Ekoparty 2020 Speakers
Estas son las charlas de los 3 días de conferencia. ¡Los horarios serán añadidos muy pronto! Los detalles de acceso a la plataforma para serán enviados por correo electrónico cuando te registres a la eko.
Main Track
Cómo mi curiosidad revitalizó una comunidad
Óscar Toledo
Oscar Toledo shares his experience researching the Intellivision game console in order to develop games and the surprising result of his work creating developer tools.
Óscar Toledo
I'm a Mexican software developer, I like to write concise and interesting programs. Currently I work for Familia Toledo organization creating neat applications. Born in 1978, I started programming at age 5 in BASIC, learned assembly language by age 9 and afterwards the programming languages Pascal, C, C++, Java, Javascript, HTML, CSS and PHP. As a hobby, I'm the author of bootOS, an x86 operating system in 512 bytes, and its companion bootBASIC interpreter in 512 bytes; I've developed the world's smallest chess programs in C, Java, Javascript and x86/6502 machine code. I've won five times the International Obfuscated C Code Contest, I came second place in the first JS1K contest and also in the MSXdev'10 contest. So far I'm the only Mexican that has won these contests. I'm the author of 5 books and my games Princess Quest and Mecha-8 are included inside the Colecovision Flashback. In my free time I'm also a tweetstar with my microstories in @historiasmini.
A Walk Through Historical Correlations Between Security Issues & Stock Prices
Alejandro Hernández
We know that security-related issues impact negatively in the stock prices of public companies, but in what extent? how quick they recover? and, which sectors or industries are the most affected ones? After this talk, you will understand better how impactful cybersecurity-related issues really are.
Alejandro Hernández
Cybersecurity consultant for IOActive, where he has had the opportunity to work in Fortune 500 companies around the world. On the other hand, as a research and development enthusiast, he has presented his projects at different conferences in Mexico, the United States, Belgium, Poland, Colombia and Japan. With an interest in financial matters, he has recently done studies on security deficiencies in trading platforms and Fintech in general, which he has been sharing in different conferences. @nitr0usmx
Martin Abbatemarco
Argentinian security researcher working at OpenZeppelin, the leading company in smart contract security on the Ethereum blockchain. Formerly penetration tester at a big-four, he decided to jump into the blockchain space to help secure the future open economy and individual empowerment that this technology can achieve. He's currently enrolled in a Master’s degree on Cybersecurity and Cyberdefense at UBA, and I has spoken at different meetups, conferences, and workshops about smart contract security (such as a 2-hour workshop at Ekoparty 2018, or a recent talk at DEFCON Blockchain Village in August 2020).
Breaking SmartScreen With Whatever I Have On Hand
Tomás Coiro
SmartScreen was implemented in MS Windows to protect users against Phishing and Drive-By Downloads attacks by analyzing the signatures of the executable files that are downloaded. By analyzing it, we identify ways to evade its controls that could be exploited by attackers.
Tomás Coiro
Security Researcher at ElevenPaths. Information Systems Engineering student at UTN FRBA. Assistant in the subject Paradigms of Programming. @CoiroTomas
Martin Abbatemarco
Argentinian security researcher working at OpenZeppelin, the leading company in smart contract security on the Ethereum blockchain. Formerly penetration tester at a big-four, he decided to jump into the blockchain space to help secure the future open economy and individual empowerment that this technology can achieve. He's currently enrolled in a Master’s degree on Cybersecurity and Cyberdefense at UBA, and I has spoken at different meetups, conferences, and workshops about smart contract security (such as a 2-hour workshop at Ekoparty 2018, or a recent talk at DEFCON Blockchain Village in August 2020).
Keep calm and play with qubits
Carlos Benitez & Luciano Bello
Quantum physics always had a dark and even esoteric side, reinforced in recent years with the idea that Quantum Computers will destroy cyber security. We want to bust myths, show the audience live how QC’s really work and encourage researchers to use public QC’s to learn, play and create with them.
