Atualize seu navegador para ver o site de forma otimizada. ×

Notícias ekoparty

11/09/17

Confirmed talks for the #eko13 - Part 1

Ekoparty 2017 is coming and we will inform you a little about the talks you will be able to enjoy:


1. Hacking Robots Before Skynet (Cesar Cerrudo & Lucas Apa)

Robots are gaining more and more privileged places within our society, first in the big factories and now increasingly in the public space or in a surgery room. This means that where there is software and hardware, there are potential vulnerabilities to exploit, which in the case of robots no longer serve only to manipulate a digital system, but can provide the attacker access to the robot arms to act on the physical world  and, consequently, against humans. In this talk by Cesar Cerrudo and Lucas Apa, computer security researchers with a long history searching for vulnerabilities and investigating technologies, will bring us closer to the real world of the danger of robot hacking, showing what methodologies can be used, and what consequences they can bring to society , all in order to push for a future with safer robot designs in which this type of vulnerabilities can be prevented from being exploited.

2. Abusing GDI for ring0 exploit primitives: Evolution    (por Nicolas Economou)

Windows is the most popular operating system on the planet, making it the target of constant attacks, especially from Internet browsers. To work on this problem both Microsoft and the companies or organizations that develop browsers always add new features such as mitigations of exploits in Windows and sandboxed executions in Browsers. But despite these efforts and recent updates like the "creators update" (v1703) for Windows 10, vulnerabilities in GDI objects are still present. In this talk Nicolás Economous will tell us how despite the efforts of the companies to mitigate these attacks, the same problems that appear again and again, how to exploit this vulnerability despite the current patches, and what are the mitigation plans Microsoft's future


3. The Bicho: An Advanced Car Backdoor Maker (por Sheila Berta & Claudio Caracciolo)

In 2016 Sheila Berta and Claudio Caracciolo told us how the CAN bus worked in cars and how it was possible to exploit it after an extensive investigation that they did. To prove it, they made a rudimentary backdoor of hardware that connected to a car allowed them to perform some actions by SMS. Now in their new talk invite us to listen to their new discoveries and see their new developments, this time the backdoor is named, The Bicho, and allows a wide range of applications. Have you ever imagined the possibility that your car is automatically attacked based on its GPS coordinates, its current speed or any other set of parameters? The Bicho promises to live up to all these questions.

4. Replay attack y DoS al sistema de alarma para vehículos (por Leandro Ferrari)

The alarms of the cars are not without being investigated, and it is there where Leandro Ferrari put the eye, and brings us a presentation on how despite implementing certain levels of safety, the alarms for cars have some possible vectors of attack including taking less than 5 samples of the analog control signal. The conclusions will be demonstrated in this talk in conjunction with explanations about possible scenarios of attack in real life and its consequences, showing that the companies still have work to do in improving the security of this type of devices.

5.    802.11 Protocol Chaos (Andrés Blanco)

The old and beloved IEEE 802.11 standard over the years was adding different versions and extensions that provide new functionalities and complicate the protocol. To make matters worse today, modern devices support specifications such as Cisco Client Extensions, WiFi Protected Setup, WiFi Direct, AirPlay and AirDrop, among others. A bad implementation of these technologies opens the way to possible attackers. In this talk the independent researcher Andrés Blanco will show us how an attacker can make use of these specifications to dial devices and obtain information from the internal network without even being connected to it.

6. TOR Exit Nodes en la justicia Argentina (Iván Barrera Oro / Rodrigo Iglesias)

Being a TOR exit node can get you in trouble? Apparently in Argentina was the case, but with some particularities. Hackan was an exit node of TOR, and from its node a banned image was posted on the 4chan network in 2013. On 15/6/2015, the complaint was filed in Argentina, coincided with the same day that the voting elections in the City and Buenos Aires. HackanCuba (Iván Barrera Oro) is recognized for conducting conferences and practices for years to demonstrate the different vulnerabilities of the electronic voting system used. One week before that complaint, the police had raided Joaquin Sorianello, another researcher who was working on the subject of the Electronic Vote in Argentina, generating a clear persecution against those who are against the system used. This story will be followed in depth by Rodrigo Iglesias, Electronic Technician - Lawyer - Specialist in Computer Crime, and Ivan Barrera Oro, a passionate about electronics and computers that was seen under this complaint.

7.    SeND IPv6 to Graphical Machine Learning (Nicolás Rivero Corvalán / Jorge Couchet / Eduardo Casanovas)

Nicolás Rivero Corvalán, Engineer in Information Systems, Jorge Couchet, Master in Artificial Intelligence and Eduardo Casanovas, Electronic Engineer, will tell us about the Neighbor Discovery protocol and about communications at the data link level of the IPv6 protocol. They will work on the operation and security of the protocol, vectors of attack, and possible mitigation techniques.
The Secure Neighbor Discovery protocol will be implemented and analyzed in a critical infrastructure scenario. To complete this analysis, we implemented Graphical Machine Learning techniques to detect changes in IPv6 message patterns and identify possible attacks.

