Achievements
Contributions
Here is a “living” list, certainly not exhaustive, of the contributions and interactions born from these moments of exchanges during our conferences.
- 2024:
- code - Yves Rutschle, after attending #pts22 Mickaël Salaün’s talk about Landlock, has added Landlock support to his project sslh in version 2.1.0. Thanks Yves and congrats for this implementation!
- 2023:
- idea/code - Alexandre Dulaunoy from CIRCL, decided to add OpenWRT images to CIRCL’s Hashlookup service and Free Software according to a suggestion given by Eloïse Brocas during the Q/A session of the Hashlookup talk.
- 2022:
- code - Eric Leblond, after attending #pts22 Mickaël Salaün’s talk about Landlock, has added Landlock support to the Suricata code base. Thanks Eric for the code (+ merge requests) and for sharing the information!
- speaker comeback - After starting their speaker journey (~) in our conference respectively during #RMLLSec2016 and #RMLLSec2017, Ivan Kwiatkowski came this year to deliver a brilliant Keynote and Romain Thomas to show us the huge progress of the LIEF capabilities, his security FLOSS project started 5 years earlier. We couldn’t be prouder than to see these two young yet so experienced security researchers return to the scene of their debut. Hats off!
- IRL conference speaker debut - On the starter side, we are very pleased to have hosted the first IRL Security conference talk given by Claire Vacherot, Pierre Milioni and Hugo Vincent. Respectively for: Building on top of Scapy, Dissecting NTLM EPA & building a MitM proxy and Finding Java deserialization gadgets with CodeQL!
- 2019:
- code - After attending Snyff (from Pentestlab) talk about JWT security during #PTS19, Clément Oudot fixed an issue about “None” algorithm verification in JWT in LemonLDAP::NG, the WebSSO product of which he is the lead developer :)
- 2018:
- code - After putting RetDec developers and Radare2 devs in touch during 2018 edition of Pass the SALT, RetDec developers demontrates at r2con 2019 initial RetDec integration into Radare2.
- 2017:
- code - Use of the Lief library in MISP by Raphaël Vinot (developer of the MISP project at CIRCL.LU among other things) after attending the Lief talk by Romain Thomas (Quarkslab) during the Security track.
- sharing - Peter Czanik will try to use Syslog-NG and MISP together after a discussion with Raphaël Vinot during the speakers’ dinner.
- 2016:
- sharing - Let’s Encrypt through J.C. Jones provides the information that they use Qubes as the secure platform to do all ops on Let’s encrypt PKI. Great use case for a great product.
- 2015:
- code - Paul Kocialkowski, developer of Replicant (Android full free) and embedded theme speaker, attended on Monday Lunar conference on reproducible builds in the Security track. On Wednesday, he started the development of the reproducible build support for the Replicant boot loader with the help of Lunar! Or how an initiative presented in the Security track can impact the Embedded area.
- 2014:
- articles / presentations - encounter between Ange Albertini (reverser, jedi of file formats) and Philippe Teuwen (co Security track chairman). This gave a lot of work in common and exchanges in particular through the journal PoC or GTFO (The International Journal of Proof-of-Concept or Get The Fuck Out).
- 2013:
- code - Clément Oudot’s contribution on LemonLDAP-NG implementing the support of Mozilla Persona / BrowserID following a presentation by François Marier (Mozilla) on Persona
- code - development of a new feature in Syslog-NG following the presentation of Xavier Mertens on the investigation through notably logs.
- 2012:
- code - development of a Nmap script by Henri Doreau to verify the existence of the vulnerability presented this year by Eric Leblond on Checkpoint and Netfilter firewalls. Henri also presented this year in the Security track and met Eric on this occasion.
- 2011:
- presentation - first meeting IRL between Eric Leblond, Netfilter and Suricata developer, and Paul Rascagnères, reverser and threat analyst, who then gave in 2014 a talk together at hack.lu conference.
