Sometimes I talk in public. I enjoy sharing knowledge 🤓.
2024
¿Cómo es el arsenal de un grupo APT latinoamericano?
Ekoparty Security Conference (RedTeam Space). Buenos Aires, Argentina
Ransomware, troyanos open-source y malware a medida: dos grupos APT latinos, dos estilos un mismo objetivo. Vamos a explorar cómo estos actores buscan el control total con sus estrategias y herramientas.
2023
Free beer! Now that I have your attention, let’s talk about malvertising
Ekoparty Security Conference (BlueSpace). Buenos Aires, Argentina
Coauthor: @lisandro_ubiedo
Picture this: you’re a content creator, excited to try new video streaming software recommended by a follower. But a simple download turns into a nightmare as your digital life gets hijacked. Welcome to malvertising. Let’s uncover together the current state of this technique. P.S. No free beer.
2021
The Kerberos Key List attack: The return of the Read Only Domain Controllers
Ekoparty Security Conference. Buenos Aires, Argentina
Microsoft wants Azure everywhere and following that premise, the company has implemented several features in this platform. From an authentication point of view, the most interesting ones are the passwordless scenarios. A short time ago, Microsoft released a new functionality that enables passwordless authentication with security keys in Azure environments. This offers us a seamless SSO experience, but under the hood there is something else: the return of the Read Only Domain Controllers. In this talk I’ll introduce a new attack vector against the RODCs using the Kerberos Key List request messages.
The art of war of Browser Fingerprinting
Ekoparty Security Conference (BlueSpace). Buenos Aires, Argentina
Coauthor: @florencia_rao
Browser fingerprinting is a technique that can be used to uniquely identify users or devices via a website. It can be used for good, in authentication schemes, or for bad, in tracking systems. This situation started an arms race between browsers and those who use fingerprinting to identify users.
Being the good guys, what strategy do we use to continue to identify our legitimate users? How can we maximize the effectiveness of this technique?