Inside BSides Mexico City 2024
BSides Mexico City Presentations That Made It to The Spotlight
The team had the chance to join different presentations during the day, which introduced a diverse array of perspectives, experiences, and strategies, highlighting real-world scenarios about the current cybersecurity landscape.
The Echelon Mexico team attended a highly insightful session by Santi Abastante from Argentina, titled "Bridging the Gap Among Cloud Engineers and Incident Responders with Open Source." Santi highlighted the nature of cloud incident response, which requires a diverse set of tools and skills. Many cloud-based startups, constrained by budget limitations, struggle to implement preventive controls, and often lack the expertise to respond effectively to security incidents.
The presenter introduced Dredge, an open-source tool designed to simplify cloud incident investigation. This tool enables engineers to respond to attacks regardless of their prior preparation by leveraging the built-in security features of major cloud providers.
Key functionalities of Dredge include:
- Seamless log retrieval from platforms like GitHub, Kubernetes, AWS, GCP, and Azure
- Taking decisive actions such as blocking IPs or isolating instances
- Identifying exploitable misconfigurations
Santi demonstrated the tool's capabilities through real-world examples, showcasing how it can address common cloud-based attacks such as admin service account compromises and EC2 server malware infections. Initially developed to support their CSIRT, Dredge is now available to the broader community, exemplifying the collaborative spirit of the open-source movement in cybersecurity.
Another highlight was “No todo es hacking (hacking is not everything),” which was also a remarkable presentation. While numerous people relate cybersecurity only to penetration testing (pen testing) or hacking, Carolina Chavez refuted this idea in her speech. Although pen testing is an incredibly valuable skill within cybersecurity, it is not the only role that is needed to run a successful cybersecurity company.
One of the final standout presentations at this edition was “Técnicas de post-explotación usadas por threat actors en la nube (Post-exploitation techniques used by cloud threat actors),” delivered by Jorge Gibbs and Iván Sánchez. This session dove into what threat actors do after successfully achieving their goals – highlighting that hacking is not just about breaching into a system, but the ability to erase any tracks left by the threat actors and be as stealthy as possible.
Jorge and Iván used real-life examples and case studies that illustrated how these cybercriminals manage to cover their tracks. This phase does not only require an extensive knowledge about processes and operating systems, but also a deep understanding of cloud infrastructure and security mechanisms, since logs, monitoring systems and security protocols might hold clues to what happened during the attack, including the potential identity of the threat actor.
A particularly insightful aspect of the presentation was about the collaborative nature –on purpose or not– of cybercriminal groups. Jorge and Iván revealed how different groups share and steal tactics from one another, not really caring whether the original source came up with the technique a few months ago or decades ago, or if their goals aligned with their predecessors.
The presenters stressed the importance of implementing robust monitoring and logging mechanisms, putting a special emphasis on the update of threat intelligence, since history is harder to repeat itself if the cybersecurity professionals are aware of it.
BSides Mexico City Hands-On Experience: The Villages
BSides Mexico City was not just about attending insightful sessions, but also getting hands-on experience through a variety of interactive villages that put our team’s abilities to the test.
The Lock Picking Village, sponsored by Pwntacles, was a quite popular attraction where attendees had the opportunity to learn, practice and challenge themselves in the art of lock picking, not limited to the conventional locks. This village offered a variety of items to unlock, such as access cards, suitcases, key lock boxes, handcuffs, and a variety of locks, using different types of tools, both physical and logical, always guided by the village’s staff.
Participants were also prompted to join their challenge: opening a secure box and a combination lock for wine and liquors, without any prior indications. This village provided invaluable insights into the mechanisms of physical security breaches and the skills needed to bypass them, emphasizing the importance of not sticking to just the regular types of locks to save up costs.
Another village that the Echelon team had the chance to explore was sponsored by our proud partners WOMCY, an organization that is working to reduce the knowledge gap and increase the opportunities for women in the cybersecurity industry (WOMCY). The WOMCY team put together an escape room that featured various challenges that required both skills and attention to details, such as data exfiltration from one computer to another, lockpicking, and even the binary conversion skills were put to the test.
The storytelling element added an extra layer of engagement, making the experience feel more real. Also, as a side activity while waiting for their turn, participants had the opportunity to craft friendship bracelets, fostering a sense of community and a break from the routine. The biggest highlight of this village was the importance of teamwork and creative problem-solving in cybersecurity, always thinking out of the box.
Almost at the end of the evening, the final stop for the team was at the Social Engineering: Vishing Village, that offered the opportunity to explore this type of social engineering attack. Assistants were tasked to obtain confidential information using the public phone of a company, all in a simulated environment (of course!). This simulation provided a realistic and eye-opening experience of how the appropriate questions asked to the correct people can result in data leaks.
The Importance of Networking and Building Community
Being present at BSides Mexico City made us realize the importance of networking and building strong long-term relationships with other industry professionals in a rapidly changing world of cybersecurity. Encouraging community-building with industry peers, technology providers, and thought leaders allows us to overcome emerging threats, cutting-edge solutions, and as result it enhances our ability to address complex security challenges.
Being part of the cybersecurity community is not only a rich source of fresh and innovative ideas, but also represents the opportunity to create a collaborative environment where knowledge and best practices are shared. This interconnected network also makes partnerships and collaborations possible; it also guarantees that we can provide our clients with comprehensive, modern support.
By actively participating in networking events, engaging in online communities, and joining professional associations you increase the visibility of your business is increased and establish yourself as a respected and trusted figure.
Lastly, we can provide outstanding value, positioning us as leaders and reliable advisors in the cybersecurity landscape, thanks to our dedication to networking and community-building.