Speakers
Feedback from speakers
Speakers who came to Pass the SALT or RMLL Security Tracks
You will find below some of the speakers who came to Pass the SALT or/and to the RMLL Security tracks year after year.
Note that it is not a comprehensive list of the speakers who came to PTS and RMLL Sec tracks. The talks are not exhaustive neither, just given as examples of talks given by these speakers.
Thank so much for the trust from all of them (listed or not)! :
- Security at large:
- Clémentine Maurice (keynote about Reproducible Research in Micro-architecture Security (and Beyond)),
- Ivan Kwiatkowski (keynote about Ethics in cyberwar times, closing talk about Why cyberoffense will never be regulated),
- Ange Albertini (keynote about connecting communities through paper ),
- Frédéric Raynal (keynote about 20 years of Security).
- Free Software projects:
- Offensive:
- Orange Tsai (Hacking Jenkins!),
- Ivan Kwiatkowski (Freedom Fighting Mode - Open Source Hacking Harness),
- Eloi Benoist-Vanderbeken (Jailbreak detection mechanisms and how to bypass them ),
- Antoine Cervoise (several talks, last: MobSF for pententration testers),
- Benjamin Delpy (Mimikatz),
- Clémentine Maurice (side channels attacks from browsers),
- Mahé Tardy (kdigger: A Context Discovery Tool for Kubernetes Penetration Testing),
- Crypto/obfuscation:
- Jean-Philippe Aumasson (open source crypto),
- Ange Albertini (Kill MD5),
- J.C. Jones (Let's Encrypt),
- Werner Koch (GnuPG),
- Romain Thomas (several talks, last: The Poor Man's Obfuscator),
- Ninon Eyrolles (obfuscation, know your ennemy),
- Reverse and Low-Level:
- Gabrielle Viala (For Science! - Using an Unimpressive Bug in EDK II To Do Some Fun Exploitation),
- Francisco Falcon (Vulnerabilities in the TPM 2.0 reference implementation code),
- Paul Rascagnères (several talks, last: workshop about malware analysis with Ghidra & x64dbg),
- Damien Cauquil (several talks, last: Binbloom reloaded),
- Ange Albertini (several talks about file formats among other things, last: Abusing archive-based file formats),
- Ole André V. Ravnås and Sergi Alvarez aka pancake (r2frida better together),
- Axelle Apvrille (Are there Spectre-based malware on your Android smartphone?),
- Jakub Kroustek and Peter Matula (Machine-Code Analysis With Open-Source Decompiler RetDec),
- Christian Herrmann (Unlocking secrets of the proxmark3 RDV4),
- Threat Intel and Incident Response:
- Thomas Chopitea (several talks, among others: The story of Greendale, FIR),
- Solal Jacob (several talks, last: TAPIR : Trustable Artifact Parser for Incident Response),
- Alexandre Dulaunoy (several talks, last: How to Secure Your Software Supply Chain and Speed-Up DFIR with Hashlookup),
- Xavier Mertens (our most prolific speaker :), last: Improve your Malware Recipes with Cyberchef),
- Raphaël Vinot (Analyse your weird URLs the easy way),
- Network security and Secured communications:
- Clément Notin (Decrypt Kerberos/NTLM “encrypted stub data” in Wireshark),
- Angèle Bossuat and Andrien Guinet (Mattermost End-to-End Encryption plugin ),
- Eric Leblond (several Suricata and Netfilter talks, last: Using Suricata to detect lateral movement in Windows environment r),
- Pablo Neira Ayuso (Keynote: a 10 years journey in Linux firewalling, contracks tool for fault tolerant netfilter FW),
- Sébastien Tricaud (IoT Honeypot, new types of attacks),
- Stéphane Bortzmeyer (DNSSEC),
- OS and Containers:
- Web and Cloud security:
- François Marier (Mozilla Persona),
- Clément Oudot (several talks, last: Hosting Identity in the Cloud with free softwares),
- Julien Véhent (CloudSec @ Mozilla, Mig ...),
- Hardware:
- Privacy: