Browse Source

Tuesday

master
Skia 1 year ago
parent
commit
24bec880e2
12 changed files with 190 additions and 0 deletions
  1. +20
    -0
      Tuesday/00-traffic_filtering_at_scale.md
  2. +16
    -0
      Tuesday/01-performance_with_a_S_like_Security.md
  3. +11
    -0
      Tuesday/02-keynote:a_10_year_journey_in_Linux_firewalling.md
  4. +9
    -0
      Tuesday/03-full_packet_capture.md
  5. +52
    -0
      Tuesday/04-rumps.md
  6. +15
    -0
      Tuesday/05-Security_and_self-driving_computers.md
  7. +11
    -0
      Tuesday/06-Snuffleupagus.md
  8. +8
    -0
      Tuesday/07-VultureOS.md
  9. +10
    -0
      Tuesday/08-Clusterize_malware_dataset.md
  10. +13
    -0
      Tuesday/09-LemonLDAP::NG_2FA.md
  11. +12
    -0
      Tuesday/10-No_way,_JOSE.md
  12. +13
    -0
      Tuesday/11-Did_you_consider_using_2FA.md

+ 20
- 0
Tuesday/00-traffic_filtering_at_scale.md View File

@@ -0,0 +1,20 @@
# Traffic filtering at scale on Linux

## BPF (Berkley Packet Filter)
- Basically a presentation its implementation in Linux

## Performance analysis
- Show some tricks to generate a LOT of traffic, and show how the kernel handles it:
- Bash with netcat
- Some Python
- tcpreplay and a pcap
- pktgen
- Show some tricks to filter a lot of traffic from the receiver point of view:
- iptables' raw table
- XDP (eXtreme Drop Performance)
- kernel bypass (XDP driver, or directly on the NIC)


## Personal feeling
Interesting talk, showing a wide view of the networking stack.


+ 16
- 0
Tuesday/01-performance_with_a_S_like_Security.md View File

@@ -0,0 +1,16 @@
# Suricata Performance with a S like Security

Speaker has a beautiful French accent!

- Suricata is a signature based IDS
- Need of very high performance
- Showing some performance analysis
- Then we see a very complex performance problem
- Presenting the solutions:
- Some bypass during reconstruction: don't fully filter everything
- Some "Hipster" technos: eBDF, XDP
- Quite new, promising.

## Personal feeling
Nice first approach of Suricata. Looking forward for the workshop!


+ 11
- 0
Tuesday/02-keynote:a_10_year_journey_in_Linux_firewalling.md View File

@@ -0,0 +1,11 @@
# A 10 years journey in Linux firewalling

- Netfilter is a very wide range of pieces working together
- The speaker has an impressive CV on netfilter (starting in 2005)
- Elder userspace tools were too inconsistent, complicated, tough...
- Presentation of the new `nft` interface. Lot of nice features, looks far more user-friendly \o/
- Still some WIP for more advanced features, but already working for most cases

## Personal feeling
Cool guy with a very precise knowledge of the subject.


+ 9
- 0
Tuesday/03-full_packet_capture.md View File

@@ -0,0 +1,9 @@
# Full packet capture

- Far more convenient than logging in case of intrusion/pwning/etc...
- Getting timestamped pcap's searchable via Moloch
- Docker based solution for easy deployment without polluting the systems

## Personal feeling
This presented a nice and easy solution for Full Packet Capture, be it on an
internal network, or across the Internet.

+ 52
- 0
Tuesday/04-rumps.md View File

@@ -0,0 +1,52 @@
# Rumps

## Pass the Salt feedback from the team
- Coming from RMLL, after the decrease of technical security talks
- Bring communities together
- Lot of challenge, to launch a con like this from scratch

## Suriwire
- Suricata informations inside Wireshark
- Pretty nice!

## cURL
- Blazing fast talk. TL;DR: `man curl`

## Privacy
- How to store easily data with freedom, privacy, and security
- Build a community around the project MonkeyCodex

## OPS vs SECU
- Sysadmins vs Security team
- How to break the world

## Apology and confession for all the CVEs I created
- Self service password
- LDAP is complicated, PHP does not help, but the dev can be careful

## Automated package signing
- Tuleap guy
- HashiCorp Vault comes handy but does not support GPG
- A plugin exists to have the glue binding the things

