Achievements

Contributions

Here is a “living” list, certainly not exhaustive, of the contributions and interactions born from these moments of exchanges during our conferences.

• 2022:
  • code - Eric Leblond, after attending #pts22 Mickaël Salaün’s talk about Landlock, has added Landlock support to the Suricata code base. Thanks Eric for the code (+ merge requests) and for sharing the information!
  • speaker comeback - After starting their speaker journey (~) in our conference respectively during #RMLLSec2016 and #RMLLSec2017, Ivan Kwiatkowski came this year to deliver a brilliant Keynote and Romain Thomas to show us the huge progress of the LIEF capabilities, his security FLOSS project started 5 years earlier. We couldn’t be prouder than to see these two young yet so experienced security researchers return to the scene of their debut. Hats off!
  • IRL conference speaker debut - On the starter side, we are very pleased to have hosted the first IRL Security conference talk given by Claire Vacherot, Pierre Milioni and Hugo Vincent. Respectively for: Building on top of Scapy, Dissecting NTLM EPA & building a MitM proxy and Finding Java deserialization gadgets with CodeQL!
• 2019:
  • code - After attending Snyff (from Pentestlab) talk about JWT security during #PTS19, Clément Oudot fixed an issue about “None” algorithm verification in JWT in LemonLDAP::NG, the WebSSO product of which he is the lead developer :)
• 2018:
  • code - After putting RetDec developers and Radare2 devs in touch during 2018 edition of Pass the SALT, RetDec developers demontrates at r2con 2019 initial RetDec integration into Radare2.
• 2017:
  • code - Use of the Lief library in MISP by Raphaël Vinot (developer of the MISP project at CIRCL.LU among other things) after attending the Lief talk by Romain Thomas (Quarkslab) during the Security track.
  • sharing - ​​Peter Czanik will try to use Syslog-NG and MISP together after a discussion with Raphaël Vinot during the speakers’ dinner.
• 2016:
  • sharing - Let’s Encrypt through J.C. Jones provides the information that they use Qubes as the secure platform to do all ops on Let’s encrypt PKI. Great use case for a great product.
• 2015:
  • code - Paul Kocialkowski, developer of Replicant (Android full free) and embedded theme speaker, attended on Monday Lunar conference on reproducible builds in the Security track. On Wednesday, he started the development of the reproducible build support for the Replicant boot loader with the help of Lunar! Or how an initiative presented in the Security track can impact the Embedded area.
• 2014:
  • articles / presentations - encounter between Ange Albertini (reverser, jedi of file formats) and Philippe Teuwen (co Security track chairman). This gave a lot of work in common and exchanges in particular through the journal PoC or GTFO (The International Journal of Proof-of-Concept or Get The Fuck Out).
• 2013:
  • code - Clément Oudot’s contribution on LemonLDAP-NG implementing the support of Mozilla Persona / BrowserID following a presentation by François Marier (Mozilla) on Persona
  • code - development of a new feature in Syslog-NG following the presentation of Xavier Mertens on the investigation through notably logs.
• 2012:
  • code - development of a Nmap script by Henri Doreau to verify the existence of the vulnerability presented this year by Eric Leblond on Checkpoint and Netfilter firewalls. Henri also presented this year in the Security track and met Eric on this occasion.
• 2011:
  • presentation - first meeting IRL between Eric Leblond, Netfilter and Suricata developer, and Paul Rascagnères, reverser and threat analyst, who then gave in 2014 a talk together at hack.lu conference.

Speakers

Feedback from speakers

Speakers who came to Pass the SALT or RMLL Security Tracks

You will find below some of the speakers who came to Pass the SALT or/and to the RMLL Security tracks year after year.
Note that it is not a comprehensive list of the speakers who came to PTS and RMLL Sec tracks. The talks are not exhaustive neither, just given as examples of talks given by these speakers.

