Audit and hacking to Bluetooth Low-Energy (BLE) devices
Pablo González Pérez. Telefónica
We are finding more and more devices connected around us. BLE (Bluetooth Low-Energy) technology is increasingly distributed and can be found at home, in the office and on the street. It is a technology that simplifies the use of Bluetooth and makes it more efficient.
Energy saving can be faced with security and the lack of standardization in many cases, causes us to find weaknesses and attack vectors that can be used to obtain information from a device, manipulation of it or that the device performs an action for which it was not designed or for which it was not authorized.
This workshop will demonstrate techniques for auditing these devices. Totally practical. We will use MicroBit.
Technical Requirements:
- Attendees can bring their computer to follow the workshop guidelines although it is not necessary since the speaker will teach the workshop as a master class.
- Micro: bit boards and the nRF Connect mobile application will be used.
Hack Like a Pro: How to find vulnerable systems using metasearch engines
Pilar Vila. Forensic & Security
Looking around it is easy to realize that we live in the era of the Internet of things. In our daily lives, we find things connected to the Internet, starting with our home Wi-Fi routers and even traffic light management systems and street security cameras. Since they are connected, they can all be found in two worlds, both in the real world and in the digital world. To be able to secure it is necessary to know what we are facing, so the use of meta-search engines helps to know the reality.
SecDevOps (DevSecOps) with docker
Antonio José Juanilla Hernández. (Santander Global Tech)
It is intended to teach how to secure a private cloud environment, which uses containers for the deployment of its applications and services.
Technical requirements:
- Attendees can bring their computer to follow the workshop guidelines although it is not necessary since the speaker will teach the workshop as a master class.
OSINT and Social Engineering: as vectors of attack on cybersecurity
Carlos Seisdedos y Vicente Aguilera. Internet Security Auditors
Techniques and tools will be displayed with the aim of making our information known as our information, exposed on the Internet, either by us or third parties, with or without our consent, properly collected and analyzed, can be turned into an attack vector against States, organizations, companies, individuals and of the way not, also against criminals. The workshop will show how with the minimum information exposed in the Network, through the use of social engineering techniques, open sources and disciplines such as OSINT or SOCMINT data of great interest can be obtained in research processes, tasks that have been become the cornerstone of many professionals such as police, detectives, analysts or journalists, among others.
Technical requirements:
- Attendees can bring their computer to follow the workshop guidelines although it is not necessary since the speaker will teach the workshop as a master class.
Osctrl: Fast and efficient osquery management
Javier Marcos de Prado. (BitMEX)
Hacker for a day
Raúl Siles and Mónica Salas. DinoSec
Technical workshop about hacking and the security of modern technologies, with the goal of promoting the culture of hacking and cybersecurity, by performing offensive and defensive activities throughout live demos.
Technical requirements:
- Each assistant is recommended to go with a mobile device (smartphone or tablet).
The call of death
In the initiation workshop “The call of death” we will see step by step how to mount a pocket device to execute commands and scripts on a Linux system and interact with home automation systems or sensors by means of a simple call made from an analog phone by capturing of DTMF tones and a menu of voice options.
Threats and obfuscation in Wi-Fi communications in urban environments
José Ángel Berná Galiano. University of Alicante
Wi-Fi technology currently has a great adoption by homes and businesses. Its security has focused on the strength of its encryption and authentication mechanisms, but DoS deauthentication attacks are of special relevance, without mitigating in almost 100% of home Wi-Fi routers, smartphones and a large number of corporate Wi-Fi networks . These attacks allow the development of cybercrime activities with economic benefits or reputational damage in the services offered by corporations. In addition, a Wi-Fi communication system immune to these attacks and difficult to detect will be shown.
Technical Requirements:
- Attendees can participate with their smartphones in demonstrations