00
days
00
hours
00
minutes
00
seconds
Tickets
You can start buy Tickets from September, the 26th 2024
NET NEUTRALITY TRACK PASS - FREE
Net Neutrality & Privacy Track - November 18th
EARLY FULL PASS 75€
Cybersecurity Track - November 19, 20th
LATE FULL PASS 100€
Cybersecurity Track - November 19, 20th
FINGER FOOD
ONLY PURCHASED BY ORDER. SPECIAL OFFER!
No cON Name congress (2024)
No cON Name is the oldest active hacking and IT security conference in Spain. Established in 1999, the first edition took place in Mallorca, and the event now continues in Barcelona. We are a non-profit association. Our events are open to anyone eager to share knowledge and engage with our vision of Hacking and IT Security (aka Cybersecurity). Here you can learn with no commercial bias, no sponsors (as much as possible) and meet people confortably. We thrive thanks to the support of our participants, we take pride in being one of the most independent conferences
Organization
With the collaboration of:
Singularities
Eldest
20 editions
Free Net Neutrality and Privacy Track
Targeted to everybody who wants to be concerned about privacy and net neutrality (technologies and topics)
Villages
Share activities in the same area parallel to talks
Workshops throughout the year
We designed [NcN Labs] to stay tunned and create community in Barcelona in the cybersecurity area.
Discussion Forums
addressing current topics and current trends in cybersecurity
Privacy and Net Neutrality Track
From the beginnings of the internet, new popular services and technologies are becoming less respectful with privacy and popular interests and human rights. Some big tech companies, governments and particular interests are fighting to get / alter information to take own business decisitions. We understand as a apassionate techies / hackers , professionals, journalists, activists, etc. the obligation to alert and expose about differnt topics to the general population and classified topics under the privacy and net neutrality.
Join Privacy and Net Neutrality Track for FREE*
The first day of the conference will be dedicated to this track. The event consists of a day full of talks in CAT/ES/ENG languages. The final list of talks will be published in this section on october, the 20th, meanwhile we will be publishing bits of information about talks and speakers.
Accepted speakers
Anti-censura en TOR (ES)
meskio
Tor es una de las principales herramientas a las que se recurre cuando se necesita mantener el anonimato. Pero en muchos lugares también se utiliza para acceder a contenido bloqueado y saltarse la censura y los cortafuegos restrictivos.
Por eso, algunos censores intentan impedir que los usuarios se conecten a la red Tor. Vemos cómo muchas redes corporativas o universidades bloquean Tor en los cortafuegos. Vemos países enteros, como Rusia justo antes de la invasión de Ucrania o Irán, que refuerzan su
censura durante las manifestaciones.
Meskio es parte del Equipo Anticensura del Proyecto Tor, donde investiga cómo los censores bloquean el acceso a la red Tor y desarrolla formas de escapar de esta censura.
Vigilancia Silenciosa: Lo Que el Cifrado No Esconde (ES)
ReD
Piensas que con el cifrado tus secretos están a salvo, ¿verdad? Pues no tan rápido. Aunque tus datos estén protegidos, los metadatos siguen cotilleando sobre ti.
En esta charla descubrirás cómo pequeños detalles como cuánto tiempo hablas pueden revelar más de lo que crees.
¡El cifrado protege lo que dices, pero no quién eres! Vamos a desvelar esos misterios de forma sencilla.
Autodidacta de nacimiento, azote de cacharros y sistemas, defensor de la privacidad como forma de vida, investigador por diversion, hax0r nocturno, friky a mucha honra. Lo que viene siendo, un mente inquieta.
El poder de GPT: la nueva Fuerza Ideológica Global (ES)
Josep Jover
La ponencia abordará cómo la inteligencia artificial, particularmente ChatGPT, se ha convertido en una fuerza ideológica global. El ponente explorará cómo esta tecnología ha cambiado la forma en que se generan y distribuyen las narrativas sociales, históricas y políticas, superando el control de los Estados. Con millones de usuarios, ChatGPT impacta especialmente en los jóvenes, influyendo en su acceso a la información y en los procesos democráticos. Además, se discutirá el papel de la IA en la reconfiguración del poder global y los intentos de censura por parte de gobiernos autoritarios y no autoritarios como España.
