ROOTCON 9: Thank You!!!

7.10.15 Posted by ROOTCON

Another epic ROOTCON event has been nailed in history, not just on the ROOTCON history but a history in the Philippine Information Security industry. This year we took extra leap of challenge, we chose another venue for ROOTCON, it was a very hard turn-point for the ROOTCON logistics as we don't know the challenges ahead, but it turned out to be very epic!!!

This years' ROOTCON 9 has been dubbed as the ROOTCON All Star, we have different speakers and con-goers from around the globe. It wouldn't be possible without the RC Goons, Sponsors, Speakers and of course our awesome con-goers. 

Hats down to our ROOTCON Elite Sponsors:

HP Fortify on Demand
Netsuite Security
F5 Networks
Tenable Security
First DataCorp

And to the rest of the sponsors big hugs to you guys.

MISNet Education
PaloAlto Networks
Rapid 7
Pandora Security Labs
Security Matters

and to Smiffnoff Mule for providing us drinks at our epic post-con party.

A quick note: What you get at ROOTCON is what you made ROOTCON for you.

Cheers everyone and see you all next year.

All The Best,
Dark (semprix) Meister

Inside ROOTCON IX: Major Highlights

7.10.15 Posted by Shipcode

Okay so first things first before giving you some highlights about ROOTCON 9, let's try to have a sneak peek on the comments of the attendees about the venue and some cool shots about it.

Thanks guys for sharing the awesome venue - Taal Vista Hotel in Tagaytay.

More than people turned up to listen to talks on a wide variety of subjects. Aside from Filipino participants, there were also geeks from Taiwan, Hong Kong, Australia, Spain, Malaysia, America, India, etc. who attended the event. Cheers to the attendees who flew to the Philippines just to attend ROOTCON.

Here is the official electronic badge of ROOTCON 9...

And some ROOTCON goons just started the Hacker Badge / Hardware Hacking Village. Thanks guys for taking this initiative.
Mini Hardware Hacking and Hacker Badge Village
Here are some cool topics we had for this year:
  • How to Shot Web: Better Web Hacking in 2015 by Jason Haddix 
  • BackDooring Git by John Menerick 
  • Open Source Internet Infrastructure Insecurity by John Menerick 
  • Unmasking Malware by Christopher Elisan 
  • Hacking Time by Carlos Tingson 
  • Hiding Behind ART by Paul Sabanal 
  • Building Automation and Control: Hacking Energy Saving System  by Philippe Z Lin 
  • Detecting Indicators of a Compromise Using an SDN-Based Network Access Control Implementation by Mon Nunez & Paul Prantilla 
  • Incident Response for Targeted attacks by Jose Ramon Palanco 
  • How safe is my system from reverse engineering by Markku Kero 
  • Fixing CSRF Vulnerabilities Effectively by Lu Zhao 
  • Once more unto the data breach by Steve Miller 
  • Oh My Honey: Honeypots (or honeynets) by Ray Torres 
  • Understanding HTTP/2 by Nathan LaFollette 

I would love to see @caseyjohnellis next year then :)
 Aside from the awesome talks, we had some cool hacker games. WiFi Warrior a.k.a wireless cracking was on the go but sad to say no one won that contest.

ROOTCON CTF was the main highlight of all games in ROOTCON wherein a total of 9 teams joined the said contest. The CTF consists a variety of challenges like stega, crypto, forensics, binary analysis, exploitation and reverse engineering. Yes you read me right that there are exploitation levels! There are 4 boxes that you need to pwn or root for you to find the flag. No one was able to find the flags for the 4 boxes but some boxes were pwned though which is a good one.
Team Handshake handed a total pwnage to the other eight teams because they bagged a total of 4,000 times.

Here is a picture of Team Handshake (the champion of the CTF) together with semprix (the founder of ROOTCON) and I (the jetman).
The Team Handshake (a two-man Team) together with semprix (left) and The Jetman (right)
Congratulations to these two badass guys because they hold the most number of wins in ROOTCON CTF.

