As time goes by, each year we have more and more BSides events all over the world where the information security community can get together in a laid back atmosphere without the usual formalities found in other conferences. For starters, anyone can be a part of a BSides, the entrance is free and the call for papers doesn’t focus so much on the history of the presenter but rather on the value of the information they are going to share.
This year we had the first BSides Latin America conference, which joined the efforts of many other BSides organizers around the region. While the weather in Sao Paulo didn’t help much during those days, little did it matter since a full day of workshops and trainings preceded the conference day where three simultaneous tracks took place.
It was interesting to see how popular was the “Python for Kids” workshop, in which you could really see what BSides is all about. Sharing information and teaching what you know, giving your time for free to the community and expecting nothing in return. Just seeing the enthusiasm demonstrated by this new generation of hackers and information security aficionados makes you go back to your roots and remember why one is a part of this exciting community.
The talks were as diverse as the presenters, covering topics ranging from ransomware, to hardware cryptography and some advanced persistent threat speeches mixed in between. All the presenters adjusted the presentation to their audience making each talk unique and engaging. These weren’t university lectures but a group of friends discussing about information security topics.
My colleagues Thiago Marques and Roberto Martinez gave the audience a detailed tour around the malicious activities found nowadays in Latin America and how the scenario has changed drastically over the years. Cibercriminals are upgrading their skills and toolset in order to achieve higher code quality, as well as resorting to more advanced infection and propagation techniques. Exchanging knowledge with eastern Europe crews has become the de-facto standard in regionalized cybercrime.
In addition, Fabio Assolini, described a series of attacks against network devices, DNS services, and popular advertisement networks such as Google Adsense, where local bad guys are silently and massively pilfering bank accounts without so much as a byte of malware nor a single phishing e-mail. This presentation highlighted how attacks against internet infrastructure in Latin America are leading us to a scenario of pandemic distrust against the most fundamental services and the true magnitude of the risk facing our everyday financial transactions.
If you have never took part of a BSides event before, I highly encourage it. Each one is different, and it’s one of those experiences in life where you get what you put in. There are of course various drinks available during the entire day, and music can always be heard in the background. Come for the talks, the workshops, the people, or to visit a beautiful city in Latin America, you won’t regret it.