8. The Java soothsayer: A practical application for insecure randomness vulnerabilities. (Alejo Popovici)

Every pentester knows that in his life there will come a labor in which he finds absolutely nothing, and will have to resort to the famous "grab the shovel" and enter the depths of "best practices" and "filler findings", for that it is always better to lose dignity than to deliver an empty report. As we contemplate the finitude of existence and the series of bad decisions that led us to this moment, we may encounter an "Insecure Randomness" and we stack it together with ClickJacking and old versions of TLS. But what would happen if with a basic knowledge of cryptography and mathematics, we could transform this cornucopia of guitarreadas to a critical one?

In this turbo talk of security researcher and pentester Alejo Popovici will take us in a tour-de-force on the pseudo random generator of Java and a specific implementation of apache.commons that will allow to obtain the seed and predict future results, with drastic consequences for the applications that use it.


This is all for now, and soon we will be leaving more synopsis of the talks that will be available at the Ekoparty Security Conference 2017.
09/09/17

CTF International 2017!

START DATE

Sunday 16th September 0:00 UTC

END DATE

Sunday 17th September 12:00 UTC

TOTAL DURATION
36 Hours

LINKS
https://ctftime.org/event/483

RULEZ 
The competition is an online jeopardy game, accessible from Internet which has a duration of 36 hours (16 September 00:00 UTC - 17 September 12:00 UTC):
- The competition can be played by individuals or groups, only one account per team.
- You may not be elegible to claim the prize if you are an employee or contractor of EKOPARTY or any of its affiliates.
- The participant must provide a real point of contact for future notifications or claim the prize.

Participants that behave inappropriately will be immediately disqualified, including:
- Share solutions or hints.
- Attack computers or applications not designated by the competition.
- Attack other participants.
- General bruteforce attacks over online platform.
- Duplicated accounts.
- Other things we consider to be unfair.

There is no need to use tools such as nmap, sqlmap, dirbuster, nikto, nessus, etc, each challenge is built to be solvable
without those kind of tools.

Participants are ranked by score and speed. Score is dynamically defined.

Meet us on irc.freenode.net ##ekoctf and #ekoparty if you have any question, suggestion, or found a bug in the competition. 

PRIZE

Top 3 internacional:
- 300, 200, y 100 USD

Top 5 Local: 
- Ekoparty will give 5 free conference tickets for the first 5 persons that want to assist at the event. Not refundable. Non   
  transferable.
We look forward to your participation!
04/09/17

EKOLABS 2017 - Call for Tools is Open!


As you know the concept is very simple, the EKOLABS tool area is dedicated for independent researchers and the open source community. We will provide kiosks complete with monitor, power, and wired Internet access and you will bring your machine to showcase your work and answer questions from delegates attending ekoparty security conference.

It is with great pleasure that we announce the launch of the Call for Tool for this edition of EKOLABS held at the Ekoparty 2017.

The same old rules to consider before applying:
  • Bring your computer (consider video outputs HDMI/VGA), your tool, your stickers, your t-shirts …
  • As speaker you will have one (1) full ticket for the conference.
  • EKOPARTY won’t pay your accommodation and flights for the conference.
  • Avoid stodgy keynotes. Folks are expecting action. So give’em action.
  • No vendor pitches!
  • Be yourself, be cool, and wear a smile.
  • Hug the folks at the EKOLABS :)
  • Above all, have Tremendous Fun !!
If you think you can survive these rules and want to give your tool a chance to shine, the time is now! Applications for EKOLABS will be accepted until Saturday 9, September 2017, with rolling acceptances until that date.

Complete the form at: https://cfp.ekoparty.org/

01/09/17

Vote in the Slogan Contest for #Eko13 and help choose the winner!

You can now vote the slogans to choose the winner, last year for #eko12 won the phrase "Hold the backdoor".


Which will win now?

Vote on the following link: https://www.ekoparty.org/slogan-contest.php
23/08/17

Slogan Contest for #eko13

A new edition of EkoParty arrives and returns the classic competition of Slogans, where some of those who won previous editions were really witty like "Back to roots", in a play on words that evokes the beloved film Back to the Future, or "Hold the backdoor" in reference to the popular television series Game of Thrones. Do you have ideas for a good slogan for this year?



Some questions you can ask yourself before submitting your slogan:

- Will it look nice on the home page of www.ekoparty.org?
- Would I like to wear a T-shirt that says that?
- Is it suitable for all audiences?
- Does it represent ekoparty culture?

