2019 Pass the SALT SCHEDULE

All the slides are there: https://2019.pass-the-salt.org/files/slides/

And all the videos are also published: https://passthesalt.ubicast.tv/channels/#2019-lille

For this second edition, we are happy to propose to you 26 talks about Security and Free Software (or open format/protocol).

We also want you to have the opportunity to learn and practice through 9 workshops (see their schedule below).


Talks Schedule

The talks schedule is designed around 7 sessions covering a wide spectrum of topics from hacking low level/crypto to security of the devops workflow or offensive research on Free Software projects, among others.

Monday 1st of July, 2019

14:00-14:15 Introduction talk                                                     Pass the SALT org team                                          

Low Level Hacking & Breaking

14:15-14:50 𝕂𝕀𝕃𝕃 𝕄𝔻𝟝 demystifying hash collisions, (slides) Ange Albertini                                                          
14:50-15:10 Dexcalibur - automate your android app reverse, (slides) Georges-B. Michel
15:10-15:45 Reversing a Firmware uploader & others NFC stories, (slides) Slurdge      
~~~ AFTERNOON PAUSE: 15:45-16:15 ~~~
16:15-16:50 Improving your firmware security analysis process with FACT, (slides) Johannes vom Dorp (Fraunhofer FKIE)
16:50-17:25 cwe_checker: Hunting Binary Code Vulnerabilities Across CPU Architectures, (slides) Thomas Barabosch (Fraunhofer FKIE), Nils-Edvin Enkelmann (Fraunhofer FKIE)
17:25-18:00 Unlocking secrets of the proxmark3 RDV4, (slides) Christian Herrmann ( Iceman ) (RRG), Kevin Barker ( 0xFFFF ) (RRG)

Tuesday 2nd of July, 2019

Train & Learn for Improved Security

09:35-09:55 MI-LXC: a first step towards a free CyberRange ?, (slides) Francois Lesueur (INSA Lyon)
09:55-10:30 Phishing Awareness: feedback on a bank’s strategy, (slides) Thibaud Binetruy (CERT Société Générale)            
~~~ MORNING PAUSE: 10:30-11:00 ~~~

Be API and Secured

11:00-11:35 JWAT… Attacking JSON Web Tokens, (slides)                           Louis Nyffenegger (PentesterLab)
11:35-11:55 Get your APIs Secured with Otoroshi !, (slides) Chris Woodrow (MAIF), Mathieu Ancelin (Serli)
~~~ MID DAY BREAK: 12:00-14:00 ~~~

Free Software Projects under Stress

14:00-14:35 Time-efficient assessment of open-source projects for Red Teamers, (slides) Thomas Chauchefoin (Synacktiv), Julien Szlamowicz (Synacktiv)
14:35-15:10 Hacking Jenkins!, (slides) Orange Tsai (DEVCORE)
15:10-15:30 VLC and security, (slides) Jean-Baptiste Kempf
~~~ AFTERNOON PAUSE: 15:30-16:00 ~~~

Privacy challenges in 2019

16:00-16:35 OSS in the quest for GDPR compliance, (slides) Cristina DeLisle (XWiki / Cryptpad), Aaron Macsween (XWiki / Cryptpad)
16:35-17:10 TLS 1.3: Solving new challenges for next generation firewalls, (slides) Nicolas Pamart (Stormshield), Damien Deville (Stormshield), Thomas Malherbe (Stormshield)
17:10-17:30 Lookyloo: A complete solution to investigate complex websites - with a decent UI, (slides) Quinn Norton, Raphaël Vinot (CIRCL)

Lightning Talks

17:30-18:00 Rumps Session, (slides)                                               Anyone who wants to speak about Security & FLOSS!  

Wednesday 3rd of July, 2019

Security at Scale

09:35-09:55 Configurations: Do you prove yours ?, (slides)                                                     Alexandre Brianceau (Rudder)
09:55-10:30 What you most likely did not know about sudo…, (slides) Peter Czanik (Balabit)
~~~ MORNING PAUSE: 10:30-11:00 ~~~
11:00-11:20 Be secret like a ninja with HashiCorp Vault, (slides) Mehdi Laruelle (D2SI)
11:20-11:40 Scale Your Auditing Events, (slides) Philipp Krenn (Elastic)
11:40-12:00 Programming research: a missed opportunity for secure and libre software?, (slides) Gabriel Scherer (INRIA, France)
~~~ MID DAY BREAK: 12:00-14:00 ~~~

Security on the Internets

14:00-14:35 D4 Project - Design and Implementation of an Open Source Distributed and Collaborative Security Monitoring, (slides) Alexandre Dulaunoy (CIRCL), Jean-Louis Huynen (CIRCL), Aurelien Thirion (CIRCL)
14:35-15:10 No IT security without Free Software, (slides) Max Mehl (FSFE)
15:10-15:30 Managing a growing fleet of WiFi routers combining OpenWRT, WireGuard, Salt and Zabbix, (slides) Kenan Ibrović
~~~ AFTERNOON PAUSE: 15:30-16:00 ~~~
16:00-16:20 Better curl !, (slides) Yoann Lamouroux (Dataimpact)
16:20-16:40 PatrOwl - Orchestrating SecOps with an open-source SOAR platform, (slides) Nicolas Mattiocco (GreenLock Advisory)

Workshops Schedule

The following workshops will give you insights on very different topics such as hacking crypto, NFC, SSO or configuration management. But you will also find several workshops explaining how to use the Elastic stack for security and threat hunting.


Durée Talks Speaker(s)
01/07 14:15-17:15 Elastic Stack for Security Monitoring in a Nutshell, (slides) Eva Szilagyi (Alzette Information Security), David Szili (Alzette Information Security)
01/07 14:15-17:15 Getting started with RUDDER: a devops solution for devsecops Benoît Peccatte (Rudder)


Durée Talks Speaker(s)
02/07 09:35-12:00 Let’s play CollTris - understand and exploit hash collisions, (slides) Ange Albertini
02/07 09:35-12:00 Introduction to Osquery, (slides) David Szili (Alzette Information Security)
02/07 14:00-17:00 Syslog-ng: getting started, parsing messages, storing in Elasticsearch, (slides) Peter Czanik (Balabit)
02/07 14:00-17:00 Unlocking secrets of the proxmark3 RDV4 Christian Herrmann ( Iceman ), Kevin Barker ( 0xFFFF )


Durée Talks Speaker(s)
03/07 09:35-12:00 Threat Hunting with OSSEC, (slides) Xavier Mertens
03/07 09:35-12:00 Configure WebSSO and Access Control with LemonLDAP::NG, (repo) Clément Oudot (Worteks)
03/07 14:00-17:00 Threat hunting with SELKS and Suricata Eric Leblond (Stamus Networks), Peter Manev (Stamus Networks)