Pages

Wednesday, October 07, 2015

ROOTCON 9: Thank You!!!

Another epic ROOTCON event has been nailed in history, not just on the ROOTCON history but a history in the Philippine Information Security industry. This year we took extra leap of challenge, we chose another venue for ROOTCON, it was a very hard turn-point for the ROOTCON logistics as we don't know the challenges ahead, but it turned out to be very epic!!!

This years' ROOTCON 9 has been dubbed as the ROOTCON All Star, we have different speakers and con-goers from around the globe. It wouldn't be possible without the RC Goons, Sponsors, Speakers and of course our awesome con-goers. 



Hats down to our ROOTCON Elite Sponsors:

Kaspersky Lab
HP Fortify on Demand
Netsuite Security
F5 Networks
Tenable Security
First DataCorp
Accenture

And to the rest of the sponsors big hugs to you guys.

MISNet Education
PaloAlto Networks
Rapid 7
Pandora Security Labs
Citi
Security Matters
Inquirer

and to Smiffnoff Mule for providing us drinks at our epic post-con party.


A quick note: What you get at ROOTCON is what you made ROOTCON for you.

Cheers everyone and see you all next year.

All The Best,
Dark (semprix) Meister




Inside ROOTCON IX: Major Highlights

Okay so first things first before giving you some highlights about ROOTCON 9, let's try to have a sneak peek on the comments of the attendees about the venue and some cool shots about it.

Thanks guys for sharing the awesome venue - Taal Vista Hotel in Tagaytay.

More than people turned up to listen to talks on a wide variety of subjects. Aside from Filipino participants, there were also geeks from Taiwan, Hong Kong, Australia, Spain, Malaysia, America, India, etc. who attended the event. Cheers to the attendees who flew to the Philippines just to attend ROOTCON.




Here is the official electronic badge of ROOTCON 9...

And some ROOTCON goons just started the Hacker Badge / Hardware Hacking Village. Thanks guys for taking this initiative.
Mini Hardware Hacking and Hacker Badge Village
Here are some cool topics we had for this year:
  • How to Shot Web: Better Web Hacking in 2015 by Jason Haddix 
  • BackDooring Git by John Menerick 
  • Open Source Internet Infrastructure Insecurity by John Menerick 
  • Unmasking Malware by Christopher Elisan 
  • Hacking Time by Carlos Tingson 
  • Hiding Behind ART by Paul Sabanal 
  • Building Automation and Control: Hacking Energy Saving System  by Philippe Z Lin 
  • Detecting Indicators of a Compromise Using an SDN-Based Network Access Control Implementation by Mon Nunez & Paul Prantilla 
  • Incident Response for Targeted attacks by Jose Ramon Palanco 
  • How safe is my system from reverse engineering by Markku Kero 
  • Fixing CSRF Vulnerabilities Effectively by Lu Zhao 
  • Once more unto the data breach by Steve Miller 
  • Oh My Honey: Honeypots (or honeynets) by Ray Torres 
  • Understanding HTTP/2 by Nathan LaFollette 

I would love to see @caseyjohnellis next year then :)
 Aside from the awesome talks, we had some cool hacker games. WiFi Warrior a.k.a wireless cracking was on the go but sad to say no one won that contest.


ROOTCON CTF was the main highlight of all games in ROOTCON wherein a total of 9 teams joined the said contest. The CTF consists a variety of challenges like stega, crypto, forensics, binary analysis, exploitation and reverse engineering. Yes you read me right that there are exploitation levels! There are 4 boxes that you need to pwn or root for you to find the flag. No one was able to find the flags for the 4 boxes but some boxes were pwned though which is a good one.
Team Handshake handed a total pwnage to the other eight teams because they bagged a total of 4,000 times.


Here is a picture of Team Handshake (the champion of the CTF) together with semprix (the founder of ROOTCON) and I (the jetman).
The Team Handshake (a two-man Team) together with semprix (left) and The Jetman (right)
Congratulations to these two badass guys because they hold the most number of wins in ROOTCON CTF.

