GSICKMINDS 2015

information tech conferences

NOV 20-21, 2015

A Coruña / Spain

PALEXCO

Congress and Exhibition Center of A Coruña

Buy Tickets

The conference will take place on the 20th and 21st of November from 9:30 am to 8:00 pm. There will be two main themes or tracks: Security and JavaScript.


Workshops will run in parallel with talks. We will do our best to ensure that Security workshops are scheduled during the Javascript talks and viceversa, so you can attend most of the tracks you are interested in.

Regular ticket (30€ / 20€ student)

Regular ticket includes:

  • Access to all talks in both tracks.
  • Access to the Hackaton (separate registration required).
  • Access to all activities organized as a part of the conference.
  • Access to all conference discounts and gifts.

Buy Ticket

Workshop (50€ / 30€ student)

Details:

  • All Regular ticket benefits.
  • 4 hours of training course.
  • Your own laptop is required.
  • You will receive a certificate of completion after successfully completing the workshop.

Buy Ticket

Training (190€ / 80€ student)

Details:

  • All Regular ticket benefits.
  • 16 hours of training course (Wednesday and Thursday).
  • Your own laptop is required.
  • You will receive a certificate of completion after successfully completing the training.
  • You'll receive a GSICKMinds t-shirt.

Buy Ticket

** You must present a valid student card to be eligible for the discounts.

Salesforce Hackaton

  • Free registration for GSICKMinds attendees.
  • More than 6.000€ in prizes!
  • Rules and schedule coming soon.

Lightning Components Hackathon is an event produced by Salesforce that is designed for GSICKMinds attendees (technical & non-technical) to build apps/components using Salesforce technologies, and compete for prizes across different categories and most importantly: meet new people and scout for teammates to work on new or current projects.

We supply quick presentations and code samples that help to bootstrap your hacking, food to keep you going, and caffeine to keep you awake. Along with technical ninjas to assist you in building faster, smarter, and with new tools.

Our hackathon will introduce you to the latest cutting edge tools to help deploy your own web/hybrid app in Salesfoce, fully hosted in the cloud.

You can start learning and getting ready to Hack with Lightning here.

Speakers

Juan Garrido

Security Consultant - InnoTec

@triana

Juan’s passion is security. As a consultant specializing in forensic analytics and intrusion test, Juan has worked on security projects for over 9 years. He is an author of various books about technology including the third edition of 'Forensic digital analysis of Windows environments'. Juan also publishes articles about technology in specialty magazines and blogs and is a regular speaker on several of the most important national and international conferences including GsickMinds, RootedCon, Defcon, Troopers, BlackHat, etc You can find out more about Juan here: SBD or on his personal blog: http://windowstips.wordpress.com]

:: Sim city

Smart City represents a romantic and close vision of future. Intelligent meters or traffic control systems are some of the technologies, which, once connected and adapted in each city zone, will be able to change it to the “smart city”, providing valuable information like traffic status, free parking spots, air quality, etc. In this presentation, we will show the IoT ecosystem of some cities as well as the electronics used. We will also analyze ways of attack, exploitation and post- exploitation.

Julian Shaphiro

Webflow

@shapiro

Julian Shapiro is startup founder and the creator of the Web's most popular standalone animation engine, Velocity.js. He lives in San Francisco.

:: UI Performance

How UI performance leads to flow-state, which increases user productivity and engagement

Pedro Sánchez

ConexionInversa

@conexioninversa

Pedro worked as a consultant in well-known companies specializing in Computer Forensics, Honeynets, detection of intrusions and pen–testing. Within the period of 10 years, he has implemented ISO 27001, CMM (stage 5) and PCI-DSS norms and different security methodologies, especially in banking sector. Pedro also collaborates on security, expertise and computer forensics with different business organizations and forces of national security, especially Telematics Group Crimes of the Civil Guard (GDT), la Technological Investigation Brigade of the National Police (BIT), INTECO and Ministry of Defense. Pedro also participated on JWID/CWID conference organized by the Ministry of defense where he earned the OTAN SECRET certificate. At the moment, Pedro is a member of the Spanish Honeynet Project and he started a blog called "Conexion Inversa". Big fan of empanada gallega and inveterate galician steak (el chuleton Gallego).

:: Surprise!

Qingqing

Mobile Architect - Salesforce

Qingqing is a Software Architect at Salesforce where she works on the mobile apps including Salesforce1 and Salesforce Wave Analytics. When Apple launched the first iPhone in 2007, she launched her first mobile app as a side project, which is where her love for ‘all things mobile’ began! She loves to hear feedback on the apps she built, and lives by her motto, “Be the change you want to see.”

