All the slides are there: https://2019.pass-the-salt.org/files/slides/
And all the videos are also published: https://passthesalt.ubicast.tv/channels/#2019-lille
For this second edition, we are happy to propose to you 26 talks about Security and Free Software (or open format/protocol).
We also want you to have the opportunity to learn and practice through 9 workshops (see their schedule below).
Enjoy!
The talks schedule is designed around 7 sessions covering a wide spectrum of topics from hacking low level/crypto to security of the devops workflow or offensive research on Free Software projects, among others.
| 14:00-14:15 | Introduction talk | Pass the SALT org team |
| 14:15-14:50 | 𝕂𝕀𝕃𝕃 𝕄𝔻𝟝 demystifying hash collisions, (slides) | Ange Albertini |
| 14:50-15:10 | Dexcalibur - automate your android app reverse, (slides) | Georges-B. Michel |
| 15:10-15:45 | Reversing a Firmware uploader & others NFC stories, (slides) | Slurdge |
| 16:15-16:50 | Improving your firmware security analysis process with FACT, (slides) | Johannes vom Dorp (Fraunhofer FKIE) |
| 16:50-17:25 | cwe_checker: Hunting Binary Code Vulnerabilities Across CPU Architectures, (slides) | Thomas Barabosch (Fraunhofer FKIE), Nils-Edvin Enkelmann (Fraunhofer FKIE) |
| 17:25-18:00 | Unlocking secrets of the proxmark3 RDV4, (slides) | Christian Herrmann ( Iceman ) (RRG), Kevin Barker ( 0xFFFF ) (RRG) |
| 09:35-09:55 | MI-LXC: a first step towards a free CyberRange ?, (slides) | Francois Lesueur (INSA Lyon) |
| 09:55-10:30 | Phishing Awareness: feedback on a bank’s strategy, (slides) | Thibaud Binetruy (CERT Société Générale) |
| 11:00-11:35 | JWAT… Attacking JSON Web Tokens, (slides) | Louis Nyffenegger (PentesterLab) |
| 11:35-11:55 | Get your APIs Secured with Otoroshi !, (slides) | Chris Woodrow (MAIF), Mathieu Ancelin (Serli) |
| 14:00-14:35 | Time-efficient assessment of open-source projects for Red Teamers, (slides) | Thomas Chauchefoin (Synacktiv), Julien Szlamowicz (Synacktiv) |
| 14:35-15:10 | Hacking Jenkins!, (slides) | Orange Tsai (DEVCORE) |
| 15:10-15:30 | VLC and security, (slides) | Jean-Baptiste Kempf |
| 16:00-16:35 | OSS in the quest for GDPR compliance, (slides) | Cristina DeLisle (XWiki / Cryptpad), Aaron Macsween (XWiki / Cryptpad) |
| 16:35-17:10 | TLS 1.3: Solving new challenges for next generation firewalls, (slides) | Nicolas Pamart (Stormshield), Damien Deville (Stormshield), Thomas Malherbe (Stormshield) |
| 17:10-17:30 | Lookyloo: A complete solution to investigate complex websites - with a decent UI, (slides) | Quinn Norton, Raphaël Vinot (CIRCL) |
| 17:30-18:00 | Rumps Session, (slides) | Anyone who wants to speak about Security & FLOSS! |
| 09:35-09:55 | Configurations: Do you prove yours ?, (slides) | Alexandre Brianceau (Rudder) |
| 09:55-10:30 | What you most likely did not know about sudo…, (slides) | Peter Czanik (Balabit) |
| 11:00-11:20 | Be secret like a ninja with HashiCorp Vault, (slides) | Mehdi Laruelle (D2SI) |
| 11:20-11:40 | Scale Your Auditing Events, (slides) | Philipp Krenn (Elastic) |
| 11:40-12:00 | Programming research: a missed opportunity for secure and libre software?, (slides) | Gabriel Scherer (INRIA, France) |
| 14:00-14:35 | D4 Project - Design and Implementation of an Open Source Distributed and Collaborative Security Monitoring, (slides) | Alexandre Dulaunoy (CIRCL), Jean-Louis Huynen (CIRCL), Aurelien Thirion (CIRCL) |
| 14:35-15:10 | No IT security without Free Software, (slides) | Max Mehl (FSFE) |
| 15:10-15:30 | Managing a growing fleet of WiFi routers combining OpenWRT, WireGuard, Salt and Zabbix, (slides) | Kenan Ibrović |
| 16:00-16:20 | Better curl !, (slides) | Yoann Lamouroux (Dataimpact) |
| 16:20-16:40 | PatrOwl - Orchestrating SecOps with an open-source SOAR platform, (slides) | Nicolas Mattiocco (GreenLock Advisory) |
The following workshops will give you insights on very different topics such as hacking crypto, NFC, SSO or configuration management. But you will also find several workshops explaining how to use the Elastic stack for security and threat hunting.
| Durée | Talks | Speaker(s) |
|---|---|---|
| 01/07 14:15-17:15 | Elastic Stack for Security Monitoring in a Nutshell, (slides) | Eva Szilagyi (Alzette Information Security), David Szili (Alzette Information Security) |
| 01/07 14:15-17:15 | Getting started with RUDDER: a devops solution for devsecops | Benoît Peccatte (Rudder) |
| Durée | Talks | Speaker(s) |
|---|---|---|
| 02/07 09:35-12:00 | Let’s play CollTris - understand and exploit hash collisions, (slides) | Ange Albertini |
| 02/07 09:35-12:00 | Introduction to Osquery, (slides) | David Szili (Alzette Information Security) |
| 02/07 14:00-17:00 | Syslog-ng: getting started, parsing messages, storing in Elasticsearch, (slides) | Peter Czanik (Balabit) |
| 02/07 14:00-17:00 | Unlocking secrets of the proxmark3 RDV4 | Christian Herrmann ( Iceman ), Kevin Barker ( 0xFFFF ) |
| Durée | Talks | Speaker(s) |
|---|---|---|
| 03/07 09:35-12:00 | Threat Hunting with OSSEC, (slides) | Xavier Mertens |
| 03/07 09:35-12:00 | Configure WebSSO and Access Control with LemonLDAP::NG, (repo) | Clément Oudot (Worteks) |
| 03/07 14:00-17:00 | Threat hunting with SELKS and Suricata | Eric Leblond (Stamus Networks), Peter Manev (Stamus Networks) |