GSICKMINDS

information tech conferences

OCT 29-30-31, 2014

A Coruña / Spain

PALEXCO

Congress and Exhibition Center of A Coruña

Buy Tickets

The conferences will be 29, 30 and 31 of October from 9:00am to 7:00pm. This year there will be two main themes or tracks: Security and JavaScript. The regular ticket will give you access to all the talks, it's free!, so enjoy! :)

The workshops will run in parallel with the talks. We will do our best to ensure that the Security workshops are scheduled during the Javascript talks and viceversa, so you can attend most of the tracks you are interested in. Take a look at the schedule for more details.

Regular ticket (€0)

The regular ticket includes:

  • Access to all talks in both tracks.
  • Access to all activities organized within the conference.
  • Access to all conference discounts and gifts.

Buy Ticket

Workshops (€40)

Workshop details:

  • The workshop will be around 4 hours long.
  • You will need to bring your own laptop computer.
  • You will receive a certificate of completion after successfully completing the workshop.

Buy Ticket

Ticket + T-Shirt (15€)

The ticket + t-shirt includes:

  • Access to all talks in both tracks.
  • Access to all activities organized within the conference.
  • Access to all conference discounts and gifts.
  • You will receive a t-shirt

Buy Ticket

To access to talks is necessary have been registered previously.

Our Schedule

Talks

WEDNESDAY, OCT 29th

9:00 - 9:30
Registration
9:30 - 10:30
Presentation
10:30 - 11:30 TBD
Un pentester en la Guardia Civil
Javier Rodríguez | GDT (Grupo de Delitos Telemáticos)
11:30 - 12:00
Break
12:00 - 13:00 TBD
Auditando la casa del gobernador
Juan Garrido | InnoTec
13:00 - 14:00 TBD
1000 maneras de morir… usando Internet Explorer
Alfonso Muñoz | ElevenPaths - Ricardo Martín | ElevenPaths
14:00 - 15:30
Lunch
15:30 - 16:30 TBD
WebRTC, do you even JavaScript?
Iñaki Baz | eFace2Face
16:30 - 17:30 TBD
Scaling the enterprise
Richard Pack | Salesforce
17:30 - 18:00
Break
18:00 - 19:00 TBD
CSP Level 2: Defensa en profundidad para aplicaciones Web
Caridy Patiño | Yahoo!

THURSDAY, OCT 30th

9:30 - 10:30
GPU and Web UI Performance
Diego Ferreiro | Salesforce
10:30 - 11:30 TBD
The web is the platform: FirefoxOS
Alberto Pastor | Mozilla
11:30 - 12:00
Break
12:00 - 13:00 TBD
xUnit.js: Raw Javascript Unit Testing
John Buchanan | Salesforce
13:00 - 14:00 TBD
TBD
14:00 - 15:30
Lunch
15:30 - 16:30 TBD
Routers, el eslabón más débil
Oscar Tebar (Kifo/Cirin) | InnoTec
16:30 - 17:30 TBD
UFONet: Ataques DDoS via WebAbuse
Lord Epsylon| hacktivistas.net
17:30 - 18:00
Break
18:00 - 19:00 TBD
Hackeando el mundo 5.0
Angel Prado | Salesforce

FRYDAY, OCT 31th

9:30 - 10:30 TBD
Cómo hacer seguimiento de una campaña de Malware P2P
Marc Rivero | Seifreed.es
10:30 - 11:30 TBD
ARMette: ingeniería inversa de binarios ARM desde la emulación del userland
Gonzalo J. Carracedo (BatchDrake) | Tarlogic
11:30 - 12:00
Break
12:00 - 13:00 TBD
Todo son risas hasta que te cita el juez
Luis Jurado | Perseus Legal Corporation
13:00 - 14:00 TBD
Mesa Redonda Seguridad

14:00 - 15:30
Lunch
15:30 - 16:30 TBD
Latch to the rescue
José Palazón | ElevenPaths
16:30 - 17:30 TBD
Offensive Forensics – Asaltando a la mafia
Pedro Sanchez | Conexión Inversa
17:30 - 19:00
Closing

