Here is our great line up! (no special order)
Jim Kennedy (@TonikJDK)
Jim is a career System Engineer specializing in Microsoft and Cisco systems. He has spent the last 15 years in public education in a 12 building metropolitan campus with 6000 student users and 900 staff users.
Talk: How to secure a windows network like a boss
Everyone talks about hostile users but few System Engineers truly live that environment in the extreme. Imagine an environment with 6000 completely hostile users. Where every one of them is highly motivated to attack your systems. Consider that in this environment these hostile users are your primary customer, the sole reason for your organization’s existence. Busting them and having security escort them from the premises isn’t even an option. You are instead charged with taking care of them, teaching them, and nurturing the natural curiosity that is the root of their hostile actions. Anything less; you and your organization are a failure. In this talk we will discuss the challenges of a K-12 public school IT Department and how to leverage low cost/no cost common sense security solutions. Isolation of systems, simply patching, user rights, commonality of systems and configuration, vlans, switch port setups, web filtering….a host of items that most organizations lose track of that cumulatively are all you need to be realistically safe.
Paul Coggin (@PaulCoggin)
Paul Coggin is a Senior Principal Cyber Security Analyst with Dynetics, Inc in Huntsville, Alabama. Paul is responsible for architecting and securing large complex tactical, critical infrastructure and service provider networks as well as teaching networking and security courses. Paul is a Cisco Systems Certified Instructor # 32230, Certified EC-Council Instructor and a certified SCADA security architect. He has a BS in Mathematics, an MS in Computer Information Systems, an MS in Information Assurance and Security and currently pursuing an MS in Systems Management.
Talk: Hijacking Label Switched Netowrks in the Cloud
The telecommunications networks are one of our most important critical infrastructure assets. In fact all of the other critical infrastructure domains are dependent upon the telecommunications critical infrastructure for operation for example ICS\SCADA. In this talk we will discuss a quick overview of telecommunication architectures and operations for border gateway protocol (BGP) services with references to the recent BGP prefix hijacking attacks. The discussion will then pivot to how Multi-protocol Label Switch (MPLS) networks may be attacked in telecommunications networks. Could it be that the MPLS networks are being attacked similar to BGP? How would someone go about targeting MPLS networks? The MPLS discussion will provide an overview of MPLS VPN’s and MPLS traffic engineering architectures and operations including packet captures of label traffic for reference. Attack vectors for targeting MPLS networks will be addressed in addition to a couple new ideas for gathering intel from MPLS networks. Recommendations for monitoring and securing BGP and MPLS networks will be discussed as well.
Claudio Caracciolo (@holesec)
Actual Chief Security Ambassador de Eleven Paths , Coordinador del Centro de Ciberseguridad Industrial en Argentina (CCI-Es.org), Presidente de ISSA Argentina (2011-2013 y 2013-2015). Socio Fundador de Root-Secure. Consultor especialista en Seguridad de la Información. Miembro de asociaciones relacionadas al ambiente como: ISSA International, OWASP, Usuaria, Argentina Cibersegura, Miembro del comité académico de Segurinfo desde el 2007 a la actualidad. Instructor sobre temas relacionados con Ethical Hacking, Metodologías de Defensa, Hardering de Plataformas, Seguridad Web, Técnicas Anti-Forenses. Apasionado por la Ingeniería Social. Autor junto a sus socios en Root-Secure del libro “Ethical Hacking, un enfoque metodológico” Editorial Alfaomega. Co-Organizador del evento MS Doing Blue.
Charla 1: El mercado del Malware en los store para Android
El problema del malware en Android es bien conocido, sin embargo los criminales utilizan técnicas en los distintos store que pueden ser identificadas y por tanto, a nivel corporativo frenar a tiempo las amenazas. Desde nuestro laboratorio, que no es una empresa de antivirus, hemos descubierto la botnet más grande montada sobre Android y hemos desarrollado herramientas de inteligencia que nos han permitido identificar características de los creadores de malware, como también identificar sus objetivos principales. En esta charla, se buscará compartir nuestras investigaciones con el fin de comprender un poco mejor como funciona el mercado negro del malware y debatir el caso particular de porque Google Play lo permite (o no lo impide).