## Feeding Your Bees
- TheHive: Security Incident Response for the Masses
- Email will never die!
- Poll IMAP to feed TheHive in a cron job

## Fun (or not) with C ABI
- ABI are complicated, and hard to interface with
- Solutions: libffi, dragonffi, that provide Python bindings for example
- `pip install pydffi`

## Story behind PTS goodies
- All SVGs and scripting for 3D printers










+ 15
- 0
Tuesday/05-Security_and_self-driving_computers.md View File

@@ -0,0 +1,15 @@
# Security and self-driving computers

- Computers update themselves
- No more humans involved
- Lets Encrypt's revolution
- LE integrates with Apache, but it was rough (config parsing and so...)
- Solution: `mod_md`, now in Apache upstream
- Add only one line to your Apache configuration and LE works automagically
- TL;DR, `mod_md` is secure, robust, resilient, and still very simple to use
- Should be secure enough, but: "A ship in harbor is safe, but that is not what ships are built for."
- Conclusion: HTTPS everywhere becomes a reality, and even if that doesn't help antimalware researchers, it's actually a very good thing in 2018

## Personal feeling
A clear and precise explanation on how `mod_md` works, how it was designed.
Very good speaker, with crystal clear sentences.

+ 11
- 0
Tuesday/06-Snuffleupagus.md View File

@@ -0,0 +1,11 @@
# Snuffleupagus

- Funny story about Wordpress, and pwning
- Everything is already secured everywhere in hosting companies, except the PHP interpreter
- Need to secure PHP applications without touching the PHP code
- Listing all the classes of bug (RCE, LFI, CSRF, Auth bypass, ...) and how to kill them with Snuffleupagus
- Already used in production for **big** websites

## Personal feeling
Very useful project, able to secure 3/4 of the web (the part using PHP).
Cool guys doing the talk, too, but that's not objective at all.

+ 8
- 0
Tuesday/07-VultureOS.md View File

@@ -0,0 +1,8 @@
# Vulture OS

- A reverse-proxy OS, combining, HAProxy, Apache module, httpd, Django, etc...
- Provides Applicative firewalling, Auth SSO, GeoIP blacklisting, and more!
- Embeds machine-learning to avoid humans intervention

## Personal feeling
Basically an explanation of their quite complex stack. Cool guys too.

+ 10
- 0
Tuesday/08-Clusterize_malware_dataset.md View File

@@ -0,0 +1,10 @@
# Clusterize malware dataset

- Automatically classify malware based on Yara rules and machine learning
- Describing quite theoretically the different ways to sort the dataset.
- Automated way to generate Yara rules at the end

## Personal feeling
Quite theoretical talk, with a not-that-dynamic speaker. Though, the research
work behind the talk was really interesting.


+ 13
- 0
Tuesday/09-LemonLDAP::NG_2FA.md View File

@@ -0,0 +1,13 @@
# LemonLDAP::NG 2 factors authentication

## Generalities on 2FA
- One-time password
- U2F, Yubikey

## LemonLDAP::NG
- SSO for French government
- Feature presentation, including screenshots of the admin pages
- Fusion IAM

## Personal feeling
Mostly informative talk, cool guys.

+ 12
- 0
Tuesday/10-No_way,_JOSE.md View File

@@ -0,0 +1,12 @@
# Lessons for authors and implementers of open standards

- JOSE: JSON Object S E
- Journey into writing a standard for using JSON in cryptography
- You better write a library than a standard
- Example of JSON, used as a base for the standard the speaker wrote
- Many problems with "standard" JSON, it's not standard, because no reference implementation, and not that precise standard
- Be careful when implementing cryptography!

## Personal feeling
As expected, mainly generalities and guidelines to write standards, based on his real-world experience.


+ 13
- 0
Tuesday/11-Did_you_consider_using_2FA.md View File

@@ -0,0 +1,13 @@
# Did you consider using 2FA?

- Password is a way to provide security
- Only Bob knows Bob's password: this statement is **NOT** true!
- Many password leaks everywhere
- Add a physical second factor if possible
- OTP: one-time password, retrieved by another mean
- Smartcard, with PIN and write-only private keys that can't be stolen
- Some explanation on FreeIPA protocol with various 2FA, and its features in latest version

## Personal feeling
At the same time technical and non-technical. Still mostly informative about
existing standards for 2FA.

Loading…
Cancel
Save