Ekoparty 2020 Workshops
Estos son las workshops de los 3 días de conferencia. Los detalles de acceso a la plataforma serán enviados por correo electrónico.
¡Hay cupos limitados! ¡Revisá tu inbox!
Main Track
Técnicas OSINT para la generación de Inteligencia
Carlos Seisdedos
Se mostrará cómo con la mínima información expuesta en la Red, mediante el uso de técnicas de ingeniería social, fuentes abiertas y disciplinas como OSINT o SOCMINT pueden obtenerse datos de gran interés en procesos de investigación, tareas que se han convierten en la piedra angular de muchos profesionales como policías, detectives, analistas o periodistas, entre otros. La ponencia incluirá parte teórica y práctica, y se ejecutarán ejercicios en vivo de análisis de redes sociales para la extracción de información que pueda convertirse en inteligencia procesable.
Sep 24, 12:00 - 14:00 ART
Carlos Seisdedos
Responsable del área de Ciberinteligencia en Internet Security Auditors. Investigador y analista en materia de seguridad y ciberseguridad. Autor de la herramienta “Magneto” orientada a analistas de inteligencia para el análisis de información. Docente en diferentes universidades, másteres y cursos relacionados con el ámbito de la Ciberinteligencia y Ciberseguridad, y autor del libro Open Source INTelligence (OSINT): Investigar personas e Identidades en Internet de 0xWord. @carloseisdedos
Asegurando contenedores en los Dockers: DevSecOps es una cultura
Antonio Juanilla
Se enseñara como se debe securizar un entorno de nube privada, el cual utiliza un orquestador y contenedores para el despliegue de sus aplicaciones y servicios.
Sep 24, 15:00 - 17:00 ART
Antonio Juanilla
Antonio Juanilla es desarrollador de software, Ingeniero DevOps, autonominado SecDevOps(DevSecOps), amante del hacking y la ciber-seguridad en los ratos libres, con una mente “inquieta” y fuertemente involucrado con las nuevas tecnologías. Co-Organizador de la comunidad de HackMadrid %27 y HackBarcelona %27, también firme defensor de la democratización de la tecnología para mejorar sociedad.
@specter
.
Martin Abbatemarco
Argentinian security researcher working at OpenZeppelin, the leading company in smart contract security on the Ethereum blockchain. Formerly penetration tester at a big-four, he decided to jump into the blockchain space to help secure the future open economy and individual empowerment that this technology can achieve. He's currently enrolled in a Master’s degree on Cybersecurity and Cyberdefense at UBA, and I has spoken at different meetups, conferences, and workshops about smart contract security (such as a 2-hour workshop at Ekoparty 2018, or a recent talk at DEFCON Blockchain Village in August 2020).
Entendiendo la dinamica de una verdadera Botnet
Wagner Rodrigo
En este Taller se demostrara el funcionamiento en la práctica de una Botnet, desde la creacion, infeccion y remediacion. Vamos a compilar un código de una botnet, infectar un servidor y tener el control de él. Se mostrará en la práctica ataques DDOS, Keylogger, Bruteforce y una simulación de un escenario real de redes zombis. Al finalizar este taller el participante, aprenderá a crear su propio botnet.
Sep 24, 17:30 - 19:30 ART
Wagner Rodrigo
Wagner holds a bachelor's degree in computer science from Santa Cecilia University, a postgraduate degree in Information Security and an MBA in Cybercrime and Cybersecurity. He is co-founder of the BXSEC information security community and has been in the IT market for over 15 years. Acts as a speaker at events such as Roadsec, Bsides and FIADI Latam.@wagrodrigo
Martin Abbatemarco
Argentinian security researcher working at OpenZeppelin, the leading company in smart contract security on the Ethereum blockchain. Formerly penetration tester at a big-four, he decided to jump into the blockchain space to help secure the future open economy and individual empowerment that this technology can achieve. He's currently enrolled in a Master’s degree on Cybersecurity and Cyberdefense at UBA, and I has spoken at different meetups, conferences, and workshops about smart contract security (such as a 2-hour workshop at Ekoparty 2018, or a recent talk at DEFCON Blockchain Village in August 2020).
Infrastructura ofensiva para red teams y pentesters
Nicolas Mini
En esta charla vamos a utilizar kubernetes, traefik, ansible y otras herramientas del mundo devops para deployar de forma automática y anónima la infraestructura necesaria para realizar un ataque ya sea parte de un red team engagement o como pentester independiente. Vamos a ver como podemos usar mittre ATT&CK y nuestra nueva infraestructura para comprometer un host o una red.
