{"$schema": "https://c3voc.de/schedule/schema.json", "generator": {"name": "pretalx", "version": "2025.2.2"}, "schedule": {"url": "https://cfp.pass-the-salt.org/pts2025/schedule/", "version": "0.7", "base_url": "https://cfp.pass-the-salt.org", "conference": {"acronym": "pts2025", "title": "PTS2025", "start": "2025-07-01", "end": "2025-07-03", "daysCount": 3, "timeslot_duration": "00:05", "time_zone_name": "Europe/Paris", "colors": {"primary": "#800000"}, "rooms": [{"name": "Amphitheater 122", "slug": "9-amphitheater-122", "guid": "617818b5-2c43-5c28-bf7d-ed73d85dd438", "description": null, "capacity": null}, {"name": "Room LW109", "slug": "10-room-lw109", "guid": "d6712aa4-16a5-5f2a-9261-cdb84a4774d3", "description": null, "capacity": null}, {"name": "Room LW112", "slug": "11-room-lw112", "guid": "9aa13913-47d3-5c57-b296-329abb75b4e4", "description": null, "capacity": null}], "tracks": [{"name": "Transparency at work", "slug": "43-transparency-at-work", "color": "#3B8937"}, {"name": "Secured Messaging", "slug": "44-secured-messaging", "color": "#F6090F"}, {"name": "Network Security", "slug": "45-network-security", "color": "#A759F6"}, {"name": "DFIR & ThreatIntel", "slug": "47-dfir-threatintel", "color": "#18BB0A"}, {"name": "Threats to Privacy", "slug": "49-threats-to-privacy", "color": "#07A2F9"}, {"name": "Offensive Security", "slug": "50-offensive-security", "color": "#000000"}, {"name": "Hardware & Embedded", "slug": "51-hardware-embedded", "color": "#FC00FF"}, {"name": "System Audit & Hardening", "slug": "52-system-audit-hardening", "color": "#FF7A00"}, {"name": "Walking on the wild Side Channel", "slug": "53-walking-on-the-wild-side-channel", "color": "#2008B3"}], "days": [{"index": 1, "date": "2025-07-01", "day_start": "2025-07-01T04:00:00+02:00", "day_end": "2025-07-02T03:59:00+02:00", "rooms": {"Amphitheater 122": [{"guid": "0914fd84-65e6-5e97-9d57-2645180bb176", "code": "RWCWKL", "id": 196, "logo": null, "date": "2025-07-01T14:10:00+02:00", "start": "14:10", "duration": "00:35", "room": "Amphitheater 122", "slug": "pts2025-196-rf-swift-a-swifty-toolbox-for-all-wireless-assessments", "url": "https://cfp.pass-the-salt.org/pts2025/talk/RWCWKL/", "title": "RF Swift: A Swifty Toolbox for All Wireless Assessments", "subtitle": "", "track": "Hardware & Embedded", "type": "Talk", "language": "en", "abstract": "In an increasingly connected world, securing wireless communication is vital for protecting critical infrastructure and personal data. Traditional tools for Radio Frequency (RF) assessments, while effective, often lack flexibility, cross-platform compatibility, and adaptability for diverse environments and architectures. RF Swift addresses these limitations by providing a streamlined, modular toolbox tailored for RF Security assessments and HAM radio enthusiasts alike.\r\n\r\nRF Swift is a multiplatform solution, seamlessly running on Windows, Linux, and a wide range of architectures. This versatility empowers users to conduct RF assessments in virtually any environment without hardware constraints. Designed with adaptability in mind, RF Swift enables security professionals and radio enthusiasts to deploy, manage, and analyze RF communications with unprecedented speed and efficiency.\r\n\r\nAttendees will discover how RF Swift empowers both rapid assessments and deep analysis, simplifying complex tasks such as spectrum monitoring, signal detection, protocol analysis, and signal generation. Join us to explore how RF Swift redefines RF security assessment, offering a robust, scalable, and flexible approach to tackle modern wireless security challenges.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "EPHKZY", "name": "S\u00e9bastien Dudek", "avatar": "https://cfp.pass-the-salt.org/media/avatars/sebastien_dudek_Igzg5ph.jpg", "biography": "S\u00e9bastien Dudek is the founder of PentHertz, a consulting company that specializes in wireless and hardware security. He has a deep passion for identifying vulnerabilities in radio communication systems and has published research on mobile security, including baseband fuzzing, interception, mapping, and more. Additionally, his expertise extends to data transmission using power-line technology, encompassing domestic PLC plugs, electric cars, and charging stations. S\u00e9bastien also dedicates his efforts to practical attacks involving various technologies, such as Wi-Fi, RFID, and other wireless communication systems.", "public_name": "S\u00e9bastien Dudek", "guid": "7953cfe2-8c05-5593-8a35-609d89cc8cbb", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/EPHKZY/"}], "links": [], "feedback_url": "https://cfp.pass-the-salt.org/pts2025/talk/RWCWKL/feedback/", "origin_url": "https://cfp.pass-the-salt.org/pts2025/talk/RWCWKL/", "attachments": [{"title": "Slides", "url": "/media/pts2025/submissions/RWCWKL/resources/PTS2025-TALK-02-RF_Swift_UVKPBrB.pdf", "type": "related"}]}, {"guid": "56ed88dc-fc73-5c5e-995e-3857955ead4b", "code": "8WLTNS", "id": 224, "logo": null, "date": "2025-07-01T14:45:00+02:00", "start": "14:45", "duration": "00:35", "room": "Amphitheater 122", "slug": "pts2025-224-the-last-resort-debugging-embedded-systems-with-unconventional-methods", "url": "https://cfp.pass-the-salt.org/pts2025/talk/8WLTNS/", "title": "The Last Resort: Debugging Embedded Systems with Unconventional Methods", "subtitle": "", "track": "Hardware & Embedded", "type": "Talk", "language": "en", "abstract": "A debugger is always a valuable tool when searching for vulnerabilities, particularly in embedded systems where multiple peripherals may be involved. Most targets support either well-standardized debug protocols such as JTAG or SWD, or rely on proprietary alternatives. These debug ports are often locked to prevent unauthorized access. When locked, depending on the chip, it may still be possible to reactivate them by exploiting a bug. In rare cases where this is not possible, direct modification of the firmware may be an option. In such scenarios, an on-chip debugger can be implemented within the firmware itself. While potentially unstable, this type of debugger can be highly useful for firmware analysis and exploit development.", "description": "This talk offers an overview of low-level concepts related to interrupts, followed by a detailed guide on building an on-chip debugger, addressing the various choices and challenges that may arise during the process.\r\n\r\nTo begin with, a communication channel is required, preferably one that remains operational even during a debug interrupt. An initial breakpoint must be set on the target to trigger the debugger. A debug handler, ideally written in assembly, needs to be implemented and configured to listen for commands responsible for reading and writing memory and register contents. An intermediate server between GDB and the target must also be created. Several open-source skeletons are available to assist in this task.\r\n\r\nIn addition, the talk places special emphasis on designing a lightweight debugger, as it is intended for embedded targets. It will therefore present techniques to keep the code as minimal and efficient as possible.", "recording_license": "", "do_not_record": false, "persons": [{"code": "DYUKMB", "name": "Vincent Lopes (Security Engineer, Quarkslab)", "avatar": null, "biography": "Vincent Lopes is a security engineer at Quarkslab, with a focus on embedded and hardware/software reverse-engineering", "public_name": "Vincent Lopes (Security Engineer, Quarkslab)", "guid": "c3b5672f-6249-50fb-ac35-1008a9dd000a", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/DYUKMB/"}], "links": [], "feedback_url": "https://cfp.pass-the-salt.org/pts2025/talk/8WLTNS/feedback/", "origin_url": "https://cfp.pass-the-salt.org/pts2025/talk/8WLTNS/", "attachments": [{"title": "Slides", "url": "/media/pts2025/submissions/8WLTNS/resources/PTS2025-TALK-01-debugging_embedded_zcxAPXx.pdf", "type": "related"}]}, {"guid": "c31272d8-43ac-5ccb-b021-4d88fcd6964f", "code": "CWYMPY", "id": 223, "logo": null, "date": "2025-07-01T15:20:00+02:00", "start": "15:20", "duration": "00:20", "room": "Amphitheater 122", "slug": "pts2025-223-labcyber-a-fablab-dedicated-to-cybersecurity", "url": "https://cfp.pass-the-salt.org/pts2025/talk/CWYMPY/", "title": "LabCyber - a FabLab dedicated to cybersecurity", "subtitle": "", "track": "Hardware & Embedded", "type": "Short Talk", "language": "en", "abstract": "LabCyber is an exploratory lab focusing on the hardware dimension of cybersecurity deployed by the PTCC -transfer program at Campus Cyber operated by INRIA on behalf of the French academic community.", "description": "During this talk we will succintly present pilot projects of varied nature:\r\n\r\n- entrepreneurial prototyping\r\n- multipartner academic projects\r\n- production of commons with work groups \r\n\r\nas well as our range of equipement and the eligibility criteria for new projects.\r\n\r\nAs a Fablab we are willing to promote an open science approach by :\r\n\r\n- Listing and advocating for open tools\r\n- Sharing the results or the methodologies with communities as wide as possible \r\n- Initiating open hardware projets related to security", "recording_license": "", "do_not_record": false, "persons": [{"code": "SQBK3J", "name": "Aline Becq", "avatar": "https://cfp.pass-the-salt.org/media/avatars/Aline_sikrpCS.jpg", "biography": "8 years experience in operating academia FabLabs in engineering schools\r\n3 different Labs managed (1 deeptech-oriented, 1 industry-oriented, 1 cyber-oriented)\r\nVP of the Fab&co association for 4 years now \r\nActively engaged in promoting diversity in tech \r\nResearch focus: How to extend to the FabLab toolbox \r\nMember of the Institute for Future technologies @DVHE \r\nCurrently running LabCyber, a FabLab focusing on hardware cybersecurity deployed by the PTCC", "public_name": "Aline Becq", "guid": "243e6e0b-bac8-55b0-ac0c-6928528f7dde", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/SQBK3J/"}, {"code": "8JGBWE", "name": "Fabien Caura", "avatar": "https://cfp.pass-the-salt.org/media/avatars/Fabien_OcIcA7g.jpg", "biography": "Fabien worked for 8 years as a network and software security engineer for the French Ministry of Foreign Affairs and then decided to go back to university to study Electronics. After a while he meets again security but this time at the LabCyber, a FabLab focused on hardware cybersecurity.", "public_name": "Fabien Caura", "guid": "6fb3007a-2e4d-5597-82f7-2862ccfe05c0", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/8JGBWE/"}], "links": [], "feedback_url": "https://cfp.pass-the-salt.org/pts2025/talk/CWYMPY/feedback/", "origin_url": "https://cfp.pass-the-salt.org/pts2025/talk/CWYMPY/", "attachments": [{"title": "Slides", "url": "/media/pts2025/submissions/CWYMPY/resources/PTS2025-TALK-03-LabCyber_rqYxWng.pdf", "type": "related"}]}, {"guid": "eb0a254d-a78b-550f-883e-3082ea2d7664", "code": "HL8QKR", "id": 248, "logo": null, "date": "2025-07-01T15:55:00+02:00", "start": "15:55", "duration": "00:35", "room": "Amphitheater 122", "slug": "pts2025-248-openrelik-a-containerized-incident-response-processing-pipeline", "url": "https://cfp.pass-the-salt.org/pts2025/talk/HL8QKR/", "title": "OpenRelik: a containerized incident response processing pipeline", "subtitle": "", "track": "DFIR & ThreatIntel", "type": "Talk", "language": "en", "abstract": "OpenRelik is a new decentralized, distributed, containerized incident response forensic artifact processing pipeline. We\u2019ll talk about the main goal behind the project and its architecture, but also lessons we\u2019ve learned from past attempts at building this, and how we\u2019ve solved them this time around. Demos included!", "description": "This talk will cover:\r\n\r\n* OpenRelik: what is it, who is it for, how do we use it?\r\n\r\n* lessons learnt from the past: Turbinia, its architecture, and why that wasn\u2019t cutting it anymore\r\n\r\n* Architecture: decentralized workers via containers, redis pub sub channel, shared file system, mediator server\r\n\r\n* life of a workflow: how we go from uploading evidence to retrieving results.