Barcamp 2014 Santiago

GRACIAS!!!

Thanks to all supporters and attendees.

Cleaning some late hour bugs from live coding for first public commit and deploy a live demo for oniricus for you to try.

The Nakamura Project: Messing arround with time...

Nakamura is a soon to be released open-source framework for fuzzing and attacking authentication schemes, protocols, logs and all sort of stuff that rely on unsafe time syncing mala-praxis.  Some PoC code and demonstration on this will hopefully be ready for the next barcamp!!!

Possible uses for this framework include: - A Nakamura "Time travel" attack on substandard NTP and SNTP implementations ( Not the NTP amp DDoS attacks ). - Scanners for identifying time-leaks, an unusual suspect. - Tools for Exploiting authentication based on unreliable time as random seed ( Session cookies, time based 2 way authentication tokens ). - Speeding up time as denial of service to expiring client sessions. - Others... Stay tuned...

And it almost happens again...

If we meditate in the words: "web", "net", "mesh", we'll sooner or later get to the same conclusion: In the web, you are the spider or food, so move fast to tell the difference.

After years of exposure to toxic mild "social" networks I've become slower and lazier. They absorb time the same way a black-hole sucks light.

Almost took the word of well-disguised neophites posing as gurus in corporate blogs, when I've found myself wasting my eyes lifespan just because linkedin's (and every single other social network) was using it's voodoo magic witchcraft on me, recommending things that catch my eyes right away with its buzz-word diverting and promising post title.

Always ended up dissappointed, entertained maybe or just being trapped in the echo of the zombiesphere, those poor victims of dark tweetslave-lords druids that can cast trending topics on demand with NPI, mindcontrolling buzzwords. Satan says: "Make it look like the masses really believe they are choosing this..."

Thanks to all for your great support @ the BarCamp STI 2013.

Estuvo NERDISIMO!!!!!!

love you all. My stuff and some great people:

Video: http://www.youtube.com/watch?v=1IJkPUo3ayk&feature=youtu.be

Presentacion: https://speakerdeck.com/xenomuta/telefobia-ciber-tigueraje-y-paranoia GitHub: https://github.com/xenomuta/telefobia

Wow!!!! Mi vida cambió.

Señores, no exagero, este evento fue excepcional, sin desperdicio, charlas buenas todas. Charlistas expertos de verdad en lo que hablaron, Cuando digo que fue una experiencia inolvidable e irrepetible no miento.

Music-as-code-booster #1: Machinae Supremacy

I've jsut heard this guys and... It felt like this:

My reaction on Apple's TouchID...

The new iPhone 5s has a "500ppi sensor capable of scanning sub-dermal layers of skin from a variety of angles, resulting in a more detailed, three-dimensional map of a fingerprint" and they say they won't store, iCloud, mine or "prism" it...

"All fingerprint [data] is encrypted," said Apple marketing chief Phil Schiller, "and secured inside a secure enclave. It's never available to other to other software. It's never uploaded to Apple's servers or backed up to iCloud."

People, expect to be data-mined even more... Who the F*$#! knows. It wouldn't surprise me at all if this is even capable of reading through globes...

PEOPLE WAKE UP!

I am concerned by our species. Whats next?? Androids sporting Fast-PCR-DNA mapping device to clone us on demand authenticate us more securely?

What is up with Noises? (The Science and Mathematics of Sound, Frequency, and Pitch) (by Vihart)

Smart TVs and Gesture controlled TVs = Prism cameras at home

This time your TVs will be watching you...

ShoutHappens!! won the 2nd place in Pandacodium 2013 hackathon

It was a very interesting experience us to play in this years' Pandacodium Hackathon. We didn't push the best changes in the last minute, so almost won the 1st place by half point!!!

Our project is called "Shout Happens" (have a try here) http://shouthappens-xenomuta.rhcloud.com.  It is a realtime application that shows tragedies and dangerous events near you in a map.

Powered by socket.io and google maps API in the frontend, and some sweet Node.js backend with express and passport middleware and MongoDB magical geo spatial indexing searches.

Hola!, Me encanto su presentacion ayer en el CodeCamp, sinceramente me motivo mucho su exposicion sobre la Ingenieria inversa y tengo una duda para usted: que le aconsejaria a un begginer en ingenieria inversa para que se introduzca en ese mundo? ah, y por cierto si tiene algun documento o libro sobre ingenieria inversa, o que tenga algo interesante relacionado podria compartirlo? gracias!

Gracias a tí por tu apoyo honrándome con tu asistencia.  Yo mismo no me considero un experto en ingeniería reversa, pero puedo hacer cosas útiles con lo siguiente:  Conocimiento lenguaje de ensamblador. ( Como libro te recomiendo el manual de referencia de operationm codes para la arquitectura que te interesa como Intel x86 32bits , x86-64bits o ARM, etc...),  Manejo básico de un debugger. En el mundo UNIX ( Linux, BSD, OSX ) te recomiendo GDB.  En Windows uso OllyDBG con éxito.

Un libro que me ayudo mucho en lo básico fue "Lenguaje Ensamblador de los 80x86, Guia Practica para Programadores" por Jon Beltran de Heredia editora Anaya.  Muy didáctico.

Y sobre todo...  ELIMINA LOS PRECONCEPTOS Y EL MIEDO, No le cojas miedo pues las apariencias asustan. Suerte.

CodecampSDQ 3.0: A great experience for all.

I've had a great time, real great time at the CodecampSDQ 3.0 event. Very friendly speakers were all-around with very helpful staff. Thanks a lot to all guys responsible for such a nice and high cuality event. Thanks to Claudio a lot for making sure everyone had everything covered.

Here are my slides... 

Thanks to all who assisted and the organizers for honoring me with your presence and opportunity...

https://speakerdeck.com/xenomuta/ingenieria-reversa-una-vision-mas-atrevida-a-tu-aplicacion

Xenomuta, me interesa saber de ingeneria reversa, como puedo iniciarme en esta area tan interesante y que pasos o metodos debo seguir para ser considerado bueno en esta considerable area de la seguiridad informatica. gracias anticipadas!

Gracias por tu interés en mi blog.

Ingeniería Reversa es algo muy amplio, lo mejor es desambiguar un poco con clasificaciones:

Ingeniería reversa de software, por ejemplo.

En mi opinión, los buenos ingenieros reversos de software necesitan:

- Amar el lenguaje ensamblador de su arquitectura (  comúnmente x86 / x86_64 ).

- Conocer a fondo el funcionamiento y comportamiento de la memoria.

- Seria bueno saber lenguaje C para tener una perspectiva intermedia entre el bajo nivel y algo menos abstracto. Es excelente para aprender, hacer programas sencillos en C y luego desensamblarlos.

- Ser paciente. Lleva mucho trabajo aveces.

- Tener un norte con su tarea ( mejorar un sistema, burlar una seguridad, demostrar vulnerabilidades, entender un bug, etc... )

Leer todo lo posible sobre documentación especifica los formatos binarios de ejecución y librerías dinámicas.

Utilizar buenas herramientas: desensamblar binarios, debuggers, herramientas de extracción de texto, etc...

Buena suerte.

Feel the power of  WebRTC, Socket.IO, Node.js and OpenCV ( of course ) in this snappy-fast web live face detection.

Working to stabilize this to withstand a lot of connections per node so I can service this API to do all sort of things from controlling website with facial gestures to wall projections, Obama-style face detection and tagging...