One of the coolest part of ROOTCON and any hacker conference are the parties. Yes we had a post-con party which was sponsored by Smirnoff Mule so it was more of a drink till you drop. During the said party, the annual ROOTCON Hacker Jeopardy hosted by DevNull took place.
Jason Haddix (@jhaddix), Nathan LaFollette (@httphacker), and John Menerick (@Lord_SQL) of the Speakers Team won this year's Hacker Jeopardy after a tie-breaker with the new team BRT (winner of the first ROOTCON Campus Tour).
The Winners of the Hacker Jeopardy
So yeah, the ultimate trophy is the Black Badge (the black one).
RC9 ended with an awesome post-con party participated by the speakers, goons, sponsors and of course our con-goers, where the infamous Hacker Jeopardy was also held.



ROOTCON would not be possible without the goons, speakers, sponsors and of course our con-goers. Thanks guys for the support and to the whole InfoSec community. You guys rock!

Stay tuned for more highlights of the conference and the pictures in our Facebook Fanpage.

Thursday, September 10, 2015

Accenture and Netsuite Security are hiring at ROOTCON 9

        

Boost up your InfoSec and IT Security because our Elite sponsors Accenture and Netsuite Security will be hiring on ROOTCON 9. It's time to prepare your resume and your self because it's gonna be a bumpy ride and a battle between fellow hackers to have a great InfoSec Career.

ROOTCON is a neutral event for hackers and it is also one of the places you want to be if you are looking to learn some new things and then start an InfoSec Career because of hiring managers attending such event in order to scout some new blood. 

For private application at Accenture please send your CVs at yvette.b.pagsambugan [at] accenture dot com.

Here is an advice: Just be yourself and prove that you are worth it! Trust me, I landed a career in Information Security because of attending ROOTCON.

Monday, September 07, 2015

ROOTCON Campus Tour Highlights


"Why can’t we have our own hacker event for the university students too? "

This is one of the questions I asked to semprix (father of ROOTCON) before visualizing the ROOTCON Campus Tour which is an information security seminar and an inter-university Hacker Capture the Flag (CTF) for university students in the Philippines. I suggested it will be fun too.

We also want to give back something to the community because we want the event to be free, we want to promote security awareness, and that we want to introduce the essence of the hacker culture.

And so we pushed the event last September 4, 2015 at De La Salle University in cooperation with DLSU - College of Computer Studies, Mr. Isaac Sabas of Pandora Security Labs, and La Salle Computer Society. The event was also sponsored by Booster C Energy.

Participants came from De La Salle University, Mapua Institute of Technology, Ateneo de Manila University, University of Sto. Tomas, UP Diliman, PUP, etc.
semprix announcing the mechanics for the CTF
Dan Duplito's Hacking 101 Session

The morning session was opened by a warm welcoming remarks from Isaac Sabas followed by Dan Duplito's topic entitled 'Hacking 101'. Dan's topic is a definitive guide for newbies and how to have a fair share of hacking. After the Hacking 101 session, Raymond Nunez talked about 'Øwning Your InfoSec Career' which deals on how to charge your way to an Information Security or IT Security career. The last topic for the seminar was all about 'Bug Hunting 101' by Ray Torres which talks about how to earn cash rewards by reporting vulnerabilities in a company that offers a bug bounty program just like Facebook and Google. 

Overall the goal of the seminar is to provide topics like Information Security 101, Information Security Career 101, and Introduction to Hacking, Exploit Development, Malware Analysis, and Debugging.

The afternoon session highlighted the main event which is the first ever inter-university hacker Capture the Flag (CTF) Challenge in the Philippines. Yes! This is how ROOTCON organizes its own hacker cup and hacker games which is packed with intermediate to advance challenges like reverse engineering, return oriented programming, packet sniffing, packet analysis, debugging, web exploits, and many more to mention.
Looks like guys from UP Diliman are having fun
Cat - one of ROOTCON's CTF Committee for the Campus Tour
Jami (the grand emcee) and shipcod3 overseeing the participants from La Salle
The CTF challenge or game was a very close fight between the teams from PUP and UP! 


Yep! The winner of the first-ever hacker CTF challenge of ROOTCON Campus Tour is TeamBRT from PUP Computer Science Department with a total of 1100 points. Team New Beast from PUP Computer Engineering Department bagged the second place with a total of 1050 points and Eskrima of UP Diliman finished third with 1000 points. 

