who

• conference in Luxemburg
• about 300 (at least I think) attendees
• lots of talks but also workshops

Workshops

• Introduction to Bro Security Monitoring

  • perhaps interesting building our SIEM
  • Bro is not Snort
  • it is the backend for building the SIEM
  • on top you can have ELK stack
  • cool stuff: Bro has an event-drive scripting language
  • syslog/syslog-ng/etc. integration
  • VM is already available to play with

• Finding vulnerabilities with modern fuzzing techniques

  • we don’t really need this
  • but that guy had really cool tipps regarding AFL
  • slides and VM also available if desired

• How to analyze the behaviour of malware traffic

  • real-life examples of connection PCAP of known malware
  • intersting tipps regarding Wireshark
  • was fun to analyze the PCAPs and kind of deduce what was going at a specific time point

• Practical Docker security workshop

  • this was definitely not one of those 101 introductions
  • a lot of interesting tipps how to
    • secure docker containers
    • isolate container (network segmentation)
  • I’ll put together some best practices sheet ASAP
  • I’ll also talk to Cloud team to see what can be put in practice

Talks

These is the talks list I can recommend:

• The Science Behind Social Engineering And An Effective Security Culture - E. Nicaise

• The Snake Keeps Reinventing Itself - Jean-Ian Boutin and Matthieu Faou

  • it’s about Turla

• What The Fax?! - Eyal Itkin and Yaniv Balmas

  • really funny talk
  • you may think that fax is not exploitable
  • the amount of research these guys put in is incredible

All talks (and also a bunch of other ones at several conferences) can be found here: https://www.youtube.com/channel/UCI6B0zYvK-7FdM0Vgh3v3Tg/videos