The Ekoparty Security Conference 2013 took place in the beautiful city of Buenos Aires (Argentina), from 25 to 27 September, this event, the most important conference on security in Latin America, is now in its ninth year and 1,500 people attended. The slogan of this year's Conference was that Somebody's watching.
Like every year, the event took place at the Konex, a cultural complex created from a plant and the oil tank used from 1920 to 1992, which gives it a unique atmosphere for hosting the event.
As Defcon and other security events, presentations cover a wide variety of topics and discussions, Ekoparty is a forum where many security professionals have diverse research and development in computer security.Before the event, there are some training courses for companies and professionals of security, with the content in connection with the defensive security, Digital Forensics, analysis of Malware or Pentesting - among other topics. At this time, I had the opportunity to present the training implementation threat Intelligence in organizations, the implementation of monitoring strategies, detection and defence. It was attended by the staff of Bank security, e-commerce companies and Government.
The first day begins with a panel discussion on the State of cyber-attacks and cyber-defense in Latin America, with the participation of regional experts on this subject. The evening there were workshops with all auditoriums filled to maximum capacity. I presented the intelligence OSINT script workshop.
As with any security event, Ekoparty has its competition for CTF (Capture The Flag), but on this occasion, it has a component particular that make it different from others. In this case, the competition was based on scenarios of attack and defence in which the participants have not only earned points by capturing a flag, they could also lose points by not being able to defend themselves, or when several teams attack. In addition, a team could transfer points to another team, which turned into a strategy very interesting game.On the second day that the presentations of the Conference began. All were very interesting and with a lot of content and research, so I will speak on some of them.
Corey present Kallenberg nene signed execution of the BIOS. He talked about how a system BIOS can be compromised beyond the protection of manufacturers. Later Harri Hursti this Vote early and vote often, his speech was very interesting because at that time many countries have already implemented electronic voting systems and others are testing prototypes for their deployment.
He showed a series of vulnerabilities in these systems, which could allow unauthorized access to display the results, the manipulation of information, or even the violation of the privacy of citizens. It has even shown the possibility that it was possible to generate attacks denial of Service against these systems, preventing people from voting.
Also the second day, Francisco Falc n and Nahuel Riva of Core Security has made the presentation do you know who is watching you?: a thorough review of the attack surface of IP cameras. They showed some of the vulnerabilities of web cameras from leading manufacturers and showed us the prospect of people choosing poorly how many times implemented solutions which may become a risk to the security and confidentiality.
Corey Kallenberg made a presentation, BIOS Chronomancy, how a system BIOS can be committed by malware persisted on some computers, compromising systems beyond the operating system and applications.
Finally, to close the event, Carlos Penagos and Lucas Apa of IOActive has presented an interesting talk, compromising industrial facilities 40 Miles Away, vulnerabilities in wireless with industrial SCADA systems sensors read, and inject data in these devices using radio frequency (RF) transceivers in a 65 km radius. In addition, they presented a POC in a simulator on how an attacker could manipulate the temperature of these sensors, causing a disaster in increasing or decreasing the temperature.
As with all major security events, we had good discussions and we have learned the news of the search for our colleagues. But Ekopary has a Latino flavor that makes it different. It was a great event and you may be interested to attend the next editions. You can really enjoy the city and of course a Asado with colleagues and friends :)