Program Overview

Times are reflected in Fortaleza, Brazil, UTC-3.

Attendees joining us virtually on October 4 for the plenary sessions will be accessing the stream via Zoom. The Zoom will be hosted by the venue and links will be provided prior to the start of the day. Please check your email for this information.

Simultaneous interpretation will be provided to in-person and virtul participants. Languages to be translated include English, Spanish, and Portuguese.

•  BRTLP:CLEAR

  A Holistic Cybersecurity: SOC-RNP

  André Ricardo Landim (BR), João Coelho Guimarães Neto (RNP, BR)

  The Brazilian NREN (RNP), with their CSIRT (CAIS), establishing a Security Operation Center (SOC) to improve the security level of research, education and innovation institutions involves a set of capabilities and a holistic approach that integrates different cybersecurity technologies, teams, and processes. The SOC-RNP challenges include a distributed environment and multiple layers to monitor, from backbone to services, including cloud and endpoints. The SOC-RNP improves the overall network security level, maximizing the security visibility, providing advanced detection and response, improving the security operations, and strengthening the institutions security culture through security intelligence. The SOC-RNP is holistic by nature, including basic cybersecurity functions and a set of integrated security technologies that help institutions to understand and organize the cyber risks, prioritizing actions related to threats, vulnerabilities, security incidents, governance, and compliance. The presentation aims to show the initial results of the operation of the SOC-RNP, operationally established in May/2023, as well as to show the challenges and the next steps, always seeking excellence in the context of information security and intelligence.

  Andre R. Landim has been working in IT for over 20 years, 18 of them dedicated especially to Information Security. He graduated in computer network administration from IBTA College, networking specialist at UNICAMP and MBA in information security from IBTA College. Andre focuses his work on infrastructure security, vulnerability management, pentesting and malware analysis. He is currently Security Analyst at RNP CSIRT (CAIS/RNP).

  João Coelho Guimarães Neto: João, is an IT professional with more than 15 years of experience in management and cybersecurity. He has a degree in Networks from Estácio University and is currently the technical leader of the SOC-RNP team. João has extensive experience implementing SOC environments and successfully led the SOC implementation at one of the largest federal banks in Brazil.

  October 4, 2023 12:15-12:55

•  BRTLP:GREEN

  Agile Principles in Security Incident Handling

  Rodrigo Silva Sotolani (Tribunal Regional Federal da 3a Região's CSIRT (CLRI-TRF3), BR)

  The objective of this work is to adapt and evaluate a process based on the use of agile principles for security incident handling. The research identified problems in traditional incident response processes in the literature. The existence of a research gap in the application of agile principles in these processes was identified. The methodology used to conduct the study was the Design Science Research Methodology - DSRM, which incorporates principles, practices, and procedures necessary for the design, development, demonstration, and evaluation of the process in question. The information security incident response process was adapted to use agile principles and implemented with a practical experiment with an incident response team (CSIRT) named AIR-Jud. Internal and external evaluations were obtained through semi-structured interviews with information security professionals. As a result, the AIR-Jud process was assessed as relevant and considered to contain improvements over traditional incident response processes. As a practical implication, AIR-Jud can be used by CSIRTs that aim to improve their processes. As theoretical implications, the present work contributes to the literature filling part of the gap on this topic.

  Rodrigo Silva Sotolani, Security Incident Response Process Professional Certificate. Member of Tribunal Regional Federal da 3a Região's CSIRT (CLRI-TRF3). Rodrigo has a Master in Management and Technology in Productive Systems. Full-Stack Web Developer.

  October 4, 2023 14:30-15:00

•  USTLP:CLEAR

  Automation in the Processing of Threat Information Sources Using IntelMQ

  Einar Lanfranco (OAS, US)

  This work is oriented to the presentation of the intelligence feed generation system that we use in the CSIRTAmericas network. This system is based on the free software tool widely used in the Csirts community: IntelMQ. It is a technical presentation, initially the tool and its different components will be presented, then examples of how and why we use it at CSIRTAmericas will be shown, ending with a complete DEMO based on generating a complete IntelMQ botnet, in this case processing the information generated by the CISA project, the Catalog of Known Exploited Vulnerabilities and generating alerts for the Telegram network.