Workshops

WEDNESDAY, OCT 29th

9:00 - 9:30
Registration
9:30 - 13:30 TBD
FirefoxOS: My first FirefoxOS app
Alberto Pastor | Mozilla
14:00 - 15:30
Lunch
15:30 - 19:30 TBD
ECMAScript 6 - El futuro de JavaScript
Caridy Patiño | Yahoo!
15:30 - 19:30 TBD
Securización de servidores GNU/Linux
Carlos Lopez | Igalia - Javier Álvarez | British Telecom

THURSDAY, OCT 30th



9:30 - 13:30 TBD
Análisis Forense
Pedro Sanchez | Conexión Inversa
14:00 - 15:30
Lunch
15:30 - 19:30 TBD
Introducción al analisis de malware
Marc Rivero | Seifreed.es
15:30 - 19:30 TBD
Indroduction to D3: Data driven Visualization in the browser
Tyler Crimm | Salesforce

Our Speakers

InfoSecurity CONF

Offensive Forensics – Asaltando a la mafia

Pedro Sanchez | Conexión Inversa

@conexioninversa

Talk:

Your servers have been compromised, they're watching you, playing with your data and your SCADA systems. They're exorting you and things are starting to fail. It's time to take the control and come back to normality. In this conference we'll see how to conduct an Offensive Forensics against SCADA systems. How the control has got back, the used tools and the most interesting thing, a 0Day.

Bio:

I've worked with important companies as specialist consultant in Computer Forensics, Honeynets, intrusion detection, tricked networks and pen-testing. I've implemented the normative ISO 27001, CMMI (level 5), PCI-DSS and different security methodologies, especially in banking sice more than ten years ago. I also collaborate about security, expertise and computer forensics analysis with multiple comercial organizations and the forces and security firms of the state, especially with the Telematics Crime Group of the Guardia Civil (GDT), the Technological Investigation Brigade of the National Police (BIT), INTECO and Ministry of Defence. I have participated in JWID / CWID conference, organized by the ministry of defense, where I got NATO SECRET certification.

I am currently a member of the Spanish Honeynet Project, founder of the blog ConexionInversa and I'm also a computer special expertise assigned to the National Association Cybersecurity Technology and Expertise (ANCITE). Finally I'm totally an enthusiast of the Galician ribeye and 'empanada'.

Auditando la casa del gobernador

Juan Garrido | InnoTec

@tr1ana

Talk:

Active Directory services are the engine through which a company manages the services that can offer its customers, whether external or internal. Management control, SLA compliance, user control, systems management and integration of print services are some of the features that make a service governed by this infrastructure it attractive for IT administrators and managers. On the other hand, due to the amount of information that can be stored in Active Directory, these services are of particular interest in advanced persistent threat scenarios, where the information gathered during an intrusion is essential for the preparation of these attacks. This type of service allows System Administrators to configure and deploy Group Policy-based fortification guidelines and best practices, which, once implemented achieve an operating system meeting the requirements of the company, making this a more robust system... or the exact opposite. An attacker could use such platforms during an attack to downgrade the security of an organization, resulting in a much simpler attack setup and execution. A clear example is seen with the latest attack against Adobe, making contents of an internal user database public, including phones and other attributes pertaining to their LDAP directory service. That is why there is a need for analysis and audit services done with rigor, knowing all possible failure scenarios to successfully run a scalable deployment and maintain it in the future without degrading over time.

Bio:

Juan Garrido is passionate about security. Specializing in forensics and penetration testing, he has been working on security projects for over 8 years. Author of several technical books, among them the book 'Digital Forensics in Windows environments', which is in its third edition. Through other means, Juan regularly publishes technical articles in newspapers and specialized blogs. Juan is a frequent speaker at many major conferences at national and international events, including NoConName, RootedCON, Defcon, Troopers, BlackHat, etc...