Carlos Benitez
Ing. y Mg. de la UTN FRBA. Investigador en procesamiento de señales acústicas submarinas. Primer Lab en Seguridad Informática (Si6) y primer SOC Defensa. Asesor técnico de la Subsecretaría de Ciberdefensa. Docente de posgrado y consultor en ciberseguridad. Co-fundador de Platinumciber. Formador y mentoring de equipos. SOC, Ethical Hacking y Análisis y Gestión de Riesgos. Quantum Computing enthusiast
Luciano Bello
Martin Abbatemarco
Argentinian security researcher working at OpenZeppelin, the leading company in smart contract security on the Ethereum blockchain. Formerly penetration tester at a big-four, he decided to jump into the blockchain space to help secure the future open economy and individual empowerment that this technology can achieve. He's currently enrolled in a Master’s degree on Cybersecurity and Cyberdefense at UBA, and I has spoken at different meetups, conferences, and workshops about smart contract security (such as a 2-hour workshop at Ekoparty 2018, or a recent talk at DEFCON Blockchain Village in August 2020).
Your polyglot belongs to me. Steganography in modern APTs
Alfonso Muñoz
We will dive into the advances in the use of steganography in modern APTs and we will see the usefulness of polyglots to try to reduce the impact when recovering hidden information (useful for exploits, C&C, etc.). We will see several examples using my own tool (powerglot) for attack and defense.
Alfonso Muñoz
PhD in Telecommunications Engineering by Technical University of Madrid (UPM) and postdoc researcher in network security by Universidad Carlos III de Madrid (UC3M). He is a cybersecurity Tech Lead for more than 10 years and has published more than 60 academic publications (IEEE, ACM, JCR, hacking conferences…), books and computer security tools. He has also worked in advanced projects with European Organisms, public bodies and multinational companies (global 500). For over a decade, he has been involved in security architecture design, penetration tests, forensic analysis, mobile and wireless environments, and information security research (leading technical and scientific teams). Several academic and professional awards. Professor in several Universities. He is co-editor of the Spanish Thematic Network of Information Security and Cryptography (CRIPTORED), where he develops and coordinates several projects about cybersecurity and advanced training, with great impact in Spain and Latam. Specialities (strong knowledge/expert): Pentesting & network security, Digital Surveillance & Forensic technology, Cryptography, Steganography, Privacy, NLP and Machine Learning
Martin Abbatemarco
Argentinian security researcher working at OpenZeppelin, the leading company in smart contract security on the Ethereum blockchain. Formerly penetration tester at a big-four, he decided to jump into the blockchain space to help secure the future open economy and individual empowerment that this technology can achieve. He's currently enrolled in a Master’s degree on Cybersecurity and Cyberdefense at UBA, and I has spoken at different meetups, conferences, and workshops about smart contract security (such as a 2-hour workshop at Ekoparty 2018, or a recent talk at DEFCON Blockchain Village in August 2020).
Nmap me and you are dead! - Ethics, attribution and bias
Ruth Barbacil, Luciano Martins & Valentina Palacin
The last frontier between the physical military and the cyber operations has been dissolved. Cyber offensive operations can be seen as foreign attacks and, as such, they may be reason enough to cause a military conflict, in the physical-realm in terms of legitimate defense.
Ruth Barbacil
Ruth Barbacil is an Information Systems Engineer (UTN FRBA) and is a Specialist in the Threat Intelligence & Analytics team at Deloitte Argentina. She has carried out research and analysis of Malware, Tactics, Techniques and Procedures (TTPs) and advanced persistent threat activity (APT) in order to help defend and mitigate them. @33root
Luciano Martins
Director of the Threat Intelligence & Analytics area at Deloitte and founder of the Vulnerability Assessment area, in which he worked and continues to work for more than 15 years performing black box testing, ethical hacking work, malware analysis and has skill and experience in jobs involving reverse engineering. Luciano has nearly 20 years of experience in the field of security. Before joining Deloitte, he founded USSR LABS in Argentina, which he led for 5 years. @clucianomartins
Valentina Palacin
Valentina is a Threat Intelligence Senior Analyst, specializing in tracking APTs worldwide and using the ATT&CK Framework to analyze their tools, tactics and techniques. She is a self-taught developer and Threat Hunter with a degree in Translation and Interpretation from Universidad de Málaga (UMA), and a Cyber Security Diploma from Universidad Tecnológica Nacional (UTN). She is one of Ekoparty’s BlueSpace coordinators and a colaborator of Open Threat Research community movement founded by Roberto Rodriguez. @fierytermite
Martin Abbatemarco
Argentinian security researcher working at OpenZeppelin, the leading company in smart contract security on the Ethereum blockchain. Formerly penetration tester at a big-four, he decided to jump into the blockchain space to help secure the future open economy and individual empowerment that this technology can achieve. He's currently enrolled in a Master’s degree on Cybersecurity and Cyberdefense at UBA, and I has spoken at different meetups, conferences, and workshops about smart contract security (such as a 2-hour workshop at Ekoparty 2018, or a recent talk at DEFCON Blockchain Village in August 2020).
