Navaja Negra 2022

From 10 to 12 November, the esCERT team of inLab FIB, were present at the 10th edition of Navaja Negra, a congress on computer security organized at the facilities of the University of Castilla la Mancha, Albacete. At this congress we were able to attend talks held by renowned people from all over the Spanish-speaking community, from 0days and bug bounty to ethics and cyber warfare, with a special emphasis on ransomware.

During the congress we learned with various talks. The first of all was "TLS increased security, decreased privacy" where the speaker told the story of this transport layer protocol and the future paradigm posed by TLS 1.3. We also had the pleasure of listening to talks with flashy titles like "How to Explode a Machine, Literally," explaining the importance of securitizing industrial equipment correctly and isolating it from the Internet to avoid incidents like this: https://youtu.be/0oH7p2X6Ylk

Another paper that we want to highlight is entitled "Cognitive Warfare, hybrid threats and disinformation actions". In this talk, Javier Valencia assessed the current political situation and how several governments use social networks to throw wrong messages in the population to appear to be "the film’s tokens".

We were also pleasantly surprised by Ricardo Narvaja’s presentation "Fun with the Kernel" on how to scale privileges in Windows environments and Gerardo Richarte’s "What do exploits and satellites have in common?" that narrated how they regained control of a satellite after loading a good piece of the operating system that controlled it.

Also, our colleague Oriol Deiros  participated in the workshop "Design and Deploy your own Private Infrastructure", where he explained how to develop and deploy an infrastructure where-premises, through configuration and securització with private VPN, of a set of containerized microservices.

Simultaneously, to the talks, the CTF (Capturo The Flag) of the congress was also held, a competition based on challenges of computer security and hacking with a duration of 48h.

In this competition our teammate Bernat Calvo (Serrallonga) obtained a 14th place of 156 participants with a total of 2757 points.

During the first day he took advantage to solve all the easy challenges of each category, getting the first blood of the easy challenge of forensics and achieving a 4th place at noon. As the afternoon went on, he put the spotlight on the most complicated forensics challenges of which he could see where they were going but not finished solving boss. At the end of the first day was finished around the top 10.

From day two challenges of two new categories were unlocked, which gave a little fresh air and some more points ahead of the competition, although, during the night, it had dropped practically to position 20. It was not until mid-afternoon that a way could be found to continue advancing on one of the difficult forensic challenges. This challenge was completed around two in the morning and allowed climbing to position 14.

Finally, Saturday morning another web challenge was completed that just added some more points before the end of the competition at 10:00 a.m.

As an anecdote we could agree with old comrades like Matías Altamirano!