Latch to the rescue

José Palazón | ElevenPaths

Talk:

Loose your password 20 times in 20 minutes and don’t care too much about it

Bio:

Head of software and security architect at 11Paths, has previously worked for mobile phone manufacturer INQ mobile and just before that was responsible for global mobile security at Yahoo!. With more than 13 years experience in security auditing, consulting and trainning for the public, private and academic sectors, his areas of expertise include big data and performance, mobile development, web security, unix systems security and digital forensics. Author of the "Secure Programming" textbook used in higher education and frequent international speaker, he has presented, among others, at DEFCON (Las Vegas), BlackHat (Washington), Shmoocon (Washington) and FOWA (London), as well as published vulnerabilities for mainstream software in key sites such as securityfocus.com.

Hackeando el mundo 5.0

Angel Prado | Salesforce

@PradoAngelo

Talk:

Hackeando el mundo 5.0

Bio:

Angelo Prado is a Senior Product Security Manager at Salesforce.com. He has worked as a software and security engineer for Microsoft and Motorola. Angelo has been involved with the security community for over 8 years, speaking at Black Hat USA, Hacker Halted, ToorCon, SecTor and GSICKMinds. Angelo is a Computer Science alumni from Universidad Pontificia Comillas, Madrid and has also attended University of Illinois at Urbana-Champaign. His passions & research include web application security, windows security, browsers, machine learning, malware analysis and Spanish Jamón.

1000 maneras de morir… usando Internet Explorer

Alfonso Muñoz | ElevenPaths - Ricardo Martín | Eleven Paths

@mindcrypt - @ricardo090489

Talk:

Any computer security professional recommend 1000 countermeasures to protect our information, our equipment and our networks. But sometimes a web browser is sufficient (although it is updated) to, in the simplest way, make a user compromise him personal information and information about him organization. In this session, we discuss privacy issues of IE using demos...

Alfonso Muñoz is Senior Cyber ​​Security Researcher in 11 Paths (Telefónica Digital - Identity & Privacy), where he worked in the research department generating radical and disruptive innovation on information security. Doctor in Telecommunications from the Universidad Politécnica de Madrid, specializing in cryptography / steganography and PostDoc by the Universidad Carlos III in the subject of Advanced Switching Networks. 10 years experience in the field of computer security in which he has worked on projects with European agencies and ministries in unconventional advanced projects. He has published over 40 articles in journals and scientific conferences prestige in the field of computer security, and is a regular speaker at conferences of computer security and hacking (DeepSec, RootedCON, cON No Name, GSICKMinds, ...). He currently has the CISA (Certified Information Systems Auditor) certification and is CEHv8 (Certified Ethical Hacker). He is (Co) editor of the thematic network cryptography and information security (CRIPTORED) where he directs projects like Intypedia, Thoth, DISI, TASSI, etc. and performs training / advanced Cybersecurity advice. He is a national coach in the program of Telefónica Talentum Startups looking young talented in the country.

Ricardo Martín Q&A Security Auditor in 11 Paths (Telefónica Digital - Identity & Privacy) which acts as a final barrier to the 'world' in detecting security problems in 11 Paths. Over 5 years of experience as a web pentester and reporting a significant number of vulnerabilities

UFONet: Ataques DDoS via WebAbuse

Lord Epsylon | hacktivistas.net

@psytzsche

Talk:

UFONet (http://ufonet.sourceforge.net/) is a free software tool designed to launch DDoS attacks (Distributed Denial of Service) against specific targets, using vectors 'Open Redirect' (601.html) on third party web applications, as a Botnet. In the v0.3b version is currently known as: Abduction. It allows many options including:

  • Automatic Update
  • Using proxies
  • Faking HTTP headers
  • Search 'zombies' in Google results (dorking)
  • Test vulnerabilities in 'Open Redirect' automatically
  • Attack against certain points in the target (large files, etc)

Bio:

Activist, free software developer and consultant specialized in data infrastructure attacks, has developed the following tools: Lorea, XSSer (present in BackTrack, Kali / Linux, etc.), CIntruder, AnonTwi, XSS-HTTP-Inject0r, Ecoin (crypto-currency), Codejobs, Noosphere, ...
He is an active member of OWASP (nominated as a candidate for Best Project Manager in 2013) and GNU. He has also been twice a mentor at the 'Google Summer of Code' . Currently, he conducts research in several fields related to cryptography, distribution and federation.