Nicolas Mini
Security researcher y Arquitecto de Infrastructura DPoS para EOSArgentina.
Nicolas Mini
Corentin Bayet is a security researcher at @Synacktiv. He previously worked on Windows Kernel heap exploitation, and is particularly interested in applicative security and low level exploitation. Recently, he started to get interested in hypervisors’ security, and participated to Pwn2Own 2020 with Bruno Pujos, targeting VMware Workstation. @OnlyTheDuck
Introduction to fuzzing
Dhiraj Mishra
We will discuss and understand all parts for a successful fuzzing. We will start with AFL, understating the installation part and quickly have a look at AFL key components which are: process timing, stages, findings, yields, path geometry and stability. After that we will start with smart fuzzing where we integrate ASAN with AFL, but before that we will give a brief understanding about sanitizers and how it is used to detects runtime bugs during the compilation of a binary. We will quickly wrap-up our workshop by discussing how to leverage this knowledge in bug bounty programs and then showcasing multiple bugs found during our research.
Sep 25, 12:00 - 14:00 ART
Dhiraj Mishra
An active speaker, discovered multiple zero-days in modern web browsers, opensource contributor. He has presented in conferences such as Hacktivity, PHDays, HITB, BSides. In his free time he blogs at www.inputzero.io. @RandomDhiraj
Dhiraj Mishra
Argentinian security researcher working at OpenZeppelin, the leading company in smart contract security on the Ethereum blockchain. Formerly penetration tester at a big-four, he decided to jump into the blockchain space to help secure the future open economy and individual empowerment that this technology can achieve. He's currently enrolled in a Master’s degree on Cybersecurity and Cyberdefense at UBA, and I has spoken at different meetups, conferences, and workshops about smart contract security (such as a 2-hour workshop at Ekoparty 2018, or a recent talk at DEFCON Blockchain Village in August 2020). @tinchoabbate
Estrategias para ports de Firmwares Linux. Arma tu propio Frankestein!
Emmanuel Seoane
En esta charla vamos a ver cómo analizar un firmware típico de los que se usan en routers y otros artefactos embebidos para entender cómo modificarlo y hasta portarlo a otros tipos de hardware para los que no fueron diseñados. Gracias a esto podremos desde arreglar bugs y fallas de seguridad dejadas por el fabricante, ampliar funcionalidades y hasta utilizar hardware que realmente no tenemos.
Sep 25, 15:00 - 17:00 ART
Emmanuel Seoane
Desarrollador de Software, Líder de equipo y Hacker los fines de semana. Formo parte del Staff de Indetectables.net donde vengo rompiendo cosas desde hace más de 10 años.
Martin Abbatemarco
Argentinian security researcher working at OpenZeppelin, the leading company in smart contract security on the Ethereum blockchain. Formerly penetration tester at a big-four, he decided to jump into the blockchain space to help secure the future open economy and individual empowerment that this technology can achieve. He's currently enrolled in a Master’s degree on Cybersecurity and Cyberdefense at UBA, and I has spoken at different meetups, conferences, and workshops about smart contract security (such as a 2-hour workshop at Ekoparty 2018, or a recent talk at DEFCON Blockchain Village in August 2020).
Advanced fuzzing workshop
Antonio Morales Maldonado
In this workshop, I will cover some advanced fuzzing techniques and tricks for finding bugs in real modern software. The workshop has a practical orientation so that attendees get a chance to learn by themselves and use their acquired knowledge. The format of the workshop will be a CTF (Capture-the-flag). It's a medium-advanced level workshop, so previously knowledge about fuzzing and bug hunting is required.
Sep 25, 17:30 - 19:30 ART
Antonio Morales Maldonado
Antonio Morales works as a security researcher at GitHub Security Lab, whose primary mission is to help improve Open Source project's security. Antonio's interests include fuzzing, code analysis, exploit development and C/C++ security @nosoynadiemas
Martin Abbatemarco
Argentinian security researcher working at OpenZeppelin, the leading company in smart contract security on the Ethereum blockchain. Formerly penetration tester at a big-four, he decided to jump into the blockchain space to help secure the future open economy and individual empowerment that this technology can achieve. He's currently enrolled in a Master’s degree on Cybersecurity and Cyberdefense at UBA, and I has spoken at different meetups, conferences, and workshops about smart contract security (such as a 2-hour workshop at Ekoparty 2018, or a recent talk at DEFCON Blockchain Village in August 2020). @tinchoabbate
Threat Intelligence, the Malware Analysis way
Felipe Duarte
Debuggers, disassemblers, virtual machines, sandboxes, signatures. All of those concepts are commonly used on malware-related talks; but, do you actually know how to effectively use them to automate your malware analysis procedures? Well, this is the place to be if you want to answer this question. We will start our workshop with an unknown malware sample and based on our observations during the analysis, we will build our own tools to detect it and automate its analysis, so next time you see it, you will spend just a couple of seconds in its analysis.
