Tuesday

Tuesday/00-traffic_filtering_at_scale.md

@@ -0,0 +1,20 @@
+# Traffic filtering at scale on Linux
+
+## BPF (Berkley Packet Filter)
+  - Basically a presentation its implementation in Linux
+
+## Performance analysis
+  - Show some tricks to generate a LOT of traffic, and show how the kernel handles it:
+    - Bash with netcat
+    - Some Python
+    - tcpreplay and a pcap
+    - pktgen
+  - Show some tricks to filter a lot of traffic from the receiver point of view:
+    - iptables' raw table
+    - XDP (eXtreme Drop Performance)
+    - kernel bypass (XDP driver, or directly on the NIC)
+
+
+## Personal feeling
+Interesting talk, showing a wide view of the networking stack.
+

Tuesday/01-performance_with_a_S_like_Security.md

@@ -0,0 +1,16 @@
+# Suricata Performance with a S like Security
+
+Speaker has a beautiful French accent!
+
+  - Suricata is a signature based IDS
+  - Need of very high performance
+  - Showing some performance analysis
+  - Then we see a very complex performance problem
+  - Presenting the solutions:
+    - Some bypass during reconstruction: don't fully filter everything
+    - Some "Hipster" technos: eBDF, XDP
+    - Quite new, promising.
+
+## Personal feeling
+Nice first approach of Suricata. Looking forward for the workshop!
+

Tuesday/02-keynote:a_10_year_journey_in_Linux_firewalling.md

@@ -0,0 +1,11 @@
+# A 10 years journey in Linux firewalling
+
+  - Netfilter is a very wide range of pieces working together
+  - The speaker has an impressive CV on netfilter (starting in 2005)
+  - Elder userspace tools were too inconsistent, complicated, tough...
+  - Presentation of the new `nft` interface. Lot of nice features, looks far more user-friendly \o/
+  - Still some WIP for more advanced features, but already working for most cases
+
+## Personal feeling
+Cool guy with a very precise knowledge of the subject.
+

Tuesday/03-full_packet_capture.md

@@ -0,0 +1,9 @@
+# Full packet capture
+
+  - Far more convenient than logging in case of intrusion/pwning/etc...
+  - Getting timestamped pcap's searchable via Moloch
+  - Docker based solution for easy deployment without polluting the systems
+
+## Personal feeling
+This presented a nice and easy solution for Full Packet Capture, be it on an
+internal network, or across the Internet.

Tuesday/04-rumps.md

@@ -0,0 +1,52 @@
+# Rumps
+
+## Pass the Salt feedback from the team
+  - Coming from RMLL, after the decrease of technical security talks
+  - Bring communities together
+  - Lot of challenge, to launch a con like this from scratch
+
+## Suriwire
+  - Suricata informations inside Wireshark
+  - Pretty nice!
+
+## cURL
+  - Blazing fast talk. TL;DR: `man curl`
+
+## Privacy
+  - How to store easily data with freedom, privacy, and security
+  - Build a community around the project MonkeyCodex
+
+## OPS vs SECU
+  - Sysadmins vs Security team
+  - How to break the world
+
+## Apology and confession for all the CVEs I created
+  - Self service password
+  - LDAP is complicated, PHP does not help, but the dev can be careful
+
+## Automated package signing
+  - Tuleap guy
+  - HashiCorp Vault comes handy but does not support GPG
+  - A plugin exists to have the glue binding the things
+
+## Feeding Your Bees
+  - TheHive: Security Incident Response for the Masses
+  - Email will never die!
+  - Poll IMAP to feed TheHive in a cron job
+
+## Fun (or not) with C ABI
+  - ABI are complicated, and hard to interface with
+  - Solutions: libffi, dragonffi, that provide Python bindings for example
+  - `pip install pydffi`
+
+## Story behind PTS goodies
+  - All SVGs and scripting for 3D printers
+
+
+
+
+
+
+
+
+

Tuesday/05-Security_and_self-driving_computers.md

@@ -0,0 +1,15 @@
+# Security and self-driving computers
+
+  - Computers update themselves
+  - No more humans involved
+  - Lets Encrypt's revolution
+  - LE integrates with Apache, but it was rough (config parsing and so...)
+  - Solution: `mod_md`, now in Apache upstream
+  - Add only one line to your Apache configuration and LE works automagically
+  - TL;DR, `mod_md` is secure, robust, resilient, and still very simple to use
+  - Should be secure enough, but: "A ship in harbor is safe, but that is not what ships are built for."
+  - Conclusion: HTTPS everywhere becomes a reality, and even if that doesn't help antimalware researchers, it's actually a very good thing in 2018
+
+## Personal feeling
+A clear and precise explanation on how `mod_md` works, how it was designed.
+Very good speaker, with crystal clear sentences.

Tuesday/06-Snuffleupagus.md

@@ -0,0 +1,11 @@
+# Snuffleupagus
+
+  - Funny story about Wordpress, and pwning
+  - Everything is already secured everywhere in hosting companies, except the PHP interpreter
+  - Need to secure PHP applications without touching the PHP code
+  - Listing all the classes of bug (RCE, LFI, CSRF, Auth bypass, ...) and how to kill them with Snuffleupagus
+  - Already used in production for **big** websites
+
+## Personal feeling
+Very useful project, able to secure 3/4 of the web (the part using PHP).
+Cool guys doing the talk, too, but that's not objective at all.

Tuesday/07-VultureOS.md

@@ -0,0 +1,8 @@
+# Vulture OS
+
+  - A reverse-proxy OS, combining, HAProxy, Apache module, httpd, Django, etc...
+  - Provides Applicative firewalling, Auth SSO, GeoIP blacklisting, and more!
+  - Embeds machine-learning to avoid humans intervention
+
+## Personal feeling
+Basically an explanation of their quite complex stack. Cool guys too.

Tuesday/08-Clusterize_malware_dataset.md

@@ -0,0 +1,10 @@
+# Clusterize malware dataset
+
+  - Automatically classify malware based on Yara rules and machine learning
+  - Describing quite theoretically the different ways to sort the dataset.
+  - Automated way to generate Yara rules at the end
+
+## Personal feeling
+Quite theoretical talk, with a not-that-dynamic speaker. Though, the research
+work behind the talk was really interesting.
+

Tuesday/09-LemonLDAP::NG_2FA.md

@@ -0,0 +1,13 @@
+# LemonLDAP::NG 2 factors authentication
+
+## Generalities on 2FA
+  - One-time password
+  - U2F, Yubikey
+
+## LemonLDAP::NG
+  - SSO for French government
+  - Feature presentation, including screenshots of the admin pages
+  - Fusion IAM
+
+## Personal feeling
+Mostly informative talk, cool guys.

Tuesday/10-No_way,_JOSE.md

@@ -0,0 +1,12 @@
+# Lessons for authors and implementers of open standards
+
+  - JOSE: JSON Object S E
+  - Journey into writing a standard for using JSON in cryptography
+  - You better write a library than a standard
+  - Example of JSON, used as a base for the standard the speaker wrote
+  - Many problems with "standard" JSON, it's not standard, because no reference implementation, and not that precise standard
+  - Be careful when implementing cryptography!
+
+## Personal feeling
+As expected, mainly generalities and guidelines to write standards, based on his real-world experience.
+

Tuesday/11-Did_you_consider_using_2FA.md

@@ -0,0 +1,13 @@
+# Did you consider using 2FA?
+
+  - Password is a way to provide security
+  - Only Bob knows Bob's password: this statement is **NOT** true!
+  - Many password leaks everywhere
+  - Add a physical second factor if possible
+  - OTP: one-time password, retrieved by another mean
+  - Smartcard, with PIN and write-only private keys that can't be stolen
+  - Some explanation on FreeIPA protocol with various 2FA, and its features in latest version
+
+## Personal feeling
+At the same time technical and non-technical. Still mostly informative about
+existing standards for 2FA.