-[ BugCON Security Conference: Safety is just a myth...! ]-


[Home] [CFP 2020] [Calendar] [Speakers] [Sponsors]



_ .-. _
/o`\^/`o\
|o o | o o|
\o _|_ o/
`(@I@)`
/^\



Ricardo Narvaja pertece a la lista de correo CRACKSLATINOS, los cuales son un grupo de amigos a los cuales les gusta enseñar, aprender y practicar el amado arte de la Ingeniería Inversa sin fines comerciales solo por curiosidad y ganas de compartir con amigos esta hermosa actividad desde el año 2000.
Alejandro Hernandez is a security consultant who works for IOActive, where he has had the chance to work in Fortune 500 companies around the world.

Speaker in conferences such as BLACK HAT, DEF CON, AppSec USA, BruCON (Belgium) and CODE BLUE (Japan).

Involved in stock trading since 2013, he has been bridging cybersecurity with money markets in the last couple of years. In 2018, he presented at Black Hat USA 2018 vulnerabilities in trading technologies.
Nahuel Grisolía es Founder/CEO de Cinta Infinita.

Se especializa en Penetration Testing de Aplicaciones Web y Hacking de Hardware. Le apasiona jugar con Arduinos, dispositivos de hardware basados en ARM, Tamagotchis, Quadcopters, Lasers, etc.

Ha dictado charlas y cursos en conferencias alrededor del mundo: BugCON (Mexico), H2HC (Brasil), Ekoparty (Argentina), eventos de OWASP (Argentina), TROOPERS (Alemania), PHDays (Rusia), Ground Zero Summit (India), etc.

Ha descubierto vulnerabilidades en software de McAfee, VMWare, Manage Engine, Oracle, Websense, Google, Twitter, Auth0 y también en proyectos open source como Achievo, Cacti, OSSIM, Dolibarr y osTicket.

Nahuel es Ingeniero en Informática y posee una licencia de piloto privado.
Etizaz Mohsin is an information security researcher and enthusiast. His core interest lies in low level software exploitation both in user and kernel mode, vulnerability research, reverse engineering. He holds a Bachelors in Software Engineering and started his career in Penetration Testing. He is an active speaker at international security conferences. He has achieved industry certifications, the prominent of which are OSCP, OSCE, OSWP, OSWE, OSEE, CREST CRT, CPSA, EWPTX, CEH.
Alan es Principal Security Consultant de Cinta Infinita, una empresa de seguridad de la información con sede en Buenos Aires, Argentina.
Actualmente me desempeño como especialista/consultor senior, con especialidad en actividades de "Digital Forensics and Incident Response (DFIR)". He atendido incidentes e investigaciones forenses de diferentes sectores, pero principalmente el financiero; sin embargo, también he tenido interés en aprender y realizar actividades de "Malware Analysis", por lo que, constantemente he colaborado en investigaciones del área de "Cyber Threat Intelligence (CTI)" con el fin de identificar los TTPs e IOCs de las amenazas , para posteriormente notificar a nuestros clientes sobre los hallazgos y así tomen las medidas necesarias para prevenir potenciales incidentes.

Antes de dedicarme al área de DFIR, estuve dos años realizando servicios de "Penetration Testing", "Hardening" y "Social Engineering" a diversas empresas tanto del sector público, como privado.

Me considero una persona apasionada por entender las partes internas de los sistemas operativos, así como de las ciber amenazas que están latentes allí afuera.

Las certificaciones con las que cuento actualmente son:
GREM (GIAC/SANS)
CHFI (EC-Council)
ACE (Access Data)
Licenciado en informática especialista en seguridad en aplicaciones, cuenta con más de 12 años de experiencia en la definición, coordinación y ejecución de “hackeo” éticos, análisis de vulnerabilidades, pruebas de penetración aplicativas, aseguramiento de software y modelos de madurez de desarrollo seguro. Actualmente es líder del capítulo OWASP Ciudad de México, líder de Consultoría Técnica en Scitum y autor del marco de trabajo de código abierto para la ejecución de pruebas de seguridad aplicativas “Maguey ATF”. Cuenta con las certificaciones reconocidas en la industria GWAPT, GSSP-JAVA, OCA, ITIL, ISO 27001.
IT Security Researcher, Ethical Hacking.

Configuration, hardening and management on the following platforms: Solaris, Linux, SCO, FreeBSD, OpenBSD, NetBSD, BSDI, VMS, Windows Server, BeOS, QNX, HP-UX, IBM AIX, SGI IRIX.

Advanced in Source code auditing, explotis development, devices and application reverse engineering, VulnDev over Solaris x86/Sparc, Linux x86 /sparc/mips/parisc.

Advanced in processess and techniques for Forensic Analisys.

IT Security Sistems Development: IT Security Management audit and development. Penetration Tests, Ethical Hacking, Web Security.

Systems Security Policies planning and development. Datacenter contingency and disaster recovery strategies planning and development.