\r\n\r\n* How OpenRelik integrates with other tools such as Timesketch and Yeti. How to write a worker that integrates with your tools.", "recording_license": "", "do_not_record": false, "persons": [{"code": "7GTEHL", "name": "Thomas Chopitea (Digital Forensics, Google)", "avatar": "https://cfp.pass-the-salt.org/media/avatars/headshot_HmU7GYH_Fu6MYpH.jpeg", "biography": "Thomas Chopitea is a forensics investigator and engineer at Google (he used to do work in the CERT of a big financial institution, but he\u2019s fine now). When he\u2019s not writing code and hunting down bad guys, he enjoys poking malware with a long stick and reading up on threat intelligence processes. His long-term professional goal is to automate himself out of a job.", "public_name": "Thomas Chopitea (Digital Forensics, Google)", "guid": "3f23a2f2-6fd7-5a98-b7c5-fb0323b0b24d", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/7GTEHL/"}, {"code": "WKHT3T", "name": "Johan Berggren (Digital Forensics, Google)", "avatar": "https://cfp.pass-the-salt.org/media/avatars/jbn-2025_eyH77H3.jpg", "biography": "Johan Berggren is a staff security engineer at Google with 25 years of experience in information security, incident response and digital forensics. Between responding to incidents he develops Open Source DFIR software such as the OpenRelik Platform and Timesketch, the timeline analysis tool.", "public_name": "Johan Berggren (Digital Forensics, Google)", "guid": "f6804d78-5a9e-58d5-af3d-bee255f1df77", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/WKHT3T/"}], "links": [], "feedback_url": "https://cfp.pass-the-salt.org/pts2025/talk/HL8QKR/feedback/", "origin_url": "https://cfp.pass-the-salt.org/pts2025/talk/HL8QKR/", "attachments": [{"title": "Slides", "url": "/media/pts2025/submissions/HL8QKR/resources/PTS2025-TALK-04-OpenRelik_ljFVJu9.pdf", "type": "related"}]}, {"guid": "1225b150-250c-5b67-8fa4-6f2b0ad3ac28", "code": "SB7BEZ", "id": 233, "logo": null, "date": "2025-07-01T16:30:00+02:00", "start": "16:30", "duration": "00:35", "room": "Amphitheater 122", "slug": "pts2025-233-end-to-end-processing-of-malware-samples-using-open-source-technologies", "url": "https://cfp.pass-the-salt.org/pts2025/talk/SB7BEZ/", "title": "End-to-end processing of malware samples using open source technologies", "subtitle": "", "track": "DFIR & ThreatIntel", "type": "Talk", "language": "en", "abstract": "The Datadog Threat Research team routinely collects and analyzes potential malware samples from multiple sources such as honeypots, intelligence shared by partners and intel contacts, internal security incidents or Guarddog sourced malicious packages.\r\n\r\nFrom these malware analysis, we extract Indicators of Compromise (IoCs), such as malicious IP addresses, domains, file hashes and other atomic indicators. For example, a cloud crypto-jacking campaign could involve malicious container images associated with an attacker-controlled Dockerhub user. Malware in the Docker images could communicate with a Command and Control (C2) server at a specific IP. The names of the images, along with the Dockerhub username and the C2 IP would be considered atomic indicators in this case. \r\n\r\nWith the increase of daily analyses, our team had to handle the detonation of various types of samples and built an automated pipeline from data ingestion to detonation and collection contextualised IoCs in our TIP. We built our pipeline by relying on several Open Source projects including eBPF tracers, Threat Intelligence Platform and malware analysis orchestrator. \r\n\r\nWith this talk we want to share how we implemented and deployed our pipeline and also give feedback and lessons learned while implementing it.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "UM7J9D", "name": "Frederic Baguelin", "avatar": null, "biography": "Fred is a security researcher at Datadog, focusing on threat research. Fred is a fervent open source advocate and started his career by developing a digital forensics open source framework. He also worked at a CERT (Computer Emergency Response Team) dealing with threat intelligence and digital forensics and incident response and worked with cloud and container technologies. He is part of Botconf organization committee and active contributor of Yeti platform. He regularly speaks at conferences, publishes on new emerging threats and vulnerabilities and is one of Yeti maintainers.", "public_name": "Frederic Baguelin", "guid": "f4f1d347-ba9f-500f-8b5f-94fce2f05771", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/UM7J9D/"}, {"code": "3FYQKC", "name": "Matt Muir", "avatar": null, "biography": null, "public_name": "Matt Muir", "guid": "b2703196-9927-576c-b717-6065a8d1a467", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/3FYQKC/"}], "links": [], "feedback_url": "https://cfp.pass-the-salt.org/pts2025/talk/SB7BEZ/feedback/", "origin_url": "https://cfp.pass-the-salt.org/pts2025/talk/SB7BEZ/", "attachments": [{"title": "Slides", "url": "/media/pts2025/submissions/SB7BEZ/resources/PTS2025-TALK-05-processing_malwares_q01Knu3.pdf", "type": "related"}]}], "Room LW109": [{"guid": "13f813c6-9fc9-5207-8f17-42355a01bc50", "code": "WAKGHJ", "id": 225, "logo": null, "date": "2025-07-01T14:10:00+02:00", "start": "14:10", "duration": "03:00", "room": "Room LW109", "slug": "pts2025-225-practical-intro-to-deeplearning-chihuahuas-vs-muffins", "url": "https://cfp.pass-the-salt.org/pts2025/talk/WAKGHJ/", "title": "Practical intro to deeplearning: chihuahuas vs muffins", "subtitle": "", "track": null, "type": "Workshop", "language": "en", "abstract": "Once upon a time, an algorithm's task was to make the distinction between a chiwawa and a muffin... true story. Human, curiosity is a great thing, and this workshop is built around it.\r\n\r\nHere total beginners in AI learn the fundamentals of deep learning, set up their environment, and apply it to image classification. By the end of the workshop, they are able to build a simple web application using Gradio that classifies images.", "description": "Agenda:\r\n\r\n\u2022 Short introduction to deep learning\r\n\r\n\u2022 Setting up the environment\r\n\r\n\u2022 Hands-on session: we\u2019ll experiment with image classification\r\n\r\n\u2022 Hands-on session: we build a web app with Gradio\r\n\r\nWe\u2019ll also be discussing applications to cybersecurity you can prototype, deep learning and training methods, cool the hype and discuss realistic LLM capacities.", "recording_license": "", "do_not_record": false, "persons": [{"code": "3ACVQK", "name": "Pauline Bourmeau, Cubessa", "avatar": "https://cfp.pass-the-salt.org/media/avatars/cookie_zDS24rH.jpg", "biography": "Pauline Bourmeau works at the intersection of artificial intelligence, human cognition, and information security.\r\n\r\nShe is the founder of Cubessa, where shet puts humans at the center of its research. With a diverse background including linguistics, programming, and criminology, she brings a unique perspective blending humanistic and technical approaches to analyze cyber threats and their evolution.\r\n\r\nShe is also involved in AI education and open-source projects, notably within the MISP community. Outside of her work, Pauline is a medal-winning para-climber and interested in projects that make AI more accessible.", "public_name": "Pauline Bourmeau, Cubessa", "guid": "c9728882-b3f8-50d5-b946-fb3cf82d1c4f", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/3ACVQK/"}, {"code": "3ANECE", "name": "William Robinet (Conostix S.A.)", "avatar": "https://cfp.pass-the-salt.org/media/avatars/pic_ZjA8KLe.jpg", "biography": "William manages the technical team behind AS197692 at Conostix S.A. in Luxembourg. He\u2019s been working in cybersecurity using free and opensource software on a daily basis for more than 25 years. Recently, he presented his work on SSL/TLS toolkits at Nullcon 2025 in Goa. He contributed to the cleanup and enhancement efforts done on ssldump lately. He particularly enjoys tinkering with open (and not so open) hardware. Currently he likes playing around with new tools in the current ML scene, building, hopefully, useful systems for fun and, maybe, profit. When not behind an intelligent wannabe machine, he's doing analog music with his band of humans.", "public_name": "William Robinet (Conostix S.A.)", "guid": "3b84b965-4ff5-5894-a6a3-2d779304a6d1", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/3ANECE/"}], "links": [], "feedback_url": "https://cfp.pass-the-salt.org/pts2025/talk/WAKGHJ/feedback/", "origin_url": "https://cfp.pass-the-salt.org/pts2025/talk/WAKGHJ/", "attachments": [{"title": "serious-image", "url": "/media/pts2025/submissions/WAKGHJ/resources/chi2_u9p89Cm.jpg", "type": "related"}]}]}}, {"index": 2, "date": "2025-07-02", "day_start": "2025-07-02T04:00:00+02:00", "day_end": "2025-07-03T03:59:00+02:00", "rooms": {"Amphitheater 122": [{"guid": "ee1b70c1-1f6e-55a0-ab6c-f2dd796483d5", "code": "WLKAH9", "id": 242, "logo": null, "date": "2025-07-02T09:15:00+02:00", "start": "09:15", "duration": "00:35", "room": "Amphitheater 122", "slug": "pts2025-242-building-efficient-verifiable-logs-introducing-trillian-tessera-and-tesseract", "url": "https://cfp.pass-the-salt.org/pts2025/talk/WLKAH9/", "title": "Building Efficient Verifiable Logs: Introducing Trillian Tessera and TesseraCT", "subtitle": "", "track": "Transparency at work", "type": "Talk", "language": "en", "abstract": "Since the inception of Certificate Transparency, the use of Transparency logs is booming: go sumdb, Key Transparency, Sigstore, etc. These various ecosystems build on top of the promise of transparency logs: accurate, immutable, publicly verifiable data. Building with tamper-evident logs means that you can cryptographically prove that the data hasn\u2019t been unexpectedly changed.\r\n\r\nThis growing number of ecosystems together with the increase of the logs\u2019 size called for efficient APIs to ensure logs could deliver their promise. This led to the standardization of transparency logs APIs and format: the concept of tiles and checkpoint emerged. Tiles split the underlying Merkle tree into chunks that can be stored, served and cached efficiently, while checkpoints represent the state of the tree.\r\n\r\nCertificate Transparency (CT) has been the most successful role model for transparency ecosystems. Static Certificate Transparency API, an evolution of RFC 6962, is Certificate Transparency\u2019s attempt at implementing these new standards, thus bringing all ecosystems closer to one another.\r\n\r\nThis talk introduces Trillian Tessera, an open-source Go library for building tile-based transparency logs using these standard formats on both major cloud and on-premises infrastructure, together with TesseraCT, a readily deployable solution for Certificate Transparency using Trillian Tessera.\r\n\r\nAttendees will gain insights into a lightweight yet powerful library for building their own reliable and easily maintainable transparency solutions. We will showcase a concrete example of its application with Certificate Transparency. The demo covers the TesseraCT deployment and the performance of submitting entries and verifying the entry inclusion and log consistency.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "LFRXYY", "name": "Philippe Boneff (Certificate Transparency Tech Lead, Google)", "avatar": "https://cfp.pass-the-salt.org/media/avatars/philippe_SpkJceH.jpeg", "biography": "Philippe is an engineer at Google in London. He is part of the TrustFabric team building and deploying software powering transparency ecosystems, where he's the tech lead for Certificate Transparency.", "public_name": "Philippe Boneff (Certificate Transparency Tech Lead, Google)", "guid": "40bb428a-9c37-5f57-9d81-cdfdbeef42dc", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/LFRXYY/"}, {"code": "LLHKCJ", "name": "Roger Ng", "avatar": "https://cfp.pass-the-salt.org/media/avatars/Roger_Ng_DvcborE.jpg", "biography": "Roger Ng is a software engineer at Google based in London, United Kingdom. He mainly works on Certificate Transparency and transparency logs in Google Open Source Security Team.", "public_name": "Roger Ng", "guid": "54ca08f8-a7d3-5657-a5b1-94755a899622", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/LLHKCJ/"}], "links": [], "feedback_url": "https://cfp.pass-the-salt.org/pts2025/talk/WLKAH9/feedback/", "origin_url": "https://cfp.pass-the-salt.org/pts2025/talk/WLKAH9/", "attachments": [{"title": "Slides", "url": "/media/pts2025/submissions/WLKAH9/resources/PTS2025-TALK-06-Tessera_BGwdzE2.pdf", "type": "related"}]}, {"guid": "39dfe82a-98f8-5231-b9fa-72f17d4037ae", "code": "DCMUBQ", "id": 241, "logo": null, "date": "2025-07-02T09:50:00+02:00", "start": "09:50", "duration": "00:20", "room": "Amphitheater 122", "slug": "pts2025-241-working-towards-digital-archive-transparency", "url": "https://cfp.pass-the-salt.org/pts2025/talk/DCMUBQ/", "title": "Working towards digital archive transparency", "subtitle": "", "track": "Transparency at work", "type": "Short Talk", "language": "en", "abstract": "The legitimacy of an online document today is bound to the way it has been retrieved: From a reputable source, through an authenticated communication. However, as primary sources become unavailable, digital archives and other third-party repositories emerge as sole witnesses that some documents ever existed, or that their content have not been altered. The proliferation of tools able to produce large amounts of convincing fakes, as well as current incentives for bad actors to leverage these technologies, may eventually threaten the trust placed in these archives and finally question the genuineness of historical records.