Cómo hacer seguimiento de una campaña de Malware P2P

Marc Rivero | eCrime.info

@Seifreed

Talk:

The traditional structures of malware are known by incident response teams. A URL of infection, another where download configuration and finally another where the data is sent. Being a centralized structure is easy perform the famous “takedown”. The business model also ajusts, it will show how marketed this KIT and how how you can get them now. Furthermore compared traditional structures, it is more complicated to track campaigns, because the nature has this networks. That is why we bring a tool with which to keep track trojans that use this technology. The creation of domains and the mechanism used by the botmaster recover control of the botnet.

Bio:

Security researcher. In the past he has been part of a successful team of fraud prevention, he has implement fraud protection and prevención to big client within banking sector. My job is to find solution to the problems of financial institutions with malware and fraud. Specialisties such as on malware analysis, forensics, reversing or ethical hacking are part of my daily tasks. I am international speaker, having lectured in Colombiam abd the major conferences in Spain. Among the conferences that I have been a speaker, i feature some as Owasp 2014 (Barcelona), DragonJAR Security Conference 2014 (Colombia), HighSec 2013 (Madrid), Navaja Negra 2013 (Albacete), Asociación Nacional de Tasadores y Peritos Judiciales Informáticos ANTPJI 2013 (Madrid y Tarragona), Owasp 7 edición 2013 (Barcelona), No cON Name 2012 (Barcelona), Reunión Española sobre Criptología y Seguridad de la Información RECSI (2012).

I am a partner in La Salle teaching the course MPWAR (Master in High Performance Web Programming) and Master in Cybersecurity. Member associations and research groups like HoneyNet Project, Owasp, SySsec etc ... I am also the organizer of the conference Hack & Beers in Barcelona.

Un pentester en la Guardia Civil

Javier Rodríguez | GDT (Grupo de Delitos Telemáticos)

@Javiover

Talk:

Como un antiguo pentester decide formar parte del Grupo de Delitos Telemáticos, historias varias sobre casos técnicos y las diferentes soluciones para resolverlos.

Bio:

Desde marzo de 2009, forma parte del Grupo de Delitos Telemáticos de la Guardia Civil, enmarcado dentro del Área de I+D. Anteriormente desarrolló tareas de auditor/pentester en diversas empresas de seguridad. Posee varias certificaciones (Corelan win32 exploit development bootcamp, Auditoria de Seguridad/Pentesting, CEH, etc) y una experiencia profesional de 10 años en el sector de la seguridad.

Routers, el eslabón más débil

Oscar Tebar (Kifo/Cirin) | InnoTec

@infiltrandome

Talk:

Explanation of fraudulent applications that can be given to a home router, as well as the exploitation of various models, troyanizacion, assembling a botnet, etc. We believe that by changing the name of the wifi and the key we are safe, but by default many home routers firmwares bring different vulnerabilities.

The talk explains the use that can be given to a home router, from redirecting the traffic of clients and sniffing it, using them for pivoting, or even to assemble a botnet of thousands of routers. Different techniques to get thousands of routers for our botnet will be explained, as well as the automation of this process to do it in the shortest time possible.

Bio:

Born in Cuenca, since an early age he loved to play with any 'electronic stuff'. Security auditor and (in)security enthusiast, frequent CTF player.

Todo son risas hasta que te cita el juez

Luis Jurado | Perseus Legal Corporation

@streaming10

Talk:

In this exposition I'm going to deal with different situations about IT security and criminal law. I will start explaining what happens when you are arrested by the police (arrest, transfer to police custody, detainee treatment, record sheet, what to do or not to do). And the other main assumption, without a police arrest: when you are served a subpoena from criminal court. It will be shown some examples of usual issues for an IT security expert from a legal point of view, how to defend the expert reporting vulnerabilities, deface, wrong forensic analysis, fraud, etc.
Finally, I will prove the importance of the evidence and the chain of custody as a system that guarantee your rights in a trial and why you should choose a criminal lawyer specialized in IT security if you are in this situations.

