New Episode of No Limit Secu Podcast Focuses on GreHac Conference and Cartographie Tool

In this episode of the No Limit Secu podcast, the focus is on two main topics: the GreHac conference and the open-source tool Cartographie. The GreHac conference, based in Grenoble, is an international cybersecurity conference conducted in English. It offers lectures, free workshops, and a daytime CTF (Capture The Flag), providing a comprehensive and interactive experience. The conference, which has been running since 2012, will take place this year on November 28 and 29. The CFP (Call For Papers) is open until early July, inviting speakers and workshop leaders to submit their proposals. The Cartographie tool, initially developed by the security team at Lyft, an American company competing with Uber, was open-sourced in 2019 and transferred to the CNCF (Cloud Native Computing Foundation) in 2024. Jérémy Chapeau, a contributor and maintainer of the project, explains that Cartographie meets the needs of mapping IT infrastructures by collecting and visually representing cloud infrastructure, IT, SaaS applications, and on-premise resources via APIs. The tool allows for the creation of a visual CMDB, providing an overview of resources and their relationships, which is particularly useful for managing vulnerabilities and identities. Jérémy Chapeau, with his atypical background ranging from the military to cybersecurity, emphasizes the importance of Cartographie for companies, especially start-ups, looking for open-source solutions to audit their infrastructure. The tool is modular, allowing for the easy addition of new modules for different providers. For example, Jérémy has developed modules for Clever Cloud and other French providers, demonstrating the tool's flexibility and adaptability. Cartographie also allows for complex queries thanks to its query language based on Cypher, supported by Neo4j. Although this requires some investment to master the language, the possibilities offered by the tool are worth it. Jérémy also mentions the integration of Trivy for vulnerability management and the integration of AI for natural language queries, although the latter is still in the testing phase. The tool is distributed as a Python library and a Docker image with a docker-compose, making deployment easier. For testing, a local Neo4j database is provided, but for production, it is recommended to use a more robust database. Jérémy stresses the importance of the community and contributors to advance the project, highlighting the need for more contributors in France and Europe. In conclusion, Cartographie is a powerful and flexible tool for mapping infrastructures, offering interesting possibilities for managing vulnerabilities and identities. Its open-source approach and modularity make it an ideal solution for companies looking to audit and secure their infrastructure effectively. To learn more, watch the full video: https://www.youtube.com/watch?v=PvmxwJaT-fQ