From November 10th to 12th, the inLab FIB esCERT team attended the 10th edition of Navaja Negra, a computer security congress organized at the facilities of the University of Castilla la Mancha, Albacete. In this congress we were able to attend lectures given by renowned people from all over the Spanish-speaking community, from 0days and bug bounty till ethic and cyberwar, with a special emphasis in ransomware.
During the congress, we learned from several talks. Firstly, was “TLS aumento de seguridad, disminución de privacidad” where the speaker explained the history of this transport layer protocol and the future paradigm proposed by TLS 1. 3. We also had the pleasure to listen to talks with bumpy titles, such as “Cómo explotar una máquina, literalmente”, where the importance of correctly securing industrial equipment and isolating them from the Internet was explained to avoid incidents like this: https://youtu.be/0oH7p2X6Ylk
Another talk that we want to highlight is “Guerra Cognitiva, amenazas híbridas y acciones de desinformación”. In this talk, Javier Valencia assessed the current political situation and how various governments use social networks to send the population erroneous messages to appear to be “the good guys in the movie”.
We also were surprised by the talk of Ricardo Narvaja “Divirtiéndonos con el Kernel” that was about how to scale privileges in Windows environments and the one of Gerardo Richarte “¿Qué tienen en común los exploits y los satélites?” which narrated how they regained control of a satellite after loading a good chunk of the operating system that controlled it.
Likewise, our Oriol Deiros participated in the workshop “Diseña y Despliega tu propia Infraestructura Privada”, where it was explained how to develop and deploy an on-premises infrastructure, through the configuration and securitization with private VPN, of a set of containerized microservices.
Simultaneously, in the talks, it took place the CTF (Capture The Flag) of the congress, a competition based computer security challenges and in hacking that lasted 48h.
In this competition, our colleague Bernat Calvo (Serrallonga) obtained the 14th place out of 156 participants, with a total of 2757 points.
During the first day we took the opportunity to solve all the easy challenges of each category, getting the first blood of the easy forensic challenge and achieving a 4th place at noon. As the afternoon went on, the spotlight was placed on the more complicated forensic challenges of which it was possible to see where they were going but without quite solving any of them. By the end of the first day, he was around the top 10.
From day two onwards, challenges from two new categories were unlocked, which gave some fresh air and a few more points ahead of the competition, although during the night it had practically dropped to 20th position. It wasn’t until mid-afternoon that a way could be found to continue advancing one of the difficult forensic challenges. This challenge was completed around two in the morning and allowed him to climb to position 14.
Finally, on Saturday morning, another web challenge was completed that finished adding some more points before the competition ended at 10:00 a. m.
As an anecdote, we were able to meet with former colleagues of esCERT such as Matías Altamirano!