Bio:

I grew up as a poor boy in a humble neighborhood of the Bronx, but my history started long before, in a hot morning in Seville under the shadow of the Giralda...

ARMette: ingeniería inversa de binarios ARM desde la emulación del userland.

Gonzalo J. Carracedo (BatchDrake) | Tarlogic

@BatchDrake

Talk:

TBD

Bio:

Tarlogic consultant and PhD. student at USC in quantum computing. Although he's been fighting computers since the age of 11, he didn't begin to eviscerate binaries until Miguel Gesteiro put a succulent Delphi executable in his hands. Since then he makes a living reading machine code and programming kernels in his spare time.

VoIP pentest automated!

Jesús Pérez | Filterly

@jesusprubio

Talk:

Bluebox-ng is a GPL VoIP/UC vulnerability scanner written using Node.js powers. Our two cents to improve security practices in these environments and to make Node.js still more awesome. During this conference the first stable version (v0.1.x) will be presented, with some bugs fixed and these cool features: automation, report generation and performance.

Bio:

Jesús Pérez works as a fronted developer at Filterly, an American startup. Prior to Filterly, he has about two years as a VoIP/UC programmer and security specialist at a Galician telecommunications company. As result of his work as a pentester, he implemented Bluebox-ng. Moreover, he had collaborations as a visiting professor at FIC and the InfoSec blog Security by Default.

JavaScript CONF

xUnit.js: Raw Javascript Unit Testing

John Buchanan | Salesforce

Talk:

xUnit.js (http://xunitjs.codeplex.com) is a host-agnostic javascript unit test framework that can be run directly from the command line on Linux, Mac and Windows. Primarily file I/O based, and requiring neither an http server nor a browser, xUnit.js is a prime candidate for seamless inclusion in build automation systems, continuous integration environments, and even IDEs. With built-in support for headless unit testing in multiple hosts, including V8 (Chrome), SpiderMonkey (Firefox), JScript (IE 5-8), Chakra (IE 9+), and Rhino, xUnit.js can be run out of the box against the most popular script engines on the market. Using modular strategy patterns and an event-oriented architecture, additional host environments and file I/O delivery mechanisms can be incorporated simply and clearly. xUnit.js encourages developers and quality engineers to follow common testing patterns such as Arrange-Act-Assert, Single-Assert, and Behavior-Naming; and development patterns such as Loose-Coupling, Inversion-Of-Control, Dependency-Injection, and Design-For-Testability. Join us to talk about how to write testable javascript, and how to exercise your javascript APIs and programs cleanly and consistently.

Bio:

John Buchanan has been writing Javascript since 1997, and is an avid proponent of clean, sensible, automated testing. In 2006, John took an interest in applying unit testing concepts to pure javascript, and began to author an Open Source unit test framework. While working as a consultant with the authors of xUnit.net, John further expanded and developed the core concepts and goals of xUnit.js, incorporating facets of Test and Behavior Driven Design, as well as Boundary Management and Dependency Control.

CSP Level 2: Defensa en profundidad para aplicaciones Web

Caridy Patiño | Yahoo!

@caridy

Talk:

XSS is still the most common attack vector, and it's no secret that the majority of web applications are susceptible to some type of injection, providing a gateway to attack each user of the application. It is also not a secret that most Web developers pay little or no attention to this issue, and the tools available in the market to analyze the code and detect possible injection routes are based on heuristics, which implies that have very limited effectiveness. In late 2012, W3C accepted a proposal to standardize CSP 1.0, which describes a mechanical switch controlled from a server to a client to define policies to be followed by the web application, and declare a set of content restrictions. The main flaw in CSP 1.0 is its lack of flexibility, such as scripts online support, a deep-rooted practice in web developers, and many say is an essential functionality to any web application. Today, we CSP Level 2 as part of the new W3C standards, and even available in some browsers, and this promises to be much more effective and flexible at the same time. In this presentation we will cover details of CSP Level 2 and some best practices. At the same time, we want to provide a space to demonstrate the effectiveness of this technology through a hacking exercise.

