Portail:SecurIMAG Ensimag IT security and hacking club
[modifier]
SecurIMAG @ GRENOBLE
SecurIMAG is an Information Security and hackers club at the french engineering school Ensimag. We are exchanging about various security topics.
Current members include Ensimag MSc and PhD students, but anybody interested is welcome.
Contact
- club AT securimag.org, @SecurIMAGTwitte or LinkedIn ; Flickr photos
- IRC: #securimag on securimag.org:+6697
- subscribe to the securimag mailing-list. once you are subscribed, you can communicate with members via securimag-hacking-ctf-ensimag __at!__ googlegroups.com
- List of SecurIMAG-members
[modifier]
Meetings
Upcoming Meetings
- We are meeting every Thursday (except during uni holidays) generally from 5pm15 till 6pm45
<include iframe="yes" width="100%" height="200px" src="https://www.google.com/calendar/embed?mode=AGENDA&height=200&wkst=1&bgcolor=%23FFFFFF&src=car-online.fr_2ib9vtt29brqlcb67afhfj34qc%40group.calendar.google.com&color=%236B3304&ctz=Europe%2FParis" />
Previous meetings
- 2014-01-23 Fichier:Soutenance ECC - Janvier 2014.pdf by user:degoerdf and user:jeanneg
- 2013-12-12 Fichier:The multithreaded Nyan cat journey.pdf by user:degoerdf and user:jeanneg
- 2013-11-28 Fichier:Securimag-2013-11-28-A Walk Into Sha1.pdf by user:grandemk
- 2013-11-18 Fichier:Securimag-2013-11-18-GreHack2013-CTF Writeup Deva.pdf by user:jeanneg
- 2013-11-07 Fichier:SecurIMAG-2013-11-07-Steganography in pdf.pdf by 0x835
- 2013-10-24 Fichier:SecurIMAG-2013-10-24-Quantum Cryptography - the keychain of Schrodinger's cat.pdf by user:degoerdf
- 2013-10-03 Fichier:SecurIMAG-2013-10-3-RE Fun&Profit.pdf by user:desplanf
- 2013-09-26 Fichier:SecurIMAG-2013-09-26-Presentation Attacks Using Malicious Devices-François Desplanques-Guillaume Jeanne.pdf by user:desplanf & user:jeanneg
- 2013-07-18 Fichier:SecurIMAG-2013-07-18-Attacks Using Malicious Devices-François Desplanques-Guillaume Jeanne.pdf by user:desplanf & user:jeanneg
- 2013-03-22 SecurIMAG-CTF_Write-ups
- 2013-03-21 Fichier:SecurIMAG-2013-03-22-ForbiddenBits Reverse-Engineering Challenges.pdf by user:desplanf
- 2012-12-06 Fichier:SecurIMAG-2012-12-06-Questions asked during interview.pdf by user:jeanneg
- 2012-11-22 Maciej Korczynski - PhD Defense - Classifying Application Flows and Intrusion Detection in Internet Traffic (VIDEO)
- 2012-11-15 challenge writing time
- 2012-11-08 Fichier:SecurIMAG-2012-11-08-GreHack-2012-how to create a hacking conference and make its website survive.pdf
- 2012-10-25 grehack challenges corrections, by Ajax, deva
- 2012-10-19 GreHack, première conférence + CTF de hacking à Grenoble, a 1H de Lyon (réservation nécessaire)
- 2012-09-06 Fichier:SecurIMAG-2012-09-06-pub rentree.pdf Amphi E à 17H
- 2012-05-23 - Fichier:Table ronde a Grenoble IUT2.pdf
- 2012-04-26 user:mougeyc : Fichier:SecurIMAG-2012-04-26-botnet-brief state of the art.pdf (request video access to user:mougeyc)
- 2012-04-19 user:martincl + user:tollardt: Fichier:4MMSR-2011-2012-student seminar-Recent advances in IPv6 insecurities - Marc van Hauser Heuse - 27C3-CCC 2010.pdf
- 2012-04-05: Fichier:SecurIMAG-2012-04-05-Filiere Ensimag et Metiers Securite-un point de vue.pdf (request video access to user:duchenef)
- 2012-04-05: P. Malterre - The Onion Router (TOR) + Information System Monitoring (slides will not be publicly available. contact the author or user:duchenef)