Abogado, especializado en propiedad intelectual y derechos de autor , y gestor de conflictos. Es director del CAPA8 asistencial. Obtiene su licenciatura por la Universidad de Barcelona y ejerce como abogado desde 1983 en las ramas de derecho civil, mercantil y comunitario; y como auditor informático desde 1997.
Como la criptografía cuántica cambia la ciberseguridad (ES)
Marco Cofano & Alina Hirschmann
Criptografía cuántica parece un nombre de ciencia ficción, pero aunque es una tecnología incipiente, ya empieza a ser una realidad. Y algunos proyectos, como el Anell Collserola, se preparan para desplegarla en Cataluña. Vanesa Díaz, CEO de LuxQuanta, y la responsable de comunicación científica de l'Institut de Ciències Fotòniques, Alina Hirschmann, explicarán la situación actual de este campo innovador y como se está desplegando.
El Dr. Marco Cofano es el responsable del equipo de Ingeniería de Software en LuxQuanta, una empresa pionera en la comercialización de soluciones de criptografía cuántica basadas en la Distribución Cuántica de Clave de variable continua (CV-QKD). Cuenta con un doctorado en Matemáticas y Física Cuántica de la Universidad de Nottingham, Reino Unido, y un máster en Física Teórica y Matemática de la Universidad de Bolonia, Italia. Alina es Responsable de comunicación científica de l'Institut de Ciències Fotòniques. Tiene una experiencia de más de 15 años trabajando en el área de comunicación con centros de investigación. Doctorada en astrofísica y máster en dirección de comunicación.
Qui hi ha darrere de l’escàndol Pegasus a l’Estat espanyol?
Cèlia Carbonell i Andreu Van den Eynde
Assenyalant els responsables de NSO Group a Europa
Cèlia és referent a Irídia en l'àmbit de la defensa de la societat civil, especialitzada en spyware. Es dedica a denunciar i visibilitzar aquelles actuacions que posen en perill les llibertats civils fonamentals així com altres drets humans relacionats. Andreu és advocat especialista en dret penal i interessat en el dret digital. Ha defensat polítics com Oriol Junqueras i Raül Romeva al judici contra el referèndum de l'1 d'Octubre i el seu mòbil va ser infectat amb Pegasus, software espia d'NSO.
Cybersecurity Track
IT security (aka cybersecurity) is becoming necessity for everyone (people and organizations) every day. In our event we aim to bring together enthusiasts and professionals in the field from different fields to share the results of research in a talk/workshop format. Our conference has been on the scene for many years, where a significant part of the country's hacker and cybersecurity professionals have participated.
Within the frame of reference where we are located, we can boast of being the most avant-garde, traditional and independent conference.
For several editions (2), we have wanted to open ourselves to the rest of the world using English as a unifying tool. We invite everyone come to our conference and Barcelona. On the other hand, we have not ruled out our mother tongues, which will always be part of our identity.
Join Cybersecurity Track
The second and third days of the conference will be dedicated to this track. The event consists of two days full of talks, and forum discussion in CAT/ES/ENG languages.The final list will be published in this section on October, the 20th, meanwhile we will be publishing bits of information about talks and speakers.
Accepted speakers
This section is being updated every day
Unveiling a New Botnet - Diving into the Unknown (ES)
Albert Priego
En una de nuestras últimas investigaciones hemos analizado un servidor web
comprometido y hemos visto que había sido afectado por un backdoor en PHP. Tras
analizarlo, hemos visto que forma parte de una desconocida botnet de servidores web
comprometidos.
Comenzamos nuestra investigación partiendo del malware donde lo analizamos en
profundidad para comprender su funcionalidad, así como su configuración, C2 y
comandos implementados.
La investigación se extendió al command and control donde, gracias a errores cometidos
por su desarrollador, hemos conseguido obtener información interna del C2 y del propio
malware. Finalmente, conseguimos crear relaciones entre el malware y grupos/actores
concretos.
Explicaremos el proceso de la investigación desde cero con todos sus avances paso a
paso y relacionando cada pieza del puzzle.
Albert Priego trabaja actualmente como Investigador Senior en RSA Netwitness en el área de Threat Intelligence & IR liderando a nivel técnico la investigación y el análisis de amenazas en Europa. Anteriormente trabajó en Group-IB donde realizó investigaciones internacionales que resultaron en la identificación y neutralización de APTs y botnets entre otras amenazas de alto perfil cooperando junto a diferentes fuerzas de seguridad.