:: Re-use your Javascript Logic without Introducing WebView to your Native iOS Apps

Ángel Prado

Director Security - Salesforce

@pradoangelo

Angelo Prado is a Senior Product Security Manager at Salesforce.com. He has worked as a software and security engineer for Microsoft and Motorola. Angelo has been involved with the security community for over 8 years, speaking at Black Hat USA, Hacker Halted, ToorCon, SecTor and GSICKMinds. Angelo is a Computer Science alumni from Universidad Pontificia Comillas, Madrid and has also attended University of Illinois at Urbana-Champaign. His passions & research include web application security, windows security, browsers, machine learning, malware analysis and Spanish Jamón.

:: Hackeando el mundo 5.0

TBD

Luciano Bello

PhD. Researcher - DefaultWork

@microluciano

I'm a Debian Developer, a PhD student and a curious guy :)

:: What's academia doing towards a more secure JavaScript

Esta charla intentara dar una idea sobre el estado del arte e intentara ser un disparador sobre que temas le interesan a la industria y le escapan a la academia (y viceversa)

Juan Puig

Lead Engineer - Visa

@jpuigm

Juan has been building distributed and scalable backend services for 5+ years in industries like financial, networking, gaming, and messaging among others. He has got wide and international experience in Erlang systems and he’s spoken at several conferences about performance and scalability of Erlang applications.

:: Scalability and performance of distributed systems

Doug Chasman

Disthinguished Engineer - Salesforce

@dougchasman

Bio coming soon...

:: Lightning Components - JavaScript in the Enterprise

Lightning Components is a component technology from Salesforce, based on the Aura Framework. In this session we will discuss how this technology is used, how it works, and how it addresses the needs of the Salesforce multi-tenant enterprise cloud. Attendees who are familiar with JavaScript, HTML, CSS, and various frameworks and toolkits will learn how to use these with Lightning Components. Additionally, topics such as Salesforce packaging, monetizing components on AppExhange will be covered.

Alfonso Muñoz

Cyber Security Researcher - ElevenPaths

@mindcrypt

Alfonzo is a Senior security researcher at 11 Paths (Telefónica Digital - Identity & Privacy), where he works in the research department that generates radical and disruptive innovation in information security. He holds a doctorate in telecommunication from the Polytechnic University in Madrid, specializing in cryptography/ stenography and a PostDoc from the University of Carlos III in Advanced Switching Networks. Alfonso is an information security professional with more than 10 years of experience working on project for different European organizations, ministries and multinational companies. He has published more than 40 articles in prestige journals and scientific conferences and is a regular speaker on information security and hacking conferences like DeepSec, RootedCon, No cON Name, GSICKMinds, etc. Alfonso also holds the CISA (Certified Information Systems Auditor) and CEHv8 (Certified Ethical Hacker) certificates. He is a co- editor of the thematic network of cryptography and information security (CRIPTORED), where he manages projects of massive diffusion (Intypedia, Thoth, DISI, TASSI, etc.) and gives advanced lessons on Cybersecurity. At the same time, Alfonso is a selector in the Telefonica Talentum Startups program, where he searches for young national talents.

:: Hacking with stegomalware. Real threat?

Steganography is a science as old as the human need to protect their secrets. For years- if not centuries- this used to be a very elite, even mystique science linked to the world of politics and military. Many researchers see it as a kind of a peculiar technique, which does not have a great impact on how we protect our daily communication or its link to the information systems security. In this paper, we will summarize most interesting techniques of stenography that can be used not only to hide malware but also to run it. We will see examples of different antivirus solutions responding on different platforms.

Jose Luis Verdeguer

Responsible for systems - ZoonSuite

@pepeluxx

Technical IT engineer, Masters of Application development and Web services. Currently responsible for systems at ZoonSuite, operating VoIP.

:: Telephonic fraud

Analysis of different techniques of misconfigured VoIP systems abuse through obtaining accounts from users to the possibility of making calls without the knowledge of system user or password. Detection of system abuse and traceability of calls.

Marc Rivero López

DefaultPosition - DefaultWork

@DefaultTwitter?