Bio:

TBD

Scaling the enterprise

Richard Pack | Salesforce

Talk:

TBD

Bio:

Richard Pack has more than fifteen years experience in User Interface Design and Development for Enterprises Systems. Currently, Richard is an Architect at Salesforce.com where he is responsible for the Salesforce1 Platform, User Interface Development and Scalability Architecture. Richard was the architect of Salesforce1, the highest rated Enterprise Application on the App Store. Prior to joining Salesforce, Richard was the co-founder and CTO of CampaignSpring, where he designed and built a Social Media Marketing Automation Platform for the Enterprise. Prior to CampaignSpring, Richard has worked at Hyperic, SeeSaw Networks, Intuit, Xilinx and Veritas, working on web-based systems like Ad Distribution Optimization, Data Center Management, Enterprise Data Management and SMB Accounting. Richard is a 4 time speaker at JavaOne and has spoken at conferences such as SDWest, UIE and Dreamforce among others. He spoke on topics such as Client and Server-side based Web Frameworks and Mobile Web Development. He has also appeared as panelist at Stanford’s MediaX. Richard also serves as a technical advisor to early stage startups.

The web is the platform: FirefoxOS

Alberto Pastor | Mozilla

@pastoret

Talk:

Introductory talk to the FirefoxOS project, the brand new mobile operating system brought by Mozilla. What are the main reasons for this new OS joining the game? What are the technologies behind it? How can I create apps for it? These, and so many other questions will be answered in this talk.TBD

Bio:

Software Engineer at Mozilla, working in the FirefoxOS project. Previously worked in companies like Telefonica Digital or Skype. Open Web enthusiast and Javascript lover.TBD

WebRTC, do you even JavaScript?

Iñaki Baz | eFace2Face

@ibc_tw

Talk:

WebRTC, this new hype in Internet technology. What is and what is NOT. A pragmatic view of an emerging technology that, by itself, is nothing. Someone could see an embedded phone on the web, and others would never think in doing this. WebRTC, the fusion of real-time multimedia communication and the Web. Two opposite fields converge here to create a new paradigm in application development. Tell me where you come and I'll tell you what to do with WebRTC.

Bio:

Iñaki is a real-time communications developer with expertise in the SIP protocol and WebRTC. Currently he is a dedicated WebRTC enthusiast in both server (C/C++) and client sides (JavaScript), gaining experience in real-time applications and web development. Iñaki is the main author of RFC 7118 “The WebSocket Protocol as a Transport for SIP”, and leads and contributes to open-source projects such as OverSIP and JsSIP.

GPU and Web UI Performance

Diego Ferreiro | Salesforce

@diervo

Talk:

Mobile and modern desktop web browsers can leverage the graphics processing unit (GPU) to accelerate page rendering. This is especially relevant for CSS3-driven features like transitions, animations, transformations, and many others. Drawing from our experience in developing our next generation mobile UI, join us as we dive into real examples showing how to optimize your code to fully leverage all the powers of the GPU. We'll cover techniques for improving the performance of browser repaints and reflows, and demo the latest tools for diagnosing bottlenecks in the browser-rendering engine.

Bio:

Diego Ferreiro is a Principal UI and Web performance engineer at Salesforce. He was previously at Yahoo!, working in the Search Platform Team migrating the architecture to use NodeJS and Mojito. Diego spend his days worrying about web performance, 60fps animations, and making the UI faster.

Our Workshops

Análisis Forense

Pedro Sanchez | Conexión Inversa

@conexioninversa

Workshop:

MODULE 1: Methodology of forensics analysis based on new Spanish Normative - UNE 71505/506

  • Legal considerations against an incident.
  • Stepts to have in account during an evidence acquisition.

