Author: Sandeep Singh

Delhi – The Second Adventure

Joerg Simon was back in Delhi on 27th July (Saturday) which he named his second adventure after a gap of 10 months. The last time he was in Delhi was for NullCon Delhi, 2012 with his talk on Fedora Security lab, OSSTMM. He could not complete his talk last time because he messed up his own time. It was a wonderful opportunity for everyone to meet to meet him personally and share and learn things about Open Source Security.

Joerg Simon is one of the famous names in Open Source Security Testing Industry and not to forget a key member of the Fedora project. He is running and working on some really wonderful projects under the Fedora project and also some other Open Source institutions like ISECOM.

The talk that Joerg was supposed to deliver was a mix and perfect blend of numerous topics (Open Source Security Testing Methodology Manual – OSSTMM Content including RAV and Trust verification, Fedora Security Lab, OSSTMM lab and the Fedora Security Lab Test Bench). I would call it a perfect talk on Open Source Security Testing methods which breaks the conventional way of thinking security. Joerg was accompanied by Fabian Affolter from Berne/Switzerland who was a FAmSCo member in the past and maintainer of the Fedora Security Lab Test Bench.

It was a complete theoretical talk with almost no hands on but it could not have been more interesting. The way it was started and brought to an end by Joerg was completely beyond everyone’s expectations. He did a perfect start by understanding the audience profile and then paced his presentation exactly the way audience could have wanted it to be. Started with introduction to ISECOM, Hackers High School and OSSTMM he explained the differences between OSSTMM and other security testing methodologies which makes OSSTMM a truly next generation security testing framework. The explanation given by him for making people understand the issues with current security solutions and security testing methods specially keeping compliance in mind was excellent and filled the audience with enthusiasm to know more about the upcoming topics. Security is all about common sense and that was demonstrated brilliantly by Joerg Simon from his test cases and examples from movie clips that he showed.

Joerg had plenty of time with him so he explained well the 4PP (Four Point Process) defined in OSSTMM and the attack surface/porosity along with the controls defined in OSSTMM. The 4PP (4 Point Process) was supported with the meaningful use of tools such as theharvester, googledorks, Maltego and XSS techniques as well. The session was followed by short tea break which is the blood of any null meet with the chit chat and the networking.

After the tea break he demonstrated an example of security test using the OSSTMM methods and also shared a test report which was in German but explained in English which was carried out on the basis of same OSSTMM methods. I personally liked the Rav Measurement (The Rav is a scale measurement of an attack surface and the amount of uncontrolled interactions with a target) and the Trust Analysis demonstrated by Joerg. The ball was passed to Fabian in the end to elaborate the Fedora Security Lab Test Bench. In the end Joerg had some Fedora goodies to distribute and network with people around.

The main attraction of the talk was active discussions in the mid of the talk on privacy and surveillance these days. Joerg had his views and so everyone else which formed a healthy discussion.

Now the time has come to big well deserving gratitude to the speakers (Joerg Simon and Fabian Affolter) and the participants (I know it’s not easy to wake up early on a Saturday morning after a tiring week).

I would like to convey my special thanks to TLabs and Arpit who always makes any kind of event possible at their venue. Tlabs have always been the best in hosting any null event. A big thanks again.

Post Meet

After a long session and chit chats after the session we were planning to head towards our homes but as it was 3 in the afternoon so everyone planned for a lunch but as I was wide awake since past 48 hours due to my never ending works, I decided to go home and Joerg, Fabian, Sandeep (another Fedora contributor) and one more person with them whose name I cannot gather along with Antriksh headed for a Saturday lunch to a nearby mall. Vaibhav who is my friend and co-mod of null Delhi is packed up these days with some sort of exam labs so he also headed towards his home and we came to an end of an awesome experience of a special meet with Joerg and Fabian.