Root3d CON is gone. March 3th, 4th and 5th were hot days in Madrid where CON took place in Castellana Street ... funny watching a lot of grey hats walking along the street where major banks and financial companies are located :) ...
Regarding this second edition live hacking sessions became an usual practice with a lot of members of the community showing their black and white skills in short periods of time.
Far from commercial slots where some well known companies showed their products, services and so on some concrete talks attracted my attention:
- Cloud Malware Distribution: DNS will be your friend. Interesting talk about how attackers can abuse DNS in order to distribute malware, bypassing our perimeter and/or getting one covert channel using a legitimate (and needed) service.
- La asimetría en el mercado de la seguridad. Talk based on information asymmetry and how it impacts on security industry. No new relevant information but it was a good thing finding this kind of talks in Root3d.
- Lost in translation: WTF is happening inside my Android phone. This talk covered interesting techniques and tools to monitor and debug malware. Security in Android platform is a pending task. Infecting Android market with malware is a fact and viruses targetting droids are infecting millions of phones.
- radare2: from forensincs to bindiffing. I didn't know this tool. Loving interactive disassemblers, diferential analysis and similar stuff I guess I should have a look inside :)
- Hardware security: Side Channel Attacks. No new thing here but watching power physical attacks against smartcards is always captivating.
- A practical attack against GPRS/EDGE/UMTS/HSPA mobile data communications. Maybe the best staging. Demo hijacking one iPhone and impersonating a telecomunications operator to show a practical attack against GPRS, EDGE, UMTS and HSPA (2G/3G) mobile data communications. Watched in BlackHat this year too.
- WCE Internals. Tribute to Windows, a classic :) Demo showing how authentication and Windows logon can be defeated. Locating, decyphering, extracting and replacing NTLM session credentials hosted in memory.
By the way, I have to say coordination and organization was great. Good work guys!