- 2012-03-29: current Fabien's work: XSS Vulnerability Detection Using Model Inference Assisted Evolutionary Fuzzing Fichier:SecurIMAG-2012-03-29-XSS Vulnerability Detection Using Model-Inference Assisted Evolutionary Fuzzing.mp3
- 2012-03:21: street SecurIMAG: discussions about SecurIMAG-2012-CTF-GreHack-public. For SecurIMAG members see SecurIMAG-2012-CTF-GreHack-private
- 2012-03-08: blackbox basic pentest of a web application http://www.pokersmashnote.com
- 2012-03-01: Fichier:SecurIMAG-2012-03-01-Wifi security-WEP & WPA vulnerabilities-guillaume jeanne.pdf, user:jeanneg 802.11 Security (video)
- 2012-02-09: Fichier:SecurIMAG-2012-02-09-Let me SQL injection your heart-Franck DG-Fabien D.pdf, user:degoerdf user:duchenef (Audio: Fichier:SecurIMAG-2012-02-09-Let me SQL injection your heart-Franck DG-Fabien D-audio.mp3)
svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev
- 2012-02-02: Fichier:SecurIMAG-2012-02-02-miasm a reverse engineering framework-serpiliere.pdf, by Serpiliere - Fabrice Desclaux - Serpi (remote streaming) ; MIASM at googlecode
hg clone https://code.google.com/p/miasm/
- 2012-01-26: Hacking CTF like security examination + paper XSS vulnerability detection using model inference assisted fuzzing, user:duchenef
- 2012-01-12: Alexandra Ruiz (LEXSI) - Fichier:SecurIMAG-2012-01-12-Legal aspects in infosec-Alexandra Ruiz-LEXSI.pdf Fichier:SecurIMAG-2012-01-12-Legal aspects in infosec-Alexandra Ruiz-LEXSI.mp3
- 2011-12-15: User:Hamraoua + User:duchenef - Fichier:SecurIMAG-2011-12-15-Android Security-Back to basics-Fabien D- Adrien H.pdf (Fichier:SecurIMAG-2011-12-15-Android Security-Back to basics-Fabien D- Adrien H.mp3)
- 2011-12-08: Guillaume + Fabien - Fichier:SecurIMAG-2011-12-08-Windows NT6.1-Live forensics and exploitation.pdf (Fichier:SecurIMAG-2011-12-08-Windows NT6.1-Live forensics and exploitation.mp3)
- 2011-12-07: Fichier:SecurIMAG-2011-12-07-Mathieu Blanc-CEA-.pdf invité par M.L. Potet
- 2011-12-01: Fichier:SecurIMAG-2011-12-01-sanjay-plz gimmie a ROPe.pdf (Fichier:SecurIMAG-2011-12-01-sanjay-plz gimmie a ROPe.mp3) Sanjay
- 2011-11-24: Securimag challenges correction User:hossen User:tourong
- 2011-11-17: Fichier:SecurIMAG-2011-11-17-teach-a long way from browser vulnerability to kernel exploitation.pdf teach
- 2011-11-10
- 2011-11-03 5pm-6pm30
- Hari, internet banking security Fichier:SecurIMAG-2011-11-03-Hari-Internet banking security.pdf Fichier:SecurIMAG-2011-11-03-Hari-Internet banking security.mp3
- 2011-10-20 5pm-6pm30 - ensimag Amphi E
- pentesting missions. next talks. discussions
- (eventually) correction of from blind SQL injection to Local File Inclusion Fichier:5MMSSI-2011-2012-TP2-web exploitation and basic risk analysis.pdf
- (eventually) Arnaud wargame proposal: http://intruded.net http://root-me.org
- October 13th 2011
- Nothing. "Ensimag corporate partners day"
- October 6th 2011, 5pm-6pm30 - Ensimag - Amphi E
- Camille : Fichier:Securimag-2011 10 06-MOUGEY Camille-Introduction to XSS attacks.pdf
- Suggested reading before the talk:
- 5MMSSI-Common vulnerabilities and attacks - web, Fabien, Karim: Fichier:5MMSSI-2011-2012-1-common vulnerabilities and attacks-chapter 1-web.pdf
- Julien, Camille : Fichier:CSRFIntro.pdf
- Suggested practical assessment before the talk: 5MMMSI-2011-2012-practical_assessment-web_exploitations_and_basic_risk_analysis
- Suggested reading before the talk:
- Camille : Fichier:Securimag-2011 10 06-MOUGEY Camille-Introduction to XSS attacks.pdf
- September 29th 2011, 5PM-6PM30!!!, Amphi E
- 2011-09-22
- 2011-06-09. 6pm-7pm30, amphi E
- 2011-06-01. 6pm-7pm30, amphi E
- An Accurate Sampling Scheme for Detecting SYN Flooding Attacks and Portscans, Maciejk Fichier:Securimag-2011-06-maciejk-An Accurate Sampling Scheme for Detecting SYN Flooding Attacks and Portscans-paper.pdf
- Fichier:Compte rendu des Etats Generaux de l'Identite Numerique.pdf, Senat, Avril 2009, Yves
- 2011-05-26. 6pm-7pm30
- 2011-05-19. 6pm-7pm30
- 2011-05-12. 6pm-7pm30
- 2011-05-05 5pm30-7pm30
- Camille, web challenge
- Pedro, Fichier:SecurIMAG-2011-05-05-Internal Network Threats-Pedro Paganela.pdf
- 2011-04-28 5pm30-8pm
- 2011-04-21 5pm30-7pm, D327
- Epreuve Crypto 200, Nuit Du Hack Prequals, WriteUps intéractif, Arnaud ( ~ 10 min )
- ideas
- 2011-04-14
- 2011-03-31
- 2011-03-24
- Utilisation de graphes d'attaques pour tester la securite d'un systeme by Bilal Kanso, presented by Fabien Duchene
- 2011-03-17
- Practical padding oracle attacks, BlackHat US 2010, presented by Karim
- SmartFuzzing, presented by Olivier
- 2011-03-10
- Apple iOS security mechanisms, Fabien Duchene
- 2011-03-03
- Overview of stack-based buffer overflows, protection and exploitation (live presentation :)), Karim
[modifier]
Library
SecurIMAG members have MANY security books. You can borrow them by sending an email to the mailing-list and writing your name here:
Title | Author | lended by | PERSON WHO HAS IT RIGHT NOW |
Know your enemy | the honeynet project | Florent Autreau | |
Secret & Lies | Bruce Schneier | Florent Autreau | |
Web Security | Avi, ranum and al. | Florent Autreau | |
Network Intrusion Detection - an analyst's handbook 2nd ed. | Northcutt and al .. | Florent Autreau | |
Intrusion Signatures and Analaysis | Northcutt and al .. | Florent Autreau | |
Honeypots - tracking hackers | Lance Spitzner | Florent Autreau | |
The Next Catastophe | Charles Perrow | Florent Autreau | |
Secrets & Lies - Digital Security in a Networked World | Bruce Schneier | Florent Autreau | |
Web Security, Privacy & Commerce - 2nd edition | Simon Garfinkel with Gene Spafford | Florent Autreau | |
Solaris Security | Peter H. Gregory | Florent Autreau | |
Intrusion Detection | Rebecca Gurley Bace | Florent Autreau | |
Halting the Hacker | donald l. pipkin | Florent Autreau | |
hp ux 11i security | chris wong | Florent Autreau | |
hacking voip exposed | david endler (tippingpoint) & mark collier | Florent Autreau |
[modifier]
Challenges
The goal of an IT security challenge is to get a flag (string which does prove you solved the problem) and then to prove you own that flag (usually by submitting it into a system).
- Challenges
- Write-Ups
- External challenges: WeChall.net crackme.de wechall.net intruded.net, root-me.org, hack-me.org Nebula newbiecontest.org sh4ka Bandit
[modifier]
Projects
Security projects could be a way to improve your IT security skills. We have several ideas which could be implemented:
Security projects advices
- peer communication will help you progress, thus please work together on projects. Also do not forget to indicate the members on that page
- license: you are free to choose whatever best suits your needs (eg: GNU GPL
- if you have any idea, feel free to add it here, or discuss it on the mailing list
[modifier]
Ressources
What is a talk?