\r\n\r\nIn this talk, we explore how existing technologies such as the Certificate Transparency, may be leveraged to establish a robust foundation for digital archive integrity and observability. We then present our on-going effort to develop libre and open-source tools to build and maintain such transparency logs, as well as other integrations with existing standards for trusted timestamping and web archiving.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "ARFESC", "name": "The Terrible Archivist", "avatar": "https://cfp.pass-the-salt.org/media/avatars/2025-05-02_16-47_zSqqdNs.png", "biography": "The authors of this talk have chosen to submit their work under a pseudonym.\r\n\r\nhttps://archivetransparency.eu", "public_name": "The Terrible Archivist", "guid": "01689dea-c98c-5b8c-b69f-ebe06121f7fa", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/ARFESC/"}], "links": [], "feedback_url": "https://cfp.pass-the-salt.org/pts2025/talk/DCMUBQ/feedback/", "origin_url": "https://cfp.pass-the-salt.org/pts2025/talk/DCMUBQ/", "attachments": [{"title": "Slides", "url": "/media/pts2025/submissions/DCMUBQ/resources/PTS2025-TALK-07-archive_rip_1LWK33D.pdf", "type": "related"}]}, {"guid": "41a9dffd-a659-50ce-9cbd-2c78ef20b992", "code": "YKXAKR", "id": 211, "logo": null, "date": "2025-07-02T10:10:00+02:00", "start": "10:10", "duration": "00:35", "room": "Amphitheater 122", "slug": "pts2025-211-my-friends-have-phone-numbers-not-public-keys", "url": "https://cfp.pass-the-salt.org/pts2025/talk/YKXAKR/", "title": "My friends have phone numbers, not public keys", "subtitle": "", "track": "Transparency at work", "type": "Talk", "language": "en", "abstract": "Or how to make sure you are communicating with the right person when using an end-to-end messaging app when the security relies on public keys you fetch from a third party.", "description": "In 2023, in an effort to secure the distribution of its users public keys, WhatsApp announced [Key Transparency](https://engineering.fb.com/2023/04/13/security/whatsapp-key-transparency/). This aims to automatically verify a secure connection, without user interaction, such as scanning a QRCode. Similar effort have been shared by [iMessage](https://security.apple.com/blog/imessage-contact-key-verification), and [Proton Mail](https://proton.me/support/key-transparency).\r\n\r\nThis talk goes over how key transparency works, how it is implemented today, and the challenges and improvements. It builds on deployed systems such as [WhatsApp](https://engineering.fb.com/2023/04/13/security/whatsapp-key-transparency/) or [Cloudflare](https://blog.cloudflare.com/key-transparency/), and on on-going standardisation efforts at [IETF](https://datatracker.ietf.org/wg/keytrans/about/) and [C2SP](https://github.com/C2SP/C2SP).", "recording_license": "", "do_not_record": false, "persons": [{"code": "QN7WW3", "name": "Thibault Meunier (Research, Cloudflare)", "avatar": "https://cfp.pass-the-salt.org/media/avatars/thibault-meunier_webp_iDDRlke.png", "biography": "Thibault is a research engineer working on distributed systems. He is focused on making emerging technologies interoperable with current web standards. At Cloudflare, he works on Privacy Pass, Key Transparency, and alternatives to CAPTCHA systems.", "public_name": "Thibault Meunier (Research, Cloudflare)", "guid": "ee9ea5ce-194b-516e-afe8-ec8ca0b9ef73", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/QN7WW3/"}], "links": [], "feedback_url": "https://cfp.pass-the-salt.org/pts2025/talk/YKXAKR/feedback/", "origin_url": "https://cfp.pass-the-salt.org/pts2025/talk/YKXAKR/", "attachments": [{"title": "Slides", "url": "/media/pts2025/submissions/YKXAKR/resources/PTS2025-TALK-08-key_transparency_YzdzeZH.pdf", "type": "related"}]}, {"guid": "54d74f2f-a87c-5a2f-8211-c5d44c767924", "code": "LEMGYM", "id": 250, "logo": null, "date": "2025-07-02T11:00:00+02:00", "start": "11:00", "duration": "00:35", "room": "Amphitheater 122", "slug": "pts2025-250-always-more-secure-analyzing-user-migrations-to-federated-e2ee-messaging-apps", "url": "https://cfp.pass-the-salt.org/pts2025/talk/LEMGYM/", "title": "Always more secure? Analyzing user migrations to federated e2ee messaging apps", "subtitle": "", "track": "Secured Messaging", "type": "Talk", "language": "en", "abstract": "With the current massive user migration from X and Meta to decentralized social media such as Mastodon, the interest in federated communication infrastructures is gaining traction. We have been documenting similar tendencies since 2018 already, analyzing how users in various contexts shift their preferences in terms of secure messaging applications. In the context of a longitudinal study of secure messaging apps users and developers this presentation proposes to analyze several waves of user migrations and suggests an analytical framework to understand the changes in the perception of what\u2019s a \u201cgood secure messaging app\u201d with a particular attention to federated architectures and their potential. The \u201cSignal gate\u201d has shown that cryptographic properties of a messaging app per se do not offer a guarantee of security, and many other (sometimes even non-technical) qualities enter the game. We propose to understand digital security as an evolving sociotechnical process of adjusting tools and behaviors and to question the race for an \u201calways more secure\u201d messaging app. We argue that infrastructural choices (centralized vs decentralized vs distributed) and social practices (such as contact discovery) matter.", "description": "With the current massive user migration from X and Meta to decentralized social media such as Mastodon, the interest in federated communication infrastructures is gaining traction. We have been documenting similar tendencies since 2018 already, analyzing how users in various contexts shift their preferences in terms of secure messaging applications. In the context of a longitudinal study of secure messaging apps users and developers this presentation proposes to analyze several waves of user migrations and suggests an analytical framework to understand the changes in the perception of what\u2019s a \u201cgood secure messaging app\u201d with a particular attention to federated architectures and their potential. The \u201cSignal gate\u201d has shown that cryptographic properties of a messaging app per se do not offer a guarantee of security, and many other (sometimes even non-technical) qualities enter the game. We propose to understand digital security as an evolving sociotechnical process of adjusting tools and behaviors and to question the race for an \u201calways more secure\u201d messaging app. We argue that infrastructural choices (centralized vs decentralized vs distributed) and social practices (such as contact discovery) matter.", "recording_license": "", "do_not_record": false, "persons": [{"code": "SLBCYM", "name": "Ksenia Ermoshina", "avatar": null, "biography": "senior researcher at the Center for Internet and Society of the CNRS", "public_name": "Ksenia Ermoshina", "guid": "c484ba89-7575-5bf2-a948-328d81713591", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/SLBCYM/"}], "links": [], "feedback_url": "https://cfp.pass-the-salt.org/pts2025/talk/LEMGYM/feedback/", "origin_url": "https://cfp.pass-the-salt.org/pts2025/talk/LEMGYM/", "attachments": [{"title": "Slides", "url": "/media/pts2025/submissions/LEMGYM/resources/PTS2025-TALK-09-federated_e2ee_messaging_hPgPzkf.pdf", "type": "related"}]}, {"guid": "b9e54906-660c-597a-9b17-6bb5f8f91bae", "code": "SYFQXB", "id": 243, "logo": null, "date": "2025-07-02T11:35:00+02:00", "start": "11:35", "duration": "00:35", "room": "Amphitheater 122", "slug": "pts2025-243-messaging-layer-security-mls-towards-more-end-to-end-encryption", "url": "https://cfp.pass-the-salt.org/pts2025/talk/SYFQXB/", "title": "Messaging Layer Security (MLS) \u2013 towards more end-to-end encryption", "subtitle": "", "track": "Secured Messaging", "type": "Talk", "language": "en", "abstract": "Messaging Layer Security (MLS) is a protocol for end-to-end encryption. It has been standardized at the IETF and has been published as RFC9420. Inspired by other protocols and designed with rigorous academic supervision it aims to be the go-to solution for whenever end-to-end encryption is needed.\r\n\r\nThis talk will cover the following areas:\r\n\r\n - How does MLS work?\r\n - What problems does it solve?\r\n - What does the ecosystem look like?\r\n - What extensions and variations exist?\r\n\r\nThis will also give an outlook on the MIMI interoperability working group and how it relates to MLS.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "7UQQWR", "name": "Raphael Robert (MLS co-author, CEO of Phoenix R&D)", "avatar": "https://cfp.pass-the-salt.org/media/avatars/IMG_4648_small_FRAl9fk.jpg", "biography": "Raphael has worked in secure messaging for over a decade, contributing to the security and privacy of several messaging platforms. He is a co-author of the Messaging Layer Security (MLS) protocol and helped initiate the MIMI working group. As former Head of Security at Wire, he was part of the broader effort to improve platform trust and usability. He has also collaborated with NGOs to ensure secure messaging solutions are accessible and user-friendly. His work spans end-to-end encryption, secure conferencing, and cryptographic authentication.", "public_name": "Raphael Robert (MLS co-author, CEO of Phoenix R&D)", "guid": "6c9f7179-c399-578a-8c28-dfca52ccd87d", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/7UQQWR/"}], "links": [], "feedback_url": "https://cfp.pass-the-salt.org/pts2025/talk/SYFQXB/feedback/", "origin_url": "https://cfp.pass-the-salt.org/pts2025/talk/SYFQXB/", "attachments": [{"title": "Slides", "url": "/media/pts2025/submissions/SYFQXB/resources/PTS2025-TALK-10-MLS_Xk8OhbT.pdf", "type": "related"}]}, {"guid": "03e80ad4-d973-5ff7-99fd-8d897c8fe7d0", "code": "P3DZRZ", "id": 237, "logo": null, "date": "2025-07-02T14:00:00+02:00", "start": "14:00", "duration": "00:35", "room": "Amphitheater 122", "slug": "pts2025-237-usable-end-to-end-security-with-delta-chat-and-chatmail", "url": "https://cfp.pass-the-salt.org/pts2025/talk/P3DZRZ/", "title": "Usable end-to-end security with Delta Chat and Chatmail", "subtitle": "", "track": "Secured Messaging", "type": "Talk", "language": "en", "abstract": "Over the years, Delta Chat has matured to be an easy-to-use, secure,\r\nand even fast decentralized FOSS messenger app for all platforms.\r\nIn this talk we discuss two key security architectures:   \r\n\r\n- Autocrypt and SecureJoin key distribution protocols for achieving\r\n  automatic end-to-end encrypted messaging safe against MITM attacks, and\r\n\r\n- the open-signup Chatmail server network which successfully uses strict\r\n  cryptographic interoperability contraints (DKIM, OpenPGP, TLS) \r\n  instead of IP-reputation and spam classification methods.\r\n\r\nWe also highlight the six independent security audits and analysis conducted so far.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "YPVZUJ", "name": "Holger Krekel", "avatar": "https://cfp.pass-the-salt.org/media/avatars/holger-berlin_Hkb8T9c.jpg", "biography": "Holger is a long-time FOSS contributor.  He is co-creator of the python testing tool \"pytest\", the PyPy project, and since about 10 years engaged in decentralized messaging research and development. \r\nHe is one of the co-creators of the Autocrypt and SecureJoin protocols, as well as one of the maintainers of the \"Chatmail\" project which maintains core infrastructure software both server- and client-side.", "public_name": "Holger Krekel", "guid": "1a34329b-0fc1-58bc-add9-3bcf5248eed3", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/YPVZUJ/"}], "links": [], "feedback_url": "https://cfp.pass-the-salt.org/pts2025/talk/P3DZRZ/feedback/", "origin_url": "https://cfp.pass-the-salt.org/pts2025/talk/P3DZRZ/", "attachments": [{"title": "Slides", "url": "/media/pts2025/submissions/P3DZRZ/resources/PTS2025-TALK-11-Delta_Chat_5FCldrj.pdf", "type": "related"}]}, {"guid": "73d736ed-f068-5ae9-981d-0c91dd9902c7", "code": "AN9QJ8", "id": 231, "logo": null, "date": "2025-07-02T14:35:00+02:00", "start": "14:35", "duration": "00:35", "room": "Amphitheater 122", "slug": "pts2025-231-matrix-french-gov-deployment-opening-a-private-federation-securely", "url": "https://cfp.pass-the-salt.org/pts2025/talk/AN9QJ8/", "title": "Matrix French gov deployment: opening a private federation securely", "subtitle": "", "track": "Secured Messaging", "type": "Talk", "language": "en", "abstract": "The French government has deployed a private Matrix federation for French civil servants called Tchap.