About Rootconf 2019:
The seventh edition of Rootconf is a two-track conference with:
- Security talks and tutorials in audi 1 and 2 on 21 June.
- Talks on DevOps, distributed systems and SRE in audi 1 and audi 2 on 22 June.
Topics and schedule:
View full schedule here: https://hasgeek.com/rootconf/2019/schedule
Rootconf 2019 includes talks and Birds of Feather (BOF) sessions on:
- OSINT and its applications
- Key management, encryption and its costs
- Running a bug bounty programme in your organization
- PolarDB architecture as Cloud Native Architecture, developed by Alibaba Cloud
- SRE and running distributed teams
- Routing security
- Log analytics
- Enabling SRE via automated feedback loops
- TOR for DevOps
Who should attend Rootconf?
- DevOps programmers
- DevOps leads
- Systems engineers
- Infrastructure security professionals and experts
- DevSecOps teams
- Cloud service providers
- Companies with heavy cloud usage
- Providers of the pieces on which an organization’s IT infrastructure runs – monitoring, log management, alerting, etc
- Organizations dealing with large network systems where data must be protected
- VPs of engineering
- Engineering managers looking to optimize infrastructure and teams
For information about Rootconf and bulk ticket purchases, contact firstname.lastname@example.org or call 7676332020. Only community sponsorships available.
Rootconf 2019 sponsors:
Defensive and Offensive Applications of Open Source Intelligence
In real life, a footprint can be used to distinguish and confirm the identity of an individual. The same is true on the Internet, where activities and transactions that have been carried out leave behind a digital footprint, which at times can be leveraged for gathering intelligence about a particular individual and their activities. As an example, websites which reveal partial phone numbers can allow attackers to piece together an individual’s phone number in full, or an attacker attempting to break into an online account could use information available on a target’s Facebook page (e.g., name of hometown, or name of first school) in order to take guesses at their security answer. In a similar fashion, organisations may unknowingly give away sensitive information online, which could potentially be used by an attacker looking for an entry into their network. Attackers often seek to target employees as a part toward ultimately compromising their employing organisation. The question then arises, how much information is available online right now which could potentially assist an adversary in carrying out an attack at your workplace or organisation? Open Source Intelligence (“OSINT”) traditionally refers to the practice of gathering information that is available publicly, and then analysing and piecing it together with other knowledge for use as intelligence. An adversary may be interested in accumulating open source intelligence for several reasons; acquiring business edge, sabotage, theft, et cetera. How does an organisation protect against this threat? Further, how can organisations utilise the defensive gains of OSINT?
This Birds of a Feather session does not have a particular decided flow for discussion. All inputs, including questions, techniques, experiences, war stories, et cetera, will be helpful for moving the conversation forward. However, it should be clarified that, for the purpose of this discussion, the use of open source intelligence will not cover the associated investigative or journalistic aspect, but rather that which deals with potential security implications, both from the red and blue perspective.
There are no particular requirements for this session, however, participants may benefit from having a basic understanding of computer security and open source intelligence. The session will be considered a success if participants walk away having acquired more knowledge about the topic at hand, including knowledge about specific techniques or methods which could be adapted in an offensive or defensive manner.
Vandana Verma, Shubham Mittal and Karan Saini will be participating in this discussion.