A presentation lasting from 30 minutes to 2 hours (maximum) regarding a topic of your choice focusing on at least one aspect of information security. Advised duration: 1h30. You talk has to introduce the topic, present the required concepts for fully understanding the core of your speech. Then the core of your speech, "the beef", also a practical demonstration "demo" is highly advised, then one slide of conclusion.
- The SecurIMAG mailing list is here to help you choose your topic. Some topics are provided on the SecurIMAG homepage
- SecurIMAG reviewers will advise you modifications before and after your talk.
Templates
Talk hints
- peer reviews: do not hesitate to send your slides to your peers before the presentation. They could have usefull tips / hints / advices for you
- 3 weeks before: summary + table of content
- 2 weeks before: 1st draft
- 1 week before: 2nd draft
- also please indicate which assumed talks the public is supposed to have read BEFORE the talk
- 2 days before: final review
- FUN: do not forget it ;)
SecurIMAG presentations
[modifier]
CTF and security conferences
- GreHack 2013
- SSTIC 2k13
- NSC 2k13
- InsomniHack 2013 (write-ups)
- GreHack 2012
- HIP 2k12
- NDH 2k12
- SSTIC 2k12
- Insomni'Hack 2012 (CTF)
- HIP - Hack in Paris 2k11 (public)
- NDH - Nuit du Hack 2k11 (public + CTF teams)
- HES 2k11 (public)
[modifier]
Newbies?
Books
Magazines
- MISC (security)
- Linux Magazine (administration and development on UNIX systems)
VPN
[modifier]
Security mailing-lists
[modifier]
Studying information security?
Several websites recense SOME Master degrees that are specialized in information security.
France
Grenoble
- at Ensimag, security is part of the cursus. check out that presentation in french regarding several Fichier:SecurIMAG-2012-04-05-Filiere Ensimag et Metiers Securite-un point de vue.pdf.
Various
- ESIEA
- Epitech
- EPSI Lyon
- INSA Lyon
- Limoge, Cryptis
- Telecom Paris SSIR
- UTC
- UVSQ
Universities List ONLY (does not contain Engineering School)
Master specialises (bac+5 "+1 ")
Drawbacks
- Expensive ... Is it worth the price?
- Will non-technical stuff (eg: MEHARI, ISO 2700X, PCA, PRA) be of your interest?
- They claim to be Bac+6, do companies in France care?
To be completed list
- Telecom Paris - Sécurité des Systèmes et des Réseaux
- ESIEA - International Master In Computer Security and Cyberwarfare
- ENSIBS - Devenir ingénieur en cyberdéfense - Formation
Already working?
Outside France
MANY universities have specialized courses in security:
Australia
- University of Queensland: COMS4507 Advanced Computer and Network Security
Germany
- KIT
Sweden
- KTH
[modifier]
A career in information security?
Some security researchers at Grenoble
- Yves Deneulin (systems, distributed computations)
- Philippe Elbaz-Vincent (mathematics)
- Roland Groz (test, networks)
- Karim Hossen (model inference, model checking, web)
- Fabien Duchene (test, fuzzing, web)
- Marie-Laure Potet (formal methods, compilation, static analysis)
- Jean-Louis Roch (coding, cryptography)
- Pascal Lafoucarde (logic)
- Yassine Lakhnech (protocols)
- Cedric Lauradoux (Security, Information theory, Algorithms)
- Laurent Mounier (model checking, verification, static analysis, dynamic analysis)

Selected security experts, companies and researchers in France
- Chaouki Bekrar (VUPEN)
- Eric Filiol (ESIEA) http://bugbrother.blog.lemonde.fr/2010/05/24/eric-filliol-letat-doit-sappuyer-sur-les-hackers/
- Ivanlef0u
- Fred Raynal (Quarkslab)
- Nicolas Ruff (EADS) @newsoft http://news0ft.blogspot.fr/2009/07/lechec-de-la-securite-francaise.html

A more general perspective