technical talks given by women to everybody
Get your free ticket! Join us on Discord!NotPinkCon is an information security conference whose talks are given by women. The event is held annually in Buenos Aires, Argentina. NotPinkCon has a technical focus and admission is free for all who wish to attend.
The main goal of NotPinkCon is to encourage more women to participate as speakers at cybersecurity events. We believe that they all have interesting investigations to share and we want to break down the barriers that prevent them from doing so. For this, we propose a more comforting stage, which works as an intermediate step before taking the leap of appearing in a mixed scenario, which - due to the unfortunate gender inequality - could be somewhat intimidating to begin with.
We also want to have experienced speakers on our stage. Undoubtedly, their experience will not only be of help for the new speakers but also of great inspiration for the audience.
Our second goal is to encourage women to join the fascinating world of infosec! We have found that the fact that the speakers are women, makes other women take even more interest in the conference, which is positively reflected in an audience of high parity between men and women.
In summary, NotPinkCon has the following goals:
CrowdStrike
Deloitte
Red de Energía del Perú
Google Intern
Aqua Security
ESET
ESET
ESET
Naranja X
Athena’s Mexican Force
Consulting Systems
Naranja X
Note: All times are GMT-3
Talks have live translation EN ↔ ES
10 : 00 AM - 10 : 45 AM
For decades, the Windows kernel pool remained the same, using simple structures that were easy to read, parse and search for, but recently this all changed, with a new and complex design that breaks assumptions and exploits, and of course, tools and debugger extensions.
This new design modernizes the kernel pool and makes it significantly more efficient. Additionally, it has significant security implications - both good and bad. Major code changes break a lot of existing code and might make future pool-related exploits more difficult, or in some cases nearly impossible to write. But could this open up a whole new attack surface as well?
By Yarden Shafir - Language: English.
10 : 55 AM - 11 : 20 AM
Did you know that in 2021 alone, the NFT art market grew more than 800% by the end of the April? As NFT artists report several cryptowallet compromises since June, a question surfaces: could this marketplace become a new venue for cryptocurrency attacks?
By Abril Rozwadowsky - Language: English.
11 : 35 AM - 12 : 10 PM
Las Infraestructuras Críticas (IC) deben ser una base sólida cuyos componentes deben funcionar y engranarse perfectamente. Si estos fallaran por una causa accidental o intencional podrían generar un desastre; mitigar el riesgo de estas situaciones es parte de la gestión de la Ciberseguridad en IC.
By Melissa Tatiana Nole Soto - Language: Spanish.
12 : 10 PM - 12 : 35 PM
Many of us have difficulty implementing security into our code! But if you integrate ‘Swag’ into your code, pipeline, and everyday life, you will have a much easier time overall. This talk will explore (in a silly way,) how you can implement these concepts into your code on a daily basis.
By Catherine De Mesa - Language: English.
12 : 35 PM - 13 : 00 PM
Understanding eBPF and how can be used to analyze the container activity in runtime to collected events to detect suspicious behavioral patterns. We will explore this powerful tool with demos. Tracee is a runtime security and forensics tool for Linux. It uses eBPF technology in order to introspect internal kernel behavior with little overheard, collecting different kinds of events to be used in detecting suspicious behavioral patterns.
By Carol Valencia - Language: Spanish.
14 : 15 PM - 15 : 00 PM
Recolectar y procesar información de las fuentes OSINT de forma manual para Threat Intelligence suena aterrador y si, probablemente sea un dolor de cabeza. Para que sea divertido y no morir en el intento, ¿Sabias que la ciencia de datos y CTI pueden ir de la mano a través de la automatización?.
By Sol Gonzalez - Language: Spanish.
15 : 00 PM - 15 : 45 PM
Se mostrará como securizar un S3 de AWS con roles y policies de forma que pueda ser accedido solo por usuarios o recursos que tengan permiso para accederlo. Se irá desde el caso del más simple donde un S3 es público, explicando conceptos y configuración necesaria para que el S3 no quede expuesto.
By Milagros Zea Cárdenas - Language: Spanish.
15 : 45 PM - 16 : 15 PM
Cientos de mitos rodean a la deep -y dark- web, incluso dentro del mundo tech. Sin embargo ¿sabías que es vital para tu privacidad? ¿conoces las comunidades que existen allí? Por esto, y más, vamos a adentrarnos en los qué y cómo de la seccion de la web de la cual se habla tanto como se desconoce.
By Martina Lopez - Language: Spanish.
16 : 30 PM - 17 : 15 PM
Internet Information Services (IIS) is a Microsoft web server software for Windows with an extensible, modular architecture, allowing developers to replace or extend core IIS functionality. This session looks at how the same extensibility is misused by malicious threat actors to intercept or modify network traffic flowing through the IIS servers. We will share the results of our internet-wide scans, which allowed us to identify and notify victims of this malware. Finally, we will provide practical steps that defenders can take to identify and remediate a successful compromise.
By Zuzana Hromcová - Language: English.
17 : 15 PM - 18 : 00 PM
En esta charla se abordarán técnicas y herramientas para el análisis de seguridad de código fuente, tomando como ejemplo repositorios de Github, a los fines de proporcionar mecanismos para el reportar vulnerabilidades de manera responsable mediante plataformas de Bug Bounty. También el objetivo es mostrar cómo los análisis de tipo whitebox pueden complementar a los análisis blackbox.
By Ileana Barrionuevo - Language: Spanish.
Note: All times are GMT-3
09 : 30 AM - 11 : 30 AM
Se presentará un caso práctico de cómo las empresas podrían implementar controles para combatir ataques de ingeniería social en distintos niveles de la organización, basándose en frameworks, metodologías y mejores prácticas del mercado. También de cómo cuidarse desde el hogar, la vía pública, restaurantes o cafés, entre otros
By Andrea Vera y Noelia Multari - Language: Spanish.
12 : 00 PM - 14 : 00 PM
Análisis forense de un caso ficticio sobre una intrusión en un Banco usando la suite forense open source, Autopsy.
By Karina Astudillo - Language: Spanish.
14 : 30 PM - 16 : 30 PM
Revisaremos la arquitectura de artefactos maliciosos para windows, es decir los PE (portables ejecutables). Con un repaso de qué sucede paso a paso en la ingeniería reversa al realizar un análisis estático y luego un análisis dinámico de un ejemplar real de malware.
By Zally Meza - Language: Spanish.
17 : 00 PM - 19 : 00 PM
En este workshop aprenderemos a acondicionar ambientes virtuales que nos permitan realizar investigaciones en fuentes abiertas, mostraremos tips útiles en la creación de cuentas puppet, conoceremos diferentes herramientas y compararemos la eficiencia de algunas de ellas mediante diversos ejercicios, pondremos en práctica el uso de Google Dorks y la búsqueda a partir de imágenes.
By Evelyn Landa - Language: Spanish.
If you've had the opportunity to attend a infosec event, you may have noticed that most (and often all) of the speakers are men. When a woman wants to be a speaker there, she will know that will most likely be the only speaker representing the genre throughout the event, this inevitably attracts attention and criticism that can be difficult to deal with in a first experience.
That is why at NotPinkCon we set out to create a more comforting stage, where women have to share that space only with other women. This intends to be an intermediate step as a first experience and then be encouraged to speak on mixed stages.
It has worked? Yes! In the first edition of NotPinkCon there were women who dared to present their research on stage for the first time, and some of them performed again at other events with mixed settings. Thanks to the fact that our objective is fulfilled, you will see more and more women being speakers at information security events.
Send us an email to info[at]notpinkcon[dot]org