The lecture has a twofold approach which shows those parallelisms between the experiences of the speaker and what any young person who wants to enter the cybersecurity sector can find along the way. Main steps to be taken by any newcomer who wants to become a profesional in cybersecurity sector will be shown through the different chapters of the lecture.
The cornerstone on which the lecture is based on corresponds, to the moment in which the speaker discovers that cybersecurity is a hobby to which he wants to dedicate his life, just like many young people today. The dualism depicted during the lecture can be used by the listener as a path of inspiration for many decisions to make, as which is the right training to take when one has decided to enter the sector, how to get your first job, how to understand the current state of the sector and its future needs and how can you focus your carrer towards the most successful pathway. All these advices are based on the speaker experience and on those decisions he made at the crossroads of his profesional career.
This talk presents the design of a platform for the education and training of cybersecurity professionals. This training is performed via exercises based on scenarios that will challenge the students within a hands-on and competition experience. All this optimising resources with a "low-cost" approach without renouncing to the necessary isolation between the different scenarios, easing the adoption of this technology by universities and enterprises.
In this workshop you will see a brief introduction of how to start analyzing communications that applications perform on mobile devices. For this we will start knowing owasp mobile and then specifically one of the controls that we focus more in this workshop.
We will go step by step, we will explain that it is an SSL communication and how it can be broken and then we will increase the level of difficulty to see the communications. This implies knowing how SSL Pinning protection measures work and how an attacker or pentester of mobile applications can break these measures, having your device with administrator access (root) or finally without needing to have our terminal with root or jailbreak
For all this, knowledge of networks, reversing, android, iOS and some common tools for the analysis of communications will be applied.
At the end of the workshop, you will see explanations and examples of how the above measures can be applied to smart devices such as electrics plugs or smart lights.
Moderator Beatriz Soto. Chief of Staff of the CEO of INCIBE.
In "5 things you should know to develop your career in cybersecurity" we will investigate different aspects that should be taken into account when you decide to train and develop a professional career in the field of cybersecurity: training, development of soft skills, professional opportunities, awareness from an early age and gender equality from a professional and personal perspective of four women.
Since I was very young, I always wanted to dedicate myself to cybersecurity. Living in a small province it was not an easy task. This talk is about how to pursue a dream in an orderly way, in my case even starting a small business. The session, narrated from a very personal and experiential point of view, has allowed us to spend some time thinking about why we are here today, how we have arrived at this point and where we want to go.
A dream that you date becomes a goal. A goal divided into steps becomes a plan. A plan put into action turns a dream into reality. Our dream has been to create a company in the city that has seen us grow, from where the best team of experts offers consulting services in cybersecurity certification to bring a more secure world.
This talk is a collection of lessons learned through which we want to share our experience to facilitate the way for future generations so they are not afraid to fight for what they want.
In the past few years, several attacks exploiting side-channel issues in TLS traffic have been launched with the aim of extracting information protected by HTTPS. CRIME, BREACH, TIME, FIESTA are all good examples of such attacks.
In this workshop, we will cover all these attacks. We will analyze which side-channels are available in HTTPS, we will also provide an in-depth explanation and examples of each of them, and how to exploit them, including some techniques that are effective in well-known companies still today.
This conference explains in detail an event that had for days hijacked an industrial production system of a company dedicated to the development of energy products. For this, checking their systems, we discovered a difference of 10 milliseconds in all communications in their production line. This small detail led us to realize that they had introduced an industrial malware into a PLC device, which we called "The Cuckoo Egg", realizing that the computers in their network were being attacked by pirates expert in industrial environments from abroad, and with that, our particular persecution career began until we found them and the arrest of a member of the Iranian Chafer group (APT33) by the FBI. The conference explains the problems of the industrial environment and its great differences in the IT world, the forensic process against lateral attacks within the IT world and how they cross borders accessing the OT, the Threat Hunting that began to acquire evidence (we developed HoneyPots Industriales), the Threat Intelligence process to discover the actors, processes and techniques that they used. The conference is eminently practical, didactic and visual with many demos and in which IOCs, references and tools will be provided.
The growth of the so-called Internet of Things where everything is connected, is making the hardware hacking techniques increasingly relevant. There is a lot of literature on how to perform this type of analysis in terms of port identification, use of JTAG, or reverse engineering when there is an underlying operating system, but there is hardly any public information on how to perform this type of analysis in cases where the approach for implementing the firmware is baremetal, that is, it has been programmed directly over the micro. Baremetal implementations are becoming increasingly popular thanks to the expansion of low-cost microprocessors such as those used in Arduino, the STM32 family or nRF51822.
