Last week, during the 24th, 25th and 26th of February, the VIII Jornadas de Seguridad Informática took place in the town of MonterueloCon in the province of Cuenca. The aim of this event is, through lectures and workshops, to raise awareness among students, companies and users in general, of the importance of using security measures when trying to have a presence on the Internet, also giving a technical approach on the subject to professionals in this sector.
More than 30 companies, between collaborators and sponsors, are responsible for these days to have more and more presence in the sector year after year. Among them, from Future Space we contribute our bit by being one more year Silver sponsors.
The event, organised by the MorterueloCon Association, was very well received from Friday 24th, both in person and online. Most of the attendees were not only high school, university and vocational training students, but also professionals from the sector with a wider age range.
A different kind of 8th IT Security Day
In this edition, defensive security has been more present than offensive security. While, in defensive security, special emphasis was placed on the detection of phishing campaigns, awareness-raising to prevent ransomware attacks, incident response... in offensive security, the tool Oh! My Recon.
Oh! My Recon is a tool that, although not yet public (and the developer himself confessed that he does not know if it will ever be), brings together a large number of tools including directory discovery, fuzzing, vulnerability analysis... allowing the pentesting process to be automated and offering a final report on a web panel.
The new generation of the future
Hardware hacking? keylogger?
Many young people have participated in this conference with great presentations and talks. Among them, we can highlight some like Joel Serna's "Hardware Keyloggers around the world", where he explained how to make a low-cost keylogger (around 10 dollars) with an Atmega32u4 microcontroller.
In addition to the keylogger, Joel presented a device that is still under development but which he was able to demo: the Evil Crow Screen demo. In his own words: "it's like a teamviewer but hardware".
The attacker connects the device to the victim's computer via HDMI to capture the victim's screen, and a USB cable to power the device and control it remotely. The video output from the victim computer is processed on the attacker's device and displayed via a VNC server embedded in the device itself.
Once again this year, we are back at the end of the conference full of enthusiasm and, of course, full of learning and awareness of cybersecurity measures.