Gotta Catch'em All - Bug Bounty!
Chloé Messdaghi
Bug bounty has been a long time craze, and it's becoming a necessity to keep organizations safe by crowd sourcing their security… but where does one start? This talk approaches the history of bug bounty, the current legal landscape, and how to get started.
Tomás Coiro
Security Researcher at ElevenPaths. Information Systems Engineering student at UTN FRBA. Assistant in the subject Paradigms of Programming. @CoiroTomas
Martin Abbatemarco
Argentinian security researcher working at OpenZeppelin, the leading company in smart contract security on the Ethereum blockchain. Formerly penetration tester at a big-four, he decided to jump into the blockchain space to help secure the future open economy and individual empowerment that this technology can achieve. He's currently enrolled in a Master’s degree on Cybersecurity and Cyberdefense at UBA, and I has spoken at different meetups, conferences, and workshops about smart contract security (such as a 2-hour workshop at Ekoparty 2018, or a recent talk at DEFCON Blockchain Village in August 2020).
Hacking the Digital DNI
Dan Borgogno
The DNI is the main identity document for Argentine citizens. Their government implemented a digital version of it, which relies on a mobile app and a simple code to be activated. We analyze this solution, and show why it’s a bad idea, in fact we show that can impersonate every citizen.
Martin Abbatemarco
Argentinian security researcher working at OpenZeppelin, the leading company in smart contract security on the Ethereum blockchain. Formerly penetration tester at a big-four, he decided to jump into the blockchain space to help secure the future open economy and individual empowerment that this technology can achieve. He's currently enrolled in a Master’s degree on Cybersecurity and Cyberdefense at UBA, and I has spoken at different meetups, conferences, and workshops about smart contract security (such as a 2-hour workshop at Ekoparty 2018, or a recent talk at DEFCON Blockchain Village in August 2020).
SpeedPwning VMware Workstation
Corentin Bayet & Bruno Pujos
In this talk we want to share our journey in reversing and hunting for vulnerabilities in VMware Workstation for Pwn2Own in only 2 months. This ended with a race against time by writing a VM escape exploit in less than 10 days with one vulnerability that didn’t provide much primitives.
Corentin Bayet
Corentin BAYET is a security researcher at @Synacktiv. He previously worked on Windows Kernel heap exploitation, and is particularly interested in applicative security and low level exploitation. Recently, he started to get interested in hypervisors’ security, and participated to Pwn2Own 2020 with Bruno, targeting VMware Workstation.
Bruno Pujos
Bruno PUJOS is a security researcher at @Synacktiv. He is passionate by reverse engineering and his main interest is (currently) the security of low-level components. He published several articles on UEFI and SMM vulnerabilities. Recently, he worked with Corentin BAYET (@OnlyTheDuck) for participating in Pwn2Own 2020 on VMware Workstation.
Martin Abbatemarco
Argentinian security researcher working at OpenZeppelin, the leading company in smart contract security on the Ethereum blockchain. Formerly penetration tester at a big-four, he decided to jump into the blockchain space to help secure the future open economy and individual empowerment that this technology can achieve. He's currently enrolled in a Master’s degree on Cybersecurity and Cyberdefense at UBA, and I has spoken at different meetups, conferences, and workshops about smart contract security (such as a 2-hour workshop at Ekoparty 2018, or a recent talk at DEFCON Blockchain Village in August 2020).
Opening up the ‘Tétrade’ Umbrella
Thiago Marques & Fabio Assolini
Tétrade is a deep dive intended for a complete understanding of four banking trojan families of Brazilian origin, as they expand abroad, targeting users worldwide. These crooks are prepared to take on the world. Are the financial system and security analysts ready to deal with this avalanche?
