Browse Source

Tuesday

master
Skia 3 years ago
parent
commit
24bec880e2
  1. 20
      Tuesday/00-traffic_filtering_at_scale.md
  2. 16
      Tuesday/01-performance_with_a_S_like_Security.md
  3. 11
      Tuesday/02-keynote:a_10_year_journey_in_Linux_firewalling.md
  4. 9
      Tuesday/03-full_packet_capture.md
  5. 52
      Tuesday/04-rumps.md
  6. 15
      Tuesday/05-Security_and_self-driving_computers.md
  7. 11
      Tuesday/06-Snuffleupagus.md
  8. 8
      Tuesday/07-VultureOS.md
  9. 10
      Tuesday/08-Clusterize_malware_dataset.md
  10. 13
      Tuesday/09-LemonLDAP::NG_2FA.md
  11. 12
      Tuesday/10-No_way,_JOSE.md
  12. 13
      Tuesday/11-Did_you_consider_using_2FA.md

20
Tuesday/00-traffic_filtering_at_scale.md

@ -0,0 +1,20 @@
# Traffic filtering at scale on Linux
## BPF (Berkley Packet Filter)
- Basically a presentation its implementation in Linux
## Performance analysis
- Show some tricks to generate a LOT of traffic, and show how the kernel handles it:
- Bash with netcat
- Some Python
- tcpreplay and a pcap
- pktgen
- Show some tricks to filter a lot of traffic from the receiver point of view:
- iptables' raw table
- XDP (eXtreme Drop Performance)
- kernel bypass (XDP driver, or directly on the NIC)
## Personal feeling
Interesting talk, showing a wide view of the networking stack.

16
Tuesday/01-performance_with_a_S_like_Security.md

@ -0,0 +1,16 @@
# Suricata Performance with a S like Security
Speaker has a beautiful French accent!
- Suricata is a signature based IDS
- Need of very high performance
- Showing some performance analysis
- Then we see a very complex performance problem
- Presenting the solutions:
- Some bypass during reconstruction: don't fully filter everything
- Some "Hipster" technos: eBDF, XDP
- Quite new, promising.
## Personal feeling
Nice first approach of Suricata. Looking forward for the workshop!

11
Tuesday/02-keynote:a_10_year_journey_in_Linux_firewalling.md

@ -0,0 +1,11 @@
# A 10 years journey in Linux firewalling
- Netfilter is a very wide range of pieces working together
- The speaker has an impressive CV on netfilter (starting in 2005)
- Elder userspace tools were too inconsistent, complicated, tough...
- Presentation of the new `nft` interface. Lot of nice features, looks far more user-friendly \o/
- Still some WIP for more advanced features, but already working for most cases
## Personal feeling
Cool guy with a very precise knowledge of the subject.

9
Tuesday/03-full_packet_capture.md

@ -0,0 +1,9 @@
# Full packet capture
- Far more convenient than logging in case of intrusion/pwning/etc...
- Getting timestamped pcap's searchable via Moloch
- Docker based solution for easy deployment without polluting the systems
## Personal feeling
This presented a nice and easy solution for Full Packet Capture, be it on an
internal network, or across the Internet.

52
Tuesday/04-rumps.md

@ -0,0 +1,52 @@
# Rumps
## Pass the Salt feedback from the team
- Coming from RMLL, after the decrease of technical security talks
- Bring communities together
- Lot of challenge, to launch a con like this from scratch
## Suriwire
- Suricata informations inside Wireshark
- Pretty nice!
## cURL
- Blazing fast talk. TL;DR: `man curl`
## Privacy
- How to store easily data with freedom, privacy, and security
- Build a community around the project MonkeyCodex
## OPS vs SECU
- Sysadmins vs Security team
- How to break the world
## Apology and confession for all the CVEs I created
- Self service password
- LDAP is complicated, PHP does not help, but the dev can be careful
## Automated package signing
- Tuleap guy
- HashiCorp Vault comes handy but does not support GPG
- A plugin exists to have the glue binding the things
## Feeding Your Bees
- TheHive: Security Incident Response for the Masses
- Email will never die!
- Poll IMAP to feed TheHive in a cron job
## Fun (or not) with C ABI
- ABI are complicated, and hard to interface with
- Solutions: libffi, dragonffi, that provide Python bindings for example
- `pip install pydffi`
## Story behind PTS goodies
- All SVGs and scripting for 3D printers

