SSTIC 2017 in a Nutshell

This blog post is a summary of SSTIC, a major infosec conference held in France. As usual, this year’s conference came with excellent presentations. The sessions have been recorded, and the papers are available on the website, although most of the content is in French.

For a detailed wrap-up of SSTIC, please read @xme:

• Day 1
• Day 2
• Day 3

SSTIC is one of the few IT conferences which (1) ask authors to submit full papers, (2) from which you return with information or tools to work on, and (3) whose presentations are mostly in LaTeX 😉

Concerning the first point, I like to read papers during or after a conference to check out details, because you always miss some points in a presentation. As for the second point, there are many conferences where talks are like entertaining movies: you watch them, say "wow", laugh, etc. . . . but when you get back home, you realize you don't exactly know how they did what they demonstrated, or that this or that point was missing, etc., and two days later you forget all about it. SSTIC presentations, on the other hand, are perhaps more difficult to follow, but I believe their longevity is much better.

Technical Presentations

Allow me to summarize SSTIC with a table. The ratings are my own opinion: all the talks were really good, but how much I liked one obviously depended on my interest in the field. For more details, please read the SSTIC wrap-up or visit the SSTIC website.

Screenshots

The image above shows caradoc analyzing one of SSTIC's submissions. 😉 This is the interactive mode.

This is my own tool to remotely control a smart toothbrush.

I've used binnacle, above, for several Android malware samples. I can indeed quickly find out which ones call getSubscriberId to retrieve the IMSI.

Interesting!

— the Crypto Girl