jueves, 12 de diciembre de 2013

Malicious Threats, Vulnerabilities and Defenses in WhatsApp and Mobile Instant Messaging Platforms en Shmoocon


Por ahora podemos adelantaros que se nuestra charla se titulará Malicious Threats, Vulnerabilities and Defenses in WhatsApp and Mobile Instant Messaging Platforms, y tiene que ver con la continuación de nuestra investigación sobre clientes de mensajería instantánea para teléfonos móviles, y en particular con WhatsApp. Hemos encontrado nuevas vulnerabilidades y técnicas para impersonar usuarios que en breve compartiremos con vosotros.

ShmooCon es una convención de hackers que se celebra en América, y organizada por el Grupo Shmoo. Normalmente hay 40 charlas y presentaciones diferentes sobre una variedad de temas relacionados con la seguridad informática. Se celebra en Washington DC, en el hotel Washington Hilton e incluye otros eventos adicionales, además de las conferencias, como ShmooCon Labs, la Lockpick Village , Ghost in the Shellcode y mucho más.

El listado completo de charlas es el siguiente:

ONE TRACK MIND
    - How Hackers for Charity (possibly) Saved me a LOT of Money - Branden Miller and Emily Miller
    - Security Analytics: Less Hype, More Data - Aaron Gee-Clough
    - Attacker Ghost Stories: Mostly Free Defenses That Give Attackers Nightmares - Rob Fuller
    - CCTV: Setup, Attack Vectors, and Laws - Joshua Schroeder and Spencer Brooks

BUILD IT
    - An Open and Affordable USB Man in the Middle Device - Dominic Spill
    - unROP: A Tool for In-Memory ROP Exploitation Detection and Traceback - Kang Li and Xiaoning Li
    - Controlling USB Flash Drive Controllers: Expose of Hidden Features - Richard Harman
    - Genuinely "Trusted Computing": Free and Open Hardware Security Modules - Ryan Lackey
    - AV Evasion with the Veil Framework - Christopher Truncer, TheGrayhound and Michael Wright
    - Introducing idb - Simplified Blackbox iOS App Pentesting - Daniel A. Mayer
    - ADD – Complicating Memory Forensics Through Memory Disarray - Jake Williams and Alissa Torres
    - Malicious Threats, Vulnerabilities and Defenses in WhatsApp and Mobile Instant Messaging Platforms - Jaime Sanchez and Pablo San Emeterio
    - SafeCurves: Choosing Safe Curves for Elliptic-Curve Cryptography - Daniel J. Bernstein and Tanja Lange

BELAY IT
    - A Critical Review of Spatial Analysis - David Giametta and Andrew Potter
    - Unambiguous Encapsulation - Separating Data and Signaling - Dominic Spill and Michael Ossmann
    - Introducing DARPA's Cyber Grand Challenge - Mike Walker
    - The "Science of Cyber" and the Next Generation of Security Tools - Paulo Shakarian
    - Data Whales and Troll Tears: Beat the Odds in InfoSec - Davi Ottenheimer and Allison Miller
    - Operationalizing Threat Information Sharing: Beyond Policies and Platitudes - Sean Barnum and Aharon Chernin
    - Practical Applications of Data Science in Detection - Mike Sconzo and Brian Wylie
    - Raising Costs for your Attackers Instead of your CFO - Aaron Beuhring and Kyle Salous

BRING IT ON
    - How to Train your Snapdragon: Exploring Power Frameworks on Android - Josh "m0nk" Thomas
    - Syncing Mentorship Between Winners And Beginners - Tarah Wheeler Van Vlack and Liz Dahlstrom
    - Technology Law Issues for Security Professionals - Shannon Brown
    - Malicious Online Activities Related to the 2012 U.S. General Election - Joshua Franklin, Robert Tarlecki and Matthew Jablonski
    - Vehicle Forensics - The Data Beyond the Dashboard - Courtney Lancaster
    - The NSA: Capabilities and Countermeasures - Bruce Schneier

Dentro de poco desvelaremos todos los detalles!