From crimeware ransomware to targeted ransomware - Let's evolution the ecosystem
Marc Rivero López. McAfee
In recent incidents in the sector it has been observed that ransomware was the cause of the attack and common elements (TTP) have been extracted with which they have attributed (sometimes incorrectly) the attribution of some of these families.
In the talk, we will talk about how ransomware in the crimeware ecosystem has decreased and how the company-centered approach has grown. It will also detail the operation of these families, in addition to unique characteristics that were not observed before.
Massive credential reset in Wallapop after an unauthorized access
European Cyber Security Challenge: Promoting talent in Europe
Europe has to be able to prevent, react and protect its citizens against the different existing and future cyber threats, however there is currently a great need for professionals specialized in security in all its domains.
With the aim of promoting, retaining and attracting talent, the ECSC, tries to focus attention on young cybersecurity talents and at the same time encourage young students to choose studies in this area that allows In the near future, creating solid cybersecurity structures in education, business and industry.
- Tatiana Gutierrez Marqués. CyberCamp and ECSC coordinator at INCIBE.
- Adrian Belmonte Martin. ENISA, leader of the ECSC.
- Diego Manrique Diez. Representative on behalf of INCIBE in the ECSC Executive Committee.
- Alejandro Taibo. Member of the Spanish team # ECSC19
- Adrián del Prado. Member of the Spanish team # ECSC19
Emulation of adversaries: From ATT&CK matrix to building your own emulation
Pablo González Pérez. Telefónica.
The emulation of adversaries is a scenario in which not only tools are thrown as can happen in an ethical hacking, but also an emulation of how an attacker operates, that is to say, since a threat materializes, all the steps are tried to be emulated. In the talk the ATT&CK matrix will be shown and everything that composes it will be explained.
The observation of the history of the threats is something fundamental to know techniques and tactics used by the threats, since in the immense majority of the occasions one can learn from this to combat future threats and already existing threats. In the talk you can see the use of tools such as Caldera or Infection Monkey, but it may be necessary to create your own tool in which you can easily incorporate knowledge of the community, the organization itself and team members. It shows how to create your own basic tool.
From RedTeam to BlueTeam
José Ángel Álvarez Pérez. Madrid City Council
How a child who started breaking things ended up defending the Public Administration systems.
Plug in the Middle
Julio Martínez Martínez-Checa and Alejandro Espinosa Álvarez
Learn how a domestic PLC network works: the protocol, existing attacks, and how to mitigate them. We will explain the HomePlug AV protocol, what attacks exist and how to mitigate them through a live demo.
Turla group activity report prepared by NSA and NCSC
Exploiting vulnerabilities in the CPU microcode
Pedro Candel. CS3 Group Security Services
During the development of the workshop, you will see how to create an exploit from scratch for each of the three well-known recent “logo” vulnerabilities such as Dirty COW, Specter and Meltdown. The development to be carried out is detailed for each of them. Once explained, the new attacks discovered will be detailed and how their exploitation is until finally reaching the last vulnerability discovered in Intel microprocessors.
Technical Requirements:
- Attendees can bring their computer to follow the workshop guidelines although it is not necessary since the speaker will teach the workshop as a master class.
- Equipment Requirements:
- Attendees must previously install a virtual machine with everything necessary already prepared to be able to execute all commands and code snippets
- The requirements will be to have 1 GB of free space on the hard disk and at least 512 MB of free RAM for that machine.
- It is recommended in case of using Windows to use putty or similar to access the SSH of the VM.
Pentesting Hero: iBombShell
Álvaro Núñez-Romero Casado. ElevenPaths
iBombShell tool allows to download to memory different functionalities that a pentester may need in an audit.
Two work modes:
- EveryWhere mode allows to have a prompt in any machine and in any moment;
- Silently mode allows to inject an instance of iBombShell during a process of vulnerabilities exploitation for its remote control.
During the workshop there will be constant demonstrations about the different work modes and work with real scenarios, where the iBombShell modules allow different uses such as information collection, password extraction, lateral movement, UAC bypass ... regardless of the operating system you work with.
Technical Requirements:
- Attendees can bring their computer to follow the workshop guidelines although it is not necessary since the speaker will teach the workshop as a master class.
- Equipment Requirements:
- Windows 10 machine, or
- Windows 7 machine, or
- Machine with Kali Linux.