MODULE 2: Windows : Filesystem analysys with file master table

  • $MFT
  • $UsnJrnl
  • $Logfile

Timeline elaboration
Forensics Analysis in Windows environments (artifacts)

  • Shellbags
  • jumplist
  • Prefetch
  • LNK
  • Trash
  • setupapi
  • Events viewer.
  • USB's

Forensics analysis to the memory (arifacts)

  • Obtaining processes.
  • Passwords acquisition.
  • Pagination file analysis.

Tools to analyse the memory

  • Obtaining a memory file.
  • Obtaining a program structure.

Advanced file recover
Metadata
Compromise indicators

  • How to find malware with compromise indicators.

Bio:

I've worked with important companies as specialist consultant in Computer Forensics, Honeynets, intrusion detection, tricked networks and pen-testing. I've implemented the normative ISO 27001, CMMI (level 5), PCI-DSS and different security methodologies, especially in banking sice more than ten years ago. I also collaborate about security, expertise and computer forensics analysis with multiple comercial organizations and the forces and security firms of the state, especially with the Telematics Crime Group of the Guardia Civil (GDT), the Technological Investigation Brigade of the National Police (BIT), INTECO and Ministry of Defence. I have participated in JWID / CWID conference, organized by the ministry of defense, where I got NATO SECRET certification.

I am currently a member of the Spanish Honeynet Project, founder of the blog ConexionInversa and I'm also a computer special expertise assigned to the National Association Cybersecurity Technology and Expertise (ANCITE). Finally I'm totally an enthusiast of the Galician ribeye and 'empanada'.

Buy Ticket

Securización de servidores GNU/Linux

Carlos Lopez | Igalia - Javier Álvarez | British Telecom

@cl0p3z | @joakkinen

Workshop:

This workshop will exhibit the main practical techniques to ensure maximum our GNU / Linux servers to any threat. They will be discussed from the basic concepts of physical security and access permissions, to more advanced tools like intrusion detection and improved security with SELinux. In addition to explaining the technical concepts and supporting them with practical demonstrations, we will provide the basic guidelines for the wizard is able to evaluate the tools and techniques most suitable for your particular deployment. The main idea is that the listener gain a complete picture of securing GNU / Linux servers, how to organize the process and identify the highest priority tasks.

Carlos Bio:

More than 6 years experience as administrator GNU / Linux systems. It is an active member of the Debian distribution (maintainer) and developer of the Aircrack-ng suite.

Javier Bio:

RHCSA. ITIL.
I've worked as a sysadmin in important organizations like Prisacom and British Telecom. Managing infrastructures with critical services for banking and mass media. I also worked 5 years as an ITIL consultant, involved in projects to get the ISO-20000 certification (quality management), and in the optimization of the user support center of the old CaixaGalicia. Now I'm a BT system analyst member of the ABANCA systems area team, responsible of GNU/Linux and AIX servers of the bank.

Buy Ticket

Introducción al analisis de malware

Marc Rivero | eCrime.info

@Seifreed

Workshop:

The workshop is a introduction to malware analysis, in the workshop will learn that tasks takes a malware analyst. Analyzing samples step by step, some crackme also familiarize with the debugger, etc. You can see how it works on a malware infection campaing. Concepts such Dropper, Exploit Kit, packer and other items that we can find in the ecrime world will be analyzed.

Buy Ticket

Indroduction to D3: Data driven Visualization in the browser (Workshop in English)

Tyler Crimm | Salesforce

Workshop:

The amount of data generated daily continues to increase at a nearly exponential rate, and yet the utility of having this additional information has yet to follow the same curve and continues to fall further and further behind. This workshop aims to turn the tide and provides a brief introduction to D3 with the hopes of enabling more meaningful explorations of the ever-increasing streams of data created as we gradually ease over the cusp of the Internet of Things.

Bio:

Tyler is currently a software engineer at Salesforce.com where he works on UI across a far-too-large range of supported devices and platforms. Mr. Crimm has found Javascript to be his tool of choice in exploring the realms of human-computer interaction with projects ranging from using a NES controller to control Pandora to visualizing the tendencies of baseball players in the MLB.