\r\n\r\nCurrently this federation has about 300 000 monthly active users and its usage is growing constantly.\r\n\r\nToday our federation is closed and we would like to be able to connect with other public French Matrix nodes (local authorities for instance), and also other European countries.\r\n\r\nWe should implement measures to ensure that the federation remains resilient against potential attacks, both technical (e.g., DDoS, data interception) and organizational (e.g., unauthorized access, insider threats) :\r\n\r\n*   How can we restrict the servers we wish to communicate with? How can we be sure that we are actually communicating with them? Since TLS can be vulnerable to man-in-the-middle attacks by state actors, we can't rely on it entirely.\r\n*   How can we trust the identities of users from external deployments that we don\u2019t control?\r\n*   How can we limit the interactions that external users can have with users from our federation?\r\n\r\nWe spent a lot of time thinking about this and now have a plan that looks legit, and that we are currently implementing. I'm sure you want to know more about it, right?\r\n\r\nIn this talk, we will share the approach we\u2019ve taken to address these challenges and we will present the architecture we designed.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "VNXWW8", "name": "Mathieu Velten", "avatar": "https://cfp.pass-the-salt.org/media/avatars/profile_pic_tX2iUt5.jpg", "biography": "I am a Matrix expert working on the Tchap project for French Interministerial Directorate for Digital Affairs (DINUM).", "public_name": "Mathieu Velten", "guid": "259cbe08-3e12-5691-aa4c-e45efb0b1b7c", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/VNXWW8/"}, {"code": "97KA8Q", "name": "Yoan Pintas", "avatar": null, "biography": null, "public_name": "Yoan Pintas", "guid": "f8dc5adb-b708-5c42-8aa4-db56cc711bbd", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/97KA8Q/"}], "links": [], "feedback_url": "https://cfp.pass-the-salt.org/pts2025/talk/AN9QJ8/feedback/", "origin_url": "https://cfp.pass-the-salt.org/pts2025/talk/AN9QJ8/", "attachments": [{"title": "Slides", "url": "/media/pts2025/submissions/AN9QJ8/resources/PTS2025-TALK-12-Tchap_v22fRNo.pdf", "type": "related"}]}, {"guid": "017bbbef-ce5e-5d99-bb34-b749297785f7", "code": "UATTRT", "id": 220, "logo": null, "date": "2025-07-02T15:40:00+02:00", "start": "15:40", "duration": "00:20", "room": "Amphitheater 122", "slug": "pts2025-220-when-priority-isn-t-enough-exploiting-the-vrrp-tie-breaking-ip-mechanism", "url": "https://cfp.pass-the-salt.org/pts2025/talk/UATTRT/", "title": "When Priority Isn\u2019t Enough: Exploiting the VRRP Tie-Breaking IP Mechanism", "subtitle": "", "track": "Network Security", "type": "Short Talk", "language": "en", "abstract": "VRRP (Virtual Router Redundancy Protocol) is an open-standard protocol designed to ensure high availability of routers. Proven and widely adopted, it is used in many network infrastructures. However, the security aspects of VRRP are rarely discussed in depth in available online resources. For instance, VRRPv2, which remains widely used today, offers two authentication modes, one of which is easily bypassed. In contrast, VRRPv3 has completely removed authentication, as the protocol's authors considered that security should be handled at a different layer. In this presentation, I will focus on the IP tie-breaking dilemma that arises during VRRP priority conflicts, particularly when the legitimate master router is configured with the highest priority value of 255. To illustrate this issue, I will rely on Keepalived, a widely used open-source implementation of VRRP. I will also highlight a design flaw I co-discovered in the VRRP protocol (RFC 9568), in collaboration with the Keepalived project maintainers. This vulnerability, documented in erratum 8298 and validated by the IETF, allows an attacker on the same network to impersonate the master router during a priority conflict, revealing a weakness in the protocol\u2019s design.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "UMRSC3", "name": "Geoffrey Sauvageot-Berland", "avatar": null, "biography": "Computer engineer, Pentester at Orange Cyberdefense, Lecturer at CPE Lyon, Founder of the blog \"Le Guide Du Secops,\" Author for IT-Connect.fr.", "public_name": "Geoffrey Sauvageot-Berland", "guid": "3b9d2161-6d6e-5c59-b6f6-b774839972a6", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/UMRSC3/"}], "links": [], "feedback_url": "https://cfp.pass-the-salt.org/pts2025/talk/UATTRT/feedback/", "origin_url": "https://cfp.pass-the-salt.org/pts2025/talk/UATTRT/", "attachments": [{"title": "Slides", "url": "/media/pts2025/submissions/UATTRT/resources/PTS2025-TALK-13-exploiting_VRRP_g0bufm8.pdf", "type": "related"}]}, {"guid": "64cd216a-65f7-5fa1-b8d0-e4e1461949a8", "code": "EN3WB8", "id": 226, "logo": null, "date": "2025-07-02T16:00:00+02:00", "start": "16:00", "duration": "00:20", "room": "Amphitheater 122", "slug": "pts2025-226-wirego-a-wireshark-plugin-development-framework", "url": "https://cfp.pass-the-salt.org/pts2025/talk/EN3WB8/", "title": "Wirego, a Wireshark plugin development framework", "subtitle": "", "track": "Network Security", "type": "Short Talk", "language": "en", "abstract": "Wireshark is a widely used tool when it comes to view the contents of a network traffic capture.\r\nWhen reversing a protocol, we tend to develop a simple program with a \"simple\" programming language (Python, Go...) to parse what is currently known.\r\n\r\nThe most logic way would be to develop this program as a Wireshark plugin, but the Wireshark plugin API is rarly used, since it's quite complex and does not fit for a quick and dirty task.\r\n\r\nWirego allows simple development of Wireshark plugins in Python and Go (and maybe more).", "description": "Developing plugins for Wireshark is quite complex. The API in written in C, dates from 1998 and is quite poorly documented.  When working on a protocol, the reverser wants to stay focus on its main task and really doesn't want to go deep inside the Wireshark source code.\r\n\r\nWirego is a based on a Wireshark plugin which is ready to use and re-emits the Wireshark calls to a ZMQ (Zero-MQ) endpoint.\r\nA package/class/framework for a given language receives these calls and converts them back to simple API calls. The end-user only needs to inherit a class (or implement an interface in Go) with just a few methods in order to develop his plugin.\r\n\r\nTypically, one will simply implement seven methods in order to define the plugin name, the plugin filter (used to filter packets matching with the protocol), the list of fields eventually returned by the dissector (the parser), three methods for the protocol detection and the dissector itself.\r\n\r\nA simple Wireshark plugin can be developed using only 100 lines of Python or less.\r\nWirego has been designed to easily allows the integration of additional languages.\r\n\r\nWirego is available on github: https://github.com/quarkslab/wirego/", "recording_license": "", "do_not_record": false, "persons": [{"code": "TYBAKQ", "name": "Benoit Girard", "avatar": "https://cfp.pass-the-salt.org/media/avatars/portrait_K2Sd1gx.jpg", "biography": "I'm working on the cyber security domain since 2004.\r\n\r\nAfter several years at the French ministry of Defense, I've founded two startups in the field of cryptography and I'm currently project manager at Quarkslab.\r\nI spent most of my career designing systems and developping softwares related to vulnerability research and data processing.\r\n\r\nI'm also a part time sound engineer in a recording studio.", "public_name": "Benoit Girard", "guid": "873a0aa0-e22d-5602-8ac9-4548818a078d", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/TYBAKQ/"}], "links": [], "feedback_url": "https://cfp.pass-the-salt.org/pts2025/talk/EN3WB8/feedback/", "origin_url": "https://cfp.pass-the-salt.org/pts2025/talk/EN3WB8/", "attachments": [{"title": "Slides", "url": "/media/pts2025/submissions/EN3WB8/resources/PTS2025-TALK-14-Wirego_MW2ZEo3.pdf", "type": "related"}]}], "Room LW109": [{"guid": "5fc23429-fa3f-5145-a949-2ebb4c1fe586", "code": "RTTHMW", "id": 219, "logo": null, "date": "2025-07-02T09:15:00+02:00", "start": "09:15", "duration": "03:00", "room": "Room LW109", "slug": "pts2025-219-ropemporium-party", "url": "https://cfp.pass-the-salt.org/pts2025/talk/RTTHMW/", "title": "ROPemporium party", "subtitle": "", "track": "Offensive Security", "type": "Workshop", "language": "en", "abstract": "ROP (Return-Oriented Programming) is an essential technique for exploiting modern binary executables. The ROPEmporium website, (https://ropemporium.com/\r\n)  developed by Max Kemper, features a series of step-by-step exercises designed to help you discover the ROPEmporiumhttps://cfp.pass-the-salt.org/pts2025/me/submissions/RTTHMW/#nav-abstract-preview progressively.\r\n\r\nThe workshop offers a shared experience of these exercises", "description": "During this workshop, we'll work together to solve some of the exercises on the site.\r\n\r\nThe aim is to give you enough theoretical and practical knowledge to be able to extend the experience by doing all the exercises proposed afterwards.\r\nThe site offers exercises on intel x86-64, x86-32, ARM and MISP executables.\r\n\r\nAfter a presentation of the platform, and the main concepts involved in ROP, you'll be able to learn from the exercises :\r\n\r\n- Get to grips with the tools to discover an initial function calling technique.\r\n- Call a function with a parameter already present in the executable.\r\n- Master the convention of passing parameters for more complex calls.\r\n- Learn how to place some data in the memory and pass it as a parameter\r\n- Search for usable gadgets when the most obvious are not available.\r\n- Finally, we'll create a slightly more complex ROP chain using a pivot technique.\r\n\r\nAs an epilogue, if time permits, we'll take a look at ARM binary exploitation with qemu, to encourage you to extend the experience.\r\n\r\nThe workshop is ideally aimed at people familiar with x86 assembler and the basics of binary exploitation with buffer overflow.\r\n\r\nTo carry out the exercises you will need a Linux machine with the following open-sources tools :\r\n- gdb\r\n- a gdb extension such as GEF or pwndbg\r\n- python3\r\n- pwntools\r\n- radare2\r\n- ropper ou ROPGadget\r\nand optionally\r\n- 32-bit libraries (libc6-i386)\r\n- qemu\r\n\r\nA docker image containing the required tools will be made available and its use encouraged.\r\n<b>Docker is therefore the main requisite.</b>\r\n\r\nBy the way, to avoid clogging up the network and save time at the beginning of the workshop, please,\r\ntry to anticipate to download the materials : \r\n\r\n<code>\r\ngit clone https://github.com/cdpointpoint/ropemporium_party.git\r\n\r\ncd ropemporium_party\r\n\r\n./run_ptsrew.sh\r\n</code>.\r\n\r\nThe run script will pull the 2 Go docker image the fist time.\r\n\r\nIt is also possible to follow the workshop without carrying out (all) the manipulations during the session and keep focus on explanations or exchanges.", "recording_license": "", "do_not_record": false, "persons": [{"code": "VWZHUF", "name": "Jean-C\u00f4me Estienney (CNAM)", "avatar": null, "biography": "Computer engineer since 1985 and  security \"expert\"  since around 1995 mainly for the CNAM (Caisse Nationale d'Assurance Maladie) institution.\r\nUnfortunately, recently retired.", "public_name": "Jean-C\u00f4me Estienney (CNAM)", "guid": "dd9e98e0-b137-5424-82d8-27fa3ab937ad", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/VWZHUF/"}], "links": [], "feedback_url": "https://cfp.pass-the-salt.org/pts2025/talk/RTTHMW/feedback/", "origin_url": "https://cfp.pass-the-salt.org/pts2025/talk/RTTHMW/", "attachments": []}, {"guid": "c788d146-fbf5-537b-935d-0df68ce43dcb", "code": "K3MKZQ", "id": 191, "logo": null, "date": "2025-07-02T14:00:00+02:00", "start": "14:00", "duration": "02:30", "room": "Room LW109", "slug": "pts2025-191-misp-for-analysts", "url": "https://cfp.pass-the-salt.org/pts2025/talk/K3MKZQ/", "title": "MISP for analysts", "subtitle": "", "track": "DFIR & ThreatIntel", "type": "Workshop 2h30", "language": "en", "abstract": "MISP is an open-source platform for threat intelligence and information sharing. This workshop is designed to introduce MISP concepts and get started with using the platform. Participants will learn about MISP features by conducting a hands-on analysis during the workshop.", "description": "Outline\r\n\r\nIntroduction to MISP\r\n  - Overview of MISP and its features\r\n  - Presentation of the example case\r\n\r\nGetting Started\r\n  - Create and populate a MISP event\r\n  - Generate a report\r\n  - Publish the event\r\n\r\nGeneral Usage\r\n  - Working with data: enrich, collaborate, export\r\n  - Best practices\r\n\r\nRecap and resources", "recording_license": "", "do_not_record": false, "persons": [{"code": "3ACVQK", "name": "Pauline Bourmeau, Cubessa", "avatar": "https://cfp.pass-the-salt.org/media/avatars/cookie_zDS24rH.jpg", "biography": "Pauline Bourmeau works at the intersection of artificial intelligence, human cognition, and information security.