Abstract:
This talk will give a retrospective overview of big vulnerabilities disclosed in 2014: goto fail, Heartbleed, Rosetta Flash, Shellshock, POODLE, Sandworm. Every vulnerability will be accompanied by basic information, brief technical description and associated exploitation methods.
Bio:
Miroslav Štampar is working as an IT Security Advisor at Croatian Government’s CERT, part of Information Systems Security Bureau (ZSIS). He is one of sqlmap authors, open source project for automated detection and exploitation of SQL injection vulnerabilities.
Posted in talk | No Comments »
Abstract:
We live in society, where we know can’t trust each other. After Snowden disclosures about NSA, we know it’s hard to build systems we can trust. Jaka will show how can you build secure, source-code verifiable and fully deterministic linux system based on nixos. Later he will show how this can be used to deploy secure voting systems.
Bio:
Jaka Hudoklin is fullstack hacker and software developer in javascript, python, go, c, nix and more, with experiences in web technologies, system provisioning, embedded devices and security. In his free time he hacks stuff, like GSM networks.
Posted in talk | No Comments »
Abstract:
StackStorm is an open-source platform for integration and automation across services and tools, taking actions in response to events (sometimes called IFTTT for operations). In this presentation I will show how to simplify system administrator’s life by using StackStorm to perform automated security scanning of the servers and remediation in the cloud.
We will have a look at how to set up StackStorm to continuously scan your cloud infrastructure for rogue services, rootkits and breaches. The remediation step will include isolating a server / putting it in a lock-down mode, collecting additional context and forensic evidence (files, hashes, running processes, etc.) and notifying the administrators of the incident.
After the presentation, you will have a good idea of how to connect and integrate StackStorm together with services such as Amazon EC2 and “common” Linux tools such as netstat, tcpdump, chkrootkit, rkhunter and iptables.
Bio:
Tomaž Muraus is a software engineer at StackStorm where he is helping to build the product. Tomaz previously worked at Cloudkick, Rackspace and DivvyCloud where he was building and operating highly performant and highly available distributed systems. His latest work at Rackspace includes Service Registry, an API-driven cloud service which allows users to react to changes faster and build highly-available and decoupled applications and services. Tomaz is a big supporter and proponent of open systems and open-source software. He has started, participated in development and contributed to many different open-source projects. Additionally, he is a project chair and main developer of Apache Libcloud, an open-source project that deals with cloud interoperability.
Posted in talk | 2 Comments »