[CONFERENCE] RandoriSec and friends: Enlarge your toolkit!

By Davy Douhine | June 10, 2020

Two months ago, we organized a small free online security conference. During this event, 6 talks covering different areas (mobile security, SWIFT CSP, security automation and Incident Response) were delivered. The talks are available in our Youtube channel. The event went pretty well with an average of 30 participants but unfortunately for non french speaking people it was in french…

So here we are again but this time all talks will be in english and with some hands on!!!

We had a few names in mind for this event. As this conference will talk about tools so we had an obvious “The Tooling Workshop” but too classic. “The Tooling Date” was also a proposal alongside with the “Automate all the things” because like you’ll see the talks will be a lot about automation. But we finally choose the “Enlarge your toolkit” because this is all that matters, right? ;)

The topics covered during this conference will be about cloud forensics, automating mobile app security assessments and web app scanning and finally incident reponse. Each session will start by a 30 minutes talk followed by an interactive demo of one or more tools. Interactive in the way that people will be able to ask questions and the presenter will answer and show on screen in real time.


Registration is free but limited to 50 seats for each session. So hurry up!!!


Here is the schedule :


Session June 19: Tools for Cloud Examination

The world-renowned Turbulent Airflow Alliance is back with their “cyb3r $k1lLz” and have launched a blusterous attack against Greendale Polytechnique’s new cloud infrastructure. Their motive? Airflow should never be controlled and always free. This presentation is sure to be a waft of fresh knowledge to your cloud DFIR toolkit. Greendale turns once again to a tested group of cyber specialists to weather the storm. Attendees will get a breath of fresh air into how to handle the new complexities of cloud acquisition and investigation across multiple environments with open source tools.


Session June 26: Automating Mobile App Assessments

Mobile Applications are increasingly complex with the evolutions of different frameworks (React Native, Cordova, Xamarin, etc.) and the increased reliance on 3rd party dependencies. The presentation will dive into one of the challenges of automating mobile applications assessments, which is 3rd party dependency review . We will dig into vulnerability database quality, lack of support transitive dependencies and the impact on the security of mobile applications. We will finally discuss approaches to address these issues and Ostorlab’s approach using deep and shallow fingerprinting.


Session July 3: Automating Web App Scanning

A company, regardless of its size and market power, may go out of business or lose a lot of value because of a security incident on its information system. Many companies are digital and increasingly exposed on the Internet, the number of published application or infrastructure is skyrocketing, and new ways of deploying them make them much harder to control or secure. Where manual analysis was sufficient, paradigms of risk assessment are moving towards more automation. But we need intelligent automation. So, we automate SecOps and prioritize findings for efficiently detect incidents.
PatrOwl is an Open Source, adaptive and scalable Security Operations Orchestration Platform. The main objective is to provide a continuous and full-stack risk overview of your assets, using open-source tools, commercial solutions, or custom scripts. The webinar will then present, with practical use cases, how to cleverly use PatrOwl to automate the monitoring and vulnerabilities detection on a set of web applications developed using new kind of processes and technologies.


Session July 10: Speed up Incident Response

How to use integrations to speed up incident response processes with TheHive and Cortex ?
This presentation aims at showing how to get your incident response process operational and effective with TheHive. It starts by preparing TheHive and implement a Case template. Secondly, it showcases how to rely on Feeders, Analyzers and Responders to quickly gather alerts, enrich observables with context information or Intelligence, and run active response operations.