  Einar Lanfranco is Graduated in Computer Science with more than 25 years working in technology, he is a professor at the National University of La Plata in matters related to the field of cybersecurity, having been a founding member of CERTUNLP in 2008. Always an enthusiast of Free Software and Capture the Flag Contests. For the past 3 years, he has been an Officer of the Cyber Security Program at the Inter-American Committee against Terrorism (CICTE) of the Organization of American States (OAS). Among the main objectives is to manage and execute projects aimed at developing technical capacities in cyber incident response teams (CSIRT) in Latin America and the Caribbean. In particular, he is responsible for the generation of intelligence feeds that are shared in the network of governmental CSIRTs of the Americas (CSIRTAmericas Network) to foster regional cooperation and facilitate operational channels for the exchange of cyberthreats and incidents among OAS Member States.

  October 4, 2023 11:30-12:10

•  CO

  Containers Risks, Vulnerabilities, and Security

  Giovanni Cruz ForeroGiovanni Cruz Forero (Be Hacker Pro, CO)

  In this training, we will start talking about risks in Kubernetes, then we will see some tools that will help us understand the infrastructure related to Kubernetes, and then we will see some attack scenarios in a controlled environment to finish with some security controls that will help us to mitigate risks and vulnerable elements in this kind of technology.

  Note: Giovanni's trainings will be provided in Spanish, however, we will provide guidance in English as well, so non-native Spanish speakers will be able to participate in both trainings.

  Giovanni Cruz Forero is a Professional in Cybersecurity with 18 years of experience in the industry, seeking to share knowledge using their expertise and experience. Currently working as the CEO of Be Hacker Pro, where they develop strategies to strengthen human capital and create spaces for talent development in cybersecurity. They are a co-founder of CSIETE and 7 Way Security, and also organize BSides Colombia, HackLab Bogotá, and other areas for collective knowledge building.

  October 5, 2023 09:00-11:00, October 5, 2023 11:30-13:00

•  DOTLP:CLEAR

  Detectar, Responder, Recuperar - Cómo Abordar Incidentes Cibernéticos en Entornos de Docker y Kubernetes

  Oscar Encarnación Liz (DO)

  En esta presentación, exploraremos la respuesta ante incidentes cibernéticos en entornos de Docker o Kubernetes desde la perspectiva de DFIR (Digital Forensics and Incident Response). Nuestro objetivo principal es proporcionar a los asistentes una comprensión clara de cómo abordar y gestionar eficientemente los incidentes de seguridad en estos entornos tan dinámicos y propensos a ataques. Durante la presentación, nos sumergiremos en los desafíos específicos que enfrentamos al tratar con incidentes cibernéticos en Docker y Kubernetes. Exploraremos las últimas amenazas y vulnerabilidades asociadas con estas tecnologías, y discutiremos las mejores prácticas para detectar, responder y recuperarse de manera efectiva. Nuestra metodología se basará en enfoques y herramientas de DFIR adaptadas a los entornos de Docker y Kubernetes. Compartiremos técnicas de recolección y análisis de evidencia digital, así como estrategias para la identificación de ataques, la mitigación de riesgos y la restauración de la integridad del sistema. Al final de la presentación, los participantes estarán equipados con conocimientos prácticos para mejorar la postura de seguridad en sus entornos de Docker o Kubernetes, así como para implementar un enfoque eficaz de respuesta ante incidentes cibernéticos.

  Oscar Encarnación Liz: Entusiasta en inteligencia de amenazas cibernéticas y respuesta ante incidentes con varios años de experiencia en el campo. Cuenta con una ingeniería en ciberseguridad y cuenta con varias certificaciones especializadas en el sector. La experiencia de Oscar en el campo de la inteligencia de amenazas cibernéticas lo llevó a ser contratado por el Centro Nacional de Ciberseguridad de Republica Dominicana, donde actualmente trabaja durante ya varios años como líder de inteligencia de amenazas cibernética. Durante todo este tiempo es responsable de identificar y analizar las amenazas a la seguridad nacional, incluidos los ataques cibernéticos a la infraestructura crítica. El utiliza tecnología y técnicas de vanguardia para identificar y analizar amenazas, brindando a la comunidad atendida inteligencia procesable para ayudarlos a mitigar los riesgos y prevenir ataques cibernéticos.