One of the coolest part of ROOTCON and any hacker conference are the parties. Yes we had a post-con party which was sponsored by Smirnoff Mule so it was more of a drink till you drop. During the said party, the annual ROOTCON Hacker Jeopardy hosted by DevNull took place.
Jason Haddix (@jhaddix), Nathan LaFollette (@httphacker), and John Menerick (@Lord_SQL) of the Speakers Team won this year's Hacker Jeopardy after a tie-breaker with the new team BRT (winner of the first ROOTCON Campus Tour).
The Winners of the Hacker Jeopardy
So yeah, the ultimate trophy is the Black Badge (the black one).
RC9 ended with an awesome post-con party participated by the speakers, goons, sponsors and of course our con-goers, where the infamous Hacker Jeopardy was also held.

ROOTCON would not be possible without the goons, speakers, sponsors and of course our con-goers. Thanks guys for the support and to the whole InfoSec community. You guys rock!

Stay tuned for more highlights of the conference and the pictures in our Facebook Fanpage.

Accenture and Netsuite Security are hiring at ROOTCON 9

10.9.15 Posted by Shipcode


Boost up your InfoSec and IT Security because our Elite sponsors Accenture and Netsuite Security will be hiring on ROOTCON 9. It's time to prepare your resume and your self because it's gonna be a bumpy ride and a battle between fellow hackers to have a great InfoSec Career.

ROOTCON is a neutral event for hackers and it is also one of the places you want to be if you are looking to learn some new things and then start an InfoSec Career because of hiring managers attending such event in order to scout some new blood. 

For private application at Accenture please send your CVs at yvette.b.pagsambugan [at] accenture dot com.

Here is an advice: Just be yourself and prove that you are worth it! Trust me, I landed a career in Information Security because of attending ROOTCON.

ROOTCON Campus Tour Highlights

7.9.15 Posted by Shipcode

"Why can’t we have our own hacker event for the university students too? "

This is one of the questions I asked to semprix (father of ROOTCON) before visualizing the ROOTCON Campus Tour which is an information security seminar and an inter-university Hacker Capture the Flag (CTF) for university students in the Philippines. I suggested it will be fun too.

We also want to give back something to the community because we want the event to be free, we want to promote security awareness, and that we want to introduce the essence of the hacker culture.

And so we pushed the event last September 4, 2015 at De La Salle University in cooperation with DLSU - College of Computer Studies, Mr. Isaac Sabas of Pandora Security Labs, and La Salle Computer Society. The event was also sponsored by Booster C Energy.

Participants came from De La Salle University, Mapua Institute of Technology, Ateneo de Manila University, University of Sto. Tomas, UP Diliman, PUP, etc.
semprix announcing the mechanics for the CTF
Dan Duplito's Hacking 101 Session

The morning session was opened by a warm welcoming remarks from Isaac Sabas followed by Dan Duplito's topic entitled 'Hacking 101'. Dan's topic is a definitive guide for newbies and how to have a fair share of hacking. After the Hacking 101 session, Raymond Nunez talked about 'Øwning Your InfoSec Career' which deals on how to charge your way to an Information Security or IT Security career. The last topic for the seminar was all about 'Bug Hunting 101' by Ray Torres which talks about how to earn cash rewards by reporting vulnerabilities in a company that offers a bug bounty program just like Facebook and Google. 

Overall the goal of the seminar is to provide topics like Information Security 101, Information Security Career 101, and Introduction to Hacking, Exploit Development, Malware Analysis, and Debugging.

The afternoon session highlighted the main event which is the first ever inter-university hacker Capture the Flag (CTF) Challenge in the Philippines. Yes! This is how ROOTCON organizes its own hacker cup and hacker games which is packed with intermediate to advance challenges like reverse engineering, return oriented programming, packet sniffing, packet analysis, debugging, web exploits, and many more to mention.
Looks like guys from UP Diliman are having fun
Cat - one of ROOTCON's CTF Committee for the Campus Tour
Jami (the grand emcee) and shipcod3 overseeing the participants from La Salle
The CTF challenge or game was a very close fight between the teams from PUP and UP! 