Thiago Marques
Thiago Marques is an Independent Researcher with more than 10 years of experience with Malware Analysis and Reverse Engineering. Thiago is a former member of Kaspersky's GReAT team, focused in the analysis of domestic malicious code through advanced reverse envineering and investigation of local malware. @thiagoolmarques
Fabio Assolini
Fabio Assolini joined Kaspersky Lab’s Global Research and Analysis Team in July 2009 to primarily focus on one of the most dynamic countries in Latin America: Brazil. Fabio’s responsibilities include the analysis of virus, cyber attacks, banking trojans and other types of malware that originate from Brazil and the rest of the region. He particularly focuses on the research and detection of banking trojans. @assolini
Martin Abbatemarco
Argentinian security researcher working at OpenZeppelin, the leading company in smart contract security on the Ethereum blockchain. Formerly penetration tester at a big-four, he decided to jump into the blockchain space to help secure the future open economy and individual empowerment that this technology can achieve. He's currently enrolled in a Master’s degree on Cybersecurity and Cyberdefense at UBA, and I has spoken at different meetups, conferences, and workshops about smart contract security (such as a 2-hour workshop at Ekoparty 2018, or a recent talk at DEFCON Blockchain Village in August 2020).
.png)
Step by step AWS Cloud Hacking
Andrés Riancho
This talk focuses on real-life exploitation techniques in AWS clouds, concepts and tools used to execute them. Starting from no access at all and elevating privileges via different methods to finally get access to all internal networks via a specially crafted AWS Client VPN.
Andrés Riancho
Application and cloud security expert that leads the information security efforts at Wildlife Studios. In the research field, he identified new techniques which can be used to escalate privileges in Amazon AWS infrastructures, discovered critical vulnerabilities in IPS appliances, multiple vulnerabilities in web and REST APIs, and contributed with SAP research performed at a former employer. His main focus is application security, where he developed w3af, a web application attack and audit framework used extensively by security professionals. @AndresRiancho
Martin Abbatemarco
Argentinian security researcher working at OpenZeppelin, the leading company in smart contract security on the Ethereum blockchain. Formerly penetration tester at a big-four, he decided to jump into the blockchain space to help secure the future open economy and individual empowerment that this technology can achieve. He's currently enrolled in a Master’s degree on Cybersecurity and Cyberdefense at UBA, and I has spoken at different meetups, conferences, and workshops about smart contract security (such as a 2-hour workshop at Ekoparty 2018, or a recent talk at DEFCON Blockchain Village in August 2020).
Anatomy of Smart Contract Exploits in the Wild
Martín Abbatemarco
As Ethereum smart contracts increase in complexity, security issues start hitting the headlines after being exploited in the wild. This talk aims at showcasing, step-by-step, real exploits that recently were executed, or could have been executed, to steal millions of dollars in deployed systems.
Martin Abbatemarco
Argentinian security researcher working at OpenZeppelin, the leading company in smart contract security on the Ethereum blockchain. Formerly penetration tester at a big-four, he decided to jump into the blockchain space to help secure the future open economy and individual empowerment that this technology can achieve. He's currently enrolled in a Master’s degree on Cybersecurity and Cyberdefense at UBA, and I has spoken at different meetups, conferences, and workshops about smart contract security (such as a 2-hour workshop at Ekoparty 2018, or a recent talk at DEFCON Blockchain Village in August 2020). @tinchoabbate
.png)
Breaking, Entering, and Staying ...adventures in hacking macOS
Patrick Wardle
Attackers have been targeting Mac users with malicious Office Documents... But things could have been a lot worse! And once hackers have access to a Mac, what can they install? 2020 saw the first(?) true computer virus infecting Macs! Intrigued? So was I... Let's tear it apart 🔬🦠
Patrick Wardle
Patrick Wardle is the Director of Research at Synack, where he leads cyber R&D efforts. Having worked at NASA, the NSA, and Vulnerability Research Labs (VRL), he is intimately familiar with aliens, spies, and talking nerdy. Currently, Patrick’s focus is on vulnerability discovery, and the emerging threats of OS X malware. He has presented as conferences such as CanSecW, DefCon, BlackHat, VirusBulletin, Infiltrate, RSA, the US CyberCrime Conference and EkoParty. In his personal time, Patrick collects OS X malware and writes OS X security tools. Both can be found on his personal website Objective-See.com. @patrickwardle
Martin Abbatemarco
Argentinian security researcher working at OpenZeppelin, the leading company in smart contract security on the Ethereum blockchain. Formerly penetration tester at a big-four, he decided to jump into the blockchain space to help secure the future open economy and individual empowerment that this technology can achieve. He's currently enrolled in a Master’s degree on Cybersecurity and Cyberdefense at UBA, and I has spoken at different meetups, conferences, and workshops about smart contract security (such as a 2-hour workshop at Ekoparty 2018, or a recent talk at DEFCON Blockchain Village in August 2020). @tinchoabbate
Klingonizando el iPhone de Mi Hacker
Chema Alonso
Soy un papaete de dos niñas, Mi Hacker & Mi Survivor. La mayor es Mi Hacker porque cuando nació cambió mi mundo. Hackeo mi vida para siempre. Hoy ya es una amante de la tecnología y siempre quiso un iPhone. En esta charla os contaré la Idea Loca que tuve de Klingonizar tu iPhone, que no es nada más que dejar un sistema de comandos Klingon en un terminal iPhone una vez que haya sido controlado. Es decir, como post-explotar un iPhone usando el lenguaje Klingon para que haga lo que yo quiero. Si no sabes Klingon, no vengas a esta charla.