Established an anti- fraud team. Marc implemented fraud protection and prevention for different clients in banking sector nationally and internationally. His work consists of finding solutions to today’s as well as future problems connected with malware code and fraude in financial institutions. Analysis of malware, forensic analysis, inverse engineering or ethical hacking is part of his daily routine. Marc is a regular speaker on national (NocONName, Owasp, Navaja Negra) and international (DragonJAR CON - Colombia) events. He is also an associate professor at La Salle university where Marc teaches a class on MPWAR (Master in High Performance Web Programming) and cyber- security (MCS. Master in Cybersecurity). Marc is a member of research associations and groups like HoneyNet Project, Owasp, SySsec etc.. as well as organizer of Hack&Beers conference in Barcelona.

:: Eight years of APT’s – What did we learn?

In this part, Marc will explain last 8 years of APT’s attacks on corporations. In such attacks, he will show you the most significant details and lessons we learned so far from each of them. Marc will demonstrate patterns in common use by the different actors of APT’s. We will also discuss the ecosystem of defense against these attacks in big corporations.

Javier Rodriguez

Cybercrime Unit - GDT (Guardia Civil)

@Javiover

Javier has been a part of R&D "Group of telematics crimes of the Civil Guard" since 2009. He previously developed tasks for audit/ Pentesting in different security companies. Javier holds various certifications like Corelan win32 exploit development bootcamp, Security audit/ pentesting, CEH, etc. and has over 10 years of experience in the security sector.

:: TBD

Alberto Pastor

Software Engineer - Mozilla

@pastoret

Software Engineer at Mozilla, working in the FirefoxOS project. Previously worked in companies like Telefonica Digital or Skype. Open Web enthusiast and Javascript lover.

:: The future of FirefoxOS

Borja Salguero

Firefox OS Engineer - Telefónica

@borjasalguero

Web technologies passionate and Vespa enthusiast, I’ve been working in FirefoxOS trying to do the same as Enrico Piaggio did with the Scooter, make the web technologies affordable to everybody.

:: Let’s keep it simple, let’s support the Web!

Daniel Kachakil

Software Architect - ElevenPaths

@Kachakil

Ingeniero en informática y máster en ingeniería de software. Arquitecto de software y 'head of challenges' en Eleven Paths. Participante habitual en numerosos retos de hacking ético a nivel nacional e internacional, online y presenciales, de forma individual y en equipo (int3pids), habiendo ganado u obtenido puestos destacados en la mayoría de ellos. Ponente en varias conferencias y cursos relacionados con la seguridad informática.

:: Workshop: Introduction to web hacking

Daniel García

Malware Analyst - Panda Security

@danigargu

TBD

:: Workshop: Introduction to exploiting

Diego Ferreiro Val

Principal Engineer - Salesforce

@diervo

Diego Ferreiro is a Principal UI and Web Performance engineer at Salesforce. He was previously at Yahoo!, working in the Search Platform Team migrating the architecture to use NodeJS and Mojito. Diego spend his days worrying about web performance, 60fps animations, and making the UI faster.

:: Workshop: 'Node: Road to Ninja!''

Jesus Pérez

Lead Mobile Developer - eFace2Face

@jesusprubio

Jesús is Node, free software and security enthusiast. At the moment he works on mobile technologies and previously as a Node/ JavaScript developer in Filterly. Jesus also worked as a VoIP programmer, security expert as well as systems administrator. As a result from his job as a pentester (and his free time), Jesus implemented a VoIP vulnerability scanner called Bluebox-ng. He also contributes as a guest professor at FIC (Faculty of informatics), where he directs several final projects and contributes to the "Security by Default" blog.

:: Workshop: 'Node: Road to Ninja!'

Ignacio Sorribas

Security Consultant (Pentester) - NCC Group

@NachoSorribas

Ignacio Sorribas Mollar (a.k.a. h4rds3c) is a computer engineer from the University Jaume I de Castellon and a information security specialist with CISSP®,OSCP®, CCNA® y CCNA Security certificates. He is currently a Security Consultant (PenTester) at NCC Group. Ignacio also used to be an external professor at the Lifelong Learning Center (CFP) of the Polytechnic University in Valencia, where he imparted a PenTesting module for the "Information security course" as well as an external professor at the “Fundació Universitat Empresa (FUE)” of the University Jaume I de Castellon where he imparted security of operation systems and metasploit module for the "Advanced security course: Attack and Defense". Ignacio is a big fan of security challenges (CTFs). As a member of W3b0n3s,

:: Workshop: 'Pentesting with Metasploit... and more!!'

Oscar Tebar

Pentester - InnoTec

@infiltrandome

Oscar is from Quenca. He is a security auditor and information (un) security enthusiast as well as regular participant in any CTF and speaker on different national conferences.