Yep! The winner of the first-ever hacker CTF challenge of ROOTCON Campus Tour is TeamBRT from PUP Computer Science Department with a total of 1100 points. Team New Beast from PUP Computer Engineering Department bagged the second place with a total of 1050 points and Eskrima of UP Diliman finished third with 1000 points. 

Congratulations to TeamBRT and for that you guys earned your free pass to ROOTCON 9!!! w00t!!

Your school is proud of you! PSSST! PUP please give these guys some cookies!

Final List of Sponsors for ROOTCON 9

5.9.15 Posted by Shipcode

Elite Sponsors

Netsuite is an American software company based in San Mateo, California, that sells a group of software services used to manage a business's operations and customer relations. Customers access these services over the internet paying a periodic subscription fee. Netsuite | Security provides a host of advanced functionality to secure the application including role-based access, strong encryption, robust password policies and more. NetSuite adds further layers of security such as application-only access and restricting access to only certain IP addresses to provide complete confidence and peace of mind.

Hewlett Packard Fortify on Demand is part of HP Enterprise Security Products in the HP Software business, providing application security products and services for enterprise customers to assess, assure and protect enterprise software and applications from security vulnerabilities. Fortify offerings included Static Application Security Testing and Dynamic Application Security Testing products, as well as products and services to support Software Security Assurance, or repeatable and auditable secure behaviors, over the course of a software application's life cycle.

Kaspersky Lab is an international software security group operating in almost 200 countries and territories worldwide. The company is headquartered in Moscow, Russia, with its holding company registered in the United Kingdom. Kaspersky Lab currently employs over 2,850 qualified specialists. It has 31 representative territory offices in 30 countries and its products and technologies provide service for over 300 million users and over 250,000 corporate clients worldwide. The company is specially focused on large enterprises, and small and medium-sized businesses. Kaspersky Lab offers consumer security products, such as anti-virus, anti-malware and firewall applications, in addition to security systems designed for small business, corporations and large enterprises. Corporate solutions include protection for workstations, file servers, mail servers, payment gateways, banking servers, mobile devices, and internet gateways, managed through a centralized Administration Kit.

F5 Networks is a multinational American company which specializes in Application Delivery Networking (ADN) technology that optimizes the delivery of network-based applications and the security, performance, availability of servers, data storage devices, and other network resources. F5 is headquartered in Seattle, Washington and has development, manufacturing, and sales/marketing offices worldwide. F5 originally manufactured and sold some of the industry's first load balancing products.

Tenable Network Security is a developer of vulnerability detection systems. Tenable Network Security is an American network security company, co-founded by Ron Gula, Jack Huffard, and Renaud Deraison in 2002. Tenable Network Security provides continuous network monitoring to identify vulnerabilities, reduce risk and ensure compliance. Tenable’s key clients include Fortune Global 500 companies across industries as well as the entire U.S. Department of Defense and many of the world’s leading governments.

First Datacorp is an Information Technology service  and solution provider in business since 1985. They aspire to be a leading IT organization engaged in the fields of business solution and consulting, system integration, infrastructure and service management. According to Microsoft Philippines, "shown excellence in delivering expert volume licensing consultancy and services to both Enterprise and Corporate customers helping them experience a smooth licensing acquisition process. FDC boasts of a sales and licensing team that’s experienced, highly trained and dedicated to software license management and support of Microsoft customers."

Accenture is a multinational management consulting, technology services, and outsourcing company. Its incorporated headquarters have been in Dublin, Ireland since September 1, 2009. It is the world's largest consulting firm as measured by revenues and is a Fortune Global 500 company. As of 2014, the company reported net revenues of $31.87 billion[8] with approximately 336,000 employees, serving clients in more than 200 cities in 120 countries. In 2012 Accenture had about 80,000 employees in India, more than in any other country, about 40,000 in the US, and about 35,000 in the Philippines. Accenture's current clients include 89 of the Fortune Global 100 and more than three-quarters of the Fortune Global 500.

