For everyone that works in cybersecurity or follows the theme, BSides Lisbon is a mandatory event. The reason is simple: it is the major conference in Portugal about technical information security. Organized by the cybersecurity community, it is an intense event with discussions, workshops and a high interaction of the participants. So, it is easy to understand why it was a sold-out event.
It is a unique opportunity to know more about the latest trends and technologies, to present security related topics, share findings, collaborate and discuss the next big thing, learn with case studies and, mostly, do some networking.
In a new format, a two-day event, BSides Lisbon presented both International and Portuguese speakers, which clearly shows that we have a very talented pool of hackers/security and researchers/consultants in Portugal. They are also represented in larger security conferences in the world (i.e. DEFCON, Blackhat briefings, Chaos Communication Congress, HOPE, Summercon, etc) and they have won awards there.
With several interesting presentations, it was difficult to choose the best ones. After a careful analysis, I have selected two: “Abusing Android In-app Billing feature thanks to a misunderstood integration”, from Jérémy Matos (https://www.bsideslisbon.org/speakers/#j%C3%A9r%C3%A9mymatosTalk) and “Hardware Basics – why and how to break hardware”, from Kieran Roberts (https://www.bsideslisbon.org/speakers/#kieranrobertsTalk).
Jérémy Matos shows us that is very easy to manipulate an android application with “in-app purchases” allowing free shopping. A practical demonstration with an Android game, that allows to buy credits inside the game, revealed the fragility on the payment architecture of the Android system. The worst thing is that is very difficult to prevent this type of hack.
Kieran Roberts chose to focus on different methods of hardware hacking. A still new kind of hack, but a growing one, considering the number of electronics that everyone buys this days. As it is a subject that needs some electrotechnology knowledge, many people give up, and several errors on this small applications, are not repaired or reported by the users.
Also interesting was the CTF (Capture the Flag), a computer security competition with several formats possible. The format chosen was a jeopardy-style competition involving multiple categories of problems/questions (i.e.Reverse-engineering, network sniffing, system administration, programming, cryptanalysis, general knowledge topics, etc.). Each problem/question has different points and difficulties. Teams attempt to earn the most points in the competition’s time frame but do not directly attack each other. The quantity of correct submissions determines the winner of the competition. On the closing ceremony, the winning team was announced and every problem was analyzed and answered, which was a great opportunity to the general audience to learn and also allowed some laughing moments.
Additional information about the event:
Main page of the event: https://www.bsideslisbon.org/
Youtube channel: https://www.youtube.com/channel/UC_M0dk4dvcBr_rFgi710D4Q/feed
Facebook page: https://www.facebook.com/Bsideslisbon/
BSides Wiki: http://www.securitybsides.com/w/page/12194156/FrontPage
Other security conferences (next year):
European Security Conference (EuropeanSeC) which is the European extension of the Annual Security Conference that has been held in Las Vegas (USA) for over a decade. Although this event is targeted at security in general (i.e. fire-fighting, workplace security, self-defence, etc) it also has some panels on IT security.
Talks organized by Confraria SI/AP2SI: https://confraria.ap2si.org/
If you have any questions please send an email to tiago.alcobia@cross-join.com or carlos.correia@cross-join.com“
Recent Comments