  October 4, 2023 16:30-17:10

•  MXTLP:CLEAR

  From Data to Defense: Uniting Against Cyber Threats in Latin America

  Arturo Torres (FortiGuard Labs , MX)

  The digital realm has become an integral part of Latin America's socioeconomic growth, enhancing connectivity, and enabling innovation. Nevertheless, this digital revolution has exposed the region to an escalating array of cyber threats, necessitating a collaborative and proactive cybersecurity approach. The cybersecurity industry in Latin America faces unique challenges, including geopolitical influences, socio-economic factors, and the rapidly evolving cybercriminal landscape. I will provide an in-depth analysis of the current trends in cyber threats prevalent in Latin America, supported by real telemetry data and statistics. By examining recent exploitation attempts and attack vectors. I aim to offer a comprehensive understanding of the evolving threat landscape in the region by using The Cyber Kill Chain model and the MITRE ATT&CK framework. Understanding the threat actors and cybercriminal groups targeting Latin America is crucial in developing effective countermeasures. By identifying their motives, tactics, and preferred targets, we can tailor threat intelligence to enhance detection and response capabilities. This research-driven insight holds immense potential for the regional CERT/CSIRT teams to issue targeted cybersecurity alerts and recommendations. As we collectively navigate this perilous cyber terrain, harnessing these data-driven insights will fortify our cybersecurity posture and elevate our ability to safeguard the digital frontiers.

  Arturo Torres is a Principal FortiGuard Security Strategist for FortiGuard Labs, Fortinet’s Cyber Threat Intelligence organization. From his role for Latin America and the Caribbean, he has done research on the threat landscape for LATAM and produced regional quarterly threat reports that had nationwide reach and recognition, being cited on major security and information technology websites as well as traditional media. Also, he leads the FortiGuard Threat Intelligence sharing program for LATAM. He has several cybersecurity certifications such as: CISSP, ITIL, Cyber Threat Intelligence Analyst, ECSA, Ethical Hacker and Network Defender Professional, MITRE ATT&CK, etc. Arturo also is a leading Academic teacher and researcher. He designed and manages an Information Security Master’s Degree Program at one of the most important universities in Mexico (Universidad Autonoma de Nuevo Leon). In addition, he has a master’s degree in Administration, Business and Industrial Relations, and PhD in Engineering and Information Technology at the same university. He has published in technology forums and given conferences for the educational sector, the business sector and security industry events such as OWASP LATAM, DEF CON Porto Alegre, EkoParty, DragonJAR, BSIDES and European Alliance for Innovation (EAI).

  October 4, 2023 15:30-16:00

•  MXTLP:RED

  Grupos Cibercriminales Síntomas y Metodologías de Ataque.

  Jorge VarelaJorge Varela (Truxgo, MX)

  Durante el año 2022 y 2023 los ataques cibernéticos han aumentado considerablemente, desde ataques enfocados a gobiernos, corporativos, empresas y a usuarios finales. Se presentarán los diversos grupos cibercriminales que están presentes en México, así como organizaciones extranjeras que que se enfocaron a usuarios finales. En cada uno de los casos se presentarán las vías, vulnerabilidades, herramientas utilizadas así como diversas técnicas metodológicas que fueron utilizadas para ser tener éxito durante su ataque. En esta plática tocaremos a detalle la importancia de identificar los síntomas para que de manera preventiva y con ciberinteligencia se pueda prevenir una afectación en infraestructuras críticas y personales.

  Jorge Varela: Desarrollador empresario mexicano, socio fundador y CEO de Truxgo con más de 10 años de experiencia en programación. Implementó la mayor parte de las bases estructurales de Truxgo para su funcionamiento y creó el proyecto de ciberseguridad CERT TRUXGO desde su formación hasta obtener el nombramiento ante Carnegie Mellon University. Actualmente dirige Truxgo en las relaciones de negocios, estableciendo y formando un Internet Exchange Point (IXP), búsqueda y desarrollo de peering, políticas de ruteo, implementación a MANRS, soluciones avanzadas de IPv4-IPv6, así como la creación de nuevas tecnologías y soluciones de ciberseguridad.

  October 4, 2023 17:10-17:50

•  UYTLP:GREEN

  LACNIC CSIRT HoneyNet

  Graciela Martínez (CSIRT LACNIC, UY), Guillermo Pereyra (CSIRT LACNIC, UY)

  We will give an up-to-date overview of LACNIC CSIRT HoneyNet´s distribution. During the talk we will also address the importance of hardening the honeypots and how to do it. Additionally, we will explain why and how we collaborate with our members to improve their security by sending security reports based on this information.

