Rootconf 2019

Rootconf 2019

On infrastructure security, DevOps and distributed systems.

About Rootconf 2019:

The seventh edition of Rootconf is a two-track conference with:

  1. Security talks and tutorials in audi 1 and 2 on 21 June.
  2. Talks on DevOps, distributed systems and SRE in audi 1 and audi 2 on 22 June.

Topics and schedule:

View full schedule here: https://hasgeek.com/rootconf/2019/schedule

Rootconf 2019 includes talks and Birds of Feather (BOF) sessions on:

  1. OSINT and its applications
  2. Key management, encryption and its costs
  3. Running a bug bounty programme in your organization
  4. PolarDB architecture as Cloud Native Architecture, developed by Alibaba Cloud
  5. Vitess
  6. SRE and running distributed teams
  7. Routing security
  8. Log analytics
  9. Enabling SRE via automated feedback loops
  10. TOR for DevOps

Who should attend Rootconf?

  1. DevOps programmers
  2. DevOps leads
  3. Systems engineers
  4. Infrastructure security professionals and experts
  5. DevSecOps teams
  6. Cloud service providers
  7. Companies with heavy cloud usage
  8. Providers of the pieces on which an organization’s IT infrastructure runs – monitoring, log management, alerting, etc
  9. Organizations dealing with large network systems where data must be protected
  10. VPs of engineering
  11. Engineering managers looking to optimize infrastructure and teams

For information about Rootconf and bulk ticket purchases, contact info@hasgeek.com or call 7676332020. Only community sponsorships available.

Rootconf 2019 sponsors:

Platinum Sponsor

CRED

Gold Sponsors

Atlassian Endurance Trusting Social

Silver Sponsors

Digital Ocean GO-JEK Paytm

Bronze Sponsors

MySQL sumo logic upcloud
platform sh nilenso CloudSEK

Exhibition Sponsor

FreeBSD Foundation

Community Sponsors

Ansible PlanetScale

Hosted by

Rootconf is a forum for discussions about DevOps, infrastructure management, IT operations, systems engineering, SRE and security (from infrastructure defence perspective). more

Shubham Mittal

@shubhammittal

OSINT for Proactive Defense

Submitted Jun 9, 2019

In today’s age, when every organization has an online presence in multiple shape (eg. social media, code repositories, cloud infrastructure, etc.), it’s difficult to keep a track of the assets as well as the amount of sensitive information that goes out knowingly or unknowingly. Such assets or information can cause catastrophic damage to the organization, unless identified and remediated.

Examples of such data could be a legacy host running unauthenticated mysql, or a list of confidential subdomains leaking via Certificate Transparency, an anonymous read-only bucket serving images along with backup.tar, etc.

Since such issues can allow any attacker to compromise organization’s perimeter security, Security Teams should keep a very close eye on what information (about the organization) is being leaked out on the Surface as well as the Dark web.

This talk will discuss Open Source Intelligence (OSINT) Tools, Techniques and Procedures (TTP), that are highly useful and effective for Blue Teams in order to keep their perimeter security intact.

Outline

Below is an outline of the presentation:
- Overview of OSINT
- Why Security Teams should use OSINT
- Continuous Discovery and Monitoring of Assets
- Use OSINT Data for Periodic Attack Simulation
- Discovering Sensitive Information Leakage
- Monitoring Breached Passwords
- Proactively Identifying Security Incidents using SOCMint
- OSINT Countermeasures

Speaker bio

Shubham Mittal is co-founder of @RedHuntLabs and is an active Information Security researcher with 7+ years of experience in Pentesting, OSINT and Perimeter Security. He has worked both in offensive as well as defensive security roles. He is a BlackHat Asia Review Board Member and has spoken/trained at multiple conferences including BlackHat, NullCon, HackMiami, c0c0n, etc. He is the author of OSINT Framework - DataSploit (listed in Top Ten Security Tools of 2016) and is co-founder of @Recon-Village which runs @DEFCON Vegas and China. He works from the command line, uses vi and loves beer.

Links

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Hosted by

Rootconf is a forum for discussions about DevOps, infrastructure management, IT operations, systems engineering, SRE and security (from infrastructure defence perspective). more