To participate send your proposal by email to slogan13@ekoparty.org with subject slogan13. Once the proposal submission phase is completed, online voting will begin.
23/06/17

ekoparty: Call for Papers 2017! Open!

------------------------BEGIN TRANSMISSION--------------------

**ekoparty security conference 2017 Call for Papers is Open!**

ekoparty security conference
Training September 25-26, 2017
Conference September 27-29, 2017
Buenos Aires


We are really proud to announce the thirteenth edition of the Ekoparty Security Conference.

Once again, in this unique event, security specialist from all over Latin America and the World will have the chance to get acquainted with the most important researches of the year.

Ekoparty has become the most important technical conference in Latin America, which keeps offering the deepest knowledges in the field. In this year's edition of ekoparty, we are expecting to bring together more than 3000 security specialists.

During the 3-day high voltage lectures, you also can enjoy activities like our famous LOCKPICKING VILLAGE, the WIFI ATTACK LABORATORY, a WARDRIVING around the City, free WORKSHOPS, the most important CAPTURE THE FLAG in Latin America, not forgetting of course, our amazing parties!

Again in this thirteenth edition:

* ekoparty will recognize the trajectory of Latin American researchers, as also their greatest researches. Stay tuned!

The ekoparty organization team is kindly inviting anyone who is interested in showing and sharing his researches and/or developments in the field of Information Security.

**Suggested Topics**

Topics of interest include, but are not limited to, the following:
  • 0 days
  • Satellite Hacking
  • Web Security
  • Privacy
  • Embedded Systems Technologies
  • GSM, GPRS and CDMA Security
  • RFID Security
  • VoIP Security
  • Lockpicking
  • Trumping
  • Wireless Security
  • Exploitation
  • IPv6 Security
  • Attack and Defense Techniques
  • Reverse Engineering
  • Application Security, Testing, Fuzzing
  • Code Auditing
  • Virtualization Security
  • Malicious Code
  • Databases Security
  • Viruses, Worms, and Trojans
  • e-crime, Phishing and Botnets
  • Malware, Crimeware
  • e-voting madness
  • Banking Security
  • Phreaking
  • Hardware hacking
  • Cryptography
  • Forensics & AntiForensics

* All the lectures are going to be simultaneously translated breaking any language barrier.

Consideration will be given first to ORIGINAL work and content that has not been duplicated at any other security or networking conference prior to September 1st, 2017. Submissions with technical papers attached will be given preference.

**submission types**

  • Full length talks (50 minutes)
  • Turbo talks (20 minutes)
  • Hands-on Workshops (120 minutes)
  • Trainings (1 or 2 days)

* Speakers including a Hands-on Workshop proposal earn extra points in the CFP.

**important dates**

  • June 16 - CFP is Open
  • July 31 - CFP is Closed
  • August 15 - Notification to Authors
  • September 25 & 26 - ekoparty trainings
  • September 27, 28 & 29 - ekoparty security conference

**speakers privileges**

  • Round-trip airfare ticket up to 2.000USD
  • Five star hotel accommodation (3 nights)
  • VIP cocktail for speakers/sponsors
  • Extra ticket to the conference

**trainer privileges**

  • 50% net profit of the Training
  • Round-trip airfare ticket up to 2.000USD
  • Five star hotel accommodation (3 nights)
  • VIP cocktail for speakers/sponsors
  • Ticket to the conference

 **extra activities**

We are looking for new activities to be performed in parallel to the conference. Send us your proposal to: organizacion@ekoparty.org

Submit your abstract here:

Questions? Email cfp at ekoparty dot org

---------------------------END TRANSMISSION------------------------
10/01/17

ekoparty 12 Talks - Online


We just finished uploading all the eko12 talks, they are online and ready for you!

The talks are organized in 3 lists:

- English talks:

- Spanish talks:

- Playlist with all talks together:



Enjoy!
27/09/16

Eko 12 - Pre-CTF!

START DATE

Saturday 1st October 15:00 GMT (12:00 Argentine Time)

FECHA FIN
Saturday 8th October 15:00 GMT (12:00 Argentine Time)

WINNERS ANNOUNCE
Saturday 15th October


PROBLEMS ANSWERS
Four security problems will be published on the main site of the EKOPARTY's CTF (ctf.ekoparty.org) on the 
right date, this problems could be resolved offline and each of them will have a punctuation. 

More accumulated points and fastest answer to the problems, will give you more chance to win free tickets to the conference!

It's necessesary that you send us a mail to ekoparty@null-life.com with the following mandatory fields filled (the absense of a a filled field will be traduced to a problem without solution and without score):
  1. Títle: Pre-Eko problem solution [Problem Name]
  2. Answer.
  3. Solution: Steps to find the solution.
  4. Procedure screenshots: screenshots that verify the solution of the problem.

