From Alert to Action: Automated Threat Response with Wazuh

Cyber threats are no longer limited to large enterprises - small and medium businesses are increasingly targeted due to limited detection capabilities and constrained security budgets. Traditional preventive controls alone are insufficient against modern attack techniques, requiring organizations to adopt continuous detection, vulnerability visibility, and security posture monitoring.

This advanced session explores how Wazuh, an open-source SIEM and XDR platform, enables deep threat detection, vulnerability intelligence, and Linux hardening governance across enterprise environments - while also automating large parts of the response lifecycle by default.

Through practical attack simulations, attendees will observe how adversarial techniques such as SSH brute force campaigns, privilege escalation, and unauthorized configuration changes are detected, correlated, and contextualized within a centralized detection platform. The session will demonstrate how detection signals evolve into actionable security events that can trigger automated containment workflows.

Expanding beyond active attacks, the talk will examine Wazuh’s vulnerability detection engine, showing how CVE exposure, outdated packages, and patch gaps are continuously identified and operationalized into remediation prioritization strategies.

Key areas covered include:
- Behavioral threat detection across Linux workloads
- Privilege escalation and insider activity monitoring
- File Integrity Monitoring of critical system assets
- Vulnerability detection leveraging CVE intelligence feeds
- Patch exposure visibility and remediation prioritization
- CIS benchmark compliance and hardening validation
- Configuration drift detection and risk scoring
- MITRE ATT&CK mapping and threat context enrichment
- Built-in automated response and containment strategies

By the end of this session, participants will gain advanced insight into building detection-driven security operations using open-source technologies - enabling enterprise-grade visibility, accelerated response, and measurable infrastructure resilience without the cost barriers of proprietary SIEM platforms.

This session is designed for security engineers, SOC analysts, system administrators, and DevSecOps professionals seeking practical approaches to operationalizing threat detection, automated response, and vulnerability governance at scale.

Building a Zero-Trust Access Management with Teleport

Teleport is an open-source access management solution developed by Teleport (formerly Gravitational). It unifies security across servers, Kubernetes clusters, and databases by using short-lived certificates instead of static keys, thereby reducing the attack surface and simplifying the authentication process.

In this session, I will give an overview of how Teleport is set up and demonstrate its core functionalities. Expect a practical walkthrough on configuring Teleport, managing access via short-lived certificates, and leveraging its features to ensure a more efficient and secure environment.

Securing MariaDB: Essentials of Encryption, Protection, and Access

Join us for a concise, impactful session designed for professionals seeking to elevate their MariaDB database security. This session shall cover the essentials of safeguarding your data, including encryption techniques for data at rest, strategies to protect data in transit, and robust access control mechanisms. Whether you're an administrator, developer, or IT security enthusiast, this presentation will arm you with practical insights and actionable steps to fortify your MariaDB databases against threats. Get ready to dive into the world of MariaDB security, demystify complex concepts, and walk away with the knowledge to implement best practices in your organization. Plus, stay engaged for a lively Q&A session where your questions bring depth to the discussion. Secure your spot and empower your database security posture with confidence!

Secure Enterprise VPN with Open Source Solutions

Are you tired of worrying about cyber attacks and data breaches?

Join me in this exciting session where I'll show you how to deploy a powerful VPN solution secured with cutting-edge Open Source tools.

We'll dive deep into OpenVPN and LDAP for user management and authentication, as well as explore advanced firewall configurations and techniques to keep your data safe.

I'll also share some valuable best practices to help you take your security to the next level. Don't miss out on this interactive and engaging knowledge-sharing session, followed by a Q&A where you can get your burning questions answered!

Infrastructure logging with the Elastic Stack

Introduction and basic explanation of roles of each technology in the ELK Stack (Elasticsearch, Logstash, Kibana and the Beats).

Understand why centralized logging is important and how the ELK Stack helps solve that issue.

Finally, we will end with a demo, demonstrating the ELK Stack in action.

Podcast: User groups in Mauritius

In this podcast Ish & Girish will speak about the different user groups in Mauritius. Viewers are most welcome to comment on the YouTube live stream.

Podcast: Big Tech Giants

In this podcast Ish & Girish will speak about the big tech giants. The task is simple. They will read Wikipedia and comment about the companies :) YouTube comments are most welcomed. You are also allowed to take out your frustration about big corporations but please be respectful, no harsh language, just communicate your opinion.

Podcast: History of Python

In this podcast Ish & Girish will speak about the history of Python and how the programming language has gained popularity over the past years. Viewers are most welcome to comment on the YouTube live stream.

Podcast: Docker vs Podman

In this podcast Ish & Girish will speak about containers, more specifically comparing Docker vs Podman. Viewers are most welcome to comment on the YouTube live stream.

Podcast: Linux distributions

In this podcast Ish & Girish will speak about Linux distributios. New Linux enthusiasts can learn a thing or two and veterans are welcomed to share their knowledge by commenting on the YouTube live stream.

Identity Evolution: Building Trust in a Borderless World

Identity is the new security perimeter, and trust must be continuously earned—not assumed. This session explores the evolution of Identity and Access Management (IAM), highlighting how Zero Trust, automation, and passwordless technologies are reshaping access control for both people and machines. Attendees will learn how to combat identity sprawl, reduce breaches tied to stolen credentials, and embrace emerging trends like context-aware access, continuous behavior analytics, and short-lived machine identities. The future of IAM is seamless, adaptive, and certificate-driven—building trust in a truly borderless world.

CyberAI Threat ConClave 2025 - Jaipur