Rootcon 7 – Topics and Speakers




TRACKS:

CyberCrime Act of 2012: Issues and Concerns 
by: Atty. Al Vitangcol III, C|HFI, C|EI
The revolution in information technologies has changed society fundamentally. It has given rise to unprecedented economic and social changes. With it comes the emergence of new types of crimes. 

These new types of crimes, based on new technologies, challenge existing legal concepts. The Convention on Cybercrime of the Council of Europe, known as the Budapest Convention, is the only binding international instrument on the issue of cybercrimes. Its main objective is to pursue a common criminal policy aimed at the protection of society against cybercrime, especially by adopting appropriate legislation and fostering international cooperation. It is a guideline for any country developing comprehensive national legislation against Cybercrime. 

Republic Act No. 10175, known as the "Cybercrime Prevention Act of 2012", was signed into law by the President on September 12, 2012. It took effect on October 3, 2012.

The presentation will focus on the provisions of the law and its compliance vis-a-vis the requirements of the Budapest Convention. It will discuss the various offenses punishable under the law. More so, the presentation will likewise touch on the aftermath of the enactment of the law, including various pros and cons on its implementation. Finally, the law's current status shall be presented and suggestions on the way forward shall be made. 

Love letters to Frank Abagnale (How do I pwn thee let me count the ways) 
by: Jayson E. Street
In previous talks I have shown how I have used emails to gain entry into places I should not have been. In this talk I give an in depth explanation on how I use emails not just for phishing but to gather intel & make a way in. I will go over the steps to recon your target. To find important information to make sure the email is not just believed but acted on in the way you desire. I will also show you how to create a convincing get out of jail free card. That will aid in avoiding being detained but will also get employees to aid you in your attack. 

Ouroboros 
by: Chris Boyd & by: Jovi Umawing
Preemptive strikes against attackers. Mobile Malware on the rise. Government spyware. Printer shenanigans. Cybersecurity lobbying. It sounds like a round-up of the top news stories of the last couple of months - in reality, it's a sample of news stories from 2005 to 2008, when Antispyware companies and security forums clashed over legal battles, death threats, pr spin, Botnet monetisation and more at the height of the old Adware industry's power and ambition. 

Was so much time spent firefighting the Adware industry that many of our current security concerns were allowed to develop and grow largely unaddressed? What factors could have encouraged this security groundhog day? Why did the Adware industry's passing encourage a form of "security fatigue" on Infosec blogs? Why did so many security researchers burn out? What might have happened if the old guard of Adware vendors hadn't gone bust or been sued into oblivion? What legacy have the ghosts of those long dead and acquired technologies left behind? 

ROOTCON 101 
by: semprix (The Fork Meister)
ROOTCON 101 will guide you how to survive at ROOTCON for the next two days of the conference. We will be discussing a little history of ROOTCON and how the community can be involved in such an awesome environment. 

Social Network Analysis as Internet Security Tool 
by: Wilson Chua
Security devices (firewalls, IDS, IPS) produces a huge amount of data by posting each security incident/event into a Syslog database. This (big) data enables the system administrators to identify the source of the largest attacks, and the most frequently victimized/targeted server. 

However, due to massive number of records generated by Syslogs, a quicker and more timely analysis is needed. Social Network analysis is presented here as an optimal way to quickly analyze and create actionable insights from this huge amount of data - by converting (big) data into graphics format. 

Stealth by Legitimacy 
by: Jeffrey Bernardino
Nowadays, its commonplace for cybercriminals to create complicated malware. But as part and parcel of any trade, cybercriminals update themselves by continuously uncovering new techniques to improve malware stealth. Misuse of legitimate services is one of probably hundreds of ways to cover cybercrime tracks. Trend Micro has discovered this with BKDR_VERNOT malware. In this presentation, Trend Micro discusses malicious routines of a particular BKDR_VERNOT malware. We also dive deep into the advantages and disadvantages of using legitimate services by malware - how BKDR_VERNOT used legitimate Evernote C&C, and how this technique will influence future attacks.

