2016
01 COMO CONVERTIRSE EN UN HACKER EXITOSO SIN TERMINAR EN LA CARCEL

02 AUTOMATIZANDO PROCESOS DE ANALISIS FORENSE EN ENTORNOS WINDOWS

La charla cuenta la historia real de un caso de análisis forense digital que inicialmente se pensaba para un numero limitado de maquinas y luego se decidió realizar para toda la red de una organización, por lo que desarrollamos una herramienta que nos permitiera automatizar procesos de análisis forense digital en entornos windows a prueba de fallos y de esta forma cumplir con los tiempos establecidos y las metodologías elegidas. En la charla se repasan tanto la historia y la solución, como las funcionalidad y la explicación a fondo de la herramienta que será distribuida de forma libre para su uso por otros analistas forenses que la vean de utilidad.

03 CONOCIENDO SEGURIDAD DE HTTP/2
Maximiliano Soler

ToolsWatch
Argentina

In this journey by RFC 7540 we will talk about the principles of HTTP/2, how it works, benefits, improvements, difference between HTTP/1.1, HTTP frames, streams, multiplexing. New security considerations and potential attacks to this binary protocol.

04 VULNERANDO ENTORNOS CRITICOS: SMART-CITIES, SMART-BUILDING Y GRANDES CORPORACIONES

La presentación mostrara a los asistentes lo vulnerables que son las modernas Smart-Cities que están siendo implantadas en las principales ciudades a nivel mundial, y con ello, los riesgos a los que se enfrentan las organizaciones y personas que conviven en ellas. Las Smart-Cities están compuestas por gran cantidad de elementos interconectados, donde cada uno de estos elementos supone un vector de entrada para tomar control de esta infraestructura. En este caso, se mostrara cómo es posible vulnerar los denominados edificios inteligentes o Smart- Building (se mostrara un 0-day descubierto), permitiendo a un atacante tomar control de la iluminación, sistemas de aguas, ventilación, generación de energía, ascensores y escaleras mecánicas, sistemas de alarma, videovigilancia y control de acceso entre otros. Los Smart- Buildings no solo suponen un posible vector de entrada a la Smart-City, sino que también suponen un vector de entrada a la organización que se aloja en dicho edificio. Este vector de entrada supone un riesgo a nivel digital, pudiendo acceder a la red interna, y a nivel físico, realizando una intrusión en el entorno físico. Durante la investigación se detectó que en muchas ocasiones, la red del Smart-Building se encontraban conectada tambien a la red interna de la organización para facilitar la administración del edificio por personal interno.Durante la investigación han sido detectados mas de 10.000 edificios vulnerables. Se mostraran ejemplos de edificios vulnerables y demostraciones reales, lo cual permitirá a los asistentes asimilar y entender realmente los riesgos a los que nos enfrentamos, tanto como ciudadanos como organizaciones. Se mostrara un ejemplo de Red Team que utilizando como vector de entrada el Smart-Building, permite llegar a tomar control tanto del entorno físico como de los sistemas más críticos de la red interna. En el ejemplo se mostraran los detalles necesarios para pivotar en este tipo de escenarios.

05 BIOHACKING FUTURE OF DIGITAL IDENTITY

We believe the power of cryptography should be in everyone's hands, literally. I will discuss putting chips in your hands that have the capability of merging with your human self to technologically authenticate you.

06 HACKING HOTEL KEYS AND POINTS OF SALE SYSTEMS: ATTACKING SYSTEMS USING MAGNETIC SECURE TRANSMISSION

Take a look at weaknesses in Point of sale systems and the foundation of hotel key data and the Property management systems that manage the keys. Using a modified MST injection method Weston will demonstrate several attacks on POS and Hotel keys including brute forcing other guest’s keys from your card information as a start point. And methods of injecting keystrokes into POS systems just as if you had a keyboard plugged into the system. This includes injecting keystrokes to open cash drawer and abusing Magstripe based rewards programs that are used a variety of environments from retail down to rewards programs in Slot Machines.

07 EXPLOTANDO Y ATACANDO REDES SISMOLOGICAS
Bertin Bervis

NetDB
Costa Rica

Un nuevo vector de ataque a redes sismologicas, no existe investigacion previa sobre esto antes. En esta presentación se va demostrar paso a paso en un escenario real como un atacante remoto puede elevar privilegios en un sismógrafo/estación remota pata tomar control de la red sismológica completa localizada a 183 mts en el océano. Hemos encontrado varios sismógrafos conectados al internet publico los cuales te brindan múltiples lecturas a cualquier persona que se conecte a ellos remotamente por los servicios ssh, telnet ,ftp, y http. Los sismógrafos brindan datos en tiempo real sobre los movimientos de la tierra y alrededores, podemos considerar estas redes como infraestructura critica debido a su papel para el estudio y prevención de desastres naturales, en base a estos estudios sismólogos y demás profesionales en el área geofísica pueden determinar cuándo donde con la más alta exactitud se producirá un movimiento en el suelo, acto seguido la población se evacua de esa zona y así se evitan o disminuye el número de muertes en esa área donde se producirá el movimiento. Vamos a dejar claro la falta y conciencia sobre seguridad en estos equipos debido a los técnicos a cargo de poner estos dispositivos en producción además de 3 técnicas de explotación para sacar una root shell en un sismógrafo.

