https://bugcon.org/

EkoParty University Talks. Charlas gratuitas para la comunidad universitaria.

Link para registro disponible próximamente en: https://www.eventbrite.com.ar/o/ekoparty-security-conference-13668287925

El día de hoy estaré en el podcast de schrodingersec platicando de anecdotas y demás.

Nos vemos martes 13 de julio a las 6:30pm CDT (GMT-5)

El CTF legendario de Google se realizará el 17 y 18 de Julio.

La liga para inscribirse es https://capturetheflag.withgoogle.com/ Tendrá sección de "principiantes" ("principiantes" para Google).

Los premios en efectivo serán de:
13,337 USD primer lugar
7,331 USD segundo lugar
3,133.7 USD  tercer lugar

El premio de verdad es la gloria de ganar el CTF de Google

martin-ger ha desarrollado un firmware para el ESP32 que lo convierte en un ruteador NAT Inalámbrico.

Entre los usos para Hacking y Seguridad se podría:

• Ocultar un acceso inalámbrico de una red inalámbrica existente.
• Podría ser un access point abierto (y vulnerable) desde el cual puedes compartir Internet y ver la información no cifrada.
• y otros

Después de flashear se puede fácilmente configurar desde el celular: el nombre de la red, la contraseña y la red inalámbrica a la que se conectará.

Dice que puede alcanzar un ancho de banda de más de 15 Mbps. En mis pruebas llego a 7Mbps en fast.com.

El código de martin-ger se basa en el Console Component y en esp-idf-nat-example. Se puede descargar de su GitHub.

Para flashear desde 0 este firmware en un ESP32 o Badge de OWASP Riviera se pueden seguir los siguientes pasos:

1. Instalar el driver de USBSERIAL. Durante la primer meetup se recomendó el siguiente:
CH341SER.EXE

2. Instalar Python y correr el siguiente comando:
pip install esptool
3. Descargar los archivos del github y, revisando que esté el puerto COM y las rutas de los archivos correctamente en el siguiente comando, ejecutamos:
https://github.com/martin-ger/esp32_nat_router
esptool.py --chip esp32 --port COM9 --baud 921600 --before default_reset --after hard_reset write_flash -z --flash_mode dio --flash_freq 40m --flash_size detect 0x1000 build/bootloader/bootloader.bin 0x10000 build/esp32_nat_router.bin 0x8000 build/partitions_example.bin
Ya que esté el firwmare flasheado podemos buscar en nuestras redes inalámbricas la red abierta llamada ESP_NAT_ROUTER y abrir la dirección 192.168.4.1 para configurar las opciones.

https://www.eventbrite.com/e/hacking-event-mx-vulnerabilidades-top-en-programas-de-bug-bounty-tickets-159524753833

¿En qué vulnerabilidades es mejor enfocarse?, ¿cuales son mejor pagadas?, ¿cuales generan mayor impacto?

Existen bastantes tipo de vulnerabiilidades que se pueden encontrar en un programa de bug bounty, pero debido a la alta exigencia, a los tiempos, el triage, las vulnerabilidades que ya han sido reportadas, el alcance del programa y muchos, muchos elementos; es mejor centrarse en ciertas vulnerabilidades que generan un mayor impacto a las empresas que corren sus programas, y a ti como bug bouty hunter.

En esta ocasión Zonduu nos hace un tour por las vulnerabilidades más importantes en los programas y los por menores de cada una de ellas.


https://www.eventbrite.com/e/hacking-event-mx-vulnerabilidades-top-en-programas-de-bug-bounty-tickets-159524753833

CloudSecNext Summit Solutions Track

• Friday, June 4th | 9:45 AM - 5:45 PM EDT
• Kenneth G. Hartman, Piyush Sharrma, Eric Eddy, Joel Bork, Josh Trout, Jesse Somerville, Colby Morgan, Arun Raman, Kasey Cross, Patrick Pushor, Ryan Bergquist, Bassam Khan, Dinesh Subhraveti[/b]

https://www.sans.org/webcasts/cloud-summit-solutions-track-118100


Event Overview

Cloud-based services are becoming increasingly more attractive to organizations as they offer cost savings, flexibility, and increased operational efficiency. However, protecting systems, applications, and data in the cloud presents a new set of challenges for organizations to overcome. Security teams need to adapt and learn how to utilize the tools, controls, and design models needed to properly secure the cloud.

