ekoparty 2015 Wrap-up

As many of you probably know Infobyte is one of the co-organizers of the ekoparty, the biggest offensive cyber security conference in Latin America. The eko for us is really a labor of love, as it is an event that has grown organically over the years from just being a group of friends basically screwing around on the internet to a major date on the international IT sec calendar.


The 2015 edition which took place in Buenos Aires, Argentina, October 20th to the 25th. This year (the 11th edition), had the best turn-out yet with over 2,500 attendees. While many attendees are people from the local hacker scene every year we are surprised by the increasingly large contingent from other countries not only from the LatAm region but from all over the world.



This years slogan ''Back to Roots'' had like many things in Argentina a double meaning. As many will remember for the 10th edition we had decided to change it up and move the location of the event to another venue. While we were really happy with how year 10 turned out, a lot of people thought the venue was a little too commercial and didn't properly capture the soul of the ekoparty. Because of that we decided we needed to get ''back to our roots'' and we returned to the Konex Cultural Center (which is actually a converted cooking oil factory). The Konex (even after there being some modifications made to accommodate a bigger crowd) has a little bit more of an underground vibe and many consider it the spiritual home of the ekoparty. I can say the staff and the organization was amazing and everyone was happy to be back.

The other meaning for the slogan had to do with the eko just so happening to fall on the same day that Marty Mcfly traveled to in the 80's classic, Back to the Future. This gave us an excellent theme for the year and the production staff didn't disappoint. It was pretty crazy to walk into the auditorium and see the Dolorian on stage with smoke coming out and the flux capacitor. Everywhere in the event you could find little trinkets having to do with theme from the merch and posters on the wall about saving the clock tower to even the bathrooms!



The eko always begins with two days of exclusive technical trainings and this year we had an excellent turnout with over 140 participants congregating in Fundación Proydesa to learn the latest techniques used in the industry.There were 9 different trainings with topics ranging from "A practical introduction to Hacking Hardware", "Hacking Mobile Apps" to "Introduction to Software Vulnerability Exploitation". The trainings are given by well-known instructors or by different companies in the field. This year there was a surprisingly large contingent of international training attendees as well.

On Wednesday, the doors opened to the public with A LOT of anticipation and enthusiasm (people were lining up to get in at 7:30 AM). The day started off with a corporate breakfast, which we do to forge a link between the ekoparty and the corporate security decision makers in the region. Besides a quick meet and greet (with some of the best "Arab" empanadas I've ever had) there was also a panel about Integrated Security Incidents. Panel participants included Colonel Juan Benitez, Chief of Cyber- Defenses for the Argentine Army, , Ondřej Vlček, COO of Avast, Lucas Coronel, CSIRT Chief of Prisma Payments, Leonardo Huertas Casas, CSA of Eleven Paths and Aaron Portnoy Founder, & VP of Exodus Intelligence.

After that there was the official kick-off and the Keynote Speaker, Iván Arce, curent Director of Security Programming in TIC (STIC) from the Fundación Sadosky who presented "Winter is coming". From there we started with "Turbo" talks consisting of 25 minutes and in the afternoon there was another round of workshops. There were 12 different 120 minutes workshops going on in different parts of the Konex and there really was something for everyone with trainings including “RFID/NFC for the Masses”, "PowerShell for Pentesters" o "Arm your SkyNet with PARLADUINO".To close off the day there was the famous "War Driving" where people drove around the city in a party bus looking for unsecured wireless networks to hack into.


Day 2 started bright and early with a talk about North Korean spies by Moonbeom Park from South Korea's CERT: After, there were a number of intriguing talks throughout the day. Some of the talks that really caught people's attention were Vot.Ar: A bad election, given by Iván Ariel Barrera Oro and Javier Smaldone, in which they talked about the pitfalls of electronic voting machines. Others that were big hits included, Faux Disk Encryption: Realities of Secure Storage on Mobile Devices by Drew Suarez and Daniel Mayer from NCC group, Stick That In Your (root)Pipe & Smoke It by Patrick Wardle from Synack and Fuzzing browsers for finding exploitable bugs by Nico Trippar. When all the talks finished up (almost 11 hours of talks throughout the day!), attendees were invited to stay as there as a mixer in the Konex and some tastings of Argentine craft beer.


Day 3 on Friday, is always a mixed bag of emotions. First, people are tired (things go late in Argentina). Even though people are tired everyone makes that final push the last day and the attendance is always the highest. There were all around solid talks and one that was especially well received was Secure DevOps is possible: How osquery is built, by Teddy Reed and Javier Marcos, from Facebook, where they talked about a a methodology facebook uses to make sure githubs code contributions for C/C++/bash for their CI to make a safer devel process.


Besides the talks and workshops, there was a lot of challenges and activities to do. One of the events that has already become traditions in their own right is the lockpick.ar challenge that the guys from ekoparty's hackerspace set. up sponsored by Infobyte.

Besides the challenge in the Infobyte stand their is a lockpicking station where peocple can practice beforehand. The challenge involved breaking psychical locks, hacking biometrics readers and encryptions. For the 1st, 2nd and 3rd place winners, Infobyte for the second year in a row awarded cash prizes. This year´s 1st place winner was Deloitte with an impressive 13 parts of the challenge completed. The first runner up was MFSEC with 12 parts completed and in 3rd place K-rancio team of Patricio Dominguez, Iván Manili and Lucas Ferrando . Congrats to the winners and everyone that participated
Another that is a fan favorite is the CTF which was organized by the 2014 winners, NullLifeTeam. This year there were two divisions, one being for people not physically at the event and the other on-site.
The winners from abroad were More Smoked Leet Chicken from Russia and SecuritySignal was the local winner and the winner of $10,000.

When all the talks finished, there were the closing ceremonies and the much anticipated ekoparty Awards. This is the 2nd year of the ekoparty awards and much like the Oscars they are highly coveted but only a few can win. The winner of the award for Best Talk went to Jaime Restrepo for his talk "hacking cars in Latin America", for his talk discussing how to hack a popular car model in the LatAm region. The winner for the lifetime achievement award went to Ricardo Narvaja who has had a huge impact in the community over the years. Finally, the winner of the Golden Badge award which confers a lifetime pass to all ekoparty was given to Joaquín Sorianello, which along with being a more than deserving individual was a way for the ekoparty community to support him (a couple months ago he was warranted for speaking to the media about voter fraud for electronic voting machines in Argentina).

Finally, I wanted to thank all the participants, speakers, sponsors and everyone on the staff. As one speaker said to me, "a lot of events have a great technical part but are lacking in the social aspect or viceversa". Because of everyone involved I think most would agree that the ekoparty has the best of both worlds and that's because of the incredible participation and enthusiasm all around. So on that note. Thank you and see you next year!




Post a Comment
Thanks for your comment