  Graciela Martínez is the Head of LACNIC’s CSIRT (Computer Security Incident Response Team). LACNIC CSIRT provides the requisite services to reinforce computer security incident response capabilities where incidents may involve Internet addresses, Autonomous System Numbers and Reverse Resolution within Latin American and Caribbean region. Graciela has over 25 years of experience in IT, of which she has dedicated more than 15 years to information security and outreach activities within the LAC CSIRT community as well as with other international information security communities. LinkedIn profile: https://www.linkedin.com/in/graciela-martinez-giordano/ Twitter: @Grace_GMMG

  Guillermo Pereyra is the Security Analyst of LACNIC’s CSIRT, whose mission is to carry out the necessary coordination functions to strengthen incident response capabilities related to Internet resources in Latin America and the Caribbean. Guillermo holds the CERT Incident Response Process Professional certification from the Software Engineering Institute (SEI) at Carnegie Mellon University. Guillermo has over 15 years of experience in IT. He formerly worked for six years, as an incident responder at Uruguay's national ISP CSIRT.

  October 4, 2023 14:00-14:30

•  DOTLP:GREEN

  Protecting Confidentiality: Strategies to Manage Data Breaches and Recover Successfully

  Saira Isaac (Cybersecurity Blue & Red Team (CBRT), DO)

  Protegiendo la Confidencialidad: Estrategias para gestionar violaciones de datos y recuperarse con éxito.

  In this talk, we will address the importance of optimizing incident management after data breaches, with a focus on safeguarding the confidentiality of information. We will explore the strategic implications of these incidents and how they can affect an organization's reputation and trust. We will discuss the different stages of the incident management process, from early detection to proper notification to affected parties and relevant authorities. Best practices will be presented for a quick and effective response, minimizing the impact and reducing the risk of damage. In addition, the recovery measures necessary to restore the security and integrity of the affected data will be explored. Strategies for system restoration, damage assessment, and implementation of additional controls to prevent future breaches will be discussed. Throughout the talk, real examples of incidents and how different organizations have faced these challenges will be shared. The goal is to provide attendees with a clear understanding of how to address data security incidents in a proactive and prepared manner, thus ensuring the protection of sensitive information and business reputation.

  Saira Isaac Hernandez: Information and Communication Technology Engineer, Master in Cybersecurity with more than 12 years of experience in the security area, has worked on projects for the implementation of security standards and the design of controls to ensure critical business processes, definition of security strategies, growth to the implementation of Incident Response Teams, Creation of SOC, as well as experience in auditing systems, Response to Cyber Incidents, Information Security Risk Management currently Cybersecurity Manager at Cybersecurity Blue & Red Team (CBRT). She has the certifications: ISO 31000 Risk Manager, ISO / IEC 27001 Provisional Auditor, ISO 22301 Provisional Implementer, ISO / IEC 27005 Risk Manager, ISO / IEC 27035 Lead Incident Manager, ISO / IEC 27032 Lead Cybersecurity Manager.

  October 4, 2023 10:25-10:55

•  CO

  Ransomware Simulation

  Giovanni Cruz ForeroGiovanni Cruz Forero (Be Hacker Pro, CO)

  In this simulation, each team will be the administrator of a web infrastructure and will be attacked by a ransomware thread, the idea will be to do a crowd incident response between the participants of the session and understand the impact and challenges of this kind of scenario.

  Note: Giovanni's trainings will be provided in Spanish, however, we will provide guidance in English as well, so non-native Spanish speakers will be able to participate in both trainings.

  Giovanni Cruz Forero is a Professional in Cybersecurity with 18 years of experience in the industry, seeking to share knowledge using their expertise and experience. Currently working as the CEO of Be Hacker Pro, where they develop strategies to strengthen human capital and create spaces for talent development in cybersecurity. They are a co-founder of CSIETE and 7 Way Security, and also organize BSides Colombia, HackLab Bogotá, and other areas for collective knowledge building.