For businesses and users making the transition to the cloud, robust cloud security is important. Constantly evolving security threats are becoming more sophisticated and IT teams will achieve greater security if they adopt a similar approach for the cloud as they do for their on-premise IT environment. Cloud security solutions are generally deployed and used to help protect data running across major public cloud services and private clouds.

Join this SANS lead event as we explore various cloud security topics through invited speakers while showcasing current capabilities available today. Presentations will focus on technical case-studies and thought leadership using specific examples relevant to the industry.

Agenda
9:45 - 10:00 AM EDT - Event Welcome

Ken Hartman, Chair, SANS Institute

 

10:00 - 10:35 AM EDT - A Streamlined Approach to Security Governance Throughout the Kubernetes Lifecycle

Piyush Sharrma, Co-Founder, Chief Executive Officer, Accurics

Kubernetes is the standard for cloud native development in public and private clouds, and is notoriously complicated to secure. There are a variety of approaches and tools to help you establish and monitor security policies within your clusters and applications, and additional tools that try to shift security left into the development process. Unfortunately, this often leads to fragmented enforcement and redundant controls which waste time and effort while leaving gaps and blind spots.

This session explains a streamlined approach for securing Kubernetes which relies on open source technologies which work together to establish security policies through automated enforcement throughout the cloud native lifecycle. Learn how to start with a single source of truth for security policy, erect guardrails that enforce that policy in integration and deployment pipelines, and implement runtime controls that ensure non-compliant resources and configurations cannot enter the cluster at runtime. Coupled with a robust library of existing policies and the ability to define your own, such an approach delivers better security with less effort.

 

10:35 - 11:10 AM EDT - Getting Started With SASE: Connect, Control and Converge With Confidence

Eric Eddy, Technical Marketing Engineer, Cisco Cloud Security Business Group, Cisco Umbrella

Digital business transformation and the shift to a distributed workforce are driving networking and security to the cloud. The secure access service edge (SASE) model consolidates networking and security functions word traditionally delivered in siloed point solutions into a single integrated cloud-delivered service. Join us to hear pitfalls to avoid when starting your transformation to SASE.

 

11:10 - 11:25 AM - Break

 

11:25 AM - 12:00 PM EDT - Building in the Cloud? Working in the Cloud? Ohh.We need to Monitor in the Cloud?

Joel Bork, Senior Threat Hunter, IronNet

Josh Trout, Software Engineering Manager, IronNet

Every organization is scrambling to enable Network Detection and Response capabilities into their enterprise network since the Solarwinds/Solarigate incident. Unfortunately this incident was not directed ONLY to enterprise networks - it impacted cloud and hybrid environments alike.

If that is the case, then how do you get the network traffic out of a hybrid or cloud environment?

This is a question we hear often and in this talk we are answering exactly that and how we at IronNet are using it to monitor our cloud-based build system and devops efforts.

 

12:00 - 12:35 PM EDT - Exploiting and Defending Service Account Impersonation Permissions in GCP

Jesse Somerville, Senior Security Engineer, Praetorian

Colby Morgan, Lead Security Engineer, Praetorian

Managing Google Cloud Platform (GCP) Service Account Identities can be daunting, especially for cloud deployments in large, distributed organizations. With simple misconfigurations or usages of insecure defaults, users may be exposing themselves to project or organization compromise.

