?

Log in

No account? Create an account
Rootconf 2019 Pune
huzaifas
Rootconf is a professional conference on security and systems and this was their first time in pune. I chose to spoke about TLS 1.3 and also did a BoF on fuzzing.

Rootconf is typically a single track conference, which means that everyone has only one talk to go to at a time. This was my first time i spoke at a single track event. My talk was the first one in the day. I started with talking about the importance of SSL/TLS , then talked about few of the security flaws, described key difference between TLS 1.3 and its previous versions and ended with lot of questions. Eventually ran out of time with people catching me in the hallway to ask tons of questions ranging from security, asking how Red Hat identifies, fixesflaws etc to people even asking if we have vacancies at Red Hat.

The second talk was about automating security workflow using docker. This was given by a security engineer from appsec, and had some important points about how he conducted pentesting and how bits of it  can be automated.

Next two talks were by devops engineers from a company called Hotstar. Hotstar is a disney company and deals with streaming TV/sports/movies etc via their app. They talked about how during the recent cricket world cup the number of peak connections increased to 24 million and it used 70% of all AV bandwidth available to India. The talks were interesting,since they spoke about how they scale their infra at this massive level.

The digital skimming talk mainly spoke about how attackers can use a combination of social engineers and web app flaws to hack mainly e-commerce websites, spoke about recent attacks and what protections can be used.

Post-lunch, there was a talk on using DNS as a layer of defense. The talk was mainly on using RPZ zones in bind etc to stop malicious domains inside the DNS server itself and to create a firewall filtering only DNS contents, not on the network layer but on the DNS application layer. The talk about briefly described the DNS over HTTPS initiative by Mozilla.

I took a BoF later in the day on fuzzing. However it turned out more to be a talk, since i did most of the talking. Spoke about my experiences with fuzzing and how one could get started.

There were a few talks about that, but i was not feeling too well, so i left. Overall the conference turned out to be a great experience and being a first of its kind (serious security talks, rather than hacking android phones) was good as well.