Sep 25, 19:30 - 21:30 ART
Felipe Duarte
Malware researcher, late night Python programmer, technology enthusiast who enjoys hunting malware just for fun.
Demystifying the Server-Side
Rajanish Pathak
Some server-side mysteries, the unveiling of the lesser-known techniques, and how inconsistency in the URL parsing and treating of certain elements by the server-side components that usually go undetected and can open up big gaps are waiting to be demystified!
Sep 26, 12:00 - 14:00 ART
Alex Matrosov
Alex Matrosov is a leading offensive security researcher at NVIDIA. He has more than two decades of experience with reverse engineering, advanced malware analysis, firmware security, and exploitation techniques. Before joining NVIDIA, Alex served as Principal Security Researcher at Intel Security Center of Excellence (SeCoE), spent more than six years in the Intel Advanced Threat Research team, and was Senior Security Researcher at ESET. Alex has authored and co-authored numerous research papers, and is a frequent speaker at security conferences, including REcon, Zeronigths, Black Hat, DEFCON, and others. @matrosov
Falco for Container run time security
Spencer Krum
Falco is a CNCF tool for watching syscall events from Linux(and containers) and audit events from Kubernetes. It has an expressive ruleset it uses to identify normal activity from potentially malicious activity, and a rich ecosystem of tools to take action on security events.
I’ll show the Falco tool off and how to see sketchy things happen inside a kube container. I’ll also show how to take action on the alerts using the various tools for exporting falco events in the ecosystem.
Sep 26, 15:00 - 17:00 ART
Martin Abbatemarco
Argentinian security researcher working at OpenZeppelin, the leading company in smart contract security on the Ethereum blockchain. Formerly penetration tester at a big-four, he decided to jump into the blockchain space to help secure the future open economy and individual empowerment that this technology can achieve. He's currently enrolled in a Master’s degree on Cybersecurity and Cyberdefense at UBA, and I has spoken at different meetups, conferences, and workshops about smart contract security (such as a 2-hour workshop at Ekoparty 2018, or a recent talk at DEFCON Blockchain Village in August 2020).
Active Directory: Post Exploitation Attacks
Francisco Gabriel Canteli
Actualmente, Active Directory es una de las tecnologías más utilizadas en todas las empresas del mundo, desde las pequeñas hasta las randes corporaciones. Debido a esto, se vuelve indispensable conocer cómo es su funcionamiento, sus fallas de seguridad más comunes y cómo mitigarlas.
En esta charla se dará a conocer a los asistentes el funcionamiento de Active Directory, y se explicará como con solamente un usuario de dominio podremos llegar a elevar privilegios y comprometer todo un ambiente corporativo, utilizando ataques como: Password Spraying, Pass The Hash, Kerberoasting, entre otros.
Sep 26, 17:30 - 19:30 ART
Francisco Gabriel Canteli
Francisco Canteli es investigador independiente de seguridad informatica. Ha dictado cursos, workshops y charlas de seguridad en distintas instituciones y conferencias. También ha asistido y participa activamente en conferencias tales como DEFCON, Blackhat, Ekoparty, Nerdearla, entre otras. Actualmente, es organizador de 404Zone, una comunidad de sistemas cuyo objetivo es conectar a las personas con los mismos intereses para que puedan compartir sus conocimientos.
https://medium.com/@franc205
Martin Abbatemarco
Argentinian security researcher working at OpenZeppelin, the leading company in smart contract security on the Ethereum blockchain. Formerly penetration tester at a big-four, he decided to jump into the blockchain space to help secure the future open economy and individual empowerment that this technology can achieve. He's currently enrolled in a Master’s degree on Cybersecurity and Cyberdefense at UBA, and I has spoken at different meetups, conferences, and workshops about smart contract security (such as a 2-hour workshop at Ekoparty 2018, or a recent talk at DEFCON Blockchain Village in August 2020).