another round of speakers announced

In addition to the already mentioned speakers, Sebastien Bombal will give a talk about cyberdefense, while Michele Orru and Krzysztof Kotowicz will team up and discuss client-side exploitation.

You can register for the conferences and the workshops on the Registration page. There are less than 15 Early-bird spots left!

And here is a quick recap of who you’ll be able to listen to at Insomni’hack 2014:

  • Mikko Hypponen (Keynote)
  • Ange Albertini (Binary arts)
  • Mario Heiderich (JS MVC and Templating)
  • Nicolas Gregoire (Lurking in clouds)
  • Bruno Kerouanton (Hidden challenges)
  • Axelle Apvrille (Dalvik tricks)
  • Sebastien Bombal (Cyberdefense)
  • Michele Orru & Krzysztof Kotowicz (Client-side exploitation)

The lineup is nearly complete!

More speakers announced

We are happy to announce that Nicolas Gregoire will give a talk about hacking cloud-based applications at Insomni’hack this year.

Returning speakers Bruno Kerouanton and Axelle Apvrille will also be present and will talk about cracking hidden challenges and Dalvik Executable tricks respectively.

Registrations are open

You can now register to the conferences, workshops and contest with the following link on Eventbrite :

Although the contest itself is free, we do require you to signup so we have an idea of how many people will be present.

Keynote speaker and Teaser information

In addition to Mario and Ange that were announced last week, we are proud to announce our keynote speaker : Mikko Hypponen!

You can find more information about all of them and their talks on the conference page here :

The teaser for the contest is also just about ready and will begin on Sunday (2nd of February). The three teams that will finish the teaser first will be awarded two nights for two rooms in a hotel near the conference venue!

We have a few rules for the teaser:

  • The teaser will officially last until 3 teams finish all the challenges, but we will leave the challenges online for some time after this for people who are not necessarily concerned about winning.
  • There is no size limit for your team for the teaser.
  • Do not attack anything else than the prepared challenges, no hacking the scoreboard or this website for example. If you do “unintentionally” discover a flaw that does not seem like it is part of the teaser, please write a blog post about it, we’ll probably find out after a while.
  • No destructive attacks are allowed, no (D)DoS or attacks that could stop other teams from completing the challenges.
  • You do NOT need to run DirBuster on any folder or bruteforce any login field, so don’t…

We reserve the right to disqualify any team who breaches these rules. We also reserve the right to change these rules at any time before or during the game, but as long as everybody behaves, this should not be necessary.

Follow out twitter account for any important updates : @1ns0mn1h4ck