Gold Sponsors

Rapid7's IT security solutions deliver visibility and insight that help you make informed decisions, create credible action plans, and monitor progress. They simplify compliance and risk management by uniquely combining contextual threat analysis with fast, comprehensive data collection across your users, assets, services and networks, whether on premise, mobile or cloud-based. Rapid7 has been recognized as one of the fastest growing security companies by Inc. Magazine and as a "Top Place to Work" by the Boston Globe. Rapid7 currently maintains the Metasploit Framework and other security tools.

Pandora Security Labs is formed through the combined expertise of security analysts from leading IT security companies and researchers from the academe world. Their founder firmly believes that the combination of industry experience, education and continuous research is the best formula for providing innovative best quality products and services.

Palo Alto Networks, Inc. is an American network security company based in Santa Clara, California. The company’s core products are advanced firewalls designed to provide network security, visibility and granular control of network activity based on application, user, and content identification. alo Alto Networks next-generation firewalls are helping customers around the world regain visibility and control of the applications, users, and content traversing their networks.

MISNet is a technology solutions consulting company, leading and innovating for over 20 years. They provides technology consulting, implementation, support services as part of an end-to-end project engagement or to supplement existing project teams or IT departments, rapid development services to develop core operational solutions or extend the scope of your ERP with operational support system applications and business support system applications, and end-to-end technical operations services, turnkey project execution, and end-user support services.

Skiddie Sponsors

Citibank Philippines is the Philippines chapter of Citibank established in 1902. It started when when the International Banking Corporation opened its first branch in Manila. Currently, it is one of the largest commercial banks in the Philippines. Citibank has been involved with financial mergers and acquisitions. One of the largest investments in the country is the site building in Bonifacio Global City, Taguig City.

Press Partners

SecurityMatters™ is the first and only security magazine in the Philippines that provides in-depth insights and helpful tips for physical and IT security, fire and life safety, protection professionals and anyone who is interested in understanding how to prevent risky situations, accidents and any form of danger. The magazine covers relevant security issues that impact the practitioners’ professional growth, social networking activities and career development.

The Philippine Daily Inquirer was a daily newspaper founded on 9 December 1985 by publisher Eugenia Apóstol, columnist Max Solivén, together with Betty Go-Belmonte (wife of House Speaker Feliciano "Sonny" Belmonte) during the last days of the regime of the Philippine dictator, Ferdinand Marcos, becoming one of the first private newspapers to be established under the Marcos regime. It is popularly known as the Inquirer, is the most widely read broadsheet newspaper in the Philippines,with a daily circulation of 260,000 copies. It is one of the Philippines' newspapers of record. It is a member of the Asia News Network.

Party Sponsor

RC9 Capture The Flag

28.8.15 Posted by ROOTCON

Do you have the guts to earn the ROOTCON Black Badge? Then this is for you, ROOTCON 9 Capture The Flag pre-registration is now open.

You may now pre-register at  CTF Pre-registration Form

What is Capture The Flag?

The most mind-buggling game at ROOTCON, get ready for the RC9 Capture The Flag.

Our Capture The Flag this year will have two stages:

Stage 1 - Hacker Jigsaw - you will be presented with puzzles coming from different areas for security such as forensics, web app testing, cryptography, network analysis, wireless security and many more.

Stage 2 - Pawnstar - there will be boxes to p4wn each box corresponds to a certain point.

3000 worth of Sodexo + 3 ROOTCON Black Badge
4 ROOTCON Black Badge

On the day registration

During Day 1 registration please approach a registration goon and ask that you will register for the CTF.

What are you waiting for? Get that black badge and bring home your bragging rights.

Alright Let's Party Harder Coz Smirnoff Mule is our Post-Con Party Sponsor!

25.8.15 Posted by Shipcode

Yes! You read me right. Emperador Distillers' Smirnoff Mule will be sponsoring our ROOTCON Post-Con Party. Hurrah!

Aside from the cool talks, games and challenges in ROOTCON that you all look forward to, there will be a post-con party as well. ROOTCON Post-con Party is the best time to socialize with your fellow G33ks and H4x0rs. This is the best part of the CON that you don't want to miss at all.

We ensure you a one stubbornly refreshing party.