15
Tuesday/05-Security_and_self-driving_computers.md

@ -0,0 +1,15 @@
# Security and self-driving computers
- Computers update themselves
- No more humans involved
- Lets Encrypt's revolution
- LE integrates with Apache, but it was rough (config parsing and so...)
- Solution: `mod_md`, now in Apache upstream
- Add only one line to your Apache configuration and LE works automagically
- TL;DR, `mod_md` is secure, robust, resilient, and still very simple to use
- Should be secure enough, but: "A ship in harbor is safe, but that is not what ships are built for."
- Conclusion: HTTPS everywhere becomes a reality, and even if that doesn't help antimalware researchers, it's actually a very good thing in 2018
## Personal feeling
A clear and precise explanation on how `mod_md` works, how it was designed.
Very good speaker, with crystal clear sentences.

11
Tuesday/06-Snuffleupagus.md

@ -0,0 +1,11 @@
# Snuffleupagus
- Funny story about Wordpress, and pwning
- Everything is already secured everywhere in hosting companies, except the PHP interpreter
- Need to secure PHP applications without touching the PHP code
- Listing all the classes of bug (RCE, LFI, CSRF, Auth bypass, ...) and how to kill them with Snuffleupagus
- Already used in production for **big** websites
## Personal feeling
Very useful project, able to secure 3/4 of the web (the part using PHP).
Cool guys doing the talk, too, but that's not objective at all.

8
Tuesday/07-VultureOS.md

@ -0,0 +1,8 @@
# Vulture OS
- A reverse-proxy OS, combining, HAProxy, Apache module, httpd, Django, etc...
- Provides Applicative firewalling, Auth SSO, GeoIP blacklisting, and more!
- Embeds machine-learning to avoid humans intervention
## Personal feeling
Basically an explanation of their quite complex stack. Cool guys too.

10
Tuesday/08-Clusterize_malware_dataset.md

@ -0,0 +1,10 @@
# Clusterize malware dataset
- Automatically classify malware based on Yara rules and machine learning
- Describing quite theoretically the different ways to sort the dataset.
- Automated way to generate Yara rules at the end
## Personal feeling
Quite theoretical talk, with a not-that-dynamic speaker. Though, the research
work behind the talk was really interesting.

13
Tuesday/09-LemonLDAP::NG_2FA.md

@ -0,0 +1,13 @@
# LemonLDAP::NG 2 factors authentication
## Generalities on 2FA
- One-time password
- U2F, Yubikey
## LemonLDAP::NG
- SSO for French government
- Feature presentation, including screenshots of the admin pages
- Fusion IAM
## Personal feeling
Mostly informative talk, cool guys.

12
Tuesday/10-No_way,_JOSE.md

@ -0,0 +1,12 @@
# Lessons for authors and implementers of open standards
- JOSE: JSON Object S E
- Journey into writing a standard for using JSON in cryptography
- You better write a library than a standard
- Example of JSON, used as a base for the standard the speaker wrote
- Many problems with "standard" JSON, it's not standard, because no reference implementation, and not that precise standard
- Be careful when implementing cryptography!
## Personal feeling
As expected, mainly generalities and guidelines to write standards, based on his real-world experience.

13
Tuesday/11-Did_you_consider_using_2FA.md

@ -0,0 +1,13 @@
# Did you consider using 2FA?
- Password is a way to provide security
- Only Bob knows Bob's password: this statement is **NOT** true!
- Many password leaks everywhere
- Add a physical second factor if possible
- OTP: one-time password, retrieved by another mean
- Smartcard, with PIN and write-only private keys that can't be stolen
- Some explanation on FreeIPA protocol with various 2FA, and its features in latest version
## Personal feeling
At the same time technical and non-technical. Still mostly informative about
existing standards for 2FA.
Loading…
Cancel
Save