  October 5, 2023 14:00-16:00, October 5, 2023 16:30-18:00

•  PETLP:GREEN

  Ransomware That Has Affected Companies in the LATAM Region, Infection Vectors, MITRE ATT&CK and Protection Techniques

  César FarroCésar Farro (Telefónica Perú, PE)

  This conference will talk about RaaS Ransomware operators that are affecting the LATAM region, real-world case studies, explanation of the techniques that attackers frequently use when entering the company network, infection vectors and vulnerabilities. A quick overview that MITRE ATT&CK has on Ransomware operations. Techniques used by BlackCat, Zeppeling and Vice Society, some findings from Peru, Colombia and Mexico traffic analysis malicious insiders in a ransomware case-study and final recommendations

  César Farro: Electronic Engineer, he has more than 22 years of experience at Telefónica as a Security Architect where he has developed projects in Peru and Brazil for Banks, Mining Companies, Government, Business Groups and SMEs. He has studied Electronic Engineering at the Universidad Privada del Norte, a Master's Degree in Cybersecurity at the UCAM Universidad Catholica de Murcia España and a Master's Degree in Marketing from the Universidad del Pacífico del Perú, he has certifications: SANS GIAC Firewall Analyst, SANS GIAC Network Auditor, ISO 27001 Lead Auditor, ISS/IBM Security Analyst, Fortinet Network Security Expert.

  October 4, 2023 15:00-15:30

•  BRTLP:AMBER

  Steps Towards SIM3 and CIS Control #17 Compliance – The Experience of Banco do Nordeste’s CSIRT

  Francisco Jose Barreto Nunes (BNB, BR)

  Banco do Nordeste do Brasil (BNB) shares the experience in improving the processes of its CSIRT, known as GRIS-I.BNB, by presenting the actions performed to update and be compliant with the new version (V2 interim) of the SIM3 maturity model, maintaining the profile achieved, "ENISA/GCMF Intermediate", as well as the initiative to institutionalize CIS Critical Security Controls, from the Center for Internet Security (CIS), with emphasis on CIS Control #17 (Incident Response and Management) and how it aligns with SIM3 V2 interim. Within the time reserved for the presentation, not only the relevant results of the first steps to institutionalize the SIM3 maturity model will be presented, but also the initiative to institutionalize the CIS Critical Security Control, focusing on CIS Control #17 and how the practices of the SIM3 are mapped with the mentioned CIS control, making a CSIRT adherent to both.

  Francisco Jose Barreto Nunes holds a Bachelor's degree in Computer Science from the State University of Ceará (2001) and a Master's degree in Applied Informatics from the University of Fortaleza (2007). He has also received the title of specialist in Information and Communication Security Management from the University of Brasília (2014). He acts as a security and risk consultant for Banco do Nordeste do Brasil (BNB), being one of the coordinators of its computer security incident response team (GRIS-I.BNB). He has experience in the area of information security, with emphasis on business continuity and secure software development lifecycle.

  October 4, 2023 09:05-09:45

•  BRTLP:CLEAR

  User Awareness Importance in Security Incidents

  André Ricardo Landim (BR), Jessica Araujo Silva Zanatta (BR)

  CAIS, the Security Incident Response Center of RNP (the Brazilian NREN), has acted in a recent social engineering case involving a financial institution. During the incident response process there were technical, operational and administrative aspects considered and that could be improved on a technical staff and final users’ perspective. The incident showed smishing techniques, fake support websites and direct phone contact with the victims. The presentation main goal is to present the incident analysis steps, as well as the technical and administrative learned lessons that raised the needs for user and IT teams awareness by the CSIRTs.

  Andre R. Landim has been working in IT for over 20 years, 18 of them dedicated especially to Information Security. He graduated in computer network administration from IBTA College, networking specialist at UNICAMP and MBA in information security from IBTA College. Andre focuses his work on infrastructure security, vulnerability management, pentesting and malware analysis. He is currently Security Analyst at RNP CSIRT (CAIS/RNP).

  Jessica Araujo Silva Zanatta is Graduated in Cybersecurity from Faculdade de Tecnologia de Americana Ministro Ralph Biasi (FATEC). She works at CAIS/RNP as an Information Security Analyst since 2022.

  October 4, 2023 09:45-10:25

• FIRST Regional Symposium Latin America & Caribbean
  • Program Agenda
  • Program Committee
  • Registration
  • Location & Hotel
  • LACNIC 40
  • Event Sponsors