A quick wrap-up of my visit yesterday to the 7th edition of the RSSIL (“Rencontres Solutions Securité et Informatique Libre“) in Maubeuge (north of France). This is a very small event compared to major organizations like the BlackHat, HITB & co but it’s very well organized by a team of extremely motivated people. That’s the most important! Since my last visit two years ago, they still increased the quality. Their goal is to promote information security in the north of France and, this is important to be notified, they are sponsored by the local authorities. So the event is free for everybody!
This a two-days event. The Saturday is dedicated to stands of local associations, user groups and companies which are active in the security and/or free software landscape. Talks are also presented all day long. To increase the event visibly, a local FM radio (Canal FM) installed a temporary studio and performed interviews of hackers.
Here is the very quick review of the talks I followed:
- “Bugtraq” presented by Christian Gonzales Sagarra. I was not aware of this new Linux pentesting & forensic distribution similar to the well-known BackTrack. One of the main differences? Tools are not installed/enabled by default. You have to install them when needed and a big control panel shows you the status of the running/installed tools. The distribution comes with all the classic tools but the authors also added their own tools:
- Bugtrak Spider SQL
- MD5 Search Beta
- Logs Remover
- “Ethical Hacking: Risks & Legal Solutions” presented by Raphael Rault, a lawyer specialized in “digital cases”. This was a good review of the risks associated to performing ethical hacking. But also what must achieve organizations which collect & process personal data (of course with a focus on the French laws).
- “Plagiarism Detection” by Anthony Desnos from virustotal.com. He explained why it’s important to have tools to detect plagiarism. One of his examples was based on the Android marked where plenty of applications are often stolen, modified (to add malicious code) and re-uploaded. After a presentation of the Kolmogorov complexity algorithm, he presented the tool ‘elsim‘ which implements it and allow the detection of similarities between documents, binaries, …
I was invited to talk about OSSEC and gave my presentation “All Your Logs Are Belong To You“. A round-table was also organized with hackers and bloggers about “Hacking & Information Security : Totally incompatible?“. Some questions which were discussed:
- May security professionals refuse to work for specific customers for ethical or political reasons?
- May a security professional by also an “hacktivist”?
- Why is the amount of students in information security so low in France?
- Why are real security professionals so hard to hire?
In parallel to the conferences, an ethical hacking challenge (“Hacknowledge“) was organized between 08:00PM – 08:00AM. Nice price for the winning team: a trip to Las-Vegas to attend DEFCON!
A funny story to conclude this wrap-up? The captive portal to connect to the local wireless network did not check the credentials during a few hours and accepted any login/password
I had to leave early to keep the balance between my family and (online|security|blogger) lives but next year I’ll stay longer (Seb, promis! )