Browse Source


Skia 3 years ago
  1. 20
  2. 16
  3. 11
  4. 9
  5. 52
  6. 15
  7. 11
  8. 8
  9. 10
  10. 13
  11. 12
  12. 13


@ -0,0 +1,20 @@
# Traffic filtering at scale on Linux
## BPF (Berkley Packet Filter)
- Basically a presentation its implementation in Linux
## Performance analysis
- Show some tricks to generate a LOT of traffic, and show how the kernel handles it:
- Bash with netcat
- Some Python
- tcpreplay and a pcap
- pktgen
- Show some tricks to filter a lot of traffic from the receiver point of view:
- iptables' raw table
- XDP (eXtreme Drop Performance)
- kernel bypass (XDP driver, or directly on the NIC)
## Personal feeling
Interesting talk, showing a wide view of the networking stack.


@ -0,0 +1,16 @@
# Suricata Performance with a S like Security
Speaker has a beautiful French accent!
- Suricata is a signature based IDS
- Need of very high performance
- Showing some performance analysis
- Then we see a very complex performance problem
- Presenting the solutions:
- Some bypass during reconstruction: don't fully filter everything
- Some "Hipster" technos: eBDF, XDP
- Quite new, promising.
## Personal feeling
Nice first approach of Suricata. Looking forward for the workshop!


@ -0,0 +1,11 @@
# A 10 years journey in Linux firewalling
- Netfilter is a very wide range of pieces working together
- The speaker has an impressive CV on netfilter (starting in 2005)
- Elder userspace tools were too inconsistent, complicated, tough...
- Presentation of the new `nft` interface. Lot of nice features, looks far more user-friendly \o/
- Still some WIP for more advanced features, but already working for most cases
## Personal feeling
Cool guy with a very precise knowledge of the subject.


@ -0,0 +1,9 @@
# Full packet capture
- Far more convenient than logging in case of intrusion/pwning/etc...
- Getting timestamped pcap's searchable via Moloch
- Docker based solution for easy deployment without polluting the systems
## Personal feeling
This presented a nice and easy solution for Full Packet Capture, be it on an
internal network, or across the Internet.


@ -0,0 +1,52 @@
# Rumps
## Pass the Salt feedback from the team
- Coming from RMLL, after the decrease of technical security talks
- Bring communities together
- Lot of challenge, to launch a con like this from scratch
## Suriwire
- Suricata informations inside Wireshark
- Pretty nice!
## cURL
- Blazing fast talk. TL;DR: `man curl`
## Privacy
- How to store easily data with freedom, privacy, and security
- Build a community around the project MonkeyCodex
## OPS vs SECU
- Sysadmins vs Security team
- How to break the world
## Apology and confession for all the CVEs I created
- Self service password
- LDAP is complicated, PHP does not help, but the dev can be careful
## Automated package signing
- Tuleap guy
- HashiCorp Vault comes handy but does not support GPG
- A plugin exists to have the glue binding the things
## Feeding Your Bees
- TheHive: Security Incident Response for the Masses
- Email will never die!
- Poll IMAP to feed TheHive in a cron job
## Fun (or not) with C ABI
- ABI are complicated, and hard to interface with
- Solutions: libffi, dragonffi, that provide Python bindings for example
- `pip install pydffi`
## Story behind PTS goodies
- All SVGs and scripting for 3D printers


@ -0,0 +1,15 @@
# Security and self-driving computers
- Computers update themselves
- No more humans involved
- Lets Encrypt's revolution
- LE integrates with Apache, but it was rough (config parsing and so...)
- Solution: `mod_md`, now in Apache upstream
- Add only one line to your Apache configuration and LE works automagically
- TL;DR, `mod_md` is secure, robust, resilient, and still very simple to use
- Should be secure enough, but: "A ship in harbor is safe, but that is not what ships are built for."
- Conclusion: HTTPS everywhere becomes a reality, and even if that doesn't help antimalware researchers, it's actually a very good thing in 2018
## Personal feeling
A clear and precise explanation on how `mod_md` works, how it was designed.
Very good speaker, with crystal clear sentences.


@ -0,0 +1,11 @@
# Snuffleupagus
- Funny story about Wordpress, and pwning
- Everything is already secured everywhere in hosting companies, except the PHP interpreter
- Need to secure PHP applications without touching the PHP code
- Listing all the classes of bug (RCE, LFI, CSRF, Auth bypass, ...) and how to kill them with Snuffleupagus
- Already used in production for **big** websites
## Personal feeling
Very useful project, able to secure 3/4 of the web (the part using PHP).
Cool guys doing the talk, too, but that's not objective at all.


@ -0,0 +1,8 @@
# Vulture OS
- A reverse-proxy OS, combining, HAProxy, Apache module, httpd, Django, etc...
- Provides Applicative firewalling, Auth SSO, GeoIP blacklisting, and more!
- Embeds machine-learning to avoid humans intervention
## Personal feeling
Basically an explanation of their quite complex stack. Cool guys too.


@ -0,0 +1,10 @@
# Clusterize malware dataset
- Automatically classify malware based on Yara rules and machine learning
- Describing quite theoretically the different ways to sort the dataset.
- Automated way to generate Yara rules at the end
## Personal feeling
Quite theoretical talk, with a not-that-dynamic speaker. Though, the research
work behind the talk was really interesting.


@ -0,0 +1,13 @@
# LemonLDAP::NG 2 factors authentication
## Generalities on 2FA
- One-time password
- U2F, Yubikey
## LemonLDAP::NG
- SSO for French government
- Feature presentation, including screenshots of the admin pages
- Fusion IAM
## Personal feeling
Mostly informative talk, cool guys.


@ -0,0 +1,12 @@
# Lessons for authors and implementers of open standards
- JOSE: JSON Object S E
- Journey into writing a standard for using JSON in cryptography
- You better write a library than a standard
- Example of JSON, used as a base for the standard the speaker wrote
- Many problems with "standard" JSON, it's not standard, because no reference implementation, and not that precise standard
- Be careful when implementing cryptography!
## Personal feeling
As expected, mainly generalities and guidelines to write standards, based on his real-world experience.


@ -0,0 +1,13 @@
# Did you consider using 2FA?
- Password is a way to provide security
- Only Bob knows Bob's password: this statement is **NOT** true!
- Many password leaks everywhere
- Add a physical second factor if possible
- OTP: one-time password, retrieved by another mean
- Smartcard, with PIN and write-only private keys that can't be stolen
- Some explanation on FreeIPA protocol with various 2FA, and its features in latest version
## Personal feeling
At the same time technical and non-technical. Still mostly informative about
existing standards for 2FA.