BsidesSJO Costa Rica

10th March, 2018

When

10th March, 2018 08:00 am - 08:00 pm

Register Now!

Where

Casa Cultural Amón
Escuela de Arquitectura y Urbanismo

San José, San José Province
See map

Subscribe & Share

Download   Featuring   Grid   List

Saturday, 10th March 2018

Time Auditorio Escuela de Arquitectura y Urbanismo
8:00 am Registration /Registro
 Attend Link

Registration /Registro

Registration /Registro
We will use this 45 minutes for Registration and welcome the attendees this will happen from 8:30 am to 8:45 am

Registration will be open until 4pm

By:
Volunteers
March 10, 2018, 8:00 am to 9:00 am
Hall: Auditorio Escuela de Arquitectura y Urbanismo
9:00 am Análisis forense a aplicaciones móviles  
 Attend Link

Análisis forense a aplicaciones móviles  

Análisis forense a aplicaciones móviles  
Estamos viviendo en una época donde la tecnologí­a y sobre todo los smartphones son casi que indispensables en la vida de muchas personas pero tal vez no percibimos cuanta información recolecta appliaciones como: Whatsapp,Facebook, Snapchat entre otras. La informática forense nos puede ayudar a detectar pistas sobre ataques informáticos,robo de información entre otras.

By:
Josue Angulo
March 10, 2018, 9:00 am to 10:00 am
Hall: Auditorio Escuela de Arquitectura y Urbanismo Track: Keynote Type: Análisis Forense
10:00 am Breakfast
11:00 am Attacking NodeJS applications
 Attend Link

Attacking NodeJS applications

Attacking NodeJS applications
As the number of applications being developed using NodeJS goes up, so does the amount of attacks and attack vectors targeting those applications. With the adoption of this technology we evidence old vulnerabilities in new clothes, which means that well-know vulnerabilities -being exploited in the wild in other programming languages- can also be exploited in NodeJS along with technology specific vector attacks. The common denominator drills down to insecure code. In this talk I will walk the audience through application security threats targeting NodeJS applications.

By:
Michael Hidalgo
March 10, 2018, 11:00 am to 12:00 pm
Hall: Auditorio Escuela de Arquitectura y Urbanismo
12:00 pm Just a step to the Left...
 Attend Link

Just a step to the Left...

Just a step to the Left...
Tracking lateral movement in any environment is not easy. In this talk we will showcase OSS tools for monitoring and tracking hosts while at the same time, tracking lateral movement in a world of hidden knowns and unknowns.

By:
Kat Fitzgerald 
March 10, 2018, 12:00 pm to 1:00 pm
Hall: Auditorio Escuela de Arquitectura y Urbanismo Type: Threat Hunting
1:00 pm Privacy for Safety: Opsec in abusive relationships
 Attend Link

Privacy for Safety: Opsec in abusive relationships

Privacy for Safety: Opsec in abusive relationships
Current threat models rarely allow for a threat within the home or inner circle. This talk explains where the gaps are and offers solutions to improve. I also explain why privacy is safety and why currently as a society and in INFOSEC we are not taking it seriously enough.

By:
Stella
March 10, 2018, 1:00 pm to 2:00 pm
Hall: Auditorio Escuela de Arquitectura y Urbanismo
2:00 pm Lunch
3:00 pm Security Incident Team - From 0 to 60
 Attend Link

Security Incident Team - From 0 to 60

AV, NGAV, EDR, NGFW, Email Security, DDoS, CDR, Apache Logs, VPN, SSH, Access Logs, Netflow, Azure AD Security… each technical security control and analytic generates events and alerts. But, from an Incident Response Team perspective, what should be monitored? What process should be followed? How should an incident be documented? How do we learn from an incident? And most importantly, how can we do all of this with a low budget?

This talk is about an approach to Security Incident Management; how to observe and learn from the security and IT ecosystem while detecting and responding to incidents.


By:
Rodrigo Brenes 
March 10, 2018, 3:00 pm to 4:00 pm
Hall: Auditorio Escuela de Arquitectura y Urbanismo
4:00 pm What IF?  A Little Experiment on Lighting the Motivational Fire for my App Sec Team
 Attend Link

What IF?  A Little Experiment on Lighting the Motivational Fire for my App Sec Team

What IF?  A Little Experiment on Lighting the Motivational Fire for my App Sec Team
Psychologists have conducted numerous studies throughout the years on motivation, yielding evolving models of motivation as a result. I realized that my very own colleagues, both inside and outside of my Service, were unmotivated, tired and beaten down. So I proposed some questions: What IF you had more time to innovate? What IF you had more time to do the things that gave you Autonomy, Mastery, and Purpose? What IF turned into Innovation Friday for my Application Security organization. Let me take you on a journey of my experiment that lit up the motivational fire for my colleagues.

By:
Jennifer Edmondson
March 10, 2018, 4:00 pm to 5:00 pm
Hall: Auditorio Escuela de Arquitectura y Urbanismo
5:00 pm Fear: Security's Weakest Link
 Attend Link

Fear: Security's Weakest Link

Fear: Security's Weakest Link
Cognitive research shows that fear blocks rational and critical thinking, yet it's become the official language of today's security industry, sacrificing desperately needed political and societal improvements for short-term publicity and attention. We watch in frustrated horror as politicians and governments around the world capitalize on this fear to justify overreaching, unjust, and discriminating policies under the guise of national security -- and they're getting away with it, in part, because of the fear security professionals created. How can we reverse this trend and remove our dependency on fear-mongering communication & awareness tactics to better protect our organizations and communities? How do we empower consumers to make safer decisions and avoid the long-lasting backlash of fear?

By:
Melanie Ensign
March 10, 2018, 5:00 pm to 6:00 pm
Hall: Auditorio Escuela de Arquitectura y Urbanismo
6:00 pm Packing your Android: A Hitch Hacker's Guide to Android Unboxing
 Attend Link

Packing your Android: A Hitch Hacker's Guide to Android Unboxing

Packing your Android: A Hitch Hacker's Guide to Android Unboxing
Android malware authors may enforce one or a combination of protection techniques like obfuscators, packers and protectors. This additional step just before publishing the app adds complexity for Android Bouncers and various static, and dynamic code analysis tools. Along with these protection techniques a combination of features such as emulation detection, anti debugging, root detection, tampering detection, anti run-time injection enables malicious application practically makes malicious app go undetected. As a result we have seen a steady increase in the malicious apps published in various Android app stores. Actions such as taking photos, recording calls, monitoring information about Wi-Fi access point and inspecting user's web traffic.

By:
Swapnil
March 10, 2018, 6:00 pm to 7:00 pm
Hall: Auditorio Escuela de Arquitectura y Urbanismo Type: Android Security
7:00 pm Closing remarks
 Attend Link

Closing remarks

Closing remarks

By:
Staff,
March 10, 2018, 7:00 pm to 8:00 pm
Hall: Auditorio Escuela de Arquitectura y Urbanismo

Legend

 Break Keynote