ekoParty Security Conference
The ten year anniversary edition of the Electronic KnockOut Party, held annually in Buenos Aires, Argentina, was certainly special! Over the years, ekoParty has become a standard for other conferences in Latin America, bringing together researchers from all over the world for nearly a full week packed with trainings, workshops, and ground breaking talks about different aspects of the field of information security.
This year, the conference changed venues from the previously known ‘Ciudad Cultural Konex’ in favor of a much bigger space near the airport, the ‘Aeroparque Jorge Newbery’. The loud engines from passing planes could not stop the speakers from sharing their knowledge with the audience. Organizers were prepared for this and outfitted the main stage with airport-themed decorations. Even the badges resembled boarding passes, making the most of the new venue’s quirks and leaving nothing to chance.
What differentiates ekoParty from other conferences is the passion exhibited by everyone in attendance. Thanks in part to the Latin American way of doing things, ekoParty is proud of not taking itself too serious and encourages its attendees to behave the same way. A loud siren blares when it’s time for the speaker to take a drink and loosen up a bit mid-talk. Rushing forward with a shot of vodka, the conference staff is alert and engaging, making sure that both speaker and audience are having fun.
During the first day, we were welcomed by an interesting discussion panel and a wide array of workshops to choose from. In addition, several corporate sponsors gave away free trainings to showcase some of their latest tools and also administered challenges for the duration of the conference. With tempting cash prizes and fancy gadgets on the line, some participants chose to forego the talks altogether in order to test their skills in areas such as reverse engineering, penetration testing, and networking.
By the time the talks began on the second day, the tone of the conference was set by Cesar Cerrudo who presented on how to hack traffic control systems. Using ‘Live Free or Die Hard’ references to engage the audience proved successful and Hollywood-worthy research was presented in a compelling and understandable way. As the day went on, attendees could choose to participate in one of the workshops (as I did with Juliano Rizzo’s bitcoin security training) or keep attending assorted talks. Among the topics covered were “Exploring the Jolla Phone”, “Cooking an APT the paranoid way” or even browser exploitation techniques with Alex Rad’s presentation “Pointer Subterfuge in the Browser Address Space”.
There were just too many topics and talks to cover all in detail but a common thread emerges. Speakers not only share their knowledge but also ask the community to join them in their research to create something useful for all parties involved. This was the case with Anibal Sacco’s “IDA Synergy – Collaborative Reverse Engineering”, which showed a combination of IDAPython Plugin and control version system that resulted in a new reverse engineering collaborative add-on for IDA Pro.
Though a lot of talks focused on exploiting different technologies (as in the case of Luis Colunga’s presentation on Software Defined Radio), other presentations could be easily mistaken for university courses. This was the case with Alfredo Ortega’s “Deep-submicron backdoors” which led the audience from concepts like Fourier transformations to CPU low-level backdoors. With a touch of 3D modeling and some lines of code in the right place, Ortega demonstrated that building a backdoored ARM CPU isn’t as hard as it might seem.
The final day of the conference started early with discussions about the current state of privacy and a historical perspective on the many state-backed surveillance programs of recent years. Just before lunch we had a great presentation by Marcio Almeida Macedo on ‘Hacking RFID Billing Schemes for fun and free rides’, mentioning our recent blogpost on the topic, specifically referring to vulnerabilities in the Chilean transportation system. All researchers went above and beyond to show the hardware and principles involved in their investigations, always enticing the audience to follow in their footsteps.
Malware made its appearance with Thiago Bordini who shared techniques for ‘Monitoring Malicious Domains on the Internet in real time for forensic purposes’. Brazilians presenters were, of course, forced to withstand chanting and taunting from Argentinians in the crowd pleased by World Cup results. That’s to be expected. The day ended with bells and whistles as Rahul Sasi presented his sequel presentation on hacking TV networks, an investigation that stemmed from a penetration testing job that ended with him finding ways to inject video signals in TV networks and even shutting down the receiver’s box remotely.
An emotive award’s ceremony brought the event to a close by recognizing local talent and remembering Barnaby Jack’s appearance years ago. The ekoParty left everyone wanting more and eager to attend the following year. ekoParty is one of those conferences were attendees get back what they put in -they can choose to just enjoy the talks or instead get involved in the many challenges, workshops, and networking activities offered. Until next year, I encourage you to check out the content covered during the conference and hope to see you there!