Security

The theme Security is responsible to analyze and examine the question of whether security offensive (malware, reverse, pentest) or defensive (network, infrastructure, integrity, security model analysis) in relation to the notion of privacy and security on the internet (mobile, certificates, DDoS, PGP ...)

Room(s) used for this theme

Theme schedule

Monday 7 July 2014

Tuesday 8 July 2014

  • 09:30 - 10:10 Thwart DNS poisoners : secure DNS with DNSSEC

    en_US 40 mn Bortzmeyer Stéphane Room : 31 SC002 Professionnal Confirmed

    DNS poisoning attacks are one of the major threats on the security of DNS. However a solution has been designed many years ago, DNSSEC, which is deployed on the root and all the main TLDs. Around 10% of DNS users in the world use a DNSSEC (...)
  • 10:10 - 10:50 Haka : an open source security oriented language

    en_US 40 mn Mehdi Talbi Room : 31 SC002 Professionnal Confirmed

    HAKA is a framework which allows to define and apply security policies to network traffic. The objective is to have a powerfull, yet simple, language with high performance. This language can specify protocole, state machine and security rules (...)
  • 11:10 - 11:50 Suricata 2.0, Netfilter and the PRC

    en_US 40 mn Éric Leblond Room : 31 SC002 Professionnal Confirmed

    This talk goal is to show how you can use several security tools together to detect the specificities of some attacks. It will show in detail the way used to determine that a SSH attack method seems only be used from China located hosts to take (...)
  • 11:50 - 12:10 XP Snort feedback

    en_US 20 mn Christian Perez, Solange Gentil Room : 31 SC002 Professionnal Beginner

    This conference provides an experience feedback with Snort IDS and its software ecosystem in a french research center context.
  • 14:00 - 14:40 Software obfuscation : know your ennemy

    en_US 40 mn Eyrolles Ninon Room : 31 SC002 Professionnal Confirmed

    The general purpose of software obfuscation is to make analysis and comprehension of software code as difficult and expensive as possible, while keeping the original behavior of the program. Several tools exist and are frequently used, more or (...)
  • 14:40 - 15:20 Malware analysis based on a free toolbox

    en_US 40 mn Xavier Mertens Room : 31 SC002 Professionnal Confirmed

    Since a while, malwares have become a plague for private users as well as for businesses. Many commercial products are available to detect and analyze their behavior, but they are often unaffordable for small structures. Learn how it is (...)
  • 15:20 - 16:00 Past and future challenges for Tor

    fr_FR 40 mn Lunar Room : 31 SC002 Large people Confirmed

    Tor enables users to create anonymous connections and bypass censorship on the Internet. Tor is at the same time a piece of software, a network of relays made of more than 5,000 servers and a project pushed daily by around forty people. Tor has (...)
  • 16:20 - 17:00 Private and secure instant messaging

    fr_FR 40 mn Daniel ".koolfy" Faucon Room : 31 SC002 Large people Beginner

    We all have heard about NSA surveillance. Some have started encrypting their emails, anonymising their web traffic, finding their ways in Paris with a compas, or taking an appointment with their dentist using smoke signals. But what about (...)

Wednesday 9 July 2014

  • 09:30 - 10:10 LemonLDAP::NG, something new in SSO area

    en_US 40 mn OUDOT Clément Room : 31 SC002 Professionnal Confirmed

    LemonLDAP::NG is a Free Software dédicated to SSO and access control, used in numerous french administrations and other organizations. Developped since 10 years, it evolves constantly bringing new features at each version. The 1.2 version has (...)
  • 10:10 - 10:50 Mimikatz, a short journey inside the memory of the Windows Security service !

    en_US 40 mn Benjamin Delpy Room : 31 SC002 Professionnal Confirmed

    Mimikatz has been created in 2007 in order to study some Windows security components (and also in order for its creator to learn how to develop ;)). It allows to expose some security concepts and to better understand Windows internal behavior. (...)
  • 11:10 - 11:50 Web Security - a snapshot from W3C

    en_US 40 mn Virginie Galindo Room : 31 SC002 Geek Beginner

    This talk aim to provide with the audience an overview of the activities related to security happening in W3C. It will cover initiatives related to specific security features, such as web crypto API, Encrypted Media Extension API, CORS, but also (...)
  • 11:50 - 12:10 Race condition in WordPress plugin allows php remote code execution

    en_US 20 mn Antoine Cervoise Room : 31 SC002 Professionnal Confirmed

    After discovering an unofficial bug bounty program concerning some WordPress plugins, I have tried to discover some vulnerabilities in order to understand what is going on behind this program. During my study, I found an interesting and not (...)
  • 14:00 - 14:20 Visual impairment: its impact on security

    en_US 20 mn Sébastien Hinderer Room : 31 SC002 Professionnal Beginner accessibility

    The glance of a blind man on security...
  • 14:20 - 14:40 Manage password policy in OpenLDAP

    en_US 20 mn OUDOT Clément Room : 31 SC002 Professionnal Confirmed

    LDAP directories can manage password policy (expiration, complexity, brute-force attack prevention,...), this conference will present how to use it in OpenLDAP.
  • 14:40 - 15:20 Securing your webserver with YubiKey two-factor authentification

    en_US 40 mn Frank Hofmann Room : 31 SC002 Professionnal Master

    The YubiKey is a small token for two-factor authentification. It helps to secure the access to web-based information systems.
  • 15:20 - 15:40 Discover and use a YubiKey from Yubico

    fr_FR 20 mn Maxime de Roucy Room : 31 SC002 Large people Beginner

    A Yubikey is a usb device like a flash storage. This is an authentication device that aims to replace the system password commonly used on workstations and on the web. Recognized as a USB keyboard from the system on which it is connected, it can (...)
  • 15:40 - 16:20 Play with Crypto

    fr_FR 40 mn Ange Albertini Room : 31 SC002 Geek Beginner

    Cryptography is hard. I don't understand much about it, but that doesn't prevent me to have fun! So I'll just introduce some basic concepts, then I'll share a few crypto tricks. IMPORTANT : this talk will not be lived because (...)

Thursday 10 July 2014

  • 09:30 - 12:30 Atelier HAKA : un langage open source de sécurité réseau (Atelier / workshop)

    Room : 31 SC002 Confirmed

    This workshop is the exercise linked to the Haka talk done on Tuesday. You will be able to use Haka on previously recorded trafic pcap files. Haka is available as open source software on http://haka-security.org/
amarok apache archlinux arduino bitcoin blender creativecommons cernohl debian chamilo drupal elphel eZ Publish fedoraproject firefox gentoo gimp gnome gnu freebsd freeguppy gnuhealth haiku imagemagick inkscape jabber jenkins joomla kde knoppix lea-linux libreoffice linux mageia mandriva moodle mozilla openarena openbsd Open Street Map opensuse perl php pidgin plone postgresql python ruby rudder scribus spip thunderbird tomcat tryton typo3 ubuntu vlc wikipedia wordpress xfce xonotic