Call for round the year submissions for Rootconf in 2020

Call for round the year submissions for Rootconf in 2020

Submit a proposal at any time in the year on DevOps, infrastructure security, cloud, and distributed systems. We will find you a suitable opportunity to share your work.

Make a submission

Accepting submissions till 31 Dec 2020, 12:00 PM

##About Rootconf:

Rootconf is HasGeek’s annual conference -- and now a growing community -- around DevOps, systems engineering, DevSecOps, security and cloud. The annual Rootconf conference takes place in May each year, with the exception of 2019 when the conference will be held in June.

Besides the annual conference, we also run meetups, one-off public lectures, debates and open houses on DevOps, systems engineering, distributed systems, legacy infrastructure, and topics related to Rootconf.

This is the place to submit proposals for your work, and get them peer reviewed by practitioners from the community.

##Topics for submission:

We seek proposals -- for short and long talks, as well as workshops and tutorials -- on the following topics:

  1. Case studies of shift from batch processing to stream processing
  2. Real-life examples of service discovery
  3. Case studies on move from monolith to service-oriented architecture
  4. Micro-services
  5. Network security
  6. Monitoring, logging and alerting -- running small-scale and large-scale systems
  7. Cloud architecture -- implementations and lessons learned
  8. Optimizing infrastructure
  9. SRE
  10. Immutable infrastructure
  11. Aligning people and teams with infrastructure at scale
  12. Security for infrastructure

##Contact us:

If you have questions/queries, write to us on rootconf.editorial@hasgeek.com

Hosted by

Rootconf is a community-funded platform for activities and discussions on the following topics: Site Reliability Engineering (SRE). Infrastructure costs, including Cloud Costs - and optimization. Security - including Cloud Security. more

Bharath

@synster

From data to decisions - Leveraging OSINT data to take security decisions

Submitted Nov 22, 2018

As a companies grow large, they tend to leave a lot of digital trail about their infrastructure on the Internet. This information can be accessed by anyone who knows what/where to look for. The information that is available publicly is known as Open Source INTelligence(OSINT) in the hacker lingo. Attackers perform reconnaissance and gather OSINT data about their target organisations to increase the attack surface. An attacker will use these 'digital breadcrumbs’ to plan and execute their attacks against the target infrastructure.

Being able to visualise and monitor OSINT data is definitely useful to attackers such as bug bounty hunters and also anyone who is an infrastructure security professional in an organisation.

In this talk we will show how to do the following -

  1. Create a pipeline for gathering and storing OSINT data
  2. How to process & visualise the OSINT data we have already stored in step 1
  3. Integrate Slack to alert and monitor based on new data that we keep discovering

Specific digital breadcrumbs we will be working with:

  1. SSL/TLS certificates
  2. Domains and subdomains
  3. Cloud storage

Outline

  • What is OSINT?
  • What can attackers do with OSINT data?
  • Where/How do attackers(or I) find this OSINT data? (Tools/Techniques)
  • What can I do about OSINT data on my organisation?
  • Building visualisation, monitoring and alerting solutions
    • Monitoring an organisation’s SSL/TLS certificates, domains and subdomains in near-real time
    • Visualising public datasets (scans.io) to gain insights into an organisation’s external posture
      • Answering business related security questions using visualisations
    • Building monitoring and alerting solutions around various OSINT data
  • Key takeaways and Moving forward

Requirements

Requirements

Audience

  • Attackers and bug bounty hunters
  • Infrastructure security professionals and experts

Speaker bio

Bharath is a Security Engineer with Appsecco. He has a strong passion for information security and building solutions that solve real world problems.
Bharath is an active member and contributor at various security and developer communities including null open security community and Python Malaysia User Group.
His core interest lies in Infrastructure security, Reconnaissance, Application security and Protocol security.

Bharath has presented at many security and developer conferences including:

  • Defcon 26: Recon Village
  • Bsides Delhi 2017
  • Bugcrowd LevelUp 2017 & 2018
  • FUDCon 2012.

Bharath has conducted trainings at various conferences including:

  • c0c0n, 2018
  • Nullcon, Bangalore, 2018

For more details:

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Make a submission

Accepting submissions till 31 Dec 2020, 12:00 PM

Hosted by

Rootconf is a community-funded platform for activities and discussions on the following topics: Site Reliability Engineering (SRE). Infrastructure costs, including Cloud Costs - and optimization. Security - including Cloud Security. more