GuadalajaraCON 2012 by Websec

GuadalajaraCON 2012 by Websec

Posted on April 30, 2012

On April 20th, Websec held and information security conference called GuadalajaraCON 2012 in Guadalajara, Jalisco, Mexico. The conference was characterized by remarkable technical content and the high quality of its speakers.

Here you can find the presentations (in spanish) and software used during the event:

Hide and Find Rootkits in Linux (PDF)
This talk demonstrates different techniques used to hide and find rootkits in Linux systems by using SLAB, the reconstruction of the process table or through PROC/SYS's virtual system. More information.

Algebraic geometry for experimental cryptography (PDF) (SOFTWARE)
Here a new algebraic structure is explained, which meets the requirements needed to be cryptographically secure in terms of discrete logarithms in abelian groups. Known attacks aren't effective against this algebraic platform. More information.

Distributed port scanning (PDF) (DNMAP)
How to accomplish distributed port scanning using the cloud. Using this method, it was possible to scan 15 times the number of servers available on Shodan for Mexico. More information.

DotDotPwn 3.0 (PDF)
A tool designed to automate the process of testing for vulnerabilities such as Directory Traversal or Directory Escalation. Written in Perl, it can audit FTP, TFTP, HTTP or any web application. More information.

RouterPWN 1.5.146 (PDF) (VIDEOS)
The latest developments for the tool and a few tips and tricks, including a function for automated detection of modems. More information.

How to break RSA generated with OpenSSL (PDF) (SOFTWARE)
We we talk about how RSA works and we will break a random key in real-time generated using OpenSSL, we will then reconstruct the private key by using the public key and finally we will analyze the math behind this problem. More information.

Cryptography vs Stenography (PDF) (SOFTWARE)
Uses of discrete transformed trigonometry to optimize stenographic algorithms on digital images while avoiding increasing the data size and losing much quality in the image. More information.

Lab for analyzing malware (PDF)
How to setup a lab for analyzing malware. Includes the whole process from capturing the malware to doing the analysis. More information.

USB Attack Toolkit (UAT) (PDF)
A tool called UAT (USB Attack Toolkit) for exploring and exploiting the USB protocol. The tool has many interesting functions such as a sniffer which works better than Wireshark for heavy loads and the possibility of fuzzing the USB protocol. More information.

Detecting intrusions on the network (PDF)
An attack using Metasploit will be demonstrated while showing the patterns that can be used to identify such attack. Additionally a sample of malware will be used. More information.

Case of (PDF)
Our international speaker David Moreno (4v4t4r) demonstrated a recent case of the collaborative project against pedophiles on the Internet:
More information.

Latest Blog Entries

Belkin Wemo Switch NMap Scripts
Belkin Wemo Switch Smart Plug is a network controlled power outlet. The current firmware version does not requiere authentication to switch the power ON or OFF or to gather information such as nearby wireless networks. Two NMap scripts have been published

Downloading an Application's Entire Source Code Through an Exposed GIT Directory
Website administrators sometimes inadvertently leave an exposed .git directory, from which it is possible to download the entire source code of the web application using just wget and a common server misconfiguration.

credmap: The Credential Mapper
An overview of credmap, an open source penetration testing tool that automates the process of testing for credential reuse. It does so by testing supplied user credentials on known websites and verifies if the password has been reused on any of these.

Latest News

Blackhat EU 2015
Websec participated with two tools at the Blackhat, EU Arsenal held in Amsterdam, NL from the 10-13 of November, 2015. During this event, we introduced our brand new tool "credmap: The Credential Mapper" and also presented an amped-up version of Panoptic.

BSides Vancouver 2015
Websec is proud to announce that we will be attending the 3rd annual edition of BSides Vancouver, a local non-profit information security conference held in the heart of Vancouver, BC on March 16 and 17.