During this presentation we will tell you about our experience in security analysis of such a device, where the absence of an operating system as well as any type of symbols requires the use of special reverse engineering techniques, including the bypass of reading protections.
We will start from how we connected in the absence of any type of connection point, how we did to extract the firmware using vulnerabilities in the readout protections and we will continue telling how we made the analysis and reverse engineering of our target.
Recently, drone prices have dropped drastically in comparison with the prices we had in the last few years. This effect is being produced by the increase of sales and decrease of manufacturer costs. Without a law that controls and fights for the safety of our society, the lack of knowledge and misuse by people who buy these drones are starting to negatively affect our society. In spite of the brilliant results that drones are showing in different fields like agriculture and human rescue, at the same time, they could be used for more terrifying activities like security forces, corporate espionage, drug trafficking, industrial espionage, use in conflict zones, terrorist attacks, plane incidents and more.
Because of all of these threats, we wanted to show some of the different methods that can be used for detection and defense against drones.
In recent years, the field of information security has undergone an accelerated growth, encompassing a large number of threats and domains. Nowadays, practically all companies have critical processes that depend on technology, and all technologies have vulnerabilities. The constant struggle between attackers who intend to violate the systems and the people who try to defend them has hinted at the importance of using data to protect against malicious agents by developing more sophisticated defense mechanisms.
Machine Learning is the discipline that allows advanced treatments of this data to provide systems with the ability to learn and improve the experience without being explicitly programmed for it. Companies and users who are exposed to large volumes of information are the main targets for attackers, but, on the other hand, are in the perfect position to make use of this data and reach a level of security more advanced than the rest.
This workshop demonstrates the application of Machine Learning and the analysis of data on different domains of information security. Real examples will be presented that will allow to evaluate the best techniques of machine learning according to the security problem that arises, in order to guarantee obtaining a better level of security. In addition, an introduction will be made to different Machine Learning concepts and algorithms, the underlying statistical concepts and their practical implementation.
In this talk aims to explain the way in which it is possible to use the entry points and search engines in the deep web to discover hidden services that may contain illegal or malicious content. After that, in the talk the speaker will show some libraries and utilities in Python for the automation of this type of processes.
Francisco Polo Llavata (Secretariat of State for Digital Progress).
The illegitimate control of computer systems has become an automated task in which they do not need great knowledge to do it. That is why the importance of awareness in the world of cybersecurity.
If 20 years ago, when I was working as a web developer for a small '.com' in Malaga, I would have been told that I would have the opportunity to design, build and manage the cybersecurity program of the hospital network in New York City, the a bank in Dubai or a software company based in Sydney, present my projects in BlackHat, design security products for McAfee, lead security initiatives in Intel and train professionals from Microsoft, Amazon, NASA or FBI, what do you think I would have thought? Obviously ... that was impossible!
But is not that what the 'hacker' philosophy is about? Make possible, the impossible. And everything starts by 'hacking' yourself, creating your opportunities and taking full advantage of those that present themselves. Do you want to know how? In this session I will share recommendations and useful experiences, both for those who want to develop their career in cybersecurity, and those who want to promote it and develop their full potential.
The services provided by INCIBE to its different target audiences are the best known face of our organization's activity. But other activities that are not as widespread are also developed, the backstage, which contribute and add value to the provision of said services. On this occasion we will learn about some of these activities, in particular, how the concept of Cybersecurity Threat Intelligence is adopted and implemented in INCIBE.
The final phase will consist of a series of skill challenges, in war game mode, similar and complementary to those of the online phase, that each team (10 finalists) must resolve in person during a specific window of time in the CyberCamp event.
In this talk, Professor Javier López and some of the members of the research group, NICS Lab, will present the status and progress of several research lines in the world. who are in an area in this area from the Computer Engineering ETS of the University of Malaga.
Everybody knows iptables, the native linux firewall but, who knows about the Netfilter infrastructure? How the linux firewall has evolved? In this workshop we're going to explain the different components and the netfilter datapath, why it is mandatory to evolve iptables and th epresentation of the new generation of linux firewall with nftables showing practical use cases for filtering, load balancing and high availability..
During the talk, the attendees will receive advice based on my personal experience after having founded 5 cybersecurity startups so they will be able to create their own startup.
They will be given recommendations on methodologies to search, find and validate a problem and then, develop a solution different from their competitors.
They will see SMARTFENSE and I will tell them how it works and how we managed to get that far with the product.
I will explain the MQSP own methodology to help them stay motivated and focused on overcoming the challenges that may occur in their life as entrepreneurs, including the skills required to achieve success.
