He passed the Ekoparty and the truth that was better than last year.
The organizers "have" improved it a lot, first in the place they chose, the Borges Cultural Centerin the Pacific gallery, later with talks that were of the same level as other conferences and something that I personally liked a lot was the PacketWars, the adrenaline that ran at the time of playing is indescribable, those who played it lived the same.
We arrived early with Sebastian and we did the accreditation without delays practically.
At the table, I already saw familiar faces.
Alexa It was the first one I recognized although I had never seen it personally, only for photos, I knew its website and the link with Wikimedia Argentina. Then I saw the "Famous" Francisco Amato for his "EvilGrade"Which had presented it in the ekoparty of last year and then with the vulnerability of Dan Kaminsky he became more "famous";).
Veronica was the "heavy" girl with her tatoos who was the only woman in the organization of the ekoparty last year, but this year she was going to see more girls, Alexa and Burbuja (Lorena Giraldo). Burbuja is a Colombian girl who has lived here in Argentina for a long time and works in Metrovias in Buenos Aires and came last year to the ekoparty, now she was part of the organization of the ekoparty.
Then we found dear Andrés Riancho the creator of w3af which I met him in the ekoparty of last year and since then we have been in contact, I have contributed with the project from the Bugs report, to the Installer for Windows and Openware has contributed to the development of the GUI as well as looking for place for example in the Free Software Days to be present and in other factors and being a Sponsor with Cybsec.
Then even though the first talk had not yet started I see a familiar face, and even though there was only one photo of him on the Internet I recognized it, Ricardo Narvaja, the creator and moderator together with RedH @ wK from the list CracksLatinos and next to him Solid Y + NCR / CRC another two big "crack";)
And as the minutes passed before the first talk they were seeing more and more familiar faces.
The nice thing was that many also remembered me and that surprised me since I did not think it was like that.
After pure chance I found at @ ky one of the guys who won the ticket by answering some questions from the bugle supplement, Next.
In the course of the event I met Vampii, the winner of the phrase of the ekoparty, "Vi root and between".
The event opened Dave Aitel talking about security and IDS.
Then came the talk of Victor Muñoz talking about "Console Hacking" which was for me one of the most liked since it went out of the ordinary. The explanation of why the security of the consoles Xbox 360, Wii, PS2. All the chain of confidence that is armed in the devices inside these consoles so that they do not pirate the games, you can not do cheats, modify the saved screens and force their use exclusively for games. As for example in the protection of the Wii that has 7 levels of protection from the ROM until reaching the disk, breaking the BOOT1 level for a problem in the memory comparison that instead of making a mencmp was actually a string comparison ( menstr) and that by putting a value of NULL (0x00) as the first value, all the other protections were unusable and could reach the disk. He made a program called "Trucha Signer".
Then he came Mariano Nuñez Di Croce with his talk of "SAP Penetration Testing & Defense In-Depth" and the explanation about the in-security in SAP and the Sapyto Framework, which I already knew about last year but this year was improved and with a new Logo;)
Nicolas Economou gave the talk "Code Injection On Virtual Machines" which was also one of the most interesting because it is something I usually work with. I explain how from a HOST in Windows GUEST can be accessed, read memory, write it and get to execute code without anything stopping or stop working. He demonstrated remote code execution within the GUEST.
Domingo Montanaro gave the talk of "In-Depth Anti-Forensics - Challenges of Steganography on Discovery Hidden Data" was similar to last year's although he skipped some parts in which he had expounded last year. This year luckily nothing happened with your notebook and I think that there was no problem with this style in this ekoparty. +1 for that. There were a couple of "Patovicas" taking care of and doing security in the eko.
After this was the Packetwars which I played and as I said at the beginning, was one of the best things about the ekoparty. The game consisted of only one thing, hacking the most amount of machining. There were three networks, in these two were the Server to attack, 10.0.10.0/24 and 10.0.20.0/24 and the other network were the players, 10.0.30.0/24. It was worth everything and against everyone. A presentation video was shown, the game was explained, the attack began. Music at full volume ideal for that moment, all scanning ip ranges, discovering what servers there were, which ports were open, running services pulling all kinds of tools and exploit's and telling us how much time we had left. Adrenaline ran through our veins and many spectator boys watching what we were doing. I was able to enter an ftp. The one who took the prize from the jig that he wanted all the ekoparty was Andres from Peru who owneo a pair of Server completely. It will be because Andrew came to the Trainings of the Ekoparty?
The second day began with Sebastián García's talk with "Tell me how you attack and I'll tell you who you are" in which he made an investigation with Honeypots for about three years looking at the behavior of those who attacked their honeypots and drawing relationships between the attackers as so close they were among them, what countries they were, if they belonged to some team, etc. They had an average server session per day, in total 280 sessions (user / password) in three years, the curious thing they discovered is that for almost a year they have not received more. They saw that the attacks decreased and that nowadays the attacks are more on websites. It was also one of the best talks for the way Sebastian explained it.
Nelson Murilo and Luis Eduardo gave the talk "Beholder: New tool for WIFI monitoring "in which they presented the first OpenSource WIDS, Beholder. They gave a demo of their tool. They also talked about Karma, a security testing tool for wireless clients.
Hugo Scolnik gave the talk "Attacking RSA through a new method of integer factorization" in which he has been working on it for more than 3 months. It was a purely mathematical talk. He started by explaining the RSA algorithm and then he described the discovery he was making to reduce the possibility of reaching the result. He is currently using a filter technique to reduce the chances of reaching the result. A few months ago I had thousands of chances to get to the result and today with this filter technique has five possibilities. The maximum target is 1440.
After the Lunch Maximiliano Betacchini came and Luciano Bello with the talk of "Debian's OpenSSL random Number generator Bug" in which they explained the known bug in Debian. Personally I had researched the bug a lot since I gave a class in i-sec about it. Luciano made the talk quite funny and understandable. He also made a vulnerability demo attacking a trust relationship against a server with all previously generated private keys. I explain the amount of SSL certificates that were still vulnerable. I also explain how Debian is working to improve in this aspect and in others.
Nicolas Economou and Alfredo Ortega gave the talk "Smartphones (in) security" in which they created a bug on purpose in the iPhone and Android phones to explain what security was like and how similar they were to each other. Nicolas created his own debugger for the iPhone and Alfredo used the gdb. They made a demo with the iPhone as it could remotely be called by phone, in this case Luciano offered with his phone number in which to run the exploit I call him on his cell phone.
Alexander Sotirov He gave the talk "Blackbox Reversing of XSS Filters" in which I explain about the XSS filters that can be used. In addition Alexander is the creator of the pwnies awards.
After the talks, the prizes were awarded to those who won the PacketWars and then came the wardriving through the city of Buenos Aires along with Juan Pablo who, with his antenna and GPS, assembled the AccessPoint map of Buenos Aires. We were almost all with our notebooks and the kismet looking for AP with friendly names while Luciano became a tour guide to those who did not know Buenos Aires.
The party of the ekoparty this year ended in a bowling of the Costanera in which were several speakers and also those who attended the conference. We were all much more relaxed and we could chat about different topics.
Conclusion: It is a unique event in Argentina in which the technical level of talks on Security is what prevails and personal relationships as well. Thanks to Openware for giving me the possibility to go, I hope some year to be giving a talk.
Congratulations to all the organizers of the ekoparty.
Photos of the event and comments can be viewed at: http://picasaweb.google.es/ulises2k/Ekoparty2008#