Europe has to be able to prevent, react and protect its citizens against the different existing and future cyber threats, however there is currently a great need for professionals specialized in security in all its domains.
With the aim of promoting, retaining and attracting talent, the ECSC, tries to focus attention on young cybersecurity talents and at the same time encourage young students to choose studies in this area that allows In the near future, creating solid cybersecurity structures in education, business and industry.
Pablo González Pérez. Telefónica.
The emulation of adversaries is a scenario in which not only tools are thrown as can happen in an ethical hacking, but also an emulation of how an attacker operates, that is to say, since a threat materializes, all the steps are tried to be emulated. In the talk the ATT&CK matrix will be shown and everything that composes it will be explained.
The observation of the history of the threats is something fundamental to know techniques and tactics used by the threats, since in the immense majority of the occasions one can learn from this to combat future threats and already existing threats. In the talk you can see the use of tools such as Caldera or Infection Monkey, but it may be necessary to create your own tool in which you can easily incorporate knowledge of the community, the organization itself and team members. It shows how to create your own basic tool.
José Ángel Álvarez Pérez. Madrid City Council
How a child who started breaking things ended up defending the Public Administration systems.
Julio Martínez Martínez-Checa and Alejandro Espinosa Álvarez
Learn how a domestic PLC network works: the protocol, existing attacks, and how to mitigate them. We will explain the HomePlug AV protocol, what attacks exist and how to mitigate them through a live demo.
Pedro Candel. CS3 Group Security Services
During the development of the workshop, you will see how to create an exploit from scratch for each of the three well-known recent “logo” vulnerabilities such as Dirty COW, Specter and Meltdown. The development to be carried out is detailed for each of them. Once explained, the new attacks discovered will be detailed and how their exploitation is until finally reaching the last vulnerability discovered in Intel microprocessors.
Technical Requirements:
Álvaro Núñez-Romero Casado. ElevenPaths
iBombShell tool allows to download to memory different functionalities that a pentester may need in an audit.
Two work modes:
During the workshop there will be constant demonstrations about the different work modes and work with real scenarios, where the iBombShell modules allow different uses such as information collection, password extraction, lateral movement, UAC bypass ... regardless of the operating system you work with.
Technical Requirements:
Daniel García. S2 Grupo
We live in a connected world, a world conferred to the virtual, without barriers, without borders. A world that allows us to exchange information with different people throughout the planet.
The objective of the talk is to ensure that attendees can build their own set of pentestin using hardware and software tools.
On the one hand, on the defensive side, we want to identify real-time attacks on our wireless network infrastructure via WiFi.
On the other hand, in the offensive part, we will be able to identify vulnerabilities of our infrastructure.