Buy Ticket

ECMAScript 6 - El futuro de JavaScript

Caridy Patiño | Yahoo!

@caridy

Workshop:

Javascript is currently the most popular language, and using, this is for good or ill, surprise to many. But the reality is that for many years, was a stagnant Javascript language. Fortunately, with the growth in popularity over the years 2005, probably because of the discovery of AJAX and the boom of Web applications, ECMAScript (the standard that describes the language known as Javascript) finally took a new course, and ECMAScript 5.1 was finally approved in 2011. This review focused on new language and basic security features, without introducing new syntax. We are on the threshold of the new review, ECMAScript 6, also known as Harmony or ES6, which promises to be a massive overhaul, with new syntax and new features today. In this workshop, we will cover some of the new specifications, but more importantly, we will describe how we can use these features today, even though browsers have not implemented most of them. Today we are in a very favorable situation compared to some years ago, now have available a number of tools for analyzing and transforming Javascript code as well as countless polyfills (or alternative implementations of the rules of ECMAScript) that allow us to evaluate and to use future functionality, proposals, and recommendations of the language without having to wait for browsers implement the regulations. Some of the exercises will be focused on learning the new syntax, the rest will focus on the tools to use the new features and policy today, in preparation for the future.

Buy Ticket

FirefoxOS: My first FirefoxOS app

Alberto Pastor | Mozilla

@pastoret

Workshop:

In this workshop we'll create an app for firefoxOS from scratch. We'll go over the available API's, Manifest creation, offline support and permissions. Feel free to bring you own wen app and get help to get it ported to firefoxOS as well!TBD

Bio:

Software Engineer at Mozilla, working in the FirefoxOS project. Previously worked in companies like Telefonica Digital or Skype. Open Web enthusiast and Javascript lover.TBD

Buy Ticket

Our Venue

OCT 29-30-31, 2014

A Coruña / Spain

PALEXCO

Congress and Exhibition Center of A Coruña

Tweet this
Muelle de Transatlánticos, s/n, 15003 A Coruña | (+34) 981 22 88 88

A-9 | Autovía del Noroeste | N 634

Latitude 43º 22´ 8.3´´ North

Longitude 8º 23´ 56.9´´ West

Renfe station

Joaquín Planelles Riera s/n

P: (+34) 902 240 202

Alvedro Airport

(Just 8 km from downtown)

P: (+34) 902 404 704

About Us

GSICKMINDS is an event created by and for people like you: passionate about technology, who enjoy sharing knowledge and do not see a better way to learn than doing. Gildas Avoine, David Barroso, Chema Alonso, Rubén Santanmarta, Angel Prado, Juliano Rizzo, Alejandro Ramos, Alfonso Muñoz, Jose Selvi ... are some of the 'sick minds' we had to date.

For our sixth year we are introducing important innovations: the event will be held from Wednesday to Friday , moved to PALEXCO (capacity problems are over!) and, for the first time, you can choose between Security or JavaScript talks and workshops.

GSICKMINDS is organized by the Information Security Group of A Coruña (GSIC), born in 2009 under the sponsorship of the School of Computing of A Coruña and the University of A Coruña, in order to promote the development of secure information systems and propose solutions that protect the integrity and confidentiality of digital assets.

Natalia
Gomes

@natagom

Ángel
Prado

@pradoangelo

Roi
Mallo

@rmallof

Ismael
Faro

@ismaelfaro

Miguel
Gesteiro

@mgesteiro

Jose Eulogio
Cribeiro

@weros

Andrea
Slugenova

@_Andreusky

Arturo
Silvelo

@arturosilvelo

Sergio
García

@s3rgiogr

Jesús
Pérez

@jesusprubio

Ananda
Rio

@anandarionunez

David
Hermida

@Moussenger

Diego
Ferreiro

@diervo

Álvaro
F

@the_avo

Gallery Archive Press