Chema Alonso
Chema Alonso es actualmente el CDCO - Chief Digital Consumer Officer - de Telefonica, desde donde lidera todas las iniciativas que tienen que ver con servicios digitales para clientes de Telefónica. En este cargo es responsable de la estrategia de Big Data (4ª Plataforma), Transformación Digital e Inteligencia Artificial (Aura), de servicios digitales en el hogar como (SmartWiFi, Video, Home as a Computer, Movistar Home y Living Apps) y de servicios digitales para las personas, como Connected Car o Mi Movistar. Asimismo es responsable de las iniciativas de innovación interna y externa del grupo, donde se encuentran las unidades de Core Innovation, Wayra, Open Future y las inversiones en startups.
Es Doctor en Seguridad Informática por la Universidad Rey Juan Carlos e Ingeniero Técnico de Sistemas Informáticos por la Universidad Politécnica de Madrid, esta última institución le nombró Embajador Honorífico de la Escuela Universitaria de Informática en el año 2012. Entre otras distinciones, ostenta la Cruz del Mérito de la Guardia Civil con distintivo Blanco. @chemaalonso
Every Breath You Take: A CTI Review of Stalkerware
Xena Olsen
Learn why stalkerware is an emerging threat to Enterprise & how it can lead to a breach. Poor AV detection combined with the stigma attached to stalkerware makes it a great tool to exfil data, steal credentials, breachstortion, & more! Reverse engineer Android APKs & use OSINT to hunt stalkerware.
Xena Olsen
Xena Olsen is a threat intelligence analyst in the financial services industry. A graduate of SANS Women’s Academy with 7 GIAC certifications, an MBA IT Management, and a doctoral student in Cybersecurity at Marymount University.
@ch33r10
Martin Abbatemarco
Argentinian security researcher working at OpenZeppelin, the leading company in smart contract security on the Ethereum blockchain. Formerly penetration tester at a big-four, he decided to jump into the blockchain space to help secure the future open economy and individual empowerment that this technology can achieve. He's currently enrolled in a Master’s degree on Cybersecurity and Cyberdefense at UBA, and I has spoken at different meetups, conferences, and workshops about smart contract security (such as a 2-hour workshop at Ekoparty 2018, or a recent talk at DEFCON Blockchain Village in August 2020).
Deep dive into ART (Android RunTime) for dynamic binary analysis
SungHyoun Song
We propose a new technique to quickly and effectively analyze the app by modifying the ART. We also develop an environment in which an attacker can steal code, interface, parameters, return value, fields and stack trace of a function executed without using a debugger or hooking tools in real time.
SungHyoun Song
Security researcher at FSI (Financial Security Institute), in charge of Mobile Security for Financial Industry in Korea. He has experienced mobile security, reverse engineering, penetration test and authentication mechanism for ten Years. Currently focusing on Linux kernel exploitation and Android runtime. Also he has participated in several international security conferences such as ITU-T, SEC-T, PacSec, HITCON, BlackAlps, beVX. @decashx
Martin Abbatemarco
Argentinian security researcher working at OpenZeppelin, the leading company in smart contract security on the Ethereum blockchain. Formerly penetration tester at a big-four, he decided to jump into the blockchain space to help secure the future open economy and individual empowerment that this technology can achieve. He's currently enrolled in a Master’s degree on Cybersecurity and Cyberdefense at UBA, and I has spoken at different meetups, conferences, and workshops about smart contract security (such as a 2-hour workshop at Ekoparty 2018, or a recent talk at DEFCON Blockchain Village in August 2020).
