ISACA Challenge for Young Professionals
ISACA
Madrid has launched, for fourth time, a
challenge for young professionals with the main goal of encouraging
young people to innovate and promote in the Audit,
Information Security and Information
Security Governance fields.
This is the fourth
edition where young professionals can demonstrate their skills and
knowledge about new threats, risks and tools, and this is a good
opportunity to show our last researches and development projects to
the security community, and at the end, it's a good opportunity to
teach what we know to improve the security world.
The
first edition in 2014, I was there with my proposal about “¿estamos
vendidos?” but I got
the second prize, was for
Daniel
Echeverry Montoya & Ismael González with
their good job about "Tortazo
para la recolección de información y auditoría
de repetidores en la red de TOR".
TORTAZO is an opensource tool to
collect information and conduct attacks against exit nodes of TOR
network. It also works on "Zombie" mode allowing us
to create a botnet on those nodes compromised through SSH. This mode
allows the parallel execution of commands against botnet or complete
a given set of computers.
ISACA Challenge 2014 |
The
second edition in 2015 was for my paper
called “Juego
de Troyanos” where I
analysed how the Zeus malware works and I
developed a “similar” trojan malware with Domain
Generation Algorithms to
bypass black lists and antivirus software. In
fact, most of the ransomwares
like CryptoLocker or CryptoWall still use the DGA technique to bypass
security protections
like IP and domain
reputation. It was an “easy” way to
demonstrate that anyone can develop a trojan
malware to bypass common security safeguards.
ISACA Challenge 2015 |
Last year, Juan Antonio Velasco Gómez and Diego Jurado Pallarés got the first prize with “Deception PI - Análisis de las Tendencias de Ataques de Malware en Sistemas Señuelo para Informática Forense”. The work presented was made to detect, study and analyze certain types of computer attacks, specifically Secure Shell (SSH) attacks, using the technology of decoy systems, commonly known as Honeypots.
They configured a small network of sensors, integrated in small dimensions platforms (Raspberrys). This network consisted of two sensors located in different cities (Madrid and Granada) that will allow them to classify and analyze the results and malware samples obtained in the experiment.
ISACA Challenge 2016 |
The requirements for the ISACA challenge are the same as always. If we are young people with less than 35 years old and we have something interesting to show and teach about Audit, Information Security or IT governance, this is your challenge. Write a paper and send it to ISACA.
Regards my
friend and remember, drop me a line with the first thing you're
wondering.
Commentaires
Enregistrer un commentaire