days
hours
minutes
seconds
Tickets
No cON Name congress (2024)
No cON Name is the oldest active hacking and IT security conference in Spain. Established in 1999, the first edition took place in Mallorca, and the event now continues in Barcelona. We are a non-profit association. Our events are open to anyone eager to share knowledge and engage with our vision of Hacking and IT Security (aka Cybersecurity). Here you can learn with no commercial bias, no sponsors (as much as possible) and meet people confortably. We thrive thanks to the support of our participants, we take pride in being one of the most independent conferences
Organization
Singularities
Privacy and Net Neutrality Track
Join Privacy and Net Neutrality Track for FREE*
The first day of the conference will be dedicated to this track. The event consists of a day full of talks in CAT/ES/ENG languages. The final list of talks will be published in this section on october, the 20th, meanwhile we will be publishing bits of information about talks and speakers.
Accepted speakers
Anti-censura en TOR (ES)
meskio
Meskio es parte del Equipo Anticensura del Proyecto Tor, donde investiga cómo los censores bloquean el acceso a la red Tor y desarrolla formas de escapar de esta censura.
Vigilancia Silenciosa: Lo Que el Cifrado No Esconde (ES)
ReD
Autodidacta de nacimiento, azote de cacharros y sistemas, defensor de la privacidad como forma de vida, investigador por diversion, hax0r nocturno, friky a mucha honra. Lo que viene siendo, un mente inquieta.
El poder de GPT: la nueva Fuerza Ideológica Global (ES)
Josep Jover
Abogado, especializado en propiedad intelectual y derechos de autor , y gestor de conflictos. Es director del CAPA8 asistencial. Obtiene su licenciatura por la Universidad de Barcelona y ejerce como abogado desde 1983 en las ramas de derecho civil, mercantil y comunitario; y como auditor informático desde 1997.
Como la criptografía cuántica cambia la ciberseguridad (ES)
Marco Cofano & Alina Hirschmann
El Dr. Marco Cofano es el responsable del equipo de Ingeniería de Software en LuxQuanta, una empresa pionera en la comercialización de soluciones de criptografía cuántica basadas en la Distribución Cuántica de Clave de variable continua (CV-QKD). Cuenta con un doctorado en Matemáticas y Física Cuántica de la Universidad de Nottingham, Reino Unido, y un máster en Física Teórica y Matemática de la Universidad de Bolonia, Italia. Alina es Responsable de comunicación científica de l'Institut de Ciències Fotòniques. Tiene una experiencia de más de 15 años trabajando en el área de comunicación con centros de investigación. Doctorada en astrofísica y máster en dirección de comunicación.
Qui hi ha darrere de l’escàndol Pegasus a l’Estat espanyol?
Cèlia Carbonell i Andreu Van den Eynde
Cèlia és referent a Irídia en l'àmbit de la defensa de la societat civil, especialitzada en spyware. Es dedica a denunciar i visibilitzar aquelles actuacions que posen en perill les llibertats civils fonamentals així com altres drets humans relacionats. Andreu és advocat especialista en dret penal i interessat en el dret digital. Ha defensat polítics com Oriol Junqueras i Raül Romeva al judici contra el referèndum de l'1 d'Octubre i el seu mòbil va ser infectat amb Pegasus, software espia d'NSO.
Cybersecurity Track
Within the frame of reference where we are located, we can boast of being the most avant-garde, traditional and independent conference.
For several editions (2), we have wanted to open ourselves to the rest of the world using English as a unifying tool. We invite everyone come to our conference and Barcelona. On the other hand, we have not ruled out our mother tongues, which will always be part of our identity.
Join Cybersecurity Track
The second and third days of the conference will be dedicated to this track. The event consists of two days full of talks, and forum discussion in CAT/ES/ENG languages.The final list will be published in this section on October, the 20th, meanwhile we will be publishing bits of information about talks and speakers.
