The theme Security is responsible to analyze and examine the question of whether security offensive (malware, reverse, pentest) or defensive (network, infrastructure, integrity, security model analysis) in relation to the notion of privacy and security on the internet (mobile, certificates, DDoS, PGP ...)

Room(s) used for this theme

Theme schedule

Monday 7 July 2014

Tuesday 8 July 2014

  • 09:30 - 10:10 Thwart DNS poisoners : secure DNS with DNSSEC

    en_US 40 mn Bortzmeyer Stéphane Room : 31 SC002 Professionnal Confirmed

    DNS poisoning attacks are one of the major threats on the security of DNS. However a solution has been designed many years ago, DNSSEC, which is deployed on the root and all the main TLDs. Around 10% of DNS users in the world use a DNSSEC (...)
  • 10:10 - 10:50 Haka : an open source security oriented language

    en_US 40 mn Mehdi Talbi Room : 31 SC002 Professionnal Confirmed

    HAKA is a framework which allows to define and apply security policies to network traffic. The objective is to have a powerfull, yet simple, language with high performance. This language can specify protocole, state machine and security rules (...)
  • 11:10 - 11:50 Suricata 2.0, Netfilter and the PRC

    en_US 40 mn Éric Leblond Room : 31 SC002 Professionnal Confirmed

    This talk goal is to show how you can use several security tools together to detect the specificities of some attacks. It will show in detail the way used to determine that a SSH attack method seems only be used from China located hosts to take (...)
  • 14:00 - 14:40 Software obfuscation : know your ennemy

    en_US 40 mn Eyrolles Ninon Room : 31 SC002 Professionnal Confirmed

    The general purpose of software obfuscation is to make analysis and comprehension of software code as difficult and expensive as possible, while keeping the original behavior of the program. Several tools exist and are frequently used, more or (...)
  • 14:40 - 15:20 Malware analysis based on a free toolbox

    en_US 40 mn Xavier Mertens Room : 31 SC002 Professionnal Confirmed

    Since a while, malwares have become a plague for private users as well as for businesses. Many commercial products are available to detect and analyze their behavior, but they are often unaffordable for small structures. Learn how it is (...)
  • 15:20 - 16:00 Past and future challenges for Tor

    fr_FR 40 mn Lunar Room : 31 SC002 Large people Confirmed

    Tor enables users to create anonymous connections and bypass censorship on the Internet. Tor is at the same time a piece of software, a network of relays made of more than 5,000 servers and a project pushed daily by around forty people. Tor has (...)

Wednesday 9 July 2014

  • 09:30 - 10:10 LemonLDAP::NG, something new in SSO area

    en_US 40 mn OUDOT Clément Room : 31 SC002 Professionnal Confirmed

    LemonLDAP::NG is a Free Software dédicated to SSO and access control, used in numerous french administrations and other organizations. Developped since 10 years, it evolves constantly bringing new features at each version. The 1.2 version has (...)
  • 10:10 - 10:50 Mimikatz, a short journey inside the memory of the Windows Security service !

    en_US 40 mn Benjamin Delpy Room : 31 SC002 Professionnal Confirmed

    Mimikatz has been created in 2007 in order to study some Windows security components (and also in order for its creator to learn how to develop ;)). It allows to expose some security concepts and to better understand Windows internal behavior. (...)
  • 11:50 - 12:10 Race condition in WordPress plugin allows php remote code execution

    en_US 20 mn Antoine Cervoise Room : 31 SC002 Professionnal Confirmed

    After discovering an unofficial bug bounty program concerning some WordPress plugins, I have tried to discover some vulnerabilities in order to understand what is going on behind this program. During my study, I found an interesting and not (...)
  • 14:20 - 14:40 Manage password policy in OpenLDAP

    en_US 20 mn OUDOT Clément Room : 31 SC002 Professionnal Confirmed

    LDAP directories can manage password policy (expiration, complexity, brute-force attack prevention,...), this conference will present how to use it in OpenLDAP.

Thursday 10 July 2014

  • 09:30 - 12:30 Atelier HAKA : un langage open source de sécurité réseau (Atelier / workshop)

    Room : 31 SC002 Confirmed

    This workshop is the exercise linked to the Haka talk done on Tuesday. You will be able to use Haka on previously recorded trafic pcap files. Haka is available as open source software on
amarok apache archlinux arduino bitcoin blender creativecommons cernohl debian chamilo drupal elphel eZ Publish fedoraproject firefox gentoo gimp gnome gnu freebsd freeguppy gnuhealth haiku imagemagick inkscape jabber jenkins joomla kde knoppix lea-linux libreoffice linux mageia mandriva moodle mozilla openarena openbsd Open Street Map opensuse perl php pidgin plone postgresql python ruby rudder scribus spip thunderbird tomcat tryton typo3 ubuntu vlc wikipedia wordpress xfce xonotic