Charla 2: Hardening Networks, Servers & Apps with Latch Community Edition
Cada día hay más robos de identidad, cada día hay más vulnerabilidades masivas, cada día hay más fallas de seguridad en los servicios de Internet. ¿De verdad crees que nunca te va a tocar a ti? Un día te levantas y ha salido HeartBleed, otro día despiertas con el hackeo de Ebay, al siguiente un grupo de cibercriminales ruso atesora 1.200.000 identidades robadas. Tarde o temprano estarás en la lista de los afectados. Es la ley de 0wned, tarde o temprano te han atrapado con la guardia baja. Latch es una plataforma para controlar autorizaciones de segundo factor, pudiendo hacer escenarios de Activación con 2 llaves, Control Parental, Activado y Desactivado de Servicios Remotamente, Verificación de 4 ojos, Supervisión de acciones, Publicación diferida, etcétera. En esta sesión podrás ver cómo utilizar Latch para montar escenarios de seguridad de red, de servidores y de aplicaciones, desde 0. Para poner en protección tus redes, servidores Linux, Windows y aplicaciones en minutos.
Carlos Perez (@Carlos_Perez)
Carlos Perez is the Director of Reverse Engineering in R&D for Tenable Network Security. Carlos is also a Community Developer for Metasploit, contributor to the “Metasploit the Penetrations Testers Guide” Book and has written several Open Source security tools some included in Kali Linux. He is a member of the board for the PTES Penetration Testing Execution Standard and the Init6 Security Group in Puerto Rico. He has presented at Defcon, Bsides, Hack3rCon, SANS and others. He is also a host for Pauldotcom Security Weekly and has participated as a security subject matter expert in both radio and television. Carlos loves to write code in Python, Ruby, Powershell, T-SQL and Bash.
Talk: Abusing Active Directory in Post-Exploitation
José L. Quiñones (@josequinones)
José L. Quiñones has 15+ years of experience in the IT field and holds a Bachelors in Science in Electronic Engineering Technology, holds various professional certifications in systems administration area such as: MCP, MCSA, MCT and RHCSA, but also in the IT security field such as: CEH, CEI, GCIH and GPEN. Mainly workes in the Health and Education industries as IT Director for a Medical School, but also works as an independent consultant in IT infrastructure and security architecture. Jose has design courses and workshops in Networking, Windows, Linux, Virtualization, Ethical Hacking and Incident Handling; and teaches certification programs for professional educational companies. He is the President/Founder of Obsidis Cosortia, Inc a non for profit organization which mission is to promote professional development of information security for IT professionals, students and enthusiasts, and security awareness to the general public. Finally Jose, runs a local security user group “init6”, is the head organizer of “Security BSides Puerto Rico”, designs Network Security Scenarios (Capture the flag), and runs a personal blog about systems administration and security CODEFidelio.org.
Talk: Drone Wars: Weaponizing your “drone”
There is a lot of talk of how drones are bad for privacy, things can get really interesting when you combine your Xcopter with WiFi, air traffic control, and can actually become a remote controlled turret. Interesting or scary, you decide.
Jose A. Arroyo (@talktoanIT)
Jose A. Arroyo Cruz serves as Communications and Radar Technician for the 140th Radar Support Squadron in the Puerto Rico Air National Guard. Arroyo is an accomplished IT specialist with nearly 11 years of experience in designing, implementing and security hardening information systems for both military and private sector companies. He served as an IT trainer and consultant for several corporations Puerto Rico. Arroyo is the Vice President and Co-Founder of Obsidis Consortia, a non-profit organization dedicated to helping the community understand technology and information assurance. He is the co-author of The Cyber Crime Investigative Methodologies handbook written specifically for Puerto Rico’s code of justice. Holds a Bachelors of Science in Engineering Technology, a Master’s Degree in Information Assurance from Walsh College and is currently a PhD candidate at Capella University where he writes his dissertation on Social Network Analysis a Forensics Perspective.
