on

Summary of the Security Conference RootedCON’16

As some of you might know, we’ve been sponsoring this year’s edition of the  cyber security RootedCON16 conference which took place in Madrid last week.

This Spanish security conference is focused on showing innovative techniques and researches that can be of interest for security professionals and enthusiasts, and it lasts for about three days.

This year there were a lot of very interesting different talks, but because we can’t write about all of them, we’d like to comment some of them.

RootedCON summary

For the first day, we think that the talk given by Abel Valero @NoxOner was excellent due to the high technical knowledge shared by him. He commented about his experiences with Rootkits and Bootkits for Windows, and how to prepare an environment to debug Bootkits, along with the necessary configurations. Later on, he also explained how the Bootkit Rovnix works and deploys its payload, along with the techniques used by it.

Right after dinner, Rafael Sanchez and Francisco J.Gómez @ffranz introduced us to a new tool developed by them that allows us to explore the results of their Internet scans with IPv6. The tool is called MrLooquer and is available on its website.

The second day, Pedro Cabrera @PCabreraCamara showed how to hijack a Bebop drone, taking advantages of its security flaws, and Hicham Tolimat @Hi_T_ch introduced us to the applications for Docker in the infosec industry.

Also, another presentation we enjoyed very much, was “Hardware backdooring X11 with much class and no privileges” by Matias Katz @MatiasKatz, in which he showed us how to use dbus to implement a safety mechanism to lock the screen when a USB is unplugged, and how to use it to unlock the X11 session, without the user credentials, using hardware signals.

The last day, Daniel Garcia (chr0n) @ggdaniel talked about his new tool that allows the attacker to list, remove and inject tasks from open Brokers across the Internet, due to the lack of security implemented in the host/service. After dinner, Raul Siles @raulsiles showed us how to take advantage of the incredible amount of unprotected IoT devices using RF hacking and replay attacks.

Overall, it has been a great experience, with a lot of awesome people with great knowledge about security.

We hope to repeat next year.

Blueliv Team

Demo Free Trial Community Newsletter