Congratulations to TeamBRT and for that you guys earned your free pass to ROOTCON 9!!! w00t!!

Your school is proud of you! PSSST! PUP please give these guys some cookies!

Saturday, September 05, 2015

Final List of Sponsors for ROOTCON 9

Elite Sponsors

Netsuite is an American software company based in San Mateo, California, that sells a group of software services used to manage a business's operations and customer relations. Customers access these services over the internet paying a periodic subscription fee. Netsuite | Security provides a host of advanced functionality to secure the application including role-based access, strong encryption, robust password policies and more. NetSuite adds further layers of security such as application-only access and restricting access to only certain IP addresses to provide complete confidence and peace of mind.





Hewlett Packard Fortify on Demand is part of HP Enterprise Security Products in the HP Software business, providing application security products and services for enterprise customers to assess, assure and protect enterprise software and applications from security vulnerabilities. Fortify offerings included Static Application Security Testing and Dynamic Application Security Testing products, as well as products and services to support Software Security Assurance, or repeatable and auditable secure behaviors, over the course of a software application's life cycle.



Kaspersky Lab is an international software security group operating in almost 200 countries and territories worldwide. The company is headquartered in Moscow, Russia, with its holding company registered in the United Kingdom. Kaspersky Lab currently employs over 2,850 qualified specialists. It has 31 representative territory offices in 30 countries and its products and technologies provide service for over 300 million users and over 250,000 corporate clients worldwide. The company is specially focused on large enterprises, and small and medium-sized businesses. Kaspersky Lab offers consumer security products, such as anti-virus, anti-malware and firewall applications, in addition to security systems designed for small business, corporations and large enterprises. Corporate solutions include protection for workstations, file servers, mail servers, payment gateways, banking servers, mobile devices, and internet gateways, managed through a centralized Administration Kit.


F5 Networks is a multinational American company which specializes in Application Delivery Networking (ADN) technology that optimizes the delivery of network-based applications and the security, performance, availability of servers, data storage devices, and other network resources. F5 is headquartered in Seattle, Washington and has development, manufacturing, and sales/marketing offices worldwide. F5 originally manufactured and sold some of the industry's first load balancing products.


Tenable Network Security is a developer of vulnerability detection systems. Tenable Network Security is an American network security company, co-founded by Ron Gula, Jack Huffard, and Renaud Deraison in 2002. Tenable Network Security provides continuous network monitoring to identify vulnerabilities, reduce risk and ensure compliance. Tenable’s key clients include Fortune Global 500 companies across industries as well as the entire U.S. Department of Defense and many of the world’s leading governments.


First Datacorp is an Information Technology service  and solution provider in business since 1985. They aspire to be a leading IT organization engaged in the fields of business solution and consulting, system integration, infrastructure and service management. According to Microsoft Philippines, "shown excellence in delivering expert volume licensing consultancy and services to both Enterprise and Corporate customers helping them experience a smooth licensing acquisition process. FDC boasts of a sales and licensing team that’s experienced, highly trained and dedicated to software license management and support of Microsoft customers."


Accenture is a multinational management consulting, technology services, and outsourcing company. Its incorporated headquarters have been in Dublin, Ireland since September 1, 2009. It is the world's largest consulting firm as measured by revenues and is a Fortune Global 500 company. As of 2014, the company reported net revenues of $31.87 billion[8] with approximately 336,000 employees, serving clients in more than 200 cities in 120 countries. In 2012 Accenture had about 80,000 employees in India, more than in any other country, about 40,000 in the US, and about 35,000 in the Philippines. Accenture's current clients include 89 of the Fortune Global 100 and more than three-quarters of the Fortune Global 500.

Gold Sponsors



Rapid7's IT security solutions deliver visibility and insight that help you make informed decisions, create credible action plans, and monitor progress. They simplify compliance and risk management by uniquely combining contextual threat analysis with fast, comprehensive data collection across your users, assets, services and networks, whether on premise, mobile or cloud-based. Rapid7 has been recognized as one of the fastest growing security companies by Inc. Magazine and as a "Top Place to Work" by the Boston Globe. Rapid7 currently maintains the Metasploit Framework and other security tools.