Ciberseguridad para lo que queda de 2024 (ES)
Josep Jover
El ponente se centrará en las nuevas regulaciones europeas que marcarán el futuro de la ciberseguridad en empresas e instituciones. El ponente explicará normativas clave como el Digital Services Act (DSA), el Cyber Resilience Act (CRA) y la Directiva NIS2, que buscan reforzar la protección frente a ciberataques, regular el acceso a los datos y asegurar la interoperabilidad digital. También se analizarán las consecuencias del incumplimiento, que incluyen sanciones significativas y la prohibición de venta de productos inseguros, así como el papel crucial de los Delegados de Protección de Datos en este nuevo marco normativo
Abogado, especializado en propiedad intelectual y derechos de autor , y gestor de conflictos. Es director de CAPA8 asistencial. Obtiene su licenciatura por la Universidad de Barcelona y ejerce como abogado desde 1983 en las ramas de derecho civil, mercantil y comunitario; y como auditor informático desde 1997.
JiraConf exploitation & post-exploitation (EN)
Ilya Shaposhnikov
Atlassian products are one of most popular software
for tickets and company articles storage. And these
software are also one of main targets for attackers
due to the fact that they store a huge amount of
internal information. This talk will show you typical
ways of attacking them and (more important)
post-exploitation including non-public vectors.
Identifying Runtime Libraries in Statically Linked Linux Binaries with MANTILLA (EN)
Ricardo J. Rdez & Javier Carrillo-Mondéjar
During the presentation, I will introduce MANTILLA, a system designed to
identify runtime libraries in statically linked Linux-based binaries, including IoT
malware. Statically linked applications, often used in malware to evade detection
and ensure portability, embed all dependencies in the final binary, complicating
traditional malware analysis. By leveraging radare2 for static analysis and a
K-nearest neighbor machine learning model, MANTILLA can predict runtime
libraries based on features such as cyclomatic complexity, number of arguments,
and entropy, among others, achieving high accuracy even with binaries compiled
for multiple architectures such as ARM, MIPS, and x86.
This talk will guide attendees through the MANTILLA methodology, from
feature extraction to prediction, and will cover two real-world case studies:
identifying runtime libraries in common utility applications (binutils) and in
IoT malware. Attendees will learn about static analysis techniques, feature
2
engineering for machine learning models, and challenges posed by stripped
binaries. The session will also discuss limitations, potential countermeasures
against adversarial attacks, and the importance of correct runtime identification
in malware research, emphasizing the broader impact on software security.
Ricardo J. Rodríguez obtained his M.S. and Ph.D. degrees in Computer Science from the University of Zaragoza, Spain, in 2010 and 2013, respectively. He is currently an Associate Professor at the University of Zaragoza, where his research focuses on performance and dependability system analysis, system security, and digital forensics. He leads a research group dedicated to computer security at the University of Zaragoza (https://reversea.me) threats in Europe. Javier Carrillo-Mondéjar received his M.Sc. and Ph.D. degrees in Computer Science from the University of Castilla-La Mancha, Spain, in 2017 and 2022, respectively. He is currently an Assistant Professor at University of Zaragoza, Spain. His research interests include malware detection and classification techniques, with a particular focus on IoT/firmware cybersecurity
BadExclusions Don't turn your EDR into Gruyere cheese (EN)
Alex Garcia Rebull & Alberto Magallón Sábado
The goal of this research is to raise awareness among EDR (Endpoint Detection and Response)
administrators, and other solutions, about the need to create secure exclusions in their
systems.
The responsibility of creating secure exclusions falls on the customer, and sometimes a lack of
knowledge causes a simple exclusion to become a serious cybersecurity issue.
There are currently many well-documented techniques for bypassing an EDR. But what if,
instead of using one of these techniques, we attempt to abuse the exclusions created in the
EDR?
Our research has allowed us to develop two tools capable of identifying insecure exclusions.
We have been able to analyze the results obtained from one of the most popular EDRs, and we
are in contact with more providers to expand the tests conducted.