Accepted speakers
Unveiling a New Botnet - Diving into the Unknown (ES)
Albert Priego
Albert Priego trabaja actualmente como Investigador Senior en RSA Netwitness en el área de Threat Intelligence & IR liderando a nivel técnico la investigación y el análisis de amenazas en Europa. Anteriormente trabajó en Group-IB donde realizó investigaciones internacionales que resultaron en la identificación y neutralización de APTs y botnets entre otras amenazas de alto perfil cooperando junto a diferentes fuerzas de seguridad.
Ciberseguridad para lo que queda de 2024 (ES)
Josep Jover
Abogado, especializado en propiedad intelectual y derechos de autor , y gestor de conflictos. Es director de CAPA8 asistencial. Obtiene su licenciatura por la Universidad de Barcelona y ejerce como abogado desde 1983 en las ramas de derecho civil, mercantil y comunitario; y como auditor informático desde 1997.
JiraConf exploitation & post-exploitation (EN)
Ilya Shaposhnikov
Identifying Runtime Libraries in Statically Linked Linux Binaries with MANTILLA (EN)
Ricardo J. Rdez & Javier Carrillo-Mondéjar
Ricardo J. Rodríguez obtained his M.S. and Ph.D. degrees in Computer Science from the University of Zaragoza, Spain, in 2010 and 2013, respectively. He is currently an Associate Professor at the University of Zaragoza, where his research focuses on performance and dependability system analysis, system security, and digital forensics. He leads a research group dedicated to computer security at the University of Zaragoza (https://reversea.me) threats in Europe. Javier Carrillo-Mondéjar received his M.Sc. and Ph.D. degrees in Computer Science from the University of Castilla-La Mancha, Spain, in 2017 and 2022, respectively. He is currently an Assistant Professor at University of Zaragoza, Spain. His research interests include malware detection and classification techniques, with a particular focus on IoT/firmware cybersecurity
BadExclusions Don't turn your EDR into Gruyere cheese (EN)
Alex Garcia Rebull & Alberto Magallón Sábado
Alex Garcia Rebull is a Senior Offensive Security Analyst at Schneider Electric, with extensive experience in offensive security, red teaming, and penetration testing. He has over a decade of experience working in cybersecurity, specializing in application security, infrastructure security, and social engineering attacks. Alberto Magallón is an experienced Cybersecurity Analyst and currently serves as the Cyber Arsenal Manager at Schneider Electric in Barcelona, Spain. With a career spanning over a decade, Alberto has held key positions in both the public and private sectors, including roles such as Cybersecurity Incident Response Manager and Threat Intel and Threat Hunting Manager at the Cybersecurity Agency of Catalonia
AI + User Input = Problems! Real world examples (EN)
Paweł Kusiński
Penetration Tester and Security Researcher at Snowflake, focusing on app and cloud (in)security. He likes to share his knowledge by leading various workshops, giving conference talks, and teaching at universities. AWS Community Builder and CTF player (member of justCatTheFish) who changes most of his hobbies every month.
Capriware Ransomware: Ransomware in ESXi and How to Monitor and Prevent It (EN)
Sebastien Kanj & Aleix Marro
Sebas is a telecommunications engineer and currently pursuing an Industrial PhD between INCIDE Digital Data S.L. and the Universitat Politècnica de Catalunya. He is the Manager of INCIDE’s DFIR team and has been a speaker at conferences such as RootedCon, JITEL, EAI ICDF2C, DFRWS EU, and workshops hosted by the Generalitat of Catalonia. Aleix, with a degree in Computer Science and a Master's in Cybersecurity, is a DFIR analyst. He focuses on incident response, process automation, and streamlining forensic investigations, using security tools like EDRs for timely incident resolution.
No future. ¿Seríamos soberanos en caso de conflicto global? (MESA REDONDA) (ES)
Antonio Fernandes
Enhancing Cybersecurity Intelligence through Machine Learning: Clustering and Forecasting Analysis of Honeypot Data (EN)
David Rosado
Villages
Hacking Village will be proposed by staff, but final format will be closed by both parts (staff and leader). The main purpose is, one more time, show and share skills / techniques in some areas and not to show commercial products and services.
You'll be able to enjoy villages if you are enrolled in Cybersecurity Track.
