Platinum Sponsors

Gold Sponsors



HES2012 is being actively prepared!

Check soon for more information and subscribe to the mailing list to get updates.

Hackito Ergo Sum organization team.

Hi folks,

Videos of the conference are now available here as a youtube playlist.

Enjoy them !

Hi guys,

Slides of the conference are now available on slideshare at

Unfortunately, we didn’t retrieve all of them for now, if you were a speaker and you didn’t send us your slides it’s time to do it ( keynotes and lightning talks too) !!

Enjoy !

Hackito Ergo Sum 2011 was a great success, and we want to thank the community for this: all the people who made the event possible; all our sponsors, the attendees who came from all over the world (with attendees from Korea, USA, England, Spain, Czech republic, France, UK, Russia, …), our super PR and communication agency ALX Communication with specifically Véronique Loquet and Laetitia Coquelle who worked so hard to make this event known and cited in the press, the press and media who came in big numbers, and all the orga & staff people who worked so much to made this possible.

So, let’s continue and see you next year for Hackito Ergo Sum 2012 !

If you want to get upcoming info about the HES conferences and events, subscribe to the mailing list here.

Read the rest of this entry »

Schedule is downloadable at this link.

Hey folks,

Eloi Vanderbeken was kind enough to create a CrackMe for Hackito Ergo Sum 2011. It’s start from now, and you have until the 6th April to send your solution at the email address you’ll find inside the crackme once resolved ;)

If you have any technical questions, etc. You can contact Eloi at eloi.vanderbeken(à)

This crackme is only for 32-bits version of Windows.

Archive :
Archive Password: “hesftw

A valid solution is a keyfile which make the crackme display the “good boy” message.
No patching, no modification of the execution path (with a debugger, instrumentation etc.), nothing else a keyfile.

We haven’t received any valid keyfile (heslic.key) yet so here is one. Put it at the root of the partition where windows is installed (typically C:\) to get the goodboy message. Now you have more informations keep working and send us your key (not this one please ;) ) !

Solution will be published the last day of Hackito Ergo Sum, at the conference.

Don’t forget to book your tickets and see you at Hackito !

You can now book your tickets for Hackito Ergo Sum 2011.
Be quick, there are only 215 seats.

Business tickets apply to anyone being employed by a company, being associate or working in security. Public tickets apply to anyone not working, not being currently employed or not making money from security practice. Not selecting the right category will make your ticket void and non-receivable at entrance of the conference.

After the sucess of its first edition last year, the HES2011 conference gathers together once again the finest experts of the international security scene. Backed up with an amazing program committee*, HES is on the way to be an international event of exceptional quality.

HES aims at anticipating the challenges of the security world and gathers together underground or amateur security researchers together with professional security expert researchers and technical decision makers. During three days, HES will feature new research presentations, of the highest technical level, presented by some of the most respected international researchers. Its goal is to support networking and innovation while federating communities and key actors from the industry, from both the public and the private sectors.

The topics covered will include : vulnerability analysis, SCADA architectures, Reverse Engineering, the underground economy, attacks on banking or telecom infrastructures, Cloud Computing security, the botnet fenomenon, threat intelligence…

In addition to the debates between security enthousiasts, many practical demos are expected. A special session will focus on genuinely new content from brilliant hackers, security researchers, or academic researchers. An other track will present talks from anonymous speakers, allowing them to publish their most sensitive work while preserving their privacy.

According to the traditional spirit of security conferences, the 2011 edition will offer various challenges, like a lockpicking contest or the mandatory “Capture The Flag”, which was last year prepared by the Over The Wire online wargame community.

The Call for Paper is now open and will close the 20th of February 2011 :

Press Release (EN)

Communiqué de presse (FR)

Happy new year!
We wish you lots of independent research, lots of innovative an original ways in this never-ending quest.

Hackito Ergo Sum organization team.

You have until Christmas (25th December 11:59PM GMT) to spot what is wrong with this code and to win one free entrance at Hackito Ergo Sum 2011 (7 – 8 – 9 April) !

Only the fastest person to send an email at msuiche(à) will win the free entrance.

Good luck and Merry Christmas !


typedef struct _BEER {
    ULONG BeerId;
    ULONGLONG MinimumNumberOfLiters;

BeersPlease(PBEER HackitoAttendee)
    // Some code...

AllocateStomach(USHORT NumberOfWishListEntries,
                PULONG WishListOfBeers)
USHORT NumberOfBeers;
USHORT StomachSize;

PBEER HackitoAttendee;

UINT Index;

    NumberOfBeers = NumberOfWishListEntries;

    if (NumberOfBeers < MINIMUM_NUMBER_OF_BEERS)
        wprintf(L"FATAL ERROR: You MUST drink *at least* %d beer !\n",
        return FALSE;

    // Default value to avoid overflow. We assume each attendee can drink at
        wprintf(L"FATAL ERROR: There is a risk of alcohol poisoning!\n");
        return FALSE;


-    if (UShortMult(NumberOfBeers, sizeof(BEER), &StomachSize) == FALSE)
+    if (UShortMult(NumberOfBeers, sizeof(BEER), &StomachSize) != S_OK)
        StomachSize = sizeof(BEER);
        NumberOfBeers = StomachSize / sizeof(BEER);

    HackitoAttendee = (PBEER)malloc(StomachSize);
    if (HackitoAttendee == NULL)
        wprintf(L"FATAL ERROR: The bar cannot handle it anymore !\n");
        return FALSE;

    for (Index = 0; Index < NumberOfBeers; Index += 1)
        HackitoAttendee[Index].BeerId = WishListOfBeers[Index];
        HackitoAttendee[Index].MinimumNumberOfLiters = MINIMUM_NUMBER_OF_LITERS_PER_BEER;
        // TODO: Improve this part of code to dynamically compute the minimum number of
        // liters depending of the drinker.



    return TRUE;

So the fastest person to solve the challenge was @Ivanlef0u in less than 10min. Another person, Guillaume Touron, submitted his solution few minutes after. It was close ! So Ivanlef0u is the one who won the free entrance at Hackito Ergo Sum !

For people who submitted the correct answer, Guillaume Touron, Justin Fisher, Paolo Oliveira, relay_failed, Jean Sigwald, Jon Larimer, Eric Bourry, cccp, Gu1ll4um3r0m41n, Tommaso Malgherini, Ben Agre, Alex R - you won a free pint of beer if you come to Hackito Ergo Sum !

So basically the problem was that intsafe functions like UShortMult() return an HRESULT value and not a BOOLEAN value. In other words, FALSE which is defined as the 0 value is equal to S_OK which is defined as the following:

#define S_OK (HRESULT)0x00000000

The condition was not successfully handled, creating a smaller stomach buffer than expected for the beers. So instead of being able to drink more than a lot of beers ((USHRT_MAX + 1) / sizeof(BEER)), the average Hackito Ergo Sum would have puke after one beer !

Don't forget to apply to the call for paper before the deadline at the following link !
If your company wants to sponsor Hackito Ergo Sum 2011 or if you have general inquiries, you can also contact me and I'll forward you the Conference Sponsor Kit.

Share on Twitter

medias partners