Achievements

Contributions

Here is a “living” list, certainly not exhaustive, of the contributions and interactions born from these moments of exchanges during our conferences.

• 2024:
  • code - Quentin JEROME, during his talk about Kunaï, has received a feature request about logs rotation. He announced, only 15 days after, that this feature has been implemented!
  • code - Quentin implemented a second proposal done during the event, by @regiteric this time, about Community ID - Congrats Quentin 👏 and thanks for the notifications 🙏
  • code - Yves Rutschle, after attending #pts22 Mickaël Salaün’s talk about Landlock, has added Landlock support to his project sslh in version 2.1.0. Thanks Yves and congrats for this implementation!
• 2023:
  • idea/code - Alexandre Dulaunoy from CIRCL, decided to add OpenWRT images to CIRCL’s Hashlookup service and Free Software according to a suggestion given by Eloïse Brocas during the Q/A session of the Hashlookup talk.
• 2022:
  • code - Eric Leblond, after attending #pts22 Mickaël Salaün’s talk about Landlock, has added Landlock support to the Suricata code base. Thanks Eric for the code (+ merge requests) and for sharing the information!
  • speaker comeback - After starting their speaker journey (~) in our conference respectively during #RMLLSec2016 and #RMLLSec2017, Ivan Kwiatkowski came this year to deliver a brilliant Keynote and Romain Thomas to show us the huge progress of the LIEF capabilities, his security FLOSS project started 5 years earlier. We couldn’t be prouder than to see these two young yet so experienced security researchers return to the scene of their debut. Hats off!
  • IRL conference speaker debut - On the starter side, we are very pleased to have hosted the first IRL Security conference talk given by Claire Vacherot, Pierre Milioni and Hugo Vincent. Respectively for: Building on top of Scapy, Dissecting NTLM EPA & building a MitM proxy and Finding Java deserialization gadgets with CodeQL!
• 2019:
  • code - After attending Snyff (from Pentestlab) talk about JWT security during #PTS19, Clément Oudot fixed an issue about “None” algorithm verification in JWT in LemonLDAP::NG, the WebSSO product of which he is the lead developer :)
• 2018:
  • code - After putting RetDec developers and Radare2 devs in touch during 2018 edition of Pass the SALT, RetDec developers demontrates at r2con 2019 initial RetDec integration into Radare2.
• 2017:
  • code - Use of the Lief library in MISP by Raphaël Vinot (developer of the MISP project at CIRCL.LU among other things) after attending the Lief talk by Romain Thomas (Quarkslab) during the Security track.
  • sharing - ​​Peter Czanik will try to use Syslog-NG and MISP together after a discussion with Raphaël Vinot during the speakers’ dinner.
• 2016:
  • sharing - Let’s Encrypt through J.C. Jones provides the information that they use Qubes as the secure platform to do all ops on Let’s encrypt PKI. Great use case for a great product.
• 2015:
  • code - Paul Kocialkowski, developer of Replicant (Android full free) and embedded theme speaker, attended on Monday Lunar conference on reproducible builds in the Security track. On Wednesday, he started the development of the reproducible build support for the Replicant boot loader with the help of Lunar! Or how an initiative presented in the Security track can impact the Embedded area.
• 2014:
  • articles / presentations - encounter between Ange Albertini (reverser, jedi of file formats) and Philippe Teuwen (co Security track chairman). This gave a lot of work in common and exchanges in particular through the journal PoC or GTFO (The International Journal of Proof-of-Concept or Get The Fuck Out).
• 2013:
  • code - Clément Oudot’s contribution on LemonLDAP-NG implementing the support of Mozilla Persona / BrowserID following a presentation by François Marier (Mozilla) on Persona
  • code - development of a new feature in Syslog-NG following the presentation of Xavier Mertens on the investigation through notably logs.
• 2012:
  • code - development of a Nmap script by Henri Doreau to verify the existence of the vulnerability presented this year by Eric Leblond on Checkpoint and Netfilter firewalls. Henri also presented this year in the Security track and met Eric on this occasion.
• 2011:
  • presentation - first meeting IRL between Eric Leblond, Netfilter and Suricata developer, and Paul Rascagnères, reverser and threat analyst, who then gave in 2014 a talk together at hack.lu conference.

Speakers

Feedback from speakers

Speakers who came

You will find below some of the speakers who came to Pass the SALT or/and to the RMLL Security tracks year after year. Note that it is not a comprehensive list of the speakers who came to PTS and RMLL Sec tracks, just a short list of them. The talks are not exhaustive neither, just given as examples of talks given by these speakers.

Thank so much for the trust from all of them (listed or not)!

• All talks are available on:
  • our archives web site: all slides and raw video files for both Pass the SALT and RMLL Security tracks,
  • our Ubicast video portal: Pass the SALT talks videos only, powered by a full featured video player.