Programming languages: C, C++, C#, JAVA Standard Edition (J2Se), JAVA Micro Edition (J2Me), C#, C++,PHP4/5, Assembler (x86 , sparc , mips), AWK (scripting), EXPECT (scripting), PERL, Python, Unix scripting. UML and API Win.

Networking hardware configuration, hardening and management (routers, switches, wireless). Experience on Cisco System’s, 3com, Siemens, Dlink, Lucent, LinkSys, Nortel, Avaya, Mikrotik, etc.

Security devices configuration, hardening and management (Firewalls – application and network -, Intrusion Prevention Systems, Appliance Antivirus/AntiSpam). Experience on: ISS, Cisco, Fortinet, Watchguard, Checkpoint.

Networking infrastructure: Ethernet (TCP/IP), NOVELL (IPX).

RF devices (spectrum analysis, scanning, etc.)

Expert on architectures RISC, SPARC, ALPHA, x86.

Databases: MySQL, MS-SQL, Postgres-SQL, Oracle, IBM DB2.

Strong experience on VoIP technologies. Protocols SIP/ H323. (Asterisk / SER)

Legacy platforms IBM AS/400

Expertice in Malware/Virus/Troyanos reverse engineering

SIEM platforms configuration and management.
I studied Electronic Engineer but I work as Software Engineer. I enjoy working on the development of Operating Systems and on Model Driven Engineering. I am also very interested in technologies like hypervisors and containers.
Rebeca: Unicorn fan, girly hacker, passionate about hacking and forensics Raul: Cybersecurity enthusiast, passion for hacking and reversing
Soy un apasionado por la seguridad informatica, pentesting y hacking. Casi 2 años en el ámbito del hacking, participando en variedad de CTF's, certificado en OSCP y 9 meses trabajando como pentester. Impartiendo clases gratuitamente de pentesting a personas que van iniciando o interesados en la materia, todo por amor al arte.
My name is Salvador Mendoza, and I am a security researcher; my opinions, projects and methodologies are mine. During these years, I learned that be secure is not a mental state, it is a complex process where each ramification conveys preventive fears and applied knowledges.

Thinking abstractly is the only way to be ahead of many things.

I am focusing in tokenization processes, payment systems, mag-stripe information and embedded prototypes. I have presented on tokenization flaws and payment methods at Black Hat USA, DEF CON 24/25/26, DerbyCon, Ekoparty 16/18, HITB, Troopers 17/18, 8dot8 and many other conferences. Also I designed different tools to pentest mag-stripe information and tokenization processes. My designed toolset includes MagSpoofPI, JamSpay, TokenGet, SamyKam, BlueSpoof and lately the NFCopy project.

Book author of “Show me the (e-) money Hacking a sistemas de pagos digitales: NFC. RFID, MST y Chips EMV“. A Spanish book which explains many different attacks against payment system and details new attack methods.

Proudly, I am Co-founder of Women in Tech Fund: https://womenintechfund.org/

At Women in Tech Fund, “We are a group of independent security researchers, and computer science researchers who believe that our field needs more diversity. We had witnessed how women around the world are challenged by numerous obstacles when attempting to join the technology field. From cultural biases through discrimination to lack of financial support, women have a lower participation in our community. We believe that we may encourage more women to enter and stay in this field.

The Independent Women in Tech Fund aims to help women attend security conferences by providing assistance with entry ticket and possible travel support. ”
Soy estudiante de noveno semestre de ingeniería de software de la Universidad Autónoma de Zacatecas. Tengo 22 años. Soy jugador activo de concursos CTF, llevo dos años consecutivos jugando con HackBUAZ, equipo de CTF nacional, obtuvimos 2do y 3er lugar en el Hackdef. Me uní a Mayas en la categoría web y en los próximos CTF estaré con ellos. Me interesa mucho el área de web hacking, pentesting y seguridad en la nube.
Carolyn Crandall holds the roles of Chief Security Advocate and CMO at Attivo Networks. She is a high-impact technology executive with over 30 years of experience in building new markets and successful enterprise infrastructure companies. Carolyn has held leadership positions at Cisco, Juniper Networks, Nimble Storage, Riverbed, and Seagate. Her current focus is on breach risk mitigation by teaching organizations how to shift from a prevention-based cybersecurity infrastructure to one of an active security defense based on the adoption of deception technology.

Carolyn has received many industry recognitions including Top 25 Women in Cybersecurity 2019 by Cyber Defense Magazine, Reboot Leadership Honoree (CIO/C-Suite) 2018 by SC Media, Marketing Hall of Femme Honoree 2018 by DMN, Businesswoman of the Year 2018 by CEO Today Magazine, Cyber Security Marketer of the Year 2020 by CyberDojo (RSA), and for 9 years a Power Woman by Everything Channel (CRN). Additionally, Carolyn serves as an Advisory Board Member for the Santa Clara University Executive MBA program and co-authored the book Deception-based Threat Detection, Shifting Power to the Defenders.