In this talk, Jesse Somerville and Colby Morgan will outline the primary structure of the IAM permission model in GCP and how identities are utilized by various Google Cloud resources. We will identify misconfigurations that can be leveraged by malicious users to escalate privileges and walk through attack paths attackers can use. As a result of these vectors, we will present a few solutions that can allow users to audit account usage and manage privileged access that leverages tooling such as vTPMs, Googles Identity Aware Proxy, Stackdriver, and Service Account Impersonation Privileges.

 

12:35 - 1:10 PM EDT - Shift-Left is Not Sufficient: Why Agentless Runtime AI Security is Necessary for the Cloud

Arun Raman, VP of Cloud Products, Blue Hexagon

There has been a huge hype about tools for dealing with cloud misconfigurations and cloud security posture. However, modern attacks on the cloud cannot be thwarted anymore by just shifting left. Attackers have moved to complex, multi-stage attacks that use supply chain infection, evasive beaconing, zero-day Linux malware, and ransoming cloud storage. These attacks only manifest at runtime, and defending against them requires multi-vector inspection of workload, network, storage, and control plane activity at runtime and in real-time. As importantly, the security architecture must provide full cloud coverage and must not introduce supply chain risk.

In this session, we will explore customer case studies on how an agentless runtime AI security approach helped defend against real-life modern cloud attacks.

We also demonstrate how such a solution can be deployed within minutes and easily maintained in complex multi-region, multi-VPC, multi-OS, multi-account, and multi-cloud architectures.

 

1:10 - 2:10 PM EDT - Lunch

 

2:10 - 2:55 PM EDT - Hunting for Cloud and Remote User Threats

Kasey Cross, Sr. Product Marketing Manager, Palo Alto Cortex

Flexible work policies have forced adversaries to update their attack playbooks. With an increasing number of employees working from home and business-critical applications migrating to the cloud, attackers have set their sights on remote users and cloud assets. While adversaries are still using tried and true techniques, like phishing and application attacks, theyre increasingly exploiting gaps in remote access and cloud defenses.

In todays world, threat hunters must be able to unearth threats anywhere. Join our webinar to learn:

The latest attack techniques in the post-Covid era
How to hunt for threats in the cloud, the network, and across remote endpoints
How technologies such as XDR can uncover threats anywhere in your environment
 

2:55 - 3:35 PM EDT - Not All Risks are Equal - Why Context Matters in Cloud Security

Patrick Pushor, Technical Evangelist, Orca Security

The promise of adding new security tools and capabilities to your security operations efforts is more intelligence to make better, more well-informed decisions with, but do they deliver on that promise? If your Security Operations Center (SOC) team receives hundreds of high priority alerts every day should they even trust the risk score that is being used? An overwhelming number of alerts desensitizes the very people tasked with responding to them, leading to missed or ignored alerts or delayed responses. In this session, we discuss our best strategies in the fight against alert fatigue and how to rebuild trust in security intelligence.

 

3:35 - 3:50 PM EDT - Break

 

3:50 - 4:25 PM EDT- Beyond DAST: A DAST-First Tool with IAST Depth

Ryan Bergquist, Technical Solutions Engineer, Invicti

The versatility of modern dynamic tools bring advantages that extend far beyond the typical vulnerability scanning functionality. The inclusion of True IAST functionality provides the best of both worlds by maintaining the advantages of a DAST solution while gaining the ability to go deeper than ever before to identify and verify more vulnerabilities with access to the application code.

In this presentation we discuss what True IAST is and how it helps get you even closer to your web application security goals.

 

4:25 - 5:00 PM EDT - Securing the Hybrid Cloud: Visibility Best Practices

Bassam Khan, VP of Product and Technical Marketing, Gigamon

With the move to cloud and the multitude of approaches, your ability to effectively monitor and secure workloads gets even more difficult. IT complexity, the rate of change, lack of skills, and organizational silos have made confidently managing security and performance nearly impossible. Join our session for a discussion of the security considerations for on-prem private, public and hybrid clouds. Youll learn best practices and see how a little planning and design can go a long way.