Pandora Security Labs is formed through the combined expertise of security analysts from leading IT security companies and researchers from the academe world. Their founder firmly believes that the combination of industry experience, education and continuous research is the best formula for providing innovative best quality products and services.

Palo Alto Networks, Inc. is an American network security company based in Santa Clara, California. The company’s core products are advanced firewalls designed to provide network security, visibility and granular control of network activity based on application, user, and content identification. alo Alto Networks next-generation firewalls are helping customers around the world regain visibility and control of the applications, users, and content traversing their networks.


MISNet is a technology solutions consulting company, leading and innovating for over 20 years. They provides technology consulting, implementation, support services as part of an end-to-end project engagement or to supplement existing project teams or IT departments, rapid development services to develop core operational solutions or extend the scope of your ERP with operational support system applications and business support system applications, and end-to-end technical operations services, turnkey project execution, and end-user support services.


Skiddie Sponsors




Citibank Philippines is the Philippines chapter of Citibank established in 1902. It started when when the International Banking Corporation opened its first branch in Manila. Currently, it is one of the largest commercial banks in the Philippines. Citibank has been involved with financial mergers and acquisitions. One of the largest investments in the country is the site building in Bonifacio Global City, Taguig City.

Press Partners




SecurityMatters™ is the first and only security magazine in the Philippines that provides in-depth insights and helpful tips for physical and IT security, fire and life safety, protection professionals and anyone who is interested in understanding how to prevent risky situations, accidents and any form of danger. The magazine covers relevant security issues that impact the practitioners’ professional growth, social networking activities and career development.



The Philippine Daily Inquirer was a daily newspaper founded on 9 December 1985 by publisher Eugenia Apóstol, columnist Max Solivén, together with Betty Go-Belmonte (wife of House Speaker Feliciano "Sonny" Belmonte) during the last days of the regime of the Philippine dictator, Ferdinand Marcos, becoming one of the first private newspapers to be established under the Marcos regime. It is popularly known as the Inquirer, is the most widely read broadsheet newspaper in the Philippines,with a daily circulation of 260,000 copies. It is one of the Philippines' newspapers of record. It is a member of the Asia News Network.

Party Sponsor




Friday, August 28, 2015

RC9 Capture The Flag



Do you have the guts to earn the ROOTCON Black Badge? Then this is for you, ROOTCON 9 Capture The Flag pre-registration is now open.

You may now pre-register at  CTF Pre-registration Form

What is Capture The Flag?

The most mind-buggling game at ROOTCON, get ready for the RC9 Capture The Flag.

Our Capture The Flag this year will have two stages:

Stage 1 - Hacker Jigsaw - you will be presented with puzzles coming from different areas for security such as forensics, web app testing, cryptography, network analysis, wireless security and many more.

Stage 2 - Pawnstar - there will be boxes to p4wn each box corresponds to a certain point.

Prize:
3000 worth of Sodexo + 3 ROOTCON Black Badge
OR
4 ROOTCON Black Badge

On the day registration

During Day 1 registration please approach a registration goon and ask that you will register for the CTF.

What are you waiting for? Get that black badge and bring home your bragging rights.




Tuesday, August 25, 2015

Alright Let's Party Harder Coz Smirnoff Mule is our Post-Con Party Sponsor!


Yes! You read me right. Emperador Distillers' Smirnoff Mule will be sponsoring our ROOTCON Post-Con Party. Hurrah!



Aside from the cool talks, games and challenges in ROOTCON that you all look forward to, there will be a post-con party as well. ROOTCON Post-con Party is the best time to socialize with your fellow G33ks and H4x0rs. This is the best part of the CON that you don't want to miss at all.

We ensure you a one stubbornly refreshing party.

Tuesday, August 11, 2015

ROOTCON 9 Venue Bits


Tagaytay Bits

Tagaytay - is a popular destination of residents of Metro Manila primarily because of its mild climate and dramatic scenery, the most significant of which is the view of Taal Volcano. The weather in Tagaytay is mild and the average temperature is 22-25°C (71-77°F). There are only two 'seasons', wet and dry. 

