Hack.lu

Hack.lu

Hack.lu is an annual computer security conference held in Luxembourg City since 2005. The event brings together researchers, practitioners, policy makers, and enthusiasts from across Europe, North America, and beyond for technical talks, workshops, training, and a community-driven capture the flag competition. It has become a focal point for discussions that intersect with cybersecurity policy, information security research, privacy law, and operational incident response practice.

History

The conference was initiated in 2005 by a coalition of local academics and practitioners including staff from the University of Luxembourg and Luxembourg-based technology organizations. Early editions featured contributors from CERT-EU, ENISA, and regional academic labs, aligning the event with the rise of coordinated disclosure debates that involved actors such as Mitre Corporation, FIRST, and national computer emergency response teams. Over the 2000s and 2010s the programme expanded to include speakers affiliated with Google, Microsoft, Facebook, IBM Watson Research Center, and independent researcher collectives linked to projects like Metasploit and Wireshark. The conference adapted through major inflection points in cybersecurity history, responding to incidents involving Stuxnet, WannaCry, and state-level discussions exemplified by Tallinn Manual deliberations. Organizers incorporated community trends from DEF CON, Black Hat, Chaos Communication Congress, and regional events such as RootedCON and Ruxcon.

Conference Structure and Topics

Hack.lu typically spans multiple days and blends a single-track lecture programme with parallel tutorials, workshops, and hands-on villages. Core session topics reflect technical themes found in fora like Usenix Security Symposium, ACM CCS, and IEEE S&P, including inverse engineering tied to tools like IDA Pro and Ghidra, vulnerability research referencing frameworks from CVE and CWE, and network security with implementations influenced by OpenSSL and TLS. Privacy and legal sessions often cite regulatory regimes such as GDPR and institutions like European Commission and Council of Europe. Operational security tracks cover digital forensics methods used by organizations like Europol and Interpol, while emerging areas examine IoT device exploitation, automotive security resonant with research by Car Hacking Village contributors, and industrial control systems reflecting work around SCADA incidents. The event usually hosts a capture the flag competition and lockpick village inspired by DIY practices in communities such as Hackerspaces and Maker Faire networks.

Organizations and Partnerships

The organizing committee has historically collaborated with academic partners like the University of Luxembourg and research groups associated with CNRS and ETH Zurich. Institutional partners have included regional and international bodies such as ENISA, CERT-EU, European Commission DG CONNECT, and private-sector sponsors from companies including Cisco Systems, Trend Micro, Kaspersky Lab, and Splunk. Media and community partners have involved publications and outlets like The Register, Wired, Ars Technica, and open projects connected to GitHub and OWASP. Nonprofit and standards organizations such as ISOC, IETF, IEEE, and ISO affiliates have contributed workshops or keynote alignments. Local technology incubators and government-related agencies in Luxembourg have provided logistical and financial support, fostering collaboration between academia, industry labs, and pan-European initiatives like Horizon 2020 consortia.

Notable Events and Incidents

Across its editions, the conference has been a venue for high-profile technical disclosures and lively debates. Speakers and attendees have included researchers who later participated in public analyses of incidents like Heartbleed, Spectre and Meltdown, and ransomware outbreaks tied to NotPetya and Ryuk. Hack.lu stages have hosted demonstrations of exploit chains affecting Windows, Linux kernel, and mobile platforms including Android and iOS, attracting attention from vendors such as Apple Inc. and Google LLC. The conference has occasionally prompted coordination with law enforcement after live demonstrations raised questions addressed by Europol and national prosecutors. Community-driven contests have seen rapid dissemination of defensive techniques parallel to work from SANS Institute training and CERT Coordination Center advisories. Attendance by representatives from NATO-adjacent cyber defence initiatives and academic centers has made some editions hubs for policy-technical cross-talk.

Publications and Resources

Proceedings, slides, and workshop materials are released by the organizing committee and archived for community use, similar to dissemination practices at ACM, Usenix, and IEEE conferences. Resource collections include talk recordings, capture-the-flag write-ups, and tool repositories frequently mirrored on GitHub and discussed in forums like Stack Overflow and Reddit. The conference’s materials have been cited in academic papers appearing at venues such as NDSS Symposium, Eurosys, and ICISC, and in whitepapers published by vendors and research labs including Google Project Zero and Mozilla Security Blog. Educational outcomes from tutorials have been integrated into curricula at institutions including University College London and Imperial College London, while methodological contributions have influenced standards discussions within IETF working groups and vulnerability taxonomy efforts at MITRE.

Category:Computer security conferences Category:Events in Luxembourg