Also, I will take this opportunity to tell them about the success and failure of previous ventures and how we won the prize of the acceleration program of companies INCIBE CYBER SECURITY VENTURES and all the obstacles that we had to overcome to establish our company in Spain, all this with the purpose of preparing them to win their own prize.
Will be presented the use of social networks by terrorist groups through live practical exercises, and the value provided by the OSINT / SOCMINT disciplines for the monitoring of their activities and the identification of profiles. Will be presented the latest versions of the "tinfoleak" and "magneto" tools, referents in the OSINT / SOCMINT disciplines, by their creators (Vicente Aguilera y Carlos Seisdedos). The workshop will include a theoretical and practical part, and live exercises will be carried out analyzing social networks to extract information that can be converted into actionable intelligence.
In this presentation, attendees will discover the power of the NASL scripting language used for the development of NVT (Network Vulnerability Test) focused on industrial environments. In addition, a series of good practices will be discussed with examples to see their applications.
For this masterclass, a script has been programmed using Python and Scapy library for generating a shell on a Linux system that will be accessible only through another computer that executes the same script. This has been achieved by using a secondary channel on Wi-Fi, based on the exchange of encapsulated and encrypted 802.11 frames.
Using two Wi-Fi adapters in monitor mode, one for the server and another for the client, any command can be executed on the server shell just by using the same script on the client and on the server side. By using a secondary channel, in addition of data encryption, we protect that shell from any unauthorized access, converting it into a very secure and original way to administrate the server wirelessly.
The Tor network guarantees the anonymity and privacy of users when surfing the Internet, thanks to the creation of virtual circuits among the nodes of the Tor network. Tor also allows the users to publish websites only accessible through the Tor network itself, known as hidden services. In this talk, we first introduce a set of UML models to describe how the Tor network works. Then we introduce a system developed aiming at locating those hidden services (we collected 17328 different addresses) and at extracting relevant data to deanonymize them. In this regard, we used metadata from HTTP headers (found in 1636 services) and from digital certificates through HTTPS connections (only provided by 160 services). Our deanonymization results shown that in some cases we were able to bound real systems accessible in the (clear) Internet with the ones accessible in the Tor network. The hidden services collected were also classified by themes, showing that most of them were linked to illegal activities.
The technical workshop will be the experience of a Hacker's trip to the Cybercamp, manipulating the connected devices that will be found along the way, analyzing their vulnerabilities and how to protect it.
It will review the different protocols of the Internet of the Things present in most of the devices that come to market today and will see how not all are safe and can be manipulated for the fun of some Hackers.
The aim of the workshop is to raise awareness of danger that exist in a world that tends to be more and more connected, without guaranteeing security in the best known protocols of daily use.
Final of the individual CTF in which 45 finalists will compete.
The finalists will use the platform used in the online phase, but in this case the format of the challenges will be Jeopardy type. In this scheme, the participants will access via web browser to the virtual environment where the machines and resources offered by the platform are located, which are necessary and sufficient for the resolution of the challenges. Under this concept of competition, the finalists must overcome tests of increasing difficulty that will allow them to open a path in the target network and unlock successive challenges.
Technological crime today is not something new, nor is it the future, it is the present, present in which from the Central Cybercrime Unit of the National Police daily fight against this type of crime. This talk will talk about the work of this Unit from within, that is, from the point of view of a researcher specializing in cybercrime.
In "The Art of Cyberwar" (lecture given in Cybercamp 17) the possible archetypes of agents of cyberthreats and their possible objectives were described. In this second installment, different models are described that are becoming a de facto standard for the classification of malware samples, which allows, on the one hand, to "serialize" the description of the behavior of the sample analyzed, and on the other hand , facilitate its attribution. It would be a threat that it becomes a trilogy.
The blockchain technology marks a trend in recent times. Yaiza will explain through his talk different use cases where she will demonstrate the decentralization, traceability and security capabilities of this technology.
The forensic analysis of IoT devices: Smartwatches, Drones, Smartmirrors, Smartfridges, Home assistants, SmartTvs ... will become a essential mainstay of any traditional research.
IoT devices will be evidence of crimes such as assassinations, robberies, kidnappings or cyber attacks, it is necessary to learn to perform forensic analysis of these devices.
This talk will have several demonstrations in real time about the compromised IMSI Catchers that are used by different actors. Through low-cost devices such as an SDR (in this case through RTL2832U, HackRF, BladeRF, LimeSDR, Ettus N210) we will allow us obtain remote data information from mobile terminals. We will check techniques for consulting the cells and HLR / VLR from the SS7 protocol. We will intercept at the coverage range the terminal to be located. This will allow us to control groups of citizens in certain hostile environments such as demonstrations, riots, etc.