\r\n\r\nShe is the founder of Cubessa, where shet puts humans at the center of its research. With a diverse background including linguistics, programming, and criminology, she brings a unique perspective blending humanistic and technical approaches to analyze cyber threats and their evolution.\r\n\r\nShe is also involved in AI education and open-source projects, notably within the MISP community. Outside of her work, Pauline is a medal-winning para-climber and interested in projects that make AI more accessible.", "public_name": "Pauline Bourmeau, Cubessa", "guid": "c9728882-b3f8-50d5-b946-fb3cf82d1c4f", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/3ACVQK/"}, {"code": "3ANECE", "name": "William Robinet (Conostix S.A.)", "avatar": "https://cfp.pass-the-salt.org/media/avatars/pic_ZjA8KLe.jpg", "biography": "William manages the technical team behind AS197692 at Conostix S.A. in Luxembourg. He\u2019s been working in cybersecurity using free and opensource software on a daily basis for more than 25 years. Recently, he presented his work on SSL/TLS toolkits at Nullcon 2025 in Goa. He contributed to the cleanup and enhancement efforts done on ssldump lately. He particularly enjoys tinkering with open (and not so open) hardware. Currently he likes playing around with new tools in the current ML scene, building, hopefully, useful systems for fun and, maybe, profit. When not behind an intelligent wannabe machine, he's doing analog music with his band of humans.", "public_name": "William Robinet (Conostix S.A.)", "guid": "3b84b965-4ff5-5894-a6a3-2d779304a6d1", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/3ANECE/"}], "links": [], "feedback_url": "https://cfp.pass-the-salt.org/pts2025/talk/K3MKZQ/feedback/", "origin_url": "https://cfp.pass-the-salt.org/pts2025/talk/K3MKZQ/", "attachments": []}], "Room LW112": [{"guid": "c454f9f2-a996-5fd4-93be-561a6a628bb2", "code": "CSHGVJ", "id": 240, "logo": null, "date": "2025-07-02T09:15:00+02:00", "start": "09:15", "duration": "03:00", "room": "Room LW112", "slug": "pts2025-240-bluetooth-low-energy-hacking-with-whad", "url": "https://cfp.pass-the-salt.org/pts2025/talk/CSHGVJ/", "title": "Bluetooth Low Energy hacking with WHAD", "subtitle": "", "track": "Hardware & Embedded", "type": "Workshop", "language": "en", "abstract": "This workshop will introduce you to our WHAD framework (WHAD stands for *Wireless HAcking Devices* or *Wireless HAcking for Dummies*,  see https://whad.io) and its numerous tools designed to have fun with wireless devices in the wild, with a focus on Bluetooth Low Energy (BLE). Learn how to easily discover BLE devices, connect to them and analyze how they behave and expose information, how to clone a device and trick a smartphone to connect to it, how to interact with a device in many unexpected ways, and more importantly learn how this framework can help you build pretty efficient exploits in Python to complete the final challenge of this workshop !\r\n\r\nWe would be more than happy to get you started with Bluetooth Low Energy hacking with WHAD, and hope you'll enjoy the ride and dig into what this framework is capable of regarding other wireless protocols as well !", "description": "### Workshop objectives\r\n\r\n* Discover WHAD, a flexible wireless hacking Python framework and some of its key features\r\n* Learn how to easily scan, connect and interact with a BLE device using WHAD tools\r\n* Learn how to spoof any BLE device using WHAD\r\n* Learn how to create Python scripts using WHAD to automate BLE analysis and vulnerability exploitation \r\n* Hack a BLE smartband for fun and profit !\r\n\r\n### Prerequisites\r\n\r\n* A laptop with Virtualbox or VMWare virtualization software installed (host OS does not really matter)\r\n  * We will provide a pre-configured VM a few days before the workshop\r\n  * Administrative rights may be required for the VM to access the host's USB interfaces and HCI adapters\r\n  * At least 2 free USB ports required on the host machine to plug some hardware devices, bring a USB hub if needed\r\n* A good knowledge of the Python programming language (Python 3.x)\r\n* A smartphone with Nordic Semiconductor's *nRF Connect* application installed (not mandatory but could be useful)\r\n* You can also bring any Bluetooth Low Energy device you think may be fun to fiddle with ;)\r\n\r\n### Workshop agenda\r\n\r\n* I. What is WHAD ?\r\n  * I.1. Introducing WHAD (purpose and global design)\r\n    * I.1.1. Supported protocols/modulations\r\n    * I.1.2. Combining simple tools to create complex tools\r\n    * I.1.3. Python API\r\n    * I.1.4. Examples of tools/research based on WHAD (quick demos)\r\n    * I.1.5. Pros and cons\r\n  * I.2. Core concepts\r\n    * I.2.1. Getting protocol processing out of firmware\r\n    * I.2.2. WHAD host/interface protocol\r\n    * I.2.3. Interfaces and connectors\r\n    * I.2.4. Tool chaining\r\n    * I.2.5. Scripting\r\n  * I.3. Installing WHAD\r\n    * I.3.1. Installing and running WHAD in a VM (we provide a VM image)\r\n    * I.3.2. Installing and running WHAD on your host computer (for the braves)\r\n    * I.3.3. First contact with WHAD\r\n\r\n* II. Discovering BLE devices\r\n  * II.1. Using wsniff to scan for BLE devices\r\n  * II.2. Using wble-central to discover devices\r\n  * II.3. Exporting a device profile to a file (for later user or reporting)\r\n  \r\n* III. Interacting with a BLE device (hands-on)\r\n  * III.1. Interactive mode using wble-central\r\n    * III.1.a. Services and characteristics discovery\r\n    * III.1.b. Reading and writing to characteristics\r\n    * III.1.c. Subscribing for notifications or indications\r\n    * III.1.e. Real-time monitoring with Wireshark\r\n  * III.2. Scripting with WHAD and wble-central\r\n    * III.2.a. Creating a script to avoid getting disconnected\r\n    * III.2.b. Running a script with wble-central\r\n    * III.2.c. Exporting and importing a BLE device's GATT profile for better speed\r\n\r\n* IV. Creating fake BLE devices (hands-on)\r\n  * IV.1. Interactive mode using wble-periph\r\n    * IV.1.a. Creating a device from scratch in interactive mode\r\n    * IV.1.b. Scripting wble-periph to quickly setup a device\r\n    * IV.1.c. Monitoring live with wireshark\r\n    * IV.1.d. Dumping traffic to PCAP file\r\n    * IV.1.e. Populating services and characteristics from exported GATT profile\r\n  * IV.2. Scripting with WHAD and wble-periph\r\n    * IV.2.a. Creating a script to advertise a specific peripheral\r\n    * IV.2.b. Combining saved GATT profile and scripting for efficiency\r\n\r\n* V. Python scripting (hands-on)\r\n  * V.1. WHAD Python API 101\r\n    * V.1.a. Connecting to a BLE device\r\n    * V.1.b. Reading and writing to characteristics\r\n    * V.1.c. Subscribing to notifications or indications\r\n    * V.1.d. Sending handcrafted PDUs\r\n    * V.1.e. Exporting traffic to PCAP\r\n  * V.2. Final challenge\r\n    * V.2.a. Discovering a vulnerable smart band\r\n    * V.2.b. Writing an exploit with Python and WHAD\r\n    * V.2.c. Hack all the smart bands !", "recording_license": "", "do_not_record": false, "persons": [{"code": "TNZWVD", "name": "Damien Cauquil (R&D Engineer at Quarkslab)", "avatar": null, "biography": "Damien is a security researcher who joined Quarkslab in 202 . He discovered how wireless protocols can be fun to hack and created BtleJuice, one of the first Bluetooth Low Energy MitM framework (now almost dead) and BtleJack, a BLE swiss-army knife released in 2018. He has been working with Romain Cayre on a new wireless hacking framework called WHAD for more than two years, that has been released at DEF CON 32 in 2024.\r\n\r\nDamien presented at various security conferences including DEF CON, Hack In Paris, Chaos Communication Camp, Chaos Communication Congress, BruCon, Hack.lu, SSTIC, and a dozen times at leHACK (formerly *la Nuit du Hack*), one of the oldest French hacking conference.", "public_name": "Damien Cauquil (R&D Engineer at Quarkslab)", "guid": "b50d3796-ed38-53cf-b380-b977f71804b2", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/TNZWVD/"}, {"code": "B33EXP", "name": "Romain Cayre", "avatar": "https://cfp.pass-the-salt.org/media/avatars/IMG_20250321_151525_t4WYoE0_rot_Xy9n1vW.jpg", "biography": "Dr. Romain Cayre (male), whose research work focuses on the identification, analysis and prevention of emerging threats related to the deployment of new wireless communication protocols and embedded systems for Internet of Things and Industry 4.0, with an interdisciplinary approach at the interface between signal processing, embedded electronics and security.", "public_name": "Romain Cayre", "guid": "adec0679-13a8-5e30-be6b-1b53591f33cd", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/B33EXP/"}], "links": [], "feedback_url": "https://cfp.pass-the-salt.org/pts2025/talk/CSHGVJ/feedback/", "origin_url": "https://cfp.pass-the-salt.org/pts2025/talk/CSHGVJ/", "attachments": []}]}}, {"index": 3, "date": "2025-07-03", "day_start": "2025-07-03T04:00:00+02:00", "day_end": "2025-07-04T03:59:00+02:00", "rooms": {"Amphitheater 122": [{"guid": "7ec6e571-9127-583e-a74e-77c1e66da901", "code": "DEKPBL", "id": 245, "logo": null, "date": "2025-07-03T09:30:00+02:00", "start": "09:30", "duration": "00:20", "room": "Amphitheater 122", "slug": "pts2025-245-make-better-shells-with-rcat", "url": "https://cfp.pass-the-salt.org/pts2025/talk/DEKPBL/", "title": "Make better shells with rcat", "subtitle": "", "track": "Offensive Security", "type": "Short Talk", "language": "en", "abstract": "__Rcat__ is a modern _netcat_ written in Rust \ud83e\udd80. It supports __TLS__, and __upgrading reverse shells__ to a fully interactive TTY.", "description": "Today, most reverse shells are done via an unencrypted TCP connection using `netcat` (looking at you https://revshells.com). We will see how to easily create __encrypted reverse shells__ (without installing tools on the targeted server).\r\n\r\nWe will also discuss what is are _pseudo-TTY_, and how `rcat` makes it easier to transfer files over a TCP connection.\r\n\r\nhttps://github.com/0xfalafel/rcat", "recording_license": "", "do_not_record": false, "persons": [{"code": "QPU7JV", "name": "Olivier Lasne", "avatar": "https://cfp.pass-the-salt.org/media/avatars/09.42.06_crop_RIcGj1P.jpeg", "biography": "Olivier has been a pentester and occasional teacher for the last 8 years.  \r\nHe loves Linux, and writing applications in Rust.", "public_name": "Olivier Lasne", "guid": "57156ba2-dbe9-5408-a7f3-21d0e4ad4b68", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/QPU7JV/"}], "links": [], "feedback_url": "https://cfp.pass-the-salt.org/pts2025/talk/DEKPBL/feedback/", "origin_url": "https://cfp.pass-the-salt.org/pts2025/talk/DEKPBL/", "attachments": [{"title": "Slides of the presentation", "url": "/media/pts2025/submissions/DEKPBL/resources/Make_better_Shells_with_Rcat_5nplIci.pdf", "type": "related"}]}, {"guid": "dcaefaf6-1c67-5919-a4b7-5b8a4df4159c", "code": "XE9K9T", "id": 234, "logo": null, "date": "2025-07-03T09:50:00+02:00", "start": "09:50", "duration": "00:20", "room": "Amphitheater 122", "slug": "pts2025-234-hooking-windows-named-pipes-with-thatsnopipe", "url": "https://cfp.pass-the-salt.org/pts2025/talk/XE9K9T/", "title": "Hooking Windows Named Pipes with thats_no_pipe", "subtitle": "", "track": "Offensive Security", "type": "Short Talk", "language": "en", "abstract": "Named Pipes are interprocess communication primitives used by many Windows applications.\r\nHowever, these operating system APIs are often blindly trusted, and one can intercept and tamper with transmitted data by abusing a Man-in-the-Middle setup.\r\nCommonly admitted mitigations implies checking process IDs, executable signatures or permissions on the named pipe. With proper tooling, such mitigations can be bypassed.\r\n\r\nThis presentation will delve into Windows Named Pipes APIs while highlighting common attacks, usual mitigations, and how to bypass them using the soon-to-be-opensource tool thats_no_pipe.", "description": "- A quick introduction of the speaker.\r\n- A quick introduction of Windows Named Pipes APIs.\r\n- An overview of common attacks against Named Pipes.\r\n- Common mitigations against MitM attacks, and how to bypass them.