Jose R Fernández (@jfersec)
Jose Fernandez is the President of CompSec Direct. He is an IT security researcher and PhD student with over 15 years’ experience in IT. Jose has worked in both the private and public sector helping clients improve info-sec practices. Jose spends his time developing security methodologies with an attack and defend approach.
Talk: Fun with Tor: How anonymity services complicate actor attribution
Jose will explain how services like Tor can be configured in order to mask the location of a malicious actor. The presentation will cover:
0. The problem with attribution within the info-sec community.
1. Configuring Tor to use exit relays with a high level of paranoia.
2. Conducting reconnaissance and attack of a victim server through Tor.
3. Demonstrating how these attacks look in the victim server.
4. Demonstrating how to defend against known Tor exit nodes.
5. Demonstrating how to potentially unmask a malicious actor that is using Tor.
Jaime Andrés Restrepo (@DragonJAR)
IT systems and Telecommunications Engineer at University of Manizales Colombia. Jaime is an Information Security Researcher with more than 10 years of experience in Ethical Hacking, Pen Testing, Vulnerability Assessment and Forensic Analysis. Co-Founder of ACK Security Conference and creator of the biggest Hispanic security community called www.DragonJAR.org Jaime has presented in many Hispanic conference like “EKO Party” in Argentina, “iSummit” in Ecuador, “e-Security” in Guayaquil, “Ethical Hacker Conference” in Bolivia among others.
Charla: Hackeando carros en Latinoamérica
Se hace un recorrido por los diferentes problemas de seguridad encontrados en reconocidas marcas de automóviles en países anglosajones. Claro está que los carros de gama alta no son los únicos que se ven afectados por estos problemas, en esta charla mostraremos cómo marcas de carros altamente extendidas por países latinoamericanos, también cuentan con problemas de seguridad que podrían poner en riesgo a su conductor, acompañantes y peatones.
Omar Santos (@santosomar)
Omar Santos is a Senior Incident Manager of Ciscos Product Security Incident Response Team (PSIRT) where he mentors and lead engineers and incident managers during the investigation and resolution of security vulnerabilities in all Cisco products. Omar has over 17 years of experience (14 at Cisco) working with information technology and cyber security. Omar has designed, implemented, and supported numerous secure networks for Fortune 500 companies and the U.S. government. Prior to his current role, he was a technical leader within the World Wide Security Practice and Cisco’s Technical Assistance Center (TAC), where he taught, led, and mentored many engineers within both organizations. Omar is an active member of the security community, where he leads several industry-wide initiatives and standard bodies. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants that are dedicated to increasing the security of the critical infrastructure. Omar is the author of four books, numerous whitepapers, articles, and security configuration guidelines and best practices. Omar has also delivered numerous technical presentations at conferences and to Cisco customers and partners; as well as many C-level executive presentations to many organizations.
Talk: Are “Branded” Vulnerabilities Helping Make the Internet a Better Place?
If the vulnerability is sexy enough, it gets a name. If the vulnerability can make the researcher or the company that found it rich, it gets a name. From Heartbleed to ShellShock, Poodle and GHOST, vulnerability branding is the new normal. Is this new trend in vulnerability disclosure helping make the Internet a better place? This session is an active discussion on how bad actors are benefiting more from these branded-vulnerabilities than the good guys. We will discuss the trends in vulnerability disclosure and the evolution of network security.
Javier Hernandez (@soynerdito)
Tech nerd, Android, C++, Java, .NET, Ubuntu/Mint, Arduino, Python, PSoC. Hardware, Software and everything in the middle.
Talk: Hardware Hacking: My first CON Badge
José Padilla (@jpadilla_)
José Padilla is co-founder and CTO of Blimp, startup and development studio. He has no formal education in security or is by any means a security expert. Having built multiple applications and products used by thousands of companies, best practices, security threats, and attacks are learned and applied on a daily basis. He’s a hacker, like the ones that come up with interesting solutions to complicated problems. He’s an entrepreneur, because there’s an upside to solving problems and having people want to pay you for the solution. José also contributes and maintains various open source projects like Django REST Framework.