If you do not do any type of "injection" is a passive technique being viable perfectly and legal. When performing the techniques of interception and impersonation of the cells of the operators that are located, this is normally not allowed by the Law but it will be done with very little emission power and a range of about 7-8 meters maximum into a Faraday box for the demonstrations.
It will be demonstrated how the coverage of UMTS / LTE cells (3G / 4G / 5G) can be canceled to work on the desired frequencies using the latest "jamming" techniques in radiotelephony.
The relationship between private research and cybersecurity is very close and it is a reality that the professionals trained in these fields share, today, joint paths on many occasions. Cases of corporate intrusions, unfair competition, identity theft, scams, etc. they have a growing component related to cybersecurity. Precisely from the knowledge of how to apply cybersecurity both in companies and at a personal-professional level and how this knowledge and the work of professionals in cybersecurity help to avoid these situations is where this talk begins to capture the attention of the listeners. It is proposed to know a new field where future and current professionals of cybersecurity can find a niche of work: the offices of private detectives. It indicates what the detectives are, what rules regulate them, real cases are put on the table where they have been necessary, knowledge in cybersecurity or the participation of professionals in this field and, finally, new professionals are particularly motivated to explore. This new niche of work that already in itself can be exciting: work in a detective agency nationally and internationally.
Presentations of the Hackathon finalist teams where they defend the project, tool, application or solution developed throughout the competition.
In this talk Rafael will show how it is possible to relate nodes exposed to the Internet that can belong to the same organization using IPv6 for it. Through this relationship, several practical cases of how an attacker could discover and profile various nodes exposed to the Internet that belong to the same organization will be exposed and thus look for the most vulnerable to exploit it and be able to jump to another node from the public part. It is a new concept since in IPv4, pivoting towards other nodes of a target is done from the LAN in IPv4 since most nodes are behind a NAT. However, with IPv6, by default, all addressing is public and routable to the Internet, which allows many more nodes to have public addresses and, therefore, can jump from one node to another node from IPv6 addresses directly.
The paper will address three main points that intertwine as a story using the mythical film "La ciudad no es para mí" as a starting point as a comparison with my personal story that leads me to think that "Cybersecurity yes is for me" and by extension it can also be for you. I Will count:
Workshop in which we will see the main services that will be part of your day to day if you work with the Amazon cloud. A review of its capabilities and configuration will be made from the point of view of security.
The objective is to learn the best practices advised when using the resources of the most used public cloud in the IT world.
In this presentation we will analyze those threats focused on IoT that try to use their resources for mining cryptocurrencies, reviewing the attack vectors, the ways of obtaining persistency in the infected systems and other interesting details that we have been observing during last months, along with several solutions that might help stopping a threat that’s already causing huge problems to enterprises and home users.
Have you ever heard that there is a lack of millions of cybersecurity and STEM professionals? Who says that? How was this estimation computed? This talk will analize this viral phenomenon and we will compare it against the laws of the nowadays offer and demand market.
Industrial cybersecurity is playing an increasingly relevant role in the general cybersecurity arena. Incidents such as Stuxnet are no longer only known in a limited niche group of experts. Among this expansion, research and development related to the protection of these environments is a very active field, mainly connected to attack detection. In this talk, we will introduce the field of attack detection in industrial networks, and show what particularities has, when compared to IT environments. Later, the main active research lines in the area will also be outlined. Finally, we will give some advice and steps-to-follow for the people wanting to initiate in the field of industrial cybersecurity.
Even having mature and well-known technologies for client authentication on web applications (like client SSL and Cl@ve), lot of public administrations keep using their own methods for this task, mostly using electronic signature oriented applications... What are the associated risks? Is there a real threat on ignoring the standard technologies?
Cybersecurity issues are becoming critical in modern smart systems. Particularly, ensuring that only legitimate users get access to them is essential. New access control systems must rely on continuous authentication (CA) to provide higher security level. To achieve this, recent research has shown how biological signals, such as electroencephalograms (EEGs) or electrocardiograms (ECGs), can be useful for this purpose. In this paper, we introduce a new CA scheme that, contrarily to previous works in this area, considers ECG signals as continuous data streams.
Experience of the Spanish National Team in London
Cyberwatching.eu is a 4-year European Coordination and Support Action (CSA) project, which started in May 2017 and aims to create and maintain the European Observatory of Innovation in the field of Cybersecurity and Privacy (CS & P). The project develops its work focused on supporting the exploitation of results of R + D + i projects, facilitating access to innovative solutions of European SMEs. How can CyberWatching help my entity? In addition to being a showcase for its CS & P projects, CyberWatching offers free services of great interest to SMEs and organizations interested in CS & P, such as the MarketPlace or the End User Club, as well as the possibility of participating in international events.