PRIZE
Ekoparty will give 5 free conference tickets. They will be elegible for 1 person (the leader of a winner team or a individual winner). Not refundable. Non transferable.

We look forward to your participation!
13/09/16

EKOLABS 2016 - Call for Tools Opened!

In this opportunity ToolsWatch will come to South America, invited by ekoparty security conference. It will be their first time here and we will work together to bring great tools in an area named: EKOLABS.
As you know the concept is very simple, the EKOLABS tool area is dedicated for independent researchers and the open source community. We will provide kiosks complete with monitor, power, and wired Internet access and you will bring your machine to showcase your work and answer questions from delegates attending ekoparty security conference.
ekolabs
It is with great pleasure that we announce the launch of the Call for Tool for this first edition of EKOLABS held at the Ciudad Cultural Konex, Buenos Aires, Argentina  October 26-28, 2016 

The same old rules to consider before applying:
  • Bring your computer (consider video outputs HDMI/VGA), your tool, your stickers, your t-shirts …
  • As speaker you will have one (1) full ticket for the conference.
  • EKOPARTY won’t pay your accommodation and flights for the conference.
  • Avoid stodgy keynotes. Folks are expecting action. So give’em action.
  • No vendor pitches!
  • Be yourself, be cool, and wear a smile.
  • Hug the folks at the EKOLABS :)
  • Above all, have Tremendous Fun !!
If you think you can survive these rules and want to give your tool a chance to shine, the time is now! Applications for EKOLABS will be accepted until Monday 3, October 2016, with rolling acceptances until that date.
31/08/16

THE KALI LINUX DOJO: A PENETRATION TESTING PLATFORM EXPLORED


THE KALI LINUX DOJO: A PENETRATION TESTING PLATFORM EXPLORED
Extract

Created by the Kali Linux development team, this event will consist of two, 90 minute, back-to-back workshops where we will take you on a unique journey through Kali Linux and provide rare insights into the powerful features available in our advanced penetration-testing platform. The Kali Dojo will include hands on instructions for creating your own custom Kali Linux ISOs and creating a bootable Kali Linux live USB install – transforming it into an effective hardware backdoor, or a secure encrypted pentesting platform. If you’ve ever wished for proficiency with Kali Linux, these workshops are for you.

Workshop #1: Rolling Your Own - Generating Custom Kali Linux ISOs

One of the most powerful features of Kali Linux is the ability to create your own flavors of the distribution containing customized tools, desktop managers, and services. This workshop will show you how to create your own personalized Kali Linux ISO, customizing virtually every aspect using the live-build utility and making efficient use of the various meta-packages available in Kali. Ever wanted to create a non-root, KDE version of Kali which would self-install? This workshop is for you. At the end of this workshop attendees will understand and independently build complex Kali images, such as the Kali Linux ISO of Doom.

Workshop #2: Kali Linux on USB - Encryption, Persistence and multiple stores

The Kali Live hybrid ISO allows for directly booting via USB, making it a perfect portable tool. However, Kali Linux live USB installs are more than meets the eye - they also support encrypted storages with multiple persistent stores. Once you've made your custom Kali ISO, learn how to make the perfect, encrypted USB environment which supports multiple disk profiles. Want to learn how to make a Kali Linux Live USB with multiple encrypted persistence stores which support LUKS Nuke? This workshop is for you. Please be sure to bring a bootable USB stick with you!

Requirements

For both workshops, we require attendees to bring a laptop with a *fully updated*, 64bit Kali Linux Rolling installation. In addition, you *must have a wired networking option*, so bring a USB network adapter if you need one. Both workshops will be hands-on, allowing you to work through the examples using the system you bring. Space in each session is limited, seating on a first-come, first-served basis.

About the instructor

Mati Aharoni is the founder and a core developer of the Kali Linux project, and plays the role of a Kali developer at Offensive Security. For the past several years, Mati has been developing a curriculum designed for users who wish to make the most out of the Kali Linux operating system. By bringing together several advanced features in the Kali OS and projecting them into useful and practical scenario based exercises, the Kali Linux workshop was born. The workshop is designed to be a fast-paced, crash course to some of the most advanced features in the distribution, giving attendees the ability and freedom to bend Kali Linux to fit their needs.

Dates and duration

The workshop will be held on October 26th and repeated the 27th during Ekoparty as a side activity

Where

Ekoparty Security Conference
Centro Cultural Konex, Sarmiento 3131
Ciudad de Buenos Aires, Argentina 

Cost


Included with your ticket to ekoparty security conference

Don’t lose this opportunity! 

Register at


Questions? Contact us