Source Seattle 2011

Some days ago, Source Seattle (USA) took place. It is the first time it has taken place in Seattle and although the attendance couldn’t match the Boston conference, the atmosphere was magnificent. It began on Tuesday the 14th with an event for the speakers and organizers to get to know each other and enjoy a beer with some tasty Asian cuisine. I was the representative of the S21sec e-crime team with a speech about banking Trojans.

The talks began on Wednesday the 15th and the agenda was divided into two tracks, one dedicated to technical themes and the other centred on the business world. The first day, the following themes (amongst others) were touched on: evaluation of necessary expenses in security, the application of the law in cybercrime matters, threat modelling, forensic memory analysis of Android’s Dalvik Virtual Machine and my speech about the evolution of fraud through banking Trojans.

The objective of the speech was to analyse the changes that including banking Trojans has brought, how their injections have adapted and how they have arrived at a point where the binary family is no longer important and what is really striking, in the success of a malware campaign, is how the cybercriminals are using the binaries. The speech covered one of the latest banking Trojans, Tatanga, and a demo was made showing the different stages of ZeuS Man in the mobile (MitMo). You can download the presentation from this link.

The next day the sessions began early. The first session began during breakfast, at 8am. It was given by the guys from Trustwave. They explained how they had successfully managed the DEFCON network during recent years: Building the DEFCON network, making a sandbox for 10,000 hackers.

There were 12 further presentations, each one interesting. For example, the one given by Jarret Brachman about extremism on the Internet, discussed how the use of point scoring and reputation systems (gamifying) made for more energetic participation in movements.

After this, came others that dealt with post-exploitation in MS-SQL environments, the analysis of malicious code through SIEM systems and the reverse engineering of iPhone applications.

There were four further speeches and from the technical side we could highlight: the security in Mac OS X Enterprise systems and the weakness of some of the protocols and finding devices on the network through HTTP requests. In parallel, in the business track, the themes of PCI Compliance in the Cloud and hiring of security personnel were touched upon.

The conference ended with an event where all attendees and other professionals from the city could get to know each other and debate a wide range of topics. Also, the ToorCon took place this same weekend. So, we could meet some of the attendees and speakers around there, for example, Dan Kaminsky.

In summary, another conference to bear in mind and one that will surely improve in years to come, as the number of security professionals in Seattle is enormous. There are businesses such as Microsoft, Facebook and Google settled nearby. Without a doubt, I would recommend you attend this conference in the future, if you have the chance. The way we were treated and the organization were impecable!