Alex Garcia Rebull is a Senior Offensive Security Analyst at Schneider Electric, with extensive experience in offensive security, red teaming, and penetration testing. He has over a decade of experience working in cybersecurity, specializing in application security, infrastructure security, and social engineering attacks. Alberto Magallón is an experienced Cybersecurity Analyst and currently serves as the Cyber Arsenal Manager at Schneider Electric in Barcelona, Spain. With a career spanning over a decade, Alberto has held key positions in both the public and private sectors, including roles such as Cybersecurity Incident Response Manager and Threat Intel and Threat Hunting Manager at the Cybersecurity Agency of Catalonia
AI + User Input = Problems! Real world examples (EN)
Paweł Kusiński
Every time at every conference there is someone with the next AI (or rather to be
more specific GenAI) topic. He wants to give you some real talk with real examples, rather than
just theoretical attacks which “could” happen. Yes, he will start with some quick theory, for everyone to be on the same page - just by
going through the current state of offensive security in topics of GenAI based on OWASP Top 10 LLM & Mitre. And then the ‘meaty’ part - two critical vulnerabilities he’ve found in the
wild - walkthrough, issues I’ve had during exploitation, how I got it!
Penetration Tester and Security Researcher at Snowflake, focusing on app and cloud (in)security. He likes to share his knowledge by leading various workshops, giving conference talks, and teaching at universities. AWS Community Builder and CTF player (member of justCatTheFish) who changes most of his hobbies every month.
Capriware Ransomware: Ransomware in ESXi and How to Monitor and Prevent It (EN)
Sebastien Kanj & Aleix Marro
In this talk, we will present the results of recent ransomware
incident responses carried out at INCIDE, which have aaected ESXi
infrastructures. During our investigations, we identified a new ransomware
gang, named Capriware, specifically targeting ESXi infrastructure. We will
explain how our DFIR team collects logs, which logs are crucial for analysis,
and the TTPs observed across diaerent attacks, including those related to
Capriware. Additionally, we will provide recommendations for monitoring
and preventing incidents on these systems.
Sebas is a telecommunications engineer and currently pursuing an Industrial PhD between INCIDE Digital Data S.L. and the Universitat Politècnica de Catalunya. He is the Manager of INCIDE’s DFIR team and has been a speaker at conferences such as RootedCon, JITEL, EAI ICDF2C, DFRWS EU, and workshops hosted by the Generalitat of Catalonia. Aleix, with a degree in Computer Science and a Master's in Cybersecurity, is a DFIR analyst. He focuses on incident response, process automation, and streamlining forensic investigations, using security tools like EDRs for timely incident resolution.
No future. ¿Seríamos soberanos en caso de conflicto global? (MESA REDONDA) (ES)
Antonio Fernandes
Después del asunto de CrowdStrike, ha quedado claro la dependencia tecnológica que afecta a todos, sin diferencias tamaño o reputación, ¿Tiene futuro Europa en un mundo interconectado, volátil e incierto? ¿Seríamos capaces de ser autosuficientes?
Enhancing Cybersecurity Intelligence through Machine Learning: Clustering and Forecasting Analysis of Honeypot Data (EN)
David Rosado
In this talk, we will explore the pressing cybersecurity challenge posed
by publicly exposed IP addresses, which are frequent targets for cyberattacks that can lead
to data breaches, ransomware infections, and unauthorized intrusions. These vulnerabil-
ities are often exploited by advanced malware, leaving traditional security mechanisms
struggling to keep up. To address this growing threat, we conducted a comprehensive
study using data collected from a global network of honeypots provided by the Global
Cyber Alliance.
We employed a combination of cutting-edge machine learning techniques and clustering
analysis to categorize attack patterns and reveal hidden trends in malicious activity. By
analyzing malware hashes, we identified significant threats posed by those not recog-
nized by the VirusTotal database. Additionally, we developed forecasting models such as
ARIMA, machine learning algorithms, and LSTM networks to predict future cyberattack
trends at a country level.
Villages
A Hacking Village is an educational activity to help to the community to share and practice hacking and cybersecurity skills.
The main purpose is to share and interact with small groups achieving the main topic of the village, also interact between participants in small activities parallel to conferences. In this way you can choose assisting to an introductory workshop or chasing criminals while in other room a speaker is talking about some new hacking.
Hacking Village will be proposed by staff, but final format will be closed by both parts (staff and leader). The main purpose is, one more time, show and share skills / techniques in some areas and not to show commercial products and services.
You'll be able to enjoy villages if you are enrolled in Cybersecurity Track.