Thank so much for the trust from all of them (listed or not)! :

• Security at large:
  • Ivan Kwiatkowski (keynote about Ethics in cyberwar times),
  • Ange Albertini (keynote about connecting communities through paper ),
  • Frédéric Raynal (keynote about 20 years of Security).
• Free Software projects:
  • JB Kempf (VLC and Security),
  • Yves-Alexis Perez (Debian security team: behind the curtains),
• Offensive:
  • Orange Tsai (Hacking Jenkins!),
  • Ivan Kwiatkowski (Freedom Fighting Mode - Open Source Hacking Harness),
  • Eloi Benoist-Vanderbeken (Jailbreak detection mechanisms and how to bypass them ),
  • Antoine Cervoise (several talks, last: MobSF for pententration testers),
  • Benjamin Delpy (Mimikatz),
  • Clémentine Maurice (side channels attacks from browsers),
  • Mahé Tardy (kdigger: A Context Discovery Tool for Kubernetes Penetration Testing),
• Crypto/obfuscation:
  • Jean-Philippe Aumasson (open source crypto),
  • Ange Albertini (Kill MD5),
  • J.C. Jones (Let's Encrypt),
  • Werner Koch (GnuPG),
  • Romain Thomas (several talks, last: The Poor Man's Obfuscator),
  • Ninon Eyrolles (obfuscation, know your ennemy),
• Reverse and Low-Level:
  • Paul Rascagnères (several talks, last: workshop about malware analysis with Ghidra & x64dbg),
  • Damien Cauquil (several talks, last: Binbloom reloaded),
  • Ange Albertini (several talks about file formats among other things, last: Abusing archive-based file formats),
  • Ole André V. Ravnås and Sergi Alvarez aka pancake (r2frida better together),
  • Axelle Apvrille (Are there Spectre-based malware on your Android smartphone?),
  • Jakub Kroustek and Peter Matula (Machine-Code Analysis With Open-Source Decompiler RetDec),
  • Christian Herrmann (Unlocking secrets of the proxmark3 RDV4),
• Threat Intel and Incident Response:
  • Thomas Chopitea (several talks, among others: The story of Greendale, FIR),
  • Solal Jacob (several talks, last: TAPIR : Trustable Artifact Parser for Incident Response),
  • Alexandre Dulaunoy (several talks, last: D4 project),
  • Xavier Mertens (our most prolific speaker :), last: Improve your Malware Recipes with Cyberchef),
  • Raphaël Vinot (MISP),
• Network security and Secured communications:
  • Angèle Bossuat and Andrien Guinet (Mattermost End-to-End Encryption plugin ),
  • Eric Leblond (several Suricata and Netfilter talks, last: Write faster Suricata signatures easier with Suricata Language Server),
  • Pablo Neira Ayuso (Keynote: a 10 years journey in Linux firewalling, contracks tool for fault tolerant netfilter FW),
  • Sébastien Tricaud (IoT Honeypot, new types of attacks),
  • Stéphane Bortzmeyer (DNSSEC),
• OS and Containers:
  • Mickaël Salaün (Sandboxing your application with Landlock),
  • Peter Czanik (several talks, last: Sudo logs for blue teams),
  • Paul Kocialkowski (verified boot and FLOSS),
  • Marek Marczykowski-Górecki (QubesOS),
  • Jérôme Petazzoni (Docker security),
• Web and Cloud security:
  • François Marier (Mozilla Persona),
  • Clément Oudot (several talks, last: Hosting Identity in the Cloud with free softwares),
  • Julien Véhent (CloudSec @ Mozilla, Mig ...),
• Hardware:
  • Andrea Barisani (USB armory),
  • Antoine Cervoise (Open hardware for "physical" password attacks),
  • Raphaël Vinot (CIRClean),
  • Václav Zbránek (Turris Omnia router),
• Privacy:
  • Quinn Norton and Raphael Vinot (Lookyloo: A complete solution to investigate complex websites - with a decent UI),
  • Laurent Chemla (Caliopen and privacy metrics),
  • Sarah Dickinson (DNS & privacy),
  • Lunar (Tor, reproducible builds),
  • François Marier (Security and privacy on the Web),
  • Sva (PEP).