:: Workshop: 'Pentesting with Metasploit... and more!!'

Tyler Crim

Software Engineer - Salesforce

Tyler is currently a software engineer at Salesforce.com where he works on UI across a far-too-large range of supported devices and platforms. Mr. Crimm has found Javascript to be his tool of choice in exploring the realms of human-computer interaction with projects ranging from using a NES controller to control Pandora to visualizing the tendencies of baseball players in the MLB.

:: Workshop: Introducction to React and friends

:: Pentesting con PowerShell

Our Workshops

Node: Road to Ninja!

This workshop will be fundametally hands-on, every concept and topic will have its own snippet of code to follow along. We will learn how to design interfaces and build API's (Express / Hapi), database integration (NoSQL and real-time), deployment in Heroku, and how to integrate all this in a “build system”. Our goal and focus it to learn about architecture, abstract problems and have a global vision about the posibilities and design pattern when building complex systems.

  • Node, history and architecture
  • Design patterns
  • Web services and APIS
  • Security
  • Performance

Diego Ferreiro Val

@diervo

Principal Engineer - Salesforce

Jesus Pérez

@jesusprubio

Lead Mobile Developer - eFace2Face

Pentesting with Metasploit... and more!!

We will demonstrate how to configure and use Metasploit, how to combine it with other pentesting techniques and tools, how to save the results of our PenTests in a database, how to pull the most out of the Meterpreter and its extensions, how to swing from one host to the rest of the LAN, etc. This workshop will show the power of Metasploit during a Pentest, as well as how to use not only one console but other important tools that incorporate Framework that can be combined with different hacking techniques.

Profundizaremos bastante en el uso de 'Meterpreter', utilizando las sesiones como 'gateway' para pivotar en la red interna, utilizaremos extensiones como 'Incongnito' o 'Mimikatz' en entornos windows para escalar privilegios dentro del directorio Activo, mostraremos como funciona el ataque 'PassTheHash', como escalar privilegios en un Windows 7 con UAC activado utilizando 'BypassUAC' y como utilizar nuestra sesión activa para capturar tráfico de red entre otras cosas. Para mostrar todo lo anterior contaremos con un laboratorio formado por maquinas virtuales que simularán una completa red corporativa que los asistentes deberán atacar.

Ignacio Sorribas

@NachoSorribas

Security Consultant (Pentester) - NCC Group

Introduction to web hacking

Daniel Kachakil

@Kachakil

Software Architect - ElevenPaths

Introduction to exploiting

Daniel García

@danigargu

Malware Analyst - Panda Security

Our Venue

NOV 20-21, 2015

A Coruña / Spain

PALEXCO

Congress and Exhibition Center of A Coruña

Tweet this
Muelle de Transatlánticos, s/n, 15003 A Coruña | (+34) 981 22 88 88

A-9 | Autovía del Noroeste | N 634

Latitude 43º 22´ 8.3´´ North

Longitude 8º 23´ 56.9´´ West

Renfe station

Joaquín Planelles Riera s/n

P: (+34) 902 240 202

Alvedro Airport

(Just 8 km from downtown)

P: (+34) 902 404 704

About Us

GSICKMINDS is an event created by and for people like you: passionate about technology, who enjoy sharing knowledge and do not see a better way to learn than doing. Gildas Avoine, David Barroso, Chema Alonso, Rubén Santanmarta, Angel Prado, Juliano Rizzo, Alejandro Ramos, Pedro Sánchez, Juan Garrido, Alfonso Muñoz, Jose Selvi ... are some of the 'sick minds' we had to date.

New! We've decided to adopt our JSConf friends code of conduct: http://jsconf.com/codeofconduct.html

GSICKMINDS is organized by the Information Security Group of A Coruña (GSIC), born in 2009 under the sponsorship of the School of Computing of A Coruña and the University of A Coruña, in order to promote the development of secure information systems and propose solutions that protect the integrity and confidentiality of digital assets.

Ángel
Prado

@pradoangelo

Ismael
Faro

@ismaelfaro

Jose Eulogio
Cribeiro

@weros

Andrea
Slugenova

@_Andreusky

Arturo
Silvelo

@arturosilvelo

Sergio
García

@s3rgiogr

Jesús
Pérez

@jesusprubio

Ananda
Rio

@anandarionunez

David
Hermida

@Moussenger

Diego
Ferreiro

@diervo

Álvaro
Faílde

@the_avo

Daniel
Cambón

@dani_cambon

Gallery Archive Press