\r\n- Live demonstration of the tool.", "recording_license": "", "do_not_record": false, "persons": [{"code": "YBTZ8F", "name": "Thomas Borot (Pentester @Synacktiv)", "avatar": "https://cfp.pass-the-salt.org/media/avatars/thomas.borot_Rlf2ymJ.png", "biography": "Developer & Pentester @ Synacktiv", "public_name": "Thomas Borot (Pentester @Synacktiv)", "guid": "7c3919f0-825e-51b2-a5b0-53164efb7183", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/YBTZ8F/"}], "links": [], "feedback_url": "https://cfp.pass-the-salt.org/pts2025/talk/XE9K9T/feedback/", "origin_url": "https://cfp.pass-the-salt.org/pts2025/talk/XE9K9T/", "attachments": [{"title": "Slides", "url": "/media/pts2025/submissions/XE9K9T/resources/pts2025-hooking_named_pipes-slides_noxwFfJ.pdf", "type": "related"}]}, {"guid": "0603f284-2f3e-52cf-88c7-5c53ff855165", "code": "XZGSN8", "id": 202, "logo": null, "date": "2025-07-03T10:10:00+02:00", "start": "10:10", "duration": "00:20", "room": "Amphitheater 122", "slug": "pts2025-202-vesta-admin-takeover-exploiting-reduced-seed-entropy-in-random", "url": "https://cfp.pass-the-salt.org/pts2025/talk/XZGSN8/", "title": "Vesta Admin Takeover - Exploiting reduced seed entropy in $RANDOM", "subtitle": "", "track": "Offensive Security", "type": "Short Talk", "language": "en", "abstract": "In this session, we will examine the Vesta control panel, known for its user-friendly approach to Linux server management. While Vesta facilitates tasks like hosting websites and managing domains, it also presents security challenges. Our focus will be on a significant vulnerability that allows for admin takeover due to the predictable output of the Bash $RANDOM variable used for password and token generation.\r\n\r\nAttendees will gain insights into the exploit process, its implications for server security, and best practices for mitigating similar risks. Join us to learn how to enhance the security of your Linux server environments and protect against unauthorized access.", "description": "Vesta is a lightweight, web-based control panel that simplifies Linux server management, appealing to users seeking an intuitive alternative to traditional platforms like cPanel and Plesk. This presentation will examine a critical flaw in Vesta: an admin takeover exploit resulting from reduced seed entropy in the Bash $RANDOM variable. By transforming what was once a theoretical attack into a practical one, we successfully reduced the brute force domain of the seed by over 98%. This allows attackers to generate predictable random values, compromising the security of passwords and tokens. We will discuss the implications of this vulnerability and highlight best practices for enhancing server security in real-world applications.", "recording_license": "", "do_not_record": false, "persons": [{"code": "PUWKCY", "name": "Adrian Tiron", "avatar": null, "biography": "Adrian Tiron is a Co-Founder & Principal Pentester/Red Teamer at FORTBRIDGE with 20 years of experience in cybersecurity. He has a proven track record of success working with top companies in the UK, US, and Europe. As a dedicated researcher and blog author, Adrian has uncovered multiple critical vulnerabilities in open-source and commercial software, contributing significantly to improving online security.", "public_name": "Adrian Tiron", "guid": "3dfbcd29-400e-5ef0-8c7a-f4d69afddd1f", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/PUWKCY/"}], "links": [], "feedback_url": "https://cfp.pass-the-salt.org/pts2025/talk/XZGSN8/feedback/", "origin_url": "https://cfp.pass-the-salt.org/pts2025/talk/XZGSN8/", "attachments": [{"title": "Slides", "url": "/media/pts2025/submissions/XZGSN8/resources/PTS2025-TALK-17-Vesta_admin_takeover_0GdjUR2.pdf", "type": "related"}]}, {"guid": "180637e0-bb72-58e8-a1f6-04a579c659a3", "code": "9ZCTRE", "id": 232, "logo": null, "date": "2025-07-03T10:45:00+02:00", "start": "10:45", "duration": "00:20", "room": "Amphitheater 122", "slug": "pts2025-232-auditing-keycloak-configurations-with-neo4j", "url": "https://cfp.pass-the-salt.org/pts2025/talk/9ZCTRE/", "title": "Auditing Keycloak Configurations with Neo4j", "subtitle": "", "track": "System Audit & Hardening", "type": "Short Talk", "language": "en", "abstract": "Keycloak is a popular open source Identity and Access Management solution that provides single sign-on, user federation, and fine-grained role-based access control. However, in complex setups with multiple realms, roles, and groups, misconfigurations may go unnoticed. In this short talk, I will demonstrate a straightforward way to export Keycloak data (realms, roles, users, groups, etc.) into a Neo4j graph database, then run Cypher queries to pinpoint potential security issues such as privilege escalation. By visualizing Keycloak objects as a graph, we gain a clearer view of relationships and can spot unusual privileges more easily. An open-source tool facilitating this process will be released once the final configuration details are settled, enabling others to replicate and adapt the method.", "description": "Key points covered:\r\n\r\n* Simple export of Keycloak objects (realms, roles, users, groups, etc.) into Neo4j\r\n* Using Cypher queries to detect or visualize security gaps\r\n* Practical examples of identifying overlooked or excessive privileges\r\n* Maintaining a clearer overview of complex IAM configurations\r\n* Details on the upcoming open-source release for easy replication", "recording_license": "", "do_not_record": false, "persons": [{"code": "USNXTZ", "name": "K\u00e9vin Schouteeten (pentester @Synacktiv)", "avatar": null, "biography": "K\u00e9vin Schouteeten is a pentester at Synacktiv in Paris. He is part of a team dedicated to offensive information security, having spent the last 16 years as a developer, malware analyst, and now focusing on penetration testing across a wide variety of technologies.", "public_name": "K\u00e9vin Schouteeten (pentester @Synacktiv)", "guid": "29bf4614-9c7e-5a8a-86e8-4f078b5f3ffb", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/USNXTZ/"}], "links": [], "feedback_url": "https://cfp.pass-the-salt.org/pts2025/talk/9ZCTRE/feedback/", "origin_url": "https://cfp.pass-the-salt.org/pts2025/talk/9ZCTRE/", "attachments": [{"title": "Slides", "url": "/media/pts2025/submissions/9ZCTRE/resources/PTS2025-TALK-18-Keycloak_aLENviu.pdf", "type": "related"}]}, {"guid": "5a064057-bcf1-56ae-9bb1-fe3bb1be6e39", "code": "FUL7LS", "id": 195, "logo": null, "date": "2025-07-03T11:05:00+02:00", "start": "11:05", "duration": "00:35", "room": "Amphitheater 122", "slug": "pts2025-195-putting-pacman-in-jail-a-sandboxing-story", "url": "https://cfp.pass-the-salt.org/pts2025/talk/FUL7LS/", "title": "Putting pacman in jail: a sandboxing story", "subtitle": "", "track": "System Audit & Hardening", "type": "Talk", "language": "en", "abstract": "The pacman package manager is used by the Arch Linux distribution and its derivatives. It is written in a memory-unsafe language, runs as root, and performs complicated tasks while downloading packages over the internet.\r\nThis is the story of how in 7.0 we isolated the download steps into a separate process, running as an unprivileged user, and further restricted it using seccomp and Landlock.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "98YEUJ", "name": "R\u00e9mi Gacogne (Security Team, Arch Linux)", "avatar": "https://cfp.pass-the-salt.org/media/avatars/DSC_0694_v2_600x400_d8o5lpY.jpg", "biography": "Long-time member of the Arch Linux security team, Remi works at PowerDNS on DNSdist, an open-source DNS load-balancer.", "public_name": "R\u00e9mi Gacogne (Security Team, Arch Linux)", "guid": "ab97a460-bb51-5361-8f2b-b4021b9cf54a", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/98YEUJ/"}], "links": [], "feedback_url": "https://cfp.pass-the-salt.org/pts2025/talk/FUL7LS/feedback/", "origin_url": "https://cfp.pass-the-salt.org/pts2025/talk/FUL7LS/", "attachments": [{"title": "Slides", "url": "/media/pts2025/submissions/FUL7LS/resources/PTS2025-TALK-19-pacman_in_jail_3SUHV7c.pdf", "type": "related"}]}, {"guid": "212fdfdf-523e-5e44-9263-cf534a7ae4dc", "code": "C9MMHN", "id": 212, "logo": null, "date": "2025-07-03T11:40:00+02:00", "start": "11:40", "duration": "00:20", "room": "Amphitheater 122", "slug": "pts2025-212-rootasrole-simplifying-linux-privileges-and-fortifying-ansible-deployments", "url": "https://cfp.pass-the-salt.org/pts2025/talk/C9MMHN/", "title": "RootAsRole: Simplifying Linux Privileges and Fortifying Ansible Deployments", "subtitle": "", "track": "System Audit & Hardening", "type": "Short Talk", "language": "en", "abstract": "This presentation introduces RootAsRole; an alternative to sudo/su commands that applies more finely the principle of least privilege, dives into security issues with Ansible and how RootAsRole helps to deal with.", "description": "RootAsRole is a Rust-based alternative to *sudo* for Linux systems. It allows the definitions of a co-administrated infrastructure with limited privilege sets through a structured role-based access control model and adhering to the principle of least privilege. In this presentation, we\u2019ll explore how *sr* (the name of our tool, for **S**witch-**R**ole) is more secure or/and better than *sudo/doas/su* alternatives, and extends its utility for automation with Ansible and the valuable security insights it offers.", "recording_license": "", "do_not_record": false, "persons": [{"code": "MVHYGV", "name": "Yves R\u00fctschl\u00e9 (Security architect, Airbus Protect)", "avatar": null, "biography": "After studying electronics and computer architecture, Yves spent a decade developing embedded software, first in a small business, then at Airbus. He then moved on to the Airbus A350 design office to work on its security. There, he practiced supplier management, systems engineering, and security requirements for systems with critical, safety-related impacts. Since then he has worked on various topics related to security, from governance to formal proofs of security properties, in several industrial domains such as aeronautics, railway and automotive.\r\nIn his free time, he develops his side-project `sslh`, which helps evading firewalls, hiding network services, and performs various network plumbing tasks.", "public_name": "Yves R\u00fctschl\u00e9 (Security architect, Airbus Protect)", "guid": "f4d81231-caee-5714-9079-4ba6d3d6a954", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/MVHYGV/"}, {"code": "G739SC", "name": "Eddie Billoir", "avatar": "https://cfp.pass-the-salt.org/media/avatars/12381165_nAp2pxu.jpeg", "biography": "Eddie Billoir is a last year industrial PhD student with the Institut de Recherche en Informatique de Toulouse (IRIT) in France and Airbus Protect company. His research focuses on operating system access control, emphasizing the principle of least privilege. He is also the main contributor of RootAsRole project.", "public_name": "Eddie Billoir", "guid": "59ee829c-c5a5-5a1d-aa17-f2815747cdbc", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/G739SC/"}], "links": [], "feedback_url": "https://cfp.pass-the-salt.org/pts2025/talk/C9MMHN/feedback/", "origin_url": "https://cfp.pass-the-salt.org/pts2025/talk/C9MMHN/", "attachments": [{"title": "Slides", "url": "/media/pts2025/submissions/C9MMHN/resources/PTS2025-TALK-20-RootAsRole_PNuQFwL.pdf", "type": "related"}]}, {"guid": "7beab524-b738-5e80-9f81-5ee92762da9f", "code": "PKWQUD", "id": 229, "logo": null, "date": "2025-07-03T14:00:00+02:00", "start": "14:00", "duration": "00:20", "room": "Amphitheater 122", "slug": "pts2025-229-secrets-at-sea-hunting-exposed-code-container-registries", "url": "https://cfp.pass-the-salt.org/pts2025/talk/PKWQUD/", "title": "Secrets at Sea: Hunting Exposed Code & Container Registries", "subtitle": "", "track": "System Audit & Hardening", "type": "Short Talk", "language": "en", "abstract": "Publicly accessible registries and repositories are often associated with well-known SaaS platforms such as GitHub or DockerHub. However, a significant number of individuals and companies rely on self-hosted solutions like GitLab or Harbor for managing their code and container images. Surprisingly, many of these self-hosted instances are inadvertently exposed, granting unauthenticated access to repositories and container images.\r\n\r\nThis talk will explore methods for discovering publicly accessible self-hosted registries using techniques such as Certificate Transparency (CT) logs and Shodan scanning. We will discuss how to retrieve repository contents and container images from these sources, subsequently performing secrets scanning to assess the extent of exposure and raise awareness of potential security risks.\r\n\r\nFrom a tooling perspective, our investigation reveals a critical gap: most scanning tools fail to retrieve images from registries that are only available via plain HTTP. We will take this opportunity to discuss the registry API, and demonstrate approaches for interacting with it.