08 HACKING NEXT-GEN ATM'S FROM CAPTURE TO CASHOUT

MV (Chip & Pin) card ATM's are taking over the industry with the deadlines passed and approaching the industry rushes ATM's to the market. Are they more secure and hack proof? Over the past year I have worked at understanding and breaking the new methods that ATM manufactures have implemented on production ‘Next Generation’ Secure ATM systems. This includes bypassing Anti-skimming/Anti-Shimming methods introduced to the latest generation ATM's. along with NFC long range attack that allows real-time card communication over 400 miles away. This talk will demonstrate how a $2000-dollar investment criminals can do unattended ‘cash outs’ touching also on failures of the past with EMV implementations and how credit card data of the future will most likely be sold with the new EMV data having such a short life span.

With a rise of the machines theme demonstration of ‘La-Cara’ and automated Cash out machine that works on Current EMV and NFC ATM's it is an entire fascia Placed on the machine to hide the auto PIN keyboard and flash-able EMV card system that is silently withdrawing money from harvested card data. This demonstration of the system can cash out around $20,000/$50,000 in 15 min.

09 STUMPING THE MOBILE CHIPSET

Following recent security issues discovered in Android, Google made a number of changes to tighten security across its fragmented landscape. However, Google is not alone in the struggle to keep Android safe. Qualcomm, a supplier of 80% of the chipsets in the Android ecosystem, has almost as much effect on Android’s security as Google. With this in mind, we decided to examine Qualcomm’s code in Android devices. During our research, we found multiple privilege escalation vulnerabilities in multiple subsystems introduced by Qualcomm to all its Android devices in multiple different subsystems. In this presentation we will review not only the privilege escalation vulnerabilities we found, but also demonstrate and present a detailed exploitation, overcoming all the existing mitigations in Android’s Linux kernel to run kernel-code, elevating privileges and thus gaining root privileges and completely bypassing SELinux.

10 MEMORIAS DE UN PERITO INFORMATICO FORENSE VOL. III

Se trata de una exposición de casos forenses; experiencias reales llevadas a cabo por mí personalmente, y relacionados con tecnologías de información, en los que detallaré la problemática de los casos, así como diversas prácticas del mundo del peritaje. Entre otros se muestran procedimientos de investigación (fases de adquisición, análisis e incluso de correcta documentación), en recuperación de datos borrados (ficheros y correos electrónicos), replicación de casos para poder sembrar la duda razonable ante el juez del caso en concreto. Mostraré un caso ganado, uno que no llegó a juicio,... y mi primer caso perdido.

11 FREEBSD INSECURE BY DEFAULT

Esta charla cubre vulnerabilidades encontradas y corregidas en el sistema operativo FreeBSD.

12 JANITOR TO CISO IN 360 SECONDS: EXPLOITING MECHANICAL PRIVILEGE ESCALATION

For over 100 years, the modern pin tumbler lock has been used as the gold standard of physical security. Unique designs have come and gone over the years, but only the pin tumbler lock has remained constant. Almost just as constant is a neat hack-turned-standard feature that is commonly referred to as Master Keying. Master keying allows the use of “unique” permissions-based mechanical keys in large systems, and remains in use in large business and government installations in every country in the world. Unfortunately the oldest authentication system in the world still in wide use today is vulnerable to what many consider to be the original privilege escalation attack, predating digital computer systems completely. Known by a handful of locksmiths for decades and first publicly disclosed in 2003, this un-patched vulnerability remains one of the most dangerous and under-protected physical security weaknesses still present today. This talk will discuss a highly optimized attack method against common master keyed systems as it applies to modern locks, and will discuss a couple of options for mitigating and defending against the attack.

13 ANALYZING THE NATURAL LANGUAGE OF SOCIAL ENGINEERING WITH MACHINE LEARNING

Too-good-to-be-true schemes are one of the oldest tricks in the book. In the mid-nineteenth century, a con-man named William Thompson roamed Manhattan, persuading passers-by to 'have the confidence to loan him their watch for a day.' The target would often comply, but Thompson would subsequently disappear, never to be seen again. Social engineering has transferred well from the Industrial Age to the Information Age, manifesting now in the form of remote get-rich-quick scams over social media. The large-scale, diverse and continuously evolving nature of social media severely complicates any ability to react to emerging scam tactics. Although well-informed human observers can be trained to spot this behavior, the proliferation of available data coinciding with social media’s surge in popularity demands automation. Further complicating matters, scam posts are purposefully intended to deceive victims, making it algorithmically difficult to distinguish them from benign ones. To address these concerns, a machine learning approach is developed to classify network-agnostic text and image data as fraudulent scams. A classifier is leveraged in order to filter down incoming scam posts based on their text and image content. It uncovers a diverse ecosystem of scams ranging from money-flipping, counterfeit goods, to lottery fraud and fake support reps, coupons, tickets and sweepstakes. Over ten thousand scams are found, spanning across different industry verticals and social networks. Through natural language processing, the dataset helps characterize scammer TTPs in terms of the language and behavioral patterns they exhibit on social media. Additionally, social honeypots are employed in order to trick the scammers into disclosing their own personal information, and user surveys are conducted to ascertain how they got conned and how much they lost. Taken together, these approaches shed light on the dark underworld of fraud operating freely across social media.

14 LA RESISTENCIA