SSTIC 2009 : it's over ...
Par Fabien PERIGAUD, mardi 9 juin 2009 à 12:51 :: General :: #314 :: rss
This is the terrible conclusion after this three-day symposium: unfortunately, it's over ...
This year, we're not going to make a report summarizing the various conferences, many blogs already do it, sometimes even in live.
It was an opportunity to reconnect with old colleagues and friends, meet new people, and assist once more to really exciting conferences. The subjects were very varied, ranging from abuse of BIOS features to implement a backdoor, to a talk on the real value of ISO 27001, through the now traditional legal intervention of Marie Barel, the failure of security in companies by Nicolas Ruff, or a reflection on the human being as a strong piece in the security. Although some subjects did not seem very exciting, the authors have often succeeded in generating interest for their work.
This year, our colleague Florent Marceau presented his work on automated malware analysis:
His approach implements a modified QEmu virtual machine to follow malicious code and the data it manipulates (Data tainting), in order to recover in clear-text ciphered bankers configuration files. Technical details of the implementation are available in the related paper.
The conference also provided an opportunity for Raphaël Rigo and Simon Marechal to present the resolution of the reverse-engineering challenge organized by Stéphane Duverger. The prizes were distributed to the winners, Florent won an iPod Touch, and I enjoyed a wonderful toothbrush that belonged to the creator of the challenge:
Rump sessions were more numerous than ever this year, with 23 interventions of 4 minutes each. As usual, the subjects covered were varied. I enjoyed the rump of Jean-Baptiste Bédrune who has discovered a weakness in the algorithm to generate WPA/WPA2 keys used in two french ISP "boxes". Special mention for the EthyloSSTIC rump, with a USB breathalyzer and its application which controls alcohol level prior to login on a system 
Last but not least, the Social Event, which is the opportunity to meet and interact with participants and speakers, has been a real success. Organized this year in Coq Gadby, it brings together all participants in a large and pleasant place.
I now have to thank the whole Organizing Committee for the 7th edition of SSTIC, waiting impatiently for the 2010 opus.