• Security at large:
  • Clémentine Maurice (keynote about Reproducible Research in Micro-architecture Security (and Beyond)),
  • Ivan Kwiatkowski (keynote about Ethics in Cyberwar, closing talk about Why cyberoffense will never be regulated),
  • Ange Albertini (keynote about connecting communities through paper,
  • Frédéric Raynal (keynote about 20 years of Security),
  • JB Kempf (VLC and Security),
  • Yves-Alexis Perez (Debian security team: behind the curtains).

• Offensive:
  • Orange Tsai (Hacking Jenkins!),
  • Ivan Kwiatkowski (Freedom Fighting Mode - Open Source Hacking Harness),
  • Eloi Benoist-Vanderbeken (Jailbreak detection mechanisms and how to bypass them),
  • Antoine Cervoise (several talks, one among them: MobSF for pententration testers),
  • Benjamin Delpy (Mimikatz),
  • Clémentine Maurice (Side channels attacks from browsers),
  • Mahé Tardy(kdigger: A Context Discovery Tool for Kubernetes Penetration Testing).

• Crypto/obfuscation:
  • Aaron Gabble (How to revoke and replace 400M certificates without breaking Internet) ,
  • Philippe Boneff (Certificate Transparency in 2024) ,
  • Angèle Bossuat and Andrien Guinet (Mattermost End-to-End Encryption plugin) ,
  • Jean-Philippe Aumasson (Open source crypto),
  • Ange Albertini ([Kill MD5]“https://2019.pass-the-salt.org/talks/91.html",
  • J.C. Jones (Let’s Encrypt),
  • Werner Koch (GnuPG),
  • Romain Thomas (several talks, one among them: The Poor Man’s Obfuscator).

• Reverse and Low-Level:
  • Gabrielle Viala (For Science! - Using an Unimpressive Bug in EDK II To Do Some Fun Exploitation),
  • Francisco Falcon (Vulnerabilities in the TPM 2.0 reference implementation code),
  • Paul Rascagnères (several talks, one among them: workshop about malware analysis with Ghidra & x64dbg),
  • Damien Cauquil (several talks, one among them: Binbloom reloaded),
  • Ange Albertini (several talks about file formats among other things, one among them: ),
  • Ole André V. Ravnås and Sergi Alvarez aka pancake (R2Frida),
  • Axelle Apvrille (Are there Spectre-based malware on your Android smartphone?),
  • Jakub Kroustek and Peter Matula (Machine-Code Analysis With Open-Source Decompiler RetDec),
  • Christian Herrmann (Unlocking secrets of the proxmark3 RDV4).

• Threat Intel and Incident Response:
  • Alexandre Dulaunoy (several talks, one among them: How to Secure Your Software Supply Chain and Speed-Up DFIR with Hashlookup) ,
  • Thomas Chopitea (several talks, among others: The story of Greendale, Yeti, toward Forensics Intel Platform with Sébastien Larienier) ,
  • Solal Jacob (several talks, one among them: TAPIR: Trustable Artifact Parser for Incident Response) ,
  • Xavier Mertens (our most prolific speaker :), last talk: Improve your Malware Recipes with Cyberchef) ,
  • Raphaël Vinot (Analyse your weird URLs the easy way) ,

• Network security and Secured communications:
  • Eric Leblond (several Suricata and Netfilter talks, one among them: Using Suricata to detect lateral movement in Windows environment) ,
  • Clément Notin (Decrypt Kerberos/NTLM “encrypted stub data” in Wireshark) ,
  • Pablo Neira Ayuso (Keynote: a 10 years journey in Linux firewalling, contracks tool for fault tolerant netfilter FW) ,
  • Sébastien Tricaud (IoT Honeypot, new types of attacks ,
  • Stéphane Bortzmeyer (DNSSEC) ,

• OS and Containers:
  • Peter Czanik (several talks, one among them: Syslog-ng 4.0 – where log management is heading) ,
  • Mickaël Salaün (Sandboxing your application with Landlock) ,
  • Paul Kocialkowski (verified boot and FLOSS) ,
  • Marek Marczykowski-Górecki (QubesOS) ,
  • Jérôme Petazzoni (Docker security) ,

• Web and Cloud security:
  • Clément Oudot (several talks, one among them: Hosting Identity in the Cloud with free softwares) ,
  • Julien Véhent (CloudSec @ Mozilla, MIG …) ,
  • François Marier (Mozilla Persona) ,

• Hardware:
  • Andrea Barisani (USB armory) ,
  • Antoine Cervoise (Open hardware for physical password attacks) ,
  • Raphaël Vinot (CIRClean) ,
  • Václav Zbránek (Turris Omnia router) ,

• Privacy:
  • Quinn Norton and Raphael Vinot (Lookyloo: A complete solution to investigate complex websites - with a decent UI) ,
  • Laurent Chemla (Caliopen and privacy metrics) ,
  • Sarah Dickinson (DNS & privacy),
  • Lunar (Tor, reproducible builds) ,
  • François Marier (Security and privacy on the Web) ,
  • Sva (PEP).