\r\n\r\nThrough real-world examples and hands-on insights, this talk aims to shed light on the current state of public registry exposure, providing actionable recommendations for improving security posture.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "LXUYHG", "name": "Guillaume Valadon", "avatar": "https://cfp.pass-the-salt.org/media/avatars/IMG_1309_8p63bgE.jpg", "biography": "Guillaume is a Cybersecurity Researcher at GitGuardian. He holds a PhD in networking. He likes looking at data and crafting packets. He co-maintains Scapy. And he still remembers what AT+MS=V34 means!", "public_name": "Guillaume Valadon", "guid": "0b6493ee-a102-5d0a-894f-226a8f0b10c0", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/LXUYHG/"}, {"code": "7G3XZA", "name": "Gaetan Ferry", "avatar": "https://cfp.pass-the-salt.org/media/avatars/profile_voj03zt.jpeg", "biography": "Gaetan is a security researcher with a decade of experience uncovering software vulnerabilities. After establishing himself in offensive security in 2015, he transitioned to security research in 2022, bringing his hands-on expertise in application security. His track record includes uncovering significant vulnerabilities in enterprise-grade systems like Cisco Nexus and Apache HTTPD. Gaetan loves sharing his knowledge through blog posts, speaking at conferences, or hands-on security training sessions at universities and private organizations.\r\nWhen not hunting for vulnerabilities, Gaetan can be found fishing on a river, playing chess, or on a judo mat.", "public_name": "Gaetan Ferry", "guid": "03439db1-670e-5df0-9796-e0846f1fda53", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/7G3XZA/"}], "links": [], "feedback_url": "https://cfp.pass-the-salt.org/pts2025/talk/PKWQUD/feedback/", "origin_url": "https://cfp.pass-the-salt.org/pts2025/talk/PKWQUD/", "attachments": [{"title": "Slides", "url": "/media/pts2025/submissions/PKWQUD/resources/PTS2025-TALK-21-secrets_at_sea_BiTLSsL.pdf", "type": "related"}]}, {"guid": "45679808-3d16-5961-9c18-b73bbf1f44fa", "code": "RDEFF3", "id": 227, "logo": null, "date": "2025-07-03T14:20:00+02:00", "start": "14:20", "duration": "00:20", "room": "Amphitheater 122", "slug": "pts2025-227-fun-with-flags-how-compilers-break-and-fix-constant-time-code", "url": "https://cfp.pass-the-salt.org/pts2025/talk/RDEFF3/", "title": "Fun with flags: How Compilers Break and Fix Constant-Time Code", "subtitle": "", "track": "Walking on the wild Side Channel", "type": "Short Talk", "language": "en", "abstract": "You meticulously craft constant-time code to protect against side-channel attacks\u2014only to have your compiler silently sabotage it. Optimization passes, designed to make code faster, can introduce timing leaks, violating security guarantees in ways developers never intended. But which optimizations are responsible? And how can you stop them without rewriting the compiler itself?\r\n\r\nIn this talk, we investigate the mystery behind compiler-induced constant-time violations. We analyze real-world examples from GCC and LLVM, exposing how specific optimizations betray security assumptions. More importantly, we provide practical solutions: which compiler flags can mitigate these leaks, and what is the real cost of securing your compiled code?\r\n\r\nYour compiler may not be your friend\u2014but with the right knowledge, you can stop it from turning against you.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "AYCBCA", "name": "Antoine Geimer", "avatar": null, "biography": "I am a PhD student in the Spirals team at Inria Lille. My main research focus is on microarchitectural side-channel vulnerabilities, how they manifest in software and how to find them.", "public_name": "Antoine Geimer", "guid": "15515a9d-defc-5e8a-9c90-a07b8a03e619", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/AYCBCA/"}], "links": [], "feedback_url": "https://cfp.pass-the-salt.org/pts2025/talk/RDEFF3/feedback/", "origin_url": "https://cfp.pass-the-salt.org/pts2025/talk/RDEFF3/", "attachments": [{"title": "Slides", "url": "/media/pts2025/submissions/RDEFF3/resources/PTS2025-TALK-22-fun_with_flags_B4CQk7g.pdf", "type": "related"}]}, {"guid": "bf816b41-fb6f-5846-8e0d-6b59d76026cc", "code": "GBEYZP", "id": 206, "logo": null, "date": "2025-07-03T14:40:00+02:00", "start": "14:40", "duration": "00:20", "room": "Amphitheater 122", "slug": "pts2025-206-analyzing-microarchitectural-side-channel-attacks-using-open-source-gem5-simulator", "url": "https://cfp.pass-the-salt.org/pts2025/talk/GBEYZP/", "title": "Analyzing Microarchitectural Side-Channel Attacks Using Open-source gem5 simulator", "subtitle": "", "track": "Walking on the wild Side Channel", "type": "Short Talk", "language": "en", "abstract": "Microarchitectural side-channel attacks exploit subtle hardware behaviors, such as cache activity and instruction retirement patterns, to extract sensitive information. Understanding these attacks is essential for developing effective mitigations. However, real hardware imposes limitations on observability and experimental flexibility. The gem5 simulator, an open-source and highly extensible architectural simulator, provides a powerful environment for analyzing these attacks with fine-grained control over execution, memory access, and timing behaviors.\r\n\r\n\r\nIn this presentation, I will demonstrate how gem5 can be used to evaluate side-channel vulnerabilities, focusing on attack scenarios such as Flush+Fault and Access-Retired attacks targeting the RISC-V architecture. By simulating both attack and non-attack conditions under controlled settings, gem5 enables precise identification of attack patterns. These datasets can then be used to train machine learning (ML) models for classifying microarchitectural events with high accuracy.\r\n\r\n\r\nBy leveraging gem5\u2019s multi-ISA support, full-system simulation, and cycle-accurate modeling, researchers gain deeper insights into attack mechanisms, accelerate the prototyping of detection techniques, and design architectures resilient to both known and emerging side-channel threats. This approach not only enhances detection capabilities but also informs secure hardware-software co-design strategies.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "XGM8XJ", "name": "Mahreen Khan", "avatar": "https://cfp.pass-the-salt.org/media/avatars/IMG-20250221-WA0006_pK1A1J6.jpg", "biography": "Mahreen Khan is a first-year PhD researcher at T\u00e9l\u00e9com Paris, IP Paris, specializing in microarchitectural security. Her research focuses on side-channel attacks, their impact on modern processor architectures, and potential mitigation strategies.\r\n\r\nShe completed her Master\u2019s in Integrated Circuit Design in 2024 at T\u00e9l\u00e9com Paris, where she specialized in VLSI, digital/analog IC design, and hardware security. She developed expertise in semiconductor design, low-power architectures, and microarchitecture.\r\n\r\nCurrently, she explores security vulnerabilities using architectural simulators like gem5, contributing to a deeper understanding of microarchitectural threats and defenses.", "public_name": "Mahreen Khan", "guid": "4a50880b-645e-5ac3-a013-17316f90f4ef", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/XGM8XJ/"}], "links": [], "feedback_url": "https://cfp.pass-the-salt.org/pts2025/talk/GBEYZP/feedback/", "origin_url": "https://cfp.pass-the-salt.org/pts2025/talk/GBEYZP/", "attachments": [{"title": "Slides", "url": "/media/pts2025/submissions/GBEYZP/resources/PTS2025-TALK-23-microarchitectural_sca_wBYvwuT.pdf", "type": "related"}]}, {"guid": "111f702b-75db-5aba-8bf3-cfb2c64e6a18", "code": "MMAXWW", "id": 247, "logo": null, "date": "2025-07-03T15:00:00+02:00", "start": "15:00", "duration": "00:20", "room": "Amphitheater 122", "slug": "pts2025-247-the-even-darker-web-dirty-tricks-and-questionable-code-choices-on-some-of-the-world-s-largest-websites", "url": "https://cfp.pass-the-salt.org/pts2025/talk/MMAXWW/", "title": "The Even Darker Web - Dirty tricks and questionable code choices on some of the world's largest websites.", "subtitle": "", "track": "Threats to Privacy", "type": "Short Talk", "language": "en", "abstract": "Most of you made your own website at least once or twice. You wrote HTML or used a framework that generated static content for you. And you were pretty proud to have something as lightweight as possible.\r\n\r\nIt turns out we are the weirdos.\r\n\r\nOver years of developing [lookyloo](https://github.com/Lookyloo), we have encountered a lot of interesting (and sometimes terrible) techniques used to show you a webpage, and harvest your data. These techniques include what happens before you see anything (DNS, geolocalisation, time in the day), when you start seeing the page (GDPR popup, Captcha, mouse movement), and after it is fully rendered. (If it ever does...)", "description": "The talk will cover the three categories of websites we encounter:\r\n\r\n1. Phishing and scams: make a quick crime buck.\r\n1. Tracking on legitimate websites: build a user profile over time without getting sued to oblivion\r\n3. WAT: probably AI generated and trying to sell you the memecoin of the day\r\n\r\nWe will go through a few remarkable examples captures on Lookyloo, explain what weird or crazy thing happened from the instant the URL starts to load all the way to when the page is rendered. We'll also look at the data gathered along the way, and search in the existing dataset for similar captures.", "recording_license": "", "do_not_record": false, "persons": [{"code": "YPKMAQ", "name": "Rapha\u00ebl Vinot (Developer, Lookyloo)", "avatar": "https://cfp.pass-the-salt.org/media/avatars/0aed579ff806e3c3_wFum0Vj.jpg", "biography": "Formerly member of CIRCL, I moved to France but didn't go that far in spirit as I'm still part of the developers and maintainers for a whole bunch of tools there. Some say it is too many, we disagree.", "public_name": "Rapha\u00ebl Vinot (Developer, Lookyloo)", "guid": "8d08aadb-a86c-5a2c-89d1-3e8c2c813b98", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/YPKMAQ/"}], "links": [], "feedback_url": "https://cfp.pass-the-salt.org/pts2025/talk/MMAXWW/feedback/", "origin_url": "https://cfp.pass-the-salt.org/pts2025/talk/MMAXWW/", "attachments": [{"title": "Slides", "url": "/media/pts2025/submissions/MMAXWW/resources/PTS2025-TALK-24-even_darker_web_rPodkcO.pdf", "type": "related"}]}, {"guid": "8c7dd4cd-30d8-5320-93d5-ea7ad5f9b4d1", "code": "7K9MEV", "id": 218, "logo": null, "date": "2025-07-03T15:35:00+02:00", "start": "15:35", "duration": "00:35", "room": "Amphitheater 122", "slug": "pts2025-218-metadata-protection-in-instant-messaging-applications-a-review", "url": "https://cfp.pass-the-salt.org/pts2025/talk/7K9MEV/", "title": "Metadata Protection in Instant Messaging Applications: a Review", "subtitle": "", "track": "Threats to Privacy", "type": "Talk", "language": "en", "abstract": "Twelve years after the public specification of the Signal protocol, almost all\r\ninstant messaging protocols have embraced the ratchet construct, granting perfect\r\nforward secrecy and post-compromise security.\r\n\r\nWhatsapp, Signal, OMEMO-based applications, Olm and Megolm-based applications,\r\nor SimpleX Chat all use the Double Ratchet protocol. Olvid also uses a ratchet\r\nprotocol, although the construct is a bit different. And there are the stragglers\r\nwho insist on not using any form of perfect forward secrecy, such as Session or\r\nDelta Chat. Of those, we will talk no more.\r\n\r\nBut since then, we have learned the hard way from some NSA executive that\r\nmetadata gets you arrested or killed. And so begs the question: how well are\r\nprotected our metadata by the various instant messaging infrastructures?\r\n\r\nSignal claims one cannot hand over data one doesn't have. But how honest are\r\nthey about the metadata they do have, and that could be requested from them or\r\ntheir hosting provider by a subpoena and sealed orders.\r\n\r\nIn this talk, we will explore some metadata available to Signal servers, Olvid\r\nservers, Matrix/Element home servers and SimpleX Chat SMP queue servers. We will\r\nthen discuss the strategies that some of these applications have deployed to\r\nlimit metadata exposition, including those leveraging external transport security,\r\nsuch as the use of Tor.", "description": "This talk covers the obvious issue of long-term identities and the\r\nconstruction of the social graph and how some protections supposed to thwart the\r\nsocial graph recovery are flawed. Some of these attacks are publicly documented\r\nand still unmitigated by those affected by them.