This blog post was authored by Lucia Elizabeth Gomez
My experience attending to DragonJar was incredible! First of all I’ve never travelled to Colombia before.
It was an amazing experience participating on such important security congress. And I had the opportunity to meet 17 security researches from Latino America. I also meet other girls which are passionate on cybersecurity as I am. We worked as a team to solve the CTF based on SQL, Ciphers, Reversing, etc. The other girls and I want to create a community where we can joint to solve other CTF challenges and discuss over security topics.
The DragonJar conference covered diverse fields: Reverse Engineering, Hijacking attacks, SocialEngineering, very cool exploit tools, forensics but the ones I was more interested on were the POCs focused on Reversing on HW and FW.
My favorites were:
BypassHack mobile devices: Obtain public and private keys of device’s apps to steal session on different devices gaining access for two sessions for same account on WhatsApp or Telegram.
The Bicho: Backdooring/Controlling Cars remotely: Create backdoor using CAN buses. Remotely send SMS with command frames to control car sensors.
Bad USB over internet: Device with Rubber ducky behavior. Run commands, inject payloads, disable antivirus, simulating the user is typing on his keyboard.
Forensics in SAP: This was about an organization which didn’t have updated servers (unpatched security issues), The attackers got remote command execution under admin privileges exploiting a 5 year old attack.
Attack Chronicles: Security Consultants reviewed infrastructure, Logs were reviewed, an external cloud service was uploading the financial status of the victims.
Obtain command and control of BMC without being admin users.
I studied electronics; I love programming and work with HW description languages and over all cybersecurity. Security is an amazing new field for me, this started when I took a position as security researcher focused on HW security and participating on hackathons, currently to be more engaged with security I moved to a security analyst position to see how to stop attacks deployed over organizations and to learn to handle risk situations.