Category Archives: BSides PR

Security B Sides Puerto Rico (#BSidesPR) delayed …

How Security B Sides Puerto Rico (#BSidesPR) came to be.

Recently Hurricane Maria hit Puerto Rico really hard, just a week after Hurricane Irma and I had to cancel Security B Sides Puerto Rico (October 6, 2017) for the time being. This was our fifth year and this had me nostalgic and thinking on how BSidesPR came to be.

The story starts 5 years back (2012) when I was whining and complaining on social media that in Puerto Rico the tech community was nonexistent, and that all events where boring sales/expo type events and a stranger on twitter and now a good friend Juan Sanchez (@goze) basically told me to shut up and do something about it. That comment made me stop and consider that if I wanted something to get done I should not wait for anyone else to do it for me, pretty obvious when you think about it, right.

What I did next was start to get information on how to do a conference because of course, I knew nothing about it. By that time, I used to listen to Pauldotcom Podacast, now Security Weekly Podcast and heard Jack Daniel talk about Security B Sides and loved the idea of sales free conference, centered on community.  There was this guy, Carlos “Dark Operator” Perez (@carlos_perez) that worked in the podcast and he also complained that in PR the all tech events were sales/expo shit.  He is Puerto Rican so I decided to reach out and to my surprise the guy lived 10 minutes from my home. Probably cross paths at the mall and never new better (Carlos is now one of my closest friends). So after I met Carlos and talked about how to make this work I still needed more troops to execute.  I went to a couple of good friends: Jose Arroyo (@talktoanit), Daniel Mattei (my brother from another mother), Angel Colon, and Juan Sanchez to start sizing up the community and plan the event.  In that process I met my right hand and good friend Johana Martinez (@johanaMRPhD) a Doctor in Psychology that was introduce to our group by curiosity of how hackers think and a common friend Jose Arroyo.

But then I had another problem, in Puerto Rico there was no tech community that I knew of. Looked for it and found 2600 group that did not meet anymore, also found DC group that was no more so I had to start from scratch. There were a couple of startup meetups, but does that really count? usually startup meetups are about building a company and making money “fast”, you know the idea that makes you rich.  But, I was pleasantly surprised. There I met couple of true nerds and InfoSec curious guys, so we started doing meetups every other month, and visiting Universities to talk to the Computers Sciences & Information Systems students about InfoSec and started building build the community.

Finally we did our first Security B Sides Puerto Rico on April 2013 only 150 people showed and we had massive losses but we had a blast.  I was super happy and proud of what we accomplished and I still am.

(Security B Sides Puerto Rico  2013 Speakers hanging out.) #LobbyCon

 

 

 

It’s been 5 years of hard work doing InfoSec community work, workshops and meets in schools, universities, government agencies, law enforcement and even church groups. As you may know because of crashing economy in Puerto Rico a lot people that started with us and not in Puerto Rico anymore, so it’s been a war of attrition.  Some times I’ve felt alone, sometimes I’ve been alone, but we’ve hold up, this is not over, we will come back.

… stay tuned, we are looking into a date in December 2017.

Drone Wars: Weaponizing your drone

Drones, UAVs, UASs, whatever you want to call them are getting a lot of attention lately, bad press mostly.  There is a lot of talk of how drones are bad for privacy, used by drug lords, terrorist and some other shit.

Things can get really interesting when you combine your Xcopter with WiFi, Bluetooth, SDR, DevBoards or Digital Video. Did you know it can actually become a remote controlled turret? , Interesting or scary, you decide.

Its a matter of time until legislators start to make stupid laws for stupid people.  I say be creative, innovate, experiment but use common sense and don’t get mad if you get in trouble for doing something stupid.

Recently at Security B Sides Puerto Rico 2015, I presented on weaponizing drones.  Here is my preso …

… and video recording of it.

–jq

WarWalking — Plaza Las Americas

Para los que fueron a #BsidesPR 2014 y participaron de la charla de Carlos Perez y este servidor (mas Carlos que Yo) recordaran que mencioné que se podía identificar los AP y a través de las asociaciones de cliente y AP se podía rastrear a la persona.

Pues hoy estuve jugando con los datos e hice este mapa para demostrar el concepto de identificar los AP’s:

http://codefidelio.org/plaza-map.html

–Update

Esta data la saque a través de sacarle fotos a los AP, y extraer la metadata de las mismas.

Este es el commando que utilize:

–/Update

Seguiré trabajando para hacer algo un poco mas detallado, pero por el momento recuerden que la privacidad esta en peligro de extinción.

JQ

Angry Nerd! …

Angry Nerd!  …

angry_nerdTengo que ventear (rant) como me siento sobre mi experiencia con la comunidad de TI en PR porque si no, exploto.

En agosto del año 2012 un grupo de personas comenzamos una comunidad de seguridad de tecnologias de información (TI) en PR y creamos a Obsidis Consortia, Inc corporación sin fines de lucro para trabajar toda la logística, manejar los fondos, y dar seriedad y legalidad al asunto; así nació el grupo de seguridad Init6 y la conferencia Security BSides Puerto Rico, y todavía nos faltan cosas por hacer como las simulaciones (capture the flag), establecer un Hackerspace en PR y aumentar nuestra aportacion a la comunidad en general.
Continue reading Angry Nerd! …

Attend Security BSides Puerto Rico (April 5-6, 2013) and …

 

Have Access 16 renowned speakers and participate in the discussions about hot topics and here the real side of IT Security (No vendor talks)

Participate in one of 3 workshops (Powershell for Security Professionals, Armitage & Cobalt Strike Pentesting Lab, or Social Engineering Basics and Beyond)

Receive 12 CPE for those who have CEH, CISSP or other security related certification that requires CPEs.

And the chance to win:

One (1) of 10 seats in the Linux for Security Professionals 8hr Workshop

A seat ITIL Foundations Course (exam is not included)

One (1) of 5 seats in a Security + certification course (exam is not included)

Register now!, seats are limited:

http://bsidespr.org/?page_id=356