MEET THE SPEAKERS:

Atty. Al Vitangcol III, C|HFI, C|EI
Atty. Al. S. Vitangcol III is a practicing lawyer, a registered engineer, a contracts review expert, an academic scholar, an Information Technology (IT) specialist, and an automated elections guru. 

He finished his undergraduate degree at the University of the Philippines in Diliman, Quezon City and his Master of Science in Computer Science degree at the De La Salle University. He is the only lawyer in the Philippines with a formal education in IT and a solid IT working experience behind him. Currently, he is the Philippines' first (and only lawyer) EC-Council certified Computer Hacking Forensic Investigator (CHFI). He was nominated to the 2007 Ramon Ozaeta Most Outstanding Lawyer Award, which is annually sponsored by the Philippine Bar Association (PBA).

He is the author of three books: 1) Computers for Lawyers, 2) technoLAWgy:A Lawyer's Guide to Information Technology in the Practice of Law, and 3) Legal Research in Practice. 

He is currently the managing lawyer of AVALaw. He is a former law professor at the Lyceum of the Philippines - College of Law and a former lecturer at the Ateneo de Manila University – Graduate School of Business. He is a member of various local organizations and the Australian-based International Employment Relations Association (IERA). 

Atty. Vitangcol is a sought after speaker at Mandatory Continuing Legal Education (MCLE) seminars and other training fora. He lectures on such diverse subjects as Law and Technology, Electronic Legal Research, E-Commerce, Automated Elections, Computer Forensics, and IT Security. 

Christopher "@paperghost" Boyd
Christopher Boyd is a Senior Threat Researcher for ThreatTrack Security, former Director of Research for FaceTime Security Labs and a multiple recipient of the Microsoft MVP award for Consumer Security. He has given talks across the globe including RootCon, RSA, InfoSec Europe and SecTor, and has been thanked by Google for his contributions to responsible disclosure. 

Jayson E. Street
Jayson E. Street is an author of "Dissecting the hack: The F0rb1dd3n Network" from Syngress. Also creator of http://dissectingthehack.com 

He has also spoken at DEFCON, BRUCON, UCON and at several other 'CONs and colleges on a variety of Information Security subjects. 

His life story can be found on Google under "Jayson E. Street" 

*He is a highly carbonated speaker who has partaken of Pizza from Beijing to Brazil. He does not expect anybody to still be reading this far but if they are please note he was chosen as one of Time's persons of the year for 2006. ;) 

Jeffrey Bernardino
Jeffrey Bernardino is a member TrendLabs Threat Research Team. A Computer Science graduate, Jeff has been with Trend Micro for eight years. He started as an antivirus engineer, with focus on creating signature for malware, analyzing its behavior and providing clean up. Currently, he heads the Analysis Team, which is responsible for posting relevant malware and other threat information in the Trend Micro Threat Encyclopedia. 

Jovi Umawing
Jovi Umawing is Communications and Research Analyst at ThreatTrack Security. With 10 years in the antivirus industry under her belt, this accomplished threat researcher helps educate enterprises and consumers alike about the latest online threats. She has written for online security publications, is an advocate for online child safety and is a regular contributor to the ThreatTrack Security Labs Blog. 

semprix (The Fork Meister)
Dax Labrador a.k.a semprix is the founder and director of the international hacker conference in the Philippines which is ROOTCON. He is currently working for HP Enterprise Security as Security Consultant. 

Wilson Chua
a Microsoft MVP (Hall of Famer) in the Philppines for windows media. I believe strongly in collaboration and that is why i joined linkedin. 

Specialties: PMP certified Project Manager, ITIL, MCSE+I, MCDBA, Cisco CCNA, CCDA, Wireless LAN Engineer, Ethical Hacker, Security+, BPO, Contact Center, Microsoft MVP, WebCEO, Google Adword Individual 

Register here.