Anatomy of a Gopher - Binary Analysis of Go Binaries
Alex Useche
Go is everywhere these days (because Go is awesome). It is now common to find Go binaries embedded in IoT, Edge computing devices, and web assembly applications. We will show you what makes a Go binary different than a C binary, and how reverse engineers conduct binary analysis of Go applications.
Alex Useche
Alex is a Security Engineer at Trail of Bits with over 14 years of experience in the IT industry as a software developer, security engineer, and penetration tester. As a software developer, he has worked and architected mobile and web applications in a wide range of languages and frameworks, including .NET, Django, Objective C and Go. While his expertise is in application security, Alex also has experience conducting penetration tests of internal and external networks. In his previous position, Alex focused on IoT, mobile, and web penetration tests. Alex has a Bachelors in Information Technology and a Masters in Software Engineering. He has also conducted and published research on artificial intelligence technologies. Alex is actively working on Go security research and developing binary analysis tools with Rust.
Martin Abbatemarco
Argentinian security researcher working at OpenZeppelin, the leading company in smart contract security on the Ethereum blockchain. Formerly penetration tester at a big-four, he decided to jump into the blockchain space to help secure the future open economy and individual empowerment that this technology can achieve. He's currently enrolled in a Master’s degree on Cybersecurity and Cyberdefense at UBA, and I has spoken at different meetups, conferences, and workshops about smart contract security (such as a 2-hour workshop at Ekoparty 2018, or a recent talk at DEFCON Blockchain Village in August 2020).
… and this is how an attacker may become root in your Company’s Enterprise Software Servers
Pablo Artuso & Yvan Genuer
A story set in the early 2020s. An adventure, strewn by challenges and pitfalls, full of binary and java analysis, pre-auth remote code executions, local privilege escalations and two researchers pursuing one mission: root’em all.
Pablo Artuso
Security Researcher at the Onapsis Research Labs. He is most of the time involved in projects of vulnerability research and penetration testing of SAP products, where he has helped to patch several bugs. In his spare time, he enjoys playing CTF’s which include web exploitation, reverse engineering and crypto challenges.
@lmkalg
Yvan Genuer
Sr. Security Researcher at Onapsis. He has over 15 years of SAP experience. He has been delivering consultancy services around SAP Security as well as researching for vulnerabilities into SAP products, resulting in SAP AG official acknowledgements he has received, for several vulnerabilities he originally reported. Furthermore, he has also conducted both trainings and talks about this topic in conferences. @_1ggy
Martin Abbatemarco
Argentinian security researcher working at OpenZeppelin, the leading company in smart contract security on the Ethereum blockchain. Formerly penetration tester at a big-four, he decided to jump into the blockchain space to help secure the future open economy and individual empowerment that this technology can achieve. He's currently enrolled in a Master’s degree on Cybersecurity and Cyberdefense at UBA, and I has spoken at different meetups, conferences, and workshops about smart contract security (such as a 2-hour workshop at Ekoparty 2018, or a recent talk at DEFCON Blockchain Village in August 2020).
Serverless security: attack & defense
Pawel Rzepa
In this presentation, expect: * My findings on publishing malicious NPM packages to smuggle malicious code * Denial of Wallet * RCE in serverless * Privilege Escalation * Insecure Default Settings in Serverless Frameworks * How to Prevent and Detect Such Attacks * Lots of Demos * Lots of Fun 🙂
Pawel Rzepa
Pawel is a senior security consultant in SecuRing. On a daily basis he is responsible for performing penetration tests and cloud security assessments. He has a wide experience in security field gained inter alia, as a fuzzer developer in Spirent, pentester in EY GSS, security auditor in Credit Agricole or threat analyst in IBM SOC. His skills are proven by gaining OSCP, eMAPT, AWS SAA and AWS CSS certificates. Pawel actively supports OWASP by arranging local OWASP chapter meetings in Wroclaw. @Rzepsky
Martin Abbatemarco
Argentinian security researcher working at OpenZeppelin, the leading company in smart contract security on the Ethereum blockchain. Formerly penetration tester at a big-four, he decided to jump into the blockchain space to help secure the future open economy and individual empowerment that this technology can achieve. He's currently enrolled in a Master’s degree on Cybersecurity and Cyberdefense at UBA, and I has spoken at different meetups, conferences, and workshops about smart contract security (such as a 2-hour workshop at Ekoparty 2018, or a recent talk at DEFCON Blockchain Village in August 2020).