The final list, requirements, and room names will be published in this section on October, the 20th, meanwhile we will be publishing bits of information.
This section is being updated every day
Village: Threat hunting and Malware analysis (EN)
Leader: Touhami Kasbaoui
Inside the Village we will cover the next topics:
- Detection through Elastic Security SIEM, deployed in a shared VM, including installation guidance and explanation of key security detection policies.
- Retrieval of malware artifacts and TTPs for analysis, including: a. Introduction to static analysis and required tools. b. Dynamic analysis techniques. c. Brief introduction to reverse engineering, required tools, basics of Windows architecture, and portable executable structure to help participants enter the reverse engineering field.
- Thinking outside the box for external malware hunting to feed SIEM or SOAR systems, using various techniques. 4. Revealing a technique to identify malware types and adapt to their base architecture to find security vulnerabilities or misconfigurations for exploitation.
We will cover as a Training two strategies:
explaining a real-world use case scenario of identifying and detecting a Malware Loader infection, and providing a live demonstration Explaining the detection process, followed by the required elements and techniques for investigation:
- USE CASE Scenario:
- -Identifying behavior through SIEM
- Malware Analysis 101:
- -Static analysis
- -Dynamic analysis
- -Automated analysis
- REVERSE ENGINEERING 101:
- -Anatomy of a Windows PE Compilation
- -x86 assembly language
- -Typical attack track
- Threat Hunting Introduction:
- -Proactive approach
- -Setting up a war zone area (Tools)
- -Local hunting and red flags
- -External hunting
- -Hunting C2 malware
- -Hacking back Command & Control
Estimated Duration: 2 hours
Touhami is primarily oriented towards purple teaming. By day, he practice cyber defensive security, and by night, he discover security vulnerabilities in various vendors. Recently, he discovered a local privilege escalation vulnerability in the ASUS framework, and he have a pending local privilege escalation discovery in Windows 11. He also work on discovering security vulnerabilities in Google Chrome and conduct vulnerability research and development for different vendors.
Village: Red Team (EN)
Leader: Ilya Shaposhnikov
Inside the Village we will cover the next topics:
- Pentest Collaboration Framework
- Duration:1 hour.
Requirements: Laptop + git
- Active Directory Certificate Services Attack and Remedation
- Duration: 2 hours.
Description: Certificate services ESC1-15 attacks how to exploit and how to configure securely.
- Mastering ROP: Building Blocks of Modern Exploits
- Duration: 1h + 20min
Description: Let’s master the basic techniques for implementing a ROP attack.
Requeriments: Windows, VSCode (C++), Notepad++, x64dbg
Wednesday, November, the 20th at 9:30am
Total Estimated Duration: 7 hours
OffSec Team Leader at My.Games with 8 years of official offensive security & IoT research experience. Author of PCF & IoTSecFuzz tools. Owner of ~20 CVEs.
Village: Wordpress Security - Seguridad WordPress: users, developers, systems (EN/ES)
Leader: Javier Casares
AGENDA
- Users: They will have an overview of what security measures their WordPress needs and how to keep it safe.
- Developers: We will learn about the most common security features and good practices when developing a plugin.
- Systems: We will see some important aspects to protect in our systems, routes to take into account and rules for firewalls.
WordPress Village Index
- What WordPress is (and what it is not)
- WordPress Security, as a user Default security. Weaknesses and strengths. What to protect and what not to protect. Plugins and other things.
- WordPress security, as a developer Service recommendations.What and how to protect. Plugins. What to keep in mind. Useful functions.
- WordPress security, as a sysadmin Service recommendations.What and how to protect.
- Attacking (and defending) WordPress Let's find weaknesses.Patching weaknesses.One step further.
Total Estimated Duration: 2 hours
I've been a system administrator on the Internet since 1994, although I've been developing for many years. Among many other things, I'm the representative of the WordPress.org Hosting team and the person responsible for advanced documentation for WordPress.org. One of my personal projects is WPVulnerability, a database of WordPress (core, plugins, themes) and software (PHP, Apache, nginx, MariaDB, MySQL…) vulnerabilities and its corresponding WordPress plugin.
Schedule
Privacy and Net Neutrality Track
Schedule available for download (PDF)
Interesting Places around Cibernàrium
Available for download (PDF)
Where we are?
PDF available for download
Final Cybersecurity Track Schedule will be sent by email to registered assistants
