ROOTCON® Hacking Conference

Villages

101 Village

Every year new blood comes out of their comfort shells, it's where Hacking 101 started, just as a small training at ROOTCON, but we've seen a significant improvement in our attendees so why not make this a village and let it grow not only to cater Hacking 101, but everything 101's, this is your beginners guide to the world of hackers and hacking.

We are all n00bs at some point! this village will kick-start your career as a professional hacker or just hacking for fun and profit.

It's not just that, 101 village also welcomes those wanting to refresh their hacking-fu skills as well.

Operators
Napz
Encrypted
s8nph

Helpers
semprix (@semprix)
shipcod3 (@shipcod3)

Talks
Red Team 101 - Red Team Infrastructure, Planning and Intrusion
Red Team has become a buzzword in the information security field for quite some time as most people think that anything related to offensive security engineering is Red Teaming. This talk aims to reintroduce the concept and purpose of Red Teaming, and how to start becoming a red team operator. Topics such as Operator's mindset, Red Team Infrastructure, Phishing Methodology and Basic Payload Creation will be covered by this interactive session.

Speaker Bio
A purple teamer in the making, He is an Information Security Professional with 5 years of experience in the field and is currently leading the Red Team Operations at THEOS Cyber Solutions. Before transitioning as a full-time penetration tester and red teamer, he worked as a SOC Analyst and Incident Responder where he gained and developed his skills in Threat Hunting and DFIR. Currently, he is holding multiple certifications such as GCDA, CRTP, CRTE, CRTO, OSCP, and OSEP.

An introductory course to hacking all the things
Want to start offensive security operations but have no idea where? Wonder how they hack machines and gain privileges?

Do you ever wonder how hackers think? What mindset is needed and how you'll formulate your attack plans?

Enroll in our talk on how to take baby steps and hack your first machines

Speaker Bio
Emman is a security researcher with a passion for penetration testing and offensive security. He has been in the hacking community for 7 years and has been actively participating in different Capture the Flag competitions both locally and internationally. He went to jumpstart his formal career in penetration testing at a Philippine based CSIRT team, he also reviewed CVE submissions for MITRE while also submitting exploits based on his research, always striving to doscover new stuff to pwn.

Web Pentesting 101 - Basic Web Penetration Testing using Burpsuite
A Basic and Fundamental training on Web Pentesting for newbie pentesters and security practitioners. This training aims to provide a run down on how to perform web pentesting using Burpsuite. This training will also cover in detail the web pentesting methodology and end-to-end process of a pentest engagement. This session will be interactive and will include hands on exercises/challenges. And at the end will share best practices, tips and tricks on how to perform pentesting more efficiently and deliver enterprise grade penetration tests.

Speaker Bio
Jayson Vallente is the Director of Theos Offense and a Goon of RootCon. He is a seasoned penetration tester and cyber security professional. He had been part of the first pentest teams in the Philippines and have help build multiple pentest teams in the country including HP Fortify, Trustwave SpiderLabs PH and Theos Cyber Solutions Offense Team. He has performed pentest for various enterprises world wide including Fortune 500 companies. He is very passionate about security and fostering the hacker culture in the community.

Malware Analysis 101
In Malware Analysis 101, we will be defining malware and then quickly go over the process of analyzing malware and what malware analysis tools can be used for the task.

Speaker Bio
Louisa Pamintuan and Denisse Layco are both Offensive Security Engineers at VikingCloud. They are new to the pentesting scene and are still learning the ropes of their role.

Car Hacking Village

The Car Hacking Village PH is a branch in Asia of the official Car Hacking Village (https://www.carhackingvillage.com/about) Its primary goal is to build a community around discovering weaknesses and exposing vulnerabilities that could significantly impact the safety and security of all drivers and passengers on the road today. Educating security researchers on the functionality of vehicle systems coupled with providing them with the opportunity to gain hands-on experience working side by side with experts in this field is a plus for the attendees. Leveraging the vast amount of experience the security research community brings to the Village may increase the safety and security of vehicles on the road today and for generations to come.

Operators
shipcod3 (@shipcod3)
[email protected]

Talks
A Teardown of Starting Your Very Own Car Hacking Test Bench
Building a car hacking test bench takes both time and patience, from sourcing usable parts, understanding wiring diagrams, powering the parts and connecting them to each other in able to see accurate output of signals being sent as command through the car hacking tools being utilized. This will provide anyone who would like to build their own car hacking test bench tips and tricks on how they can build one quicker and effeciently. Through this, challenges on how to come up with your car parts grocery list for your test bench will be shared and will help realize why some car parts just wouldn’t work for the intended purpose.

Speaker Bio
[email protected] - a clinical pschology major that has the knack for information security. He is an HR professional by day and bu dark a social engineer “most of the time”. He is known for his contributions in the researches that explore attention span, maximizing brain operation, and fraud the fraud. He also has the passion for thinkering about anything that has a power source, most definitely cars, allowing him to be a contributor for researches relevant to the car hacking scene locally in the Philippines.

Let's Get Down with canTot: quick and dirty canbus h4xing framework for car hackers
canTot is a python-based cli framework based on sploitkit and is easy to use because it is similar to working with Metasploit. This similar to an exploit framework but focused on known CAN Bus vulnerabilities or fun CAN Bus hacks. It can also be used as a guide for pentesting vehicles and learning python for Car Hacking the easier way. This is not to reinvent the wheel of known CAN fuzzers, car exploration tools like caring caribou, or other great CAN analyzers out there. But to combine all the known vulnerabilities and fun CAN bus hacks in automotive security.

Speaker Bio
Jay Turla is Principal Security Consultant at VikingCloud, and one of the goons of ROOTCON. He has presented at international conferences like ROOTCON, HITCON, Nullcon, DEFCON, etc. He used to work for HP Fortify and Bugcrowd in the areas of appsec. His main interest or research right now is about car hacking and is currently one of the main organizers of the Car Hacking Village of ROOTCON / Philippines which is recognized and supported by the Car Hacking Village community.

Lockpick Village

The Lock Picking village covers the physical side of security, simply because securing your infrastructure is not enough if the weakest link is a physical lock that an attacker can open in a few seconds. With a lock pick kit and a reset pin, one can easily be resetting your firewalls and switches in no time, God-mode activated!

This year's Lock Picking Village is exclusive to Human+ participants only, and it's all about high security locks. We will have an in-depth discussion and hands-on demo on high-security locks, the different mechanisms and ways to attack them.

Operators
schiaparelli

Talks
To be announced.