SF30th Hacking Edition
Nicolas Correia
A journey into reverse engineering a closed source emulator used in several games such as SF30th Anniversary Edition and “Arcade1Up” arcade cabinets as well as repurposing it to play more games and provides new features to the players.
Nicolas Correia
I’m a French reverse engineer working for Synacktiv. I like to spend my free time to study complex piece of code and reverse engineering / playing games (: @angel_killah
Martin Abbatemarco
Argentinian security researcher working at OpenZeppelin, the leading company in smart contract security on the Ethereum blockchain. Formerly penetration tester at a big-four, he decided to jump into the blockchain space to help secure the future open economy and individual empowerment that this technology can achieve. He's currently enrolled in a Master’s degree on Cybersecurity and Cyberdefense at UBA, and I has spoken at different meetups, conferences, and workshops about smart contract security (such as a 2-hour workshop at Ekoparty 2018, or a recent talk at DEFCON Blockchain Village in August 2020).
.png)
Static analysis-based recovery of service function calls and type information in UEFI firmware
Alex Matrosov
Reversing UEFI firmware requires a lot of background and knowledge about firmware and understanding of hardware before you can start hunting for vulnerabilities. With our new tool, we automatically recover services calls and EFI type info, so that a firmware code looks like original source.
Alex Matrosov
Alex Matrosov is a leading offensive security researcher at NVIDIA. He has more than two decades of experience with reverse engineering, advanced malware analysis, firmware security, and exploitation techniques. Before joining NVIDIA, Alex served as Principal Security Researcher at Intel Security Center of Excellence (SeCoE), spent more than six years in the Intel Advanced Threat Research team, and was Senior Security Researcher at ESET. Alex has authored and co-authored numerous research papers, and is a frequent speaker at security conferences, including REcon, Zeronigths, Black Hat, DEFCON, and others. @matrosov
Alex Matrosov
Alex Matrosov is a leading offensive security researcher at NVIDIA. He has more than two decades of experience with reverse engineering, advanced malware analysis, firmware security, and exploitation techniques. Before joining NVIDIA, Alex served as Principal Security Researcher at Intel Security Center of Excellence (SeCoE), spent more than six years in the Intel Advanced Threat Research team, and was Senior Security Researcher at ESET. Alex has authored and co-authored numerous research papers, and is a frequent speaker at security conferences, including REcon, Zeronigths, Black Hat, DEFCON, and others. @matrosov
Estrategias para ports de firmwares Linux. ¡Arma tu propio Frankenstein!
Emmanuel Seoane
En esta charla vamos a ver cómo analizar un firmware típico de los que se usan en routers y otros artefactos embebidos para entender cómo modificarlo y hasta portarlo a otros tipos de hardware para los que no fueron diseñados. Gracias a esto podremos desde arreglar bugs y fallas de seguridad dejadas por el fabricante, ampliar funcionalidades y hasta utilizar hardware que realmente no tenemos.
Emanuel Seoane
Desarrollador de Software, Líder de equipo y Hacker los fines de semana. Formo parte del Staff de Indetectables.net donde vengo rompiendo cosas desde hace más de 10 años.
Martin Abbatemarco
Argentinian security researcher working at OpenZeppelin, the leading company in smart contract security on the Ethereum blockchain. Formerly penetration tester at a big-four, he decided to jump into the blockchain space to help secure the future open economy and individual empowerment that this technology can achieve. He's currently enrolled in a Master’s degree on Cybersecurity and Cyberdefense at UBA, and I has spoken at different meetups, conferences, and workshops about smart contract security (such as a 2-hour workshop at Ekoparty 2018, or a recent talk at DEFCON Blockchain Village in August 2020).