\r\n\r\nThis talk also dives into less obvious metadata leaks, such as traffic\r\ncorrelation and ciphertext correlation. \r\n\r\nFinally it also points out that some of the studied instant messaging solutions\r\ndo not protect all messages and leak metadata to third parties via attachment\r\nupload, push notifications, backups and voice/video calls. \r\n\r\nSorting out which instant messaging application is the best is a non-goal for\r\nthis talk.", "recording_license": "", "do_not_record": false, "persons": [{"code": "3WRNLD", "name": "Florian Maury", "avatar": "https://cfp.pass-the-salt.org/media/avatars/1836-3264-cropped_D8zE5VL.jpg", "biography": "Florian Maury is a freelancer offering services as a software/system/security engineer and architect.\r\nThey also write a technical blog \"Broken by Design\" and host a podcast \"Yakafokon\" on Infrastructure as Code Security and DevSecOps practices.\r\nIn their spare time, Florian also contributes to free software, and they are an activist for animal rights.", "public_name": "Florian Maury", "guid": "fbecb3d2-1d3d-50d2-a012-617ca83fcb33", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/3WRNLD/"}], "links": [], "feedback_url": "https://cfp.pass-the-salt.org/pts2025/talk/7K9MEV/feedback/", "origin_url": "https://cfp.pass-the-salt.org/pts2025/talk/7K9MEV/", "attachments": [{"title": "Slides", "url": "/media/pts2025/submissions/7K9MEV/resources/PTS2025-TALK-25-metadata_prot_in_instant_msg_apps_LsHI6ZN.pdf", "type": "related"}]}, {"guid": "7c830a80-6949-5aba-ad99-fcf014d729d7", "code": "BT3FTH", "id": 228, "logo": null, "date": "2025-07-03T16:10:00+02:00", "start": "16:10", "duration": "00:20", "room": "Amphitheater 122", "slug": "pts2025-228-exadprinter-exhaustive-permissionless-device-fingerprinting-within-the-android-ecosystem", "url": "https://cfp.pass-the-salt.org/pts2025/talk/BT3FTH/", "title": "EXADPrinter: Exhaustive Permissionless Device Fingerprinting Within the Android Ecosystem", "subtitle": "", "track": "Threats to Privacy", "type": "Short Talk", "language": "en", "abstract": "Android is the dominant mobile operating system, powering more than 70% of the global mobile market and presenting a significant opportunity for user tracking. As privacy regulations tighten around how personal data can be used and collected, trackers are looking for alternatives that are under less scrutiny to evade detection. Device fingerprinting has emerged as a key solution, allowing trackers to create identifiers without user consent in a stealthy manner. Despite the extensive research on fingerprinting done from a web browser in the past decade, device fingerprinting on Android remains relatively understudied, with limited literature exploring its specific techniques and implications for user privacy.\r\n\r\nIn this study, we introduce EXADPrinter, a novel exhaustive permissionless device fingerprinting framework targeting Android devices. Without requiring permissions, our framework extracts over 200,000 properties per device by leveraging methods such as Java reflection and execution of shell commands. Through a dedicated Android application and a 6-month data collection, we gathered over 1151 fingerprints coming from 833 different Android devices, covering 41 manufacturers and 7 Android versions ranging from 9 to 15.\r\n\r\nThrough our framework, we demonstrate that diverse data can be collected about the device hardware, the operating system running on it, and the user, without requiring special permissions. We show that combining a few attributes without any IDs or personal information is enough to uniquely identify each device of our dataset, painting a bleak picture of the current state of the Android ecosystem.\r\nMoreover, our framework highlights the negative impact of custom operating systems and manufacturer-specific customizations as they enhance the device fingerprinting effectiveness. Furthermore, EXADPrinter uncovers some leakage of sensitive information caused essentially by manufacturer customizations, including the exposure of user emails, emergency contacts, and persistent identifiers such as SIM identifiers.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "GCAJNZ", "name": "Sihem Bouhenniche (University of Lille - Inria)", "avatar": "https://cfp.pass-the-salt.org/media/avatars/1745496376166_YUFaTEb.jpeg", "biography": "My name is Sihem Bouhenniche. I am currently pursuing a PhD. in cybersecurity at the University of Lille, with a focus on user privacy protection. My research centers around privacy and security issues related to mobile devices, particularly Android device fingerprinting.\r\n\r\nI am also a member of the Spirals research team at Inria Lille. Before starting my PhD, I worked with the team for two years as a research engineer. During that time, I contributed to the development of amiunique.org, a popular browser fingerprinting platform that accounts around 2,000 visits per day.\r\n\r\nI graduated from the Higher School of Computer Science of Algiers (ESI - Oued Smar) with both a Software Engineering degree and a Master\u2019s degree. I also worked as a frontend developer at Ouedkniss.com, the largest e-commerce platform in Algeria, where I helped redesign the platform's interface and contributed to various new projects.", "public_name": "Sihem Bouhenniche (University of Lille - Inria)", "guid": "e147e711-2709-5c67-a224-ccfb12f3a9ee", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/GCAJNZ/"}], "links": [], "feedback_url": "https://cfp.pass-the-salt.org/pts2025/talk/BT3FTH/feedback/", "origin_url": "https://cfp.pass-the-salt.org/pts2025/talk/BT3FTH/", "attachments": [{"title": "Slides", "url": "/media/pts2025/submissions/BT3FTH/resources/PTS2025-TALK-26-EXADPrinter_BSc1aFd.pdf", "type": "related"}]}], "Room LW109": [{"guid": "6ca35491-a884-5ded-814d-c58e00297b23", "code": "JFTTLJ", "id": 244, "logo": null, "date": "2025-07-03T09:30:00+02:00", "start": "09:30", "duration": "03:00", "room": "Room LW109", "slug": "pts2025-244-dive-into-delta-chat-chatmail-webxdc-apps-and-p2p-realtime", "url": "https://cfp.pass-the-salt.org/pts2025/talk/JFTTLJ/", "title": "Dive into Delta Chat, Chatmail, webxdc apps and P2P realtime", "subtitle": "", "track": "Secured Messaging", "type": "Workshop", "language": "en", "abstract": "The Delta Chat decentralized instant messaging project has over the years evolved a rich ecosystem of distinct project areas, from instant onboarding with a versatile cross-platform messenger, over using chat-shared web apps with integrated Peer-to-Peer realtime messaging to participating with own Chatmail servers in the world-wide e-mail server network.\r\n\r\nFirst, we onboard all participants on different Chatmail servers and get into a joint chat group and play around with the many features, answer and discuss questions and maybe play some games.\r\n\r\nSecond, we offer participants hands-on sessions: \r\n\r\n- setting up a chatmail server\r\n\r\n- writing a webxdc app\r\n\r\n- writing a chat bot", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"code": "YPVZUJ", "name": "Holger Krekel", "avatar": "https://cfp.pass-the-salt.org/media/avatars/holger-berlin_Hkb8T9c.jpg", "biography": "Holger is a long-time FOSS contributor.  He is co-creator of the python testing tool \"pytest\", the PyPy project, and since about 10 years engaged in decentralized messaging research and development. \r\nHe is one of the co-creators of the Autocrypt and SecureJoin protocols, as well as one of the maintainers of the \"Chatmail\" project which maintains core infrastructure software both server- and client-side.", "public_name": "Holger Krekel", "guid": "1a34329b-0fc1-58bc-add9-3bcf5248eed3", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/YPVZUJ/"}, {"code": "SLBCYM", "name": "Ksenia Ermoshina", "avatar": null, "biography": "senior researcher at the Center for Internet and Society of the CNRS", "public_name": "Ksenia Ermoshina", "guid": "c484ba89-7575-5bf2-a948-328d81713591", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/SLBCYM/"}, {"code": "VWAM7L", "name": "missytake", "avatar": null, "biography": "cyberpunk is now. they/them", "public_name": "missytake", "guid": "94002e80-cbba-5edf-a0d7-5b5ea6eb825f", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/VWAM7L/"}], "links": [], "feedback_url": "https://cfp.pass-the-salt.org/pts2025/talk/JFTTLJ/feedback/", "origin_url": "https://cfp.pass-the-salt.org/pts2025/talk/JFTTLJ/", "attachments": []}, {"guid": "e112db89-002c-5295-bb66-6c45843568b9", "code": "7A7B8G", "id": 221, "logo": null, "date": "2025-07-03T14:00:00+02:00", "start": "14:00", "duration": "02:30", "room": "Room LW109", "slug": "pts2025-221-apkpatcher-reverse-engineering-and-modifying-android-applications-without-rooting", "url": "https://cfp.pass-the-salt.org/pts2025/talk/7A7B8G/", "title": "Apkpatcher: Reverse Engineering and Modifying Android Applications Without Rooting", "subtitle": "", "track": "Offensive Security", "type": "Workshop 2h30", "language": "en", "abstract": "This hands-on workshop will guide participants through the process of reverse engineering and modifying Android applications without the need for rooted devices.\r\nI will present [apkpatcher](https://apkpatcher.ci-yow.com/) to explore various techniques to analyze, modify, and remove tracker on Android apps, focusing on practical skills that can be applied in real-world scenarios.", "description": "# Objectives\r\n\r\nUnderstand the fundamentals of reverse engineering Android applications.\r\nLearn to use debugging tools to analyze Android app behavior.\r\nBypass security mechanisms using Frida scripts.\r\nSniff and replay Bluetooth Low Energy (BLE) communications.\r\nModify Smali code to alter app functionality.\r\nReverse engineer native libraries used in Android apps.\r\nPerform Man-in-the-Middle (MITM) attacks on HTTPS services.\r\n\r\n# Workshop Outline\r\n\r\n1. Introduction to Android Reverse Engineering\r\n- Overview of Android app architecture.\r\n- Setting up the environment for reverse engineering.\r\n2. Using a Debugger on Android Applications\r\n- Introduction to Android debugging tools.\r\n- Practical exercise: Debugging an Android app.\r\n3. Bypassing Security with Frida\r\n- Introduction to Frida and its capabilities.\r\n- Writing Frida scripts to bypass security checks.\r\n- Hands-on: Implementing a Frida script.\r\n4. Sniffing and Replaying BLE Communications\r\n- Overview of BLE technology.\r\n- Tools for sniffing BLE traffic.\r\n- Practical exercise: Capturing and replaying BLE data.\r\n5. Modifying Smali Code\r\n- Introduction to Smali and its role in Android apps.\r\n- Techniques for modifying Smali code.\r\n- Hands-on: Altering app functionality through Smali.\r\n6. Reverse Engineering Native Libraries\r\n- Understanding native libraries in Android.\r\n- Tools and techniques for reverse engineering.\r\n- Practical exercise: Analyzing a native library.\r\n7. MITM on HTTPS Services\r\n- Introduction to MITM attacks.\r\n- Setting up a MITM proxy for HTTPS.\r\n- Hands-on: Intercepting and modifying HTTPS traffic.\r\n\r\n# Prerequisites\r\nFamiliarity with command-line tools.\r\nLaptop and Android phone\r\n\r\n# Expected Outcomes\r\n\r\nBy the end of the workshop, participants will have gained practical experience in reverse engineering and modifying Android applications. They will be equipped with the skills to analyze app security and implement modifications without requiring rooted devices.\r\n\r\nWorkshop Duration: 1.5 hours", "recording_license": "", "do_not_record": false, "persons": [{"code": "9UMAT8", "name": "Benoit Forgette", "avatar": "https://cfp.pass-the-salt.org/media/avatars/benoit_40sZvJM.png", "biography": "Passionate about how systems work since my childhood and with an initial education in computer science, I gradually moved to the security of these systems and the electronic part of these equipments.Today, I work as a Cybersecurity Engineer in software and hardware reverse engineering at Quarkslab, where my daily work consists in disassembling equipments sent by our clients, then inspecting all their attack surfaces (hardware, radio, software, cloud). Then, we help our clients to find the best way to protect their systems and their equipments.\r\n\r\nIn this work, the part that seems to me the most interesting is the automation/instrumentation/hijacking part. It is fascinating to see how much it is possible to hijack a piece of equipment from its original purpose. This is even more impressive when we talk about physical equipment which has an impact on its environment.", "public_name": "Benoit Forgette", "guid": "9a9d5d64-f0df-5f46-935b-a52fef0babfb", "url": "https://cfp.pass-the-salt.org/pts2025/speaker/9UMAT8/"}], "links": [], "feedback_url": "https://cfp.pass-the-salt.org/pts2025/talk/7A7B8G/feedback/", "origin_url": "https://cfp.pass-the-salt.org/pts2025/talk/7A7B8G/", "attachments": []}]}}]}}}