Achievements

Contributions

Here is a “living” list, certainly not exhaustive, of the contributions and interactions born from these moments of exchanges during our conferences.

• 2022:
  • code - Eric Leblond, after attending #pts22 Mickaël Salaün’s talk about Landlock, has added Landlock support to the Suricata code base. Thanks Eric for the code (+ merge requests) and for sharing the information!
  • speaker comeback - After starting their speaker journey (~) in our conference respectively during #RMLLSec2016 and #RMLLSec2017, Ivan Kwiatkowski came this year to deliver a brilliant Keynote and Romain Thomas to show us the huge progress of the LIEF capabilities, his security FLOSS project started 5 years earlier. We couldn’t be prouder than to see these two young yet so experienced security researchers return to the scene of their debut. Hats off!
  • IRL conference speaker debut - On the starter side, we are very pleased to have hosted the first IRL Security conference talk given by Claire Vacherot, Pierre Milioni and Hugo Vincent. Respectively for: Building on top of Scapy, Dissecting NTLM EPA & building a MitM proxy and Finding Java deserialization gadgets with CodeQL!
• 2019:
  • code - After attending Snyff (from Pentestlab) talk about JWT security during #PTS19, Clément Oudot fixed an issue about “None” algorithm verification in JWT in LemonLDAP::NG, the WebSSO product of which he is the lead developer :)
• 2018:
  • code - After putting RetDec developers and Radare2 devs in touch during 2018 edition of Pass the SALT, RetDec developers demontrates at r2con 2019 initial RetDec integration into Radare2.
• 2017:
  • code - Use of the Lief library in MISP by Raphaël Vinot (developer of the MISP project at CIRCL.LU among other things) after attending the Lief talk by Romain Thomas (Quarkslab) during the Security track.
  • sharing - ​​Peter Czanik will try to use Syslog-NG and MISP together after a discussion with Raphaël Vinot during the speakers’ dinner.
• 2016:
  • sharing - Let’s Encrypt through J.C. Jones provides the information that they use Qubes as the secure platform to do all ops on Let’s encrypt PKI. Great use case for a great product.
• 2015:
  • code - Paul Kocialkowski, developer of Replicant (Android full free) and embedded theme speaker, attended on Monday Lunar conference on reproducible builds in the Security track. On Wednesday, he started the development of the reproducible build support for the Replicant boot loader with the help of Lunar! Or how an initiative presented in the Security track can impact the Embedded area.
• 2014:
  • articles / presentations - encounter between Ange Albertini (reverser, jedi of file formats) and Philippe Teuwen (co Security track chairman). This gave a lot of work in common and exchanges in particular through the journal PoC or GTFO (The International Journal of Proof-of-Concept or Get The Fuck Out).
• 2013:
  • code - Clément Oudot’s contribution on LemonLDAP-NG implementing the support of Mozilla Persona / BrowserID following a presentation by François Marier (Mozilla) on Persona
  • code - development of a new feature in Syslog-NG following the presentation of Xavier Mertens on the investigation through notably logs.
• 2012:
  • code - development of a Nmap script by Henri Doreau to verify the existence of the vulnerability presented this year by Eric Leblond on Checkpoint and Netfilter firewalls. Henri also presented this year in the Security track and met Eric on this occasion.
• 2011:
  • presentation - first meeting IRL between Eric Leblond, Netfilter and Suricata developer, and Paul Rascagnères, reverser and threat analyst, who then gave in 2014 a talk together at hack.lu conference.

Speakers

Feedback from speakers

Speakers who came to Pass the SALT or RMLL Security Tracks

You will find below some of the speakers who came to Pass the SALT or/and to the RMLL Security tracks year after year.
Note that it is not a comprehensive list of the speakers who came to PTS and RMLL Sec tracks. The talks are not exhaustive neither, just given as examples of talks given by these speakers.

Thank so much for the trust from all of them (listed or not)! :

• Free Software projects:
  • JB Kempf (VLC and Security),
  • Yves-Alexis Perez (Debian security team: behind the curtains),
• Offensive:
  • Orange Tsai (Hacking Jenkins!),
  • Ivan Kwiatkowski (Freedom Fighting Mode - Open Source Hacking Harness),
  • Antoine Cervoise (CMS pentest),
  • Benjamin Delpy (Mimikatz),
  • Clémentine Maurice (side channels attacks from browsers),
• Crypto/obfuscation:
  • Ange Albertini (Kill MD5, playing with crypto),
  • Jean-Philippe Aumasson (open source crypto),
  • Ninon Eyrolles (obfuscation, know your ennemy),
  • J.C. Jones (Let's Encrypt),
  • Werner Koch (GnuPG),
• Reverse and Low-Level:
  • Christian Herrmann (Unlocking secrets of the proxmark3 RDV4),
  • Paul Rascagnères (reverse with OSS),
  • Ole André V. Ravnås and Sergi Alvarez aka pancake (r2frida better together),
  • Axelle Apvrille (Are there Spectre-based malware on your Android smartphone?),
  • Jakub Kroustek and Peter Matula (Machine-Code Analysis With Open-Source Decompiler RetDec),
• Threat Intel and Incident Response:
  • Thomas Chopitea (The story of Greendale, FIR),
  • Alexandre Dulaunoy (CVE search, how to build an open threat intelligence sharing standard, D4 project
  • Xavier Mertens (a lot of talks and workshops about "your logs are my data ..." topic),
  • Raphaël Vinot (MISP),
• Network security :
  • Stéphane Bortzmeyer (DNSSEC),
  • Eric Leblond (several Suricata and Netfilter talks),
  • Pablo Neira Ayuso (Keynote: a 10 years journey in Linux firewalling, contracks tool for fault tolerant netfilter FW),
  • Sébastien Tricaud (IoT Honeypot, new types of attacks),
• OS and Containers:
  • Peter Czanik (several venues, last one about Making sens about your security logs with Syslog-NG),
  • Paul Kocialkowski (verified boot and FLOSS),
  • Marek Marczykowski-Górecki (QubesOS),
  • Jérôme Petazzoni (Docker security),
• Web and Cloud security:
  • François Marier (Mozilla Persona),
  • Clément Oudot (LemonLDAP::NG, OpenID Connect ...),
  • Julien Véhent (CloudSec @ Mozilla, Mig ...),
• Hardware:
  • Andrea Barisani (USB armory),
  • Antoine Cervoise (Open hardware for "physical" password attacks),
  • Raphaël Vinot (CIRClean),
  • Václav Zbránek (Turris Omnia router),
• Privacy:
  • Quinn Norton and Raphael Vinot (Lookyloo: A complete solution to investigate complex websites - with a decent UI),
  • Laurent Chemla (Caliopen and privacy metrics),
  • Sarah Dickinson (DNS & privacy),
  • Lunar (Tor, reproducible builds),
  • François Marier (Security and privacy on the Web),
  • Sva (PEP),
• Security at large:
  • Ange Albertini (keynote about connecting communities through paper ),
  • Frédéric Raynal (keynote about 20 years of Security).