 

5:00 - 5:35 PM EDT - Upleveling of the Cloud Infrastructure: Shift-Left vs Shift-Up

Dinesh Subhraveti, Container and Cloud Security, CrowdStrike

Containers represent an upleveling of cloud infrastructure from physical and virtual machines toward applications. This shift is forcing businesses to think of new approaches. First, security awareness is being extended to earlier stages of application development (shift-left). Second, the security signal captured at runtime is being extended to include application-level events such as container context (shift-up). Join us to hear how you can account for these fundamental changes and provide a holistic solution that effectively blends traditional security capabilities with ones required by modern environments.

 

5:35- 5:45 PM EDT - Wrap-Up

 

CloudSecNext Summit & Training 2021
Summit: June 3-4 | Training: June 7-12

CloudSecNext Summit & Training will bring together a unique combination of real-world user experiences and case studies, as well as practical, technical training focused on specific approaches and skills for building and maintaining a secure cloud infrastructure. As a virtual attendee, youll explore current approaches, tools, and techniques with fellow practitioners facing similar cloud-related security challenges.

Who should attend:
Security personnel who are tasked with securing virtualization and private cloud infrastructure
Network and systems administrators who need to understand how to architect, secure and maintain virtualization and cloud technologies
Technical auditors and consultants who need to gain a deeper understanding of cloud computing and security concerns
Security and IT leaders who need to understand the risks of cloud computing and advise business management of the risks and various approaches involved
Speaker Bios
Kenneth G. Hartman

Kenneth G. Hartman is a security consultant based in Traverse City, Michigan. Ken’s motto is “I help my clients earn and maintain the trust of their customers in its products and services.” Toward this end, he consults on a comprehensive program portfolio of technical security initiatives focused on securing client data in the public cloud. Ken has worked for a variety of Cloud Service Providers in both the Midwest and Silicon Valley in architecture, engineering, compliance, and security product management roles. An instructor for SEC545: Cloud Security Architecture and Operations and SEC488: Cloud Security Essentials, Ken has also been the co-chair of the 2019 SANS Cloud Security Operations Solutions Forum, the 2019 and 2020 SANS Cloud & DevOps Security Summits.

Piyush Sharrma

Sharrma is Co-Founder and CEO of Accurics. Piyush has two decades experience in cloud, endpoint, and information security technologies, and has helped launch numerous enterprise products. He was most recently Head of Engineering at Symantec, where he led the release of seven new products with a combined revenue of more than $500 million. He is also an inventor with five patents filed and was a member of Symantecs patent review committee.

Eric Eddy

Eric is a 10-year veteran of Cisco, holding many different roles related to network security. In his current role Eric focuses on competitive intelligence, sales enablement and advising product development. Eric has worked with 100\'s of different customers spanning across all geographies and market segments to help design, troubleshoot, and deploy network security solutions. Eric holds a B.S. in Applied Networking and Systems Administration from Rochester Institute of Technology.

Joel Bork

Joel Bork has been working as a Senior Threat Hunter and Cybersecurity Advisor at IronNet Cybersecurity since 2018. He also has years of previous work experience as cybersecurity consultant, as a vCISO, and as a FedRAMP 3PAO (Third Party Assessment Organization) to help certify cloud service providers to meet FedRAMP compliance regulations.

Josh Trout

Josh manages the Sensor development team at IronNet. Before making the move to management, Josh was a full stack developer that worked on projects from cloud infrastructure to frontend UI and all the layers in between. He has spoken at conferences around the world, but is more often found riding his bike to local breweries.