Going to Tagaytay from Metro Manila 
GPS Coordinates: Latitude: 14.096271 | Longitude: 120.933852 

From NAIA Terminal 1 or NAIA Terminal 2 - walk outside the terminal from arrival gate and take the bus going to EDSA to Uniwide Coastal Mall (MMDA Southwest Integrated Bus Terminal) where you need to ride the bus going to Lemery, Lian, Nasugbu, Calatagan or DLTB/Crow Transit and alight in Tagaytay (Fare is around PhP80.00)

From NAIA Terminal 3 - (serving flights from Cebu Pacific, PAL Express and some Philippine Airlines domestic flights), exit the gate cross Andrews Avenue. Look for jeepneys with signboard Pasay Taft Rotonda then alight at Rotonda (landmarks McDonalds and Sogo Hotel). At Rotonda, ride buses with signboard MIA to take you to Uniwide Coastal Mall (MMDA Southwest Integrated Bus Terminal) where you take bus to Tagaytay (Fare is around PhP80.00)

From NAIA Terminal 4 - (old Manila Domestic Airport terminal serving as terminal for ZestAir, AirAsia, SEAir), take a taxi to Uniwide Coastal Mall (MMDA Southwest Integrated Bus Terminal) where you take the the bus going to Lemery, Lian or Nasugbu or DLTB/Crow Transit and alight in Tagaytay (Fare is around PhP80.00)

From Mandaluyong - Ride vans (V-Hires) bound for Lemery, Batangas via Tagaytay in front of Starmall at the corner of EDSA and Shaw Boulevard (walking distance from MRT Shaw Boulevard station). Fare is around PhP200.00 as you need to pay for the trip all the way to Batangas (derecho)

From LRT Gil Puyat Station (Buendia) - Buses going to Nasugbu, Balayan and Lemery, Batangas (e.g. DLTB and Jam Transit) will pass Tagaytay (Fare: PhP83.00). Shuttle service (vans, FX, V-Hires) in front of EGI Mall (Jollibee) at the corner of Taft Avenue and Sen. Gil Puyat Ave (Buendia) going to Nasugbu, Balayan and Lemery, Batangas that all pass by Tagaytay but you need to pay a "derecho" fare of PhP180.00

Shuttle service (vans, FX, V-Hires) going to Nasugbu, Balayan and Lemery on Zamora Street near Metropoint mall and behind Kabayan Hotel near the corner of EDSA and Taft Avenue (accessible from LRT EDSA Station or MRT Taft Avenue station (EDSA Rotonda). Current fare is PhP180.00 (regardless of where you're going since it's a derecho trip). Travel time to Tagaytay from Pasay is around one hour and fifteen minutes.

Alternatively, hire a taxi to take you directly to Tagaytay (around PhP2,500.00) or get the services of car-for-hire

Check-out the Venue page




Sunday, August 02, 2015

ROOTCON 9 Hotel Partners




We have good rates for our partners in cooperation with our hotel partners.

The following are the rates per night:

Taal Vista Hotel - Deluxe Room  http://www.taalvistahotel.com/

Twin sharing - Php5000.00 with breakfast buffet for two.
Additional head - Php1850.00 with breakfast.


The Lake Hotel - Standard Room http://www.lakehoteltagaytay.com/

Twin Sharing Php4060.00 with breakfast buffet for two.

Direction from Lake Hotel to Taal Vista



To book your hotel email us at comms [at] rootcon dot org with the following info:

Subject: Hotel Booking (Taal Vista / Lake Hotel)

Name:
Email Address:
Mobile number:
Check-in:
Check-out:
Mode of payment: Credit Card / Cash:



Thursday, July 30, 2015

ROOTCON officially launches ROOTCON Campus Tour


import rootcon
rootcon.print("Hello University Students!")

Ahem! Yes, ROOTCON in partnership with with De La Salle University - College of Computer Studies officially launches ROOTCON Campus Tour and the great thing about this event is that it is 100% Free.



ROOTCON Campus Tour is the first ever inter-university Capture the Flag (CTF) and infosec gathering for university students that aims to bring the ambience of the premier hacking conference in the Philippines, ROOTCON. The event is 100% FREE and covers topics like Information Security 101, Information Security Career 101, Introduction to Hacking, Exploit Development, Malware Analysis, Debugging, etc. 

The Capture the Flag event is the main highlight of this event wherein the champion could secure a