The final list, requirements, and room names will be published in this section on October, the 20th, meanwhile we will be publishing bits of information.
Village: Threat hunting and Malware analysis (EN)
Leader: Touhami Kasbaoui
- Detection through Elastic Security SIEM, deployed in a shared VM, including installation guidance and explanation of key security detection policies.
- Retrieval of malware artifacts and TTPs for analysis, including: a. Introduction to static analysis and required tools. b. Dynamic analysis techniques. c. Brief introduction to reverse engineering, required tools, basics of Windows architecture, and portable executable structure to help participants enter the reverse engineering field.
- Thinking outside the box for external malware hunting to feed SIEM or SOAR systems, using various techniques. 4. Revealing a technique to identify malware types and adapt to their base architecture to find security vulnerabilities or misconfigurations for exploitation.
We will cover as a Training two strategies:
explaining a real-world use case scenario of identifying and detecting a Malware Loader infection, and providing a live demonstration Explaining the detection process, followed by the required elements and techniques for investigation:
- USE CASE Scenario:
- -Identifying behavior through SIEM
- Malware Analysis 101:
- -Static analysis
- -Dynamic analysis
- -Automated analysis
- REVERSE ENGINEERING 101:
- -Anatomy of a Windows PE Compilation
- -x86 assembly language
- -Typical attack track
- Threat Hunting Introduction:
- -Proactive approach
- -Setting up a war zone area (Tools)
- -Local hunting and red flags
- -External hunting
- -Hunting C2 malware
- -Hacking back Command & Control
Estimated Duration: 2 hours
Touhami is primarily oriented towards purple teaming. By day, he practice cyber defensive security, and by night, he discover security vulnerabilities in various vendors. Recently, he discovered a local privilege escalation vulnerability in the ASUS framework, and he have a pending local privilege escalation discovery in Windows 11. He also work on discovering security vulnerabilities in Google Chrome and conduct vulnerability research and development for different vendors.
Village: Red Team (EN)
Leader: Ilya Shaposhnikov
- Pentest Collaboration Framework
- Duration:1 hour.
Requirements: Laptop + git
- Active Directory Certificate Services Attack and Remedation
- Duration: 2 hours.
Description: Certificate services ESC1-15 attacks how to exploit and how to configure securely.
- Mastering ROP: Building Blocks of Modern Exploits
- Duration: 1h + 20min
Description: Let’s master the basic techniques for implementing a ROP attack.
Requeriments: Windows, VSCode (C++), Notepad++, x64dbg
Wednesday, November, the 20th at 9:30am
Total Estimated Duration: 7 hours
OffSec Team Leader at My.Games with 8 years of official offensive security & IoT research experience. Author of PCF & IoTSecFuzz tools. Owner of ~20 CVEs.
Village: Wordpress Security - Seguridad WordPress: users, developers, systems (EN/ES)
Leader: Javier Casares
- Users: They will have an overview of what security measures their WordPress needs and how to keep it safe.
- Developers: We will learn about the most common security features and good practices when developing a plugin.
- Systems: We will see some important aspects to protect in our systems, routes to take into account and rules for firewalls.
WordPress Village Index
- What WordPress is (and what it is not)
- WordPress Security, as a user Default security. Weaknesses and strengths. What to protect and what not to protect. Plugins and other things.
- WordPress security, as a developer Service recommendations.What and how to protect. Plugins. What to keep in mind. Useful functions.
- WordPress security, as a sysadmin Service recommendations.What and how to protect.
- Attacking (and defending) WordPress Let's find weaknesses.Patching weaknesses.One step further.
Total Estimated Duration: 2 hours
I've been a system administrator on the Internet since 1994, although I've been developing for many years. Among many other things, I'm the representative of the WordPress.org Hosting team and the person responsible for advanced documentation for WordPress.org. One of my personal projects is WPVulnerability, a database of WordPress (core, plugins, themes) and software (PHP, Apache, nginx, MariaDB, MySQL…) vulnerabilities and its corresponding WordPress plugin.