Jesse Somerville

Jesse is a Senior Security Engineer with specialization in web, mobile, cloud, and micro-service security assessments, as well as DevSecOps architecture and processes reviews. As a security engineer at Praetorian, he has completed more than 50 assessments including application penetration tests, cloud architecture reviews, cryptocurrency application assessments, and threat models for internet of things (IOT) products. Jesse also helps organizations mature their DevSecOps Maturity model by building security into their CI/CD pipelines. In addition to performing secure design reviews, Jesse develops tools to help automate security testing efforts, strengthen detection and response processes, and enforce secure policies in cloud environments.

Colby Morgan

Colby works as a Lead Security Engineer at Praetorian. Colby specializes in product security, architectural security, and cloud security. While at Praetorian, Colby has performed more than 80 security assessments, including application and hardware security assessments, threat models, and secure architecture reviews. Currently, Colby works as part of the Praetorian Labs team, focusing primarily on developing and orchestrating security tooling for static, dynamic, and architectural analysis.

Arun Raman

Arun Raman is VP of Cloud at Blue Hexagon, where he leads the development of scalable AI-based cloud security technology. Arun is a highly cited researcher and inventor with over 50 patents, 14 papers, and 2 book chapters. His work has been widely recognized both in academia and industry, including as an IBM Computer Architecture highlight. He was previously the technical lead of Qualcomm\'s compute platform for Deep Learning AI inference that shipped in millions of mobile devices. Arun has a PhD from Princeton University.

Kasey Cross

Kasey Cross is a Senior Product Marketing Manager at Palo Alto Networks, focused on technologies that improve security operations. She has more than 10 years of experience in marketing positions at cybersecurity companies including Imperva, A10 Networks, and SonicWALL. Kasey was also the CEO of Menlo Logic and led the company through its successful acquisition by Cavium Networks. She graduated from Duke University.

Patrick Pushor

Orca Security Technical Evangelist Patrick Pushor is a serial startup technologist having played early and key roles in over six startups across four countries in the past 12 years,including multiple cybersecurity and fintech companies. Previously, he worked as an independent consultant focused on infrastructure and integration projects in nearly every industry from national defense to agriculture. More recently, Patrick helped define the CSPM market as an early employee at Dome9 Security and is leveraging that experience at Orca Security to revolutionize how we think about and approach cloud workload protection.

Ryan Bergquist

Part of the Solutions Engineering Team at Invicti Security, Ryan graduated in Information Systems and Security as well as Computer Forensics and Security. Ryan has been working in the Cyber Security industry for 4 years through various roles in Security Engineering and Product Management. He is passionate about Cyber Security and technology in general.

Bassam Khan

Bassam Khan serves as Gigamon Vice President of Product and Technical Marketing Engineering, responsible for positioning and promoting the company’s products and solutions, as well as corporate and go-to-market strategy. Bassam brings a strong track record of more than 20 years managing products and marketing for security, cloud and collaboration technology companies. Prior to Gigamon, he held executive positions at ControlUp, AppSense, PostPath (acquired by Cisco), Cloudmark and Portal Software. Bassam holds degrees from Carnegie-Mellon University and Boston University.

Dinesh Subhraveti

Dinesh Subhraveti is a researcher, repeat entrepreneur and an inventor of container virtualization. As a part of his Ph.D. at Columbia University, Dinesh created the notion of container virtualization, a technology that profoundly impacts the way software is developed and deployed. Applying his early research, he drove industry\'s first Linux Container product for enterprise applications at Meiosys, a company that IBM acquired in 2005. Over the years, Dinesh\'s work is widely cited and has deeply influenced the industry and academia. He authored numerous patents and papers in the areas of virtualization, storage and operating systems.

27 & 28 May 2021 las mejores conferencias del mundo en vivo en: https://www.twitch.tv/hitbsecconf2021amsterdam/

Agenda: https://conference.hitb.org/hitbsecconf2021ams/agenda/

TRACK 1
https://www.youtube.com/watch?v=bKzuDC8psnc


TRACK 2
https://www.youtube.com/watch?v=Z0RPxB8Q_Zs

COMMSEC TRACK
https://www.youtube.com/watch?v=ZgjqduZFDYM