Álvaro Andrade (@aadradex)
CEO and Founder of KAS (Krypto ATM Systems), dedicated to advanced physical and logical security solutions for ATMs, from which company has implemented an advanced security solution in Panama ATM network, covering more than 75 banks.CEO of the international firm “Ethical Hacking Consultants” dedicated to cyber security, Computer forensics and cybercrime. Alvaro has over 14 years of experience advising various financial institutions in Latin America, as governments, intelligence agencies and the private sector over cybersecurity issues, Cyber Intelligence, and cybercrime investigations.
Mitchell Brett Parker, CISSP, is the Chief Information Security Officer at Temple University Health System (TUHS), a four hospital, 1000+ bed health system with annual revenue of $1.4B. Mitch is also the CISO for Temple University’s clinical faculty practice plan, Temple University Physicians, and consults to the School of Medicine. He works extensively with all internal and external stakeholders and believes in an inter-departmental approach.Previous to his employment at TUHS, Mitch worked in Network and Application Security as an information security consultant to the Defense Logistics Agency and multiple other customers. The engagements included every aspect from configuration management and secure coding and systems design to incident response and computer forensics. Mitch holds a BS in Computer Science from Bloomsburg University and a MS in Information Technology Leadership from LaSalle University. He is currently working on his MBA at Temple University’s Fox School of Business.
Talk: Financial and Policy Challenges to Effective Information Security for Hospitals
Healthcare ensures the well-being of the American population. It is subject to a myriad of regulations and guidance to ensure secure and efficient operations. Many of these initiatives are well-intentioned and designed to guard citizens against fraud. However, in concert, these may act to stifle the resources and budgets needed to keep a viable Information Security program operational. The main entity responsible for ensuring security, which is the Center for Medicare and Medicaid Services, will have its role and regulations explained. The issues with the current model in healthcare will be explored in detail. Reasons why this current situation exists will then be explained thoroughly. These reasons will include structural, legal, and situational, and financial analysis of healthcare providers’ current state. These will be summarized to show that the current model may do more harm than good in stifling the resources needed for effective Information Security programs at hospitals
Ángel Tinidad-Rigau (@stom_shadow_24)
He is an IT Auditor, fraud and digital forensics investigator for a financial services institution in Puerto Rico. Also, he is an instructor in Microsoft technologies, incident handling, ethical hacking and digital forensics. He holds a Master Degree in Information Systems with a Major in Information Security and Fraud Investigations. Additionally, he hold various certification including: C|HFI, CFE, CISA, MCT, MCITP, MCSA and CICA.
Talk: HD, Memory and Network Forensics: Proving Locard’s Principle
Cybercrimes investigations are conducted to identify if an incident or breach had happened. The most important thing in an investigation is the evidence and how it helps answers the most critical questions: what, when, who, where, why, how and how much. The evidence is always there. In this workshop we will prove the Locard’s Principle, a KEY fundament in forensics. We will follow the evidence trail of an attack through the analysis of the network, physical memory and hard disks.
Walter J. Cervoni, CPP
Titulo de charla – Crossing the Chasm – Security at a Crossroads
Abstract: The attack surface is expanding, with the expansion from the 2nd to 3rd platforms (mobile/cloud), broader supply chain as well as the use of personal devices for work (BYOD) client environments are becoming increasingly out of control of the security team. This data sprawl will only get worse with the uptake of the Internet of Things and will continue to create challenges for security organizations of all sizes. Security as a whole is converging at a rapid pace, video surveillance, access control, telemetry… in short everything that has an IP Address becomes a security process, yet the challenge remains as the bad guys are converging as well…
Attackers are increasing skills – Jumping video platforms, ‘beating’ traditional passive command and control systems and using opportunistic malware for targeted attacks, leveraging weak points in the network or the supply chain (such as Target vulnerable due to 3rd party HVAC contractor). Networks are increasingly “dirty”. As a result, security has to be redefined with these new threats and convergence at play… How do we do this? The Convergence of Security & IT redefined.