🚨📢 Insomni'hack 2025
🛡️💻 Approximately 600 participants engaged in the hacking competition, tackling 33 challenges.
Congratulations also to the academic winners:
🥇Polyflag
🥈@LosFuzzys
🥉@phreaks2600
🚀 See you next year for new adventures!
Slides of my talk "Malware analysis with R2AI": https://filestore.fortinet.com/fortiguard/research/r2ai.pdf
Demo of string obfuscation on Linux/RudeDevil: https://asciinema.org/a/708621
Download and contribute to r2ai: https://github.com/radareorg/r2ai @radareorg
Opening doors from outside with Michael Rodger @1ns0mn1h4ck - matching signals with IR.
The CTF is today! Here are a few reminders:
Don't forget:
- Swiss plug type J;
- Ethernet cable.
The competition starts at 18h00 and finishes at 5h00 on Saturday! Are you ready to grab some flags? 🚩
Cool live demo on stage @1ns0mn1h4ck with Julia Zdunczyk on open RFID locks. Here a card with an ID that always works.
Into pwn2own automotive on a Pioneer IVE. Speakers explained they found a hidden menu, enabled debug options using Google image translate to understand Japanese;-)
Then got TX for UART, but RX had been intentionally removed. They put it back and the story continues.
Speaker says : There are still ~2000 apps using libs vulnerable to old vulnerabilities. So developers use old libs and don't update.
I'm not surprised. When you develop and it works, you don't change anything or you'll encounter issues with deprecated functions and it's a nightmare.
+ Malware only very rarely use vulnerabilities actually (because malware just work well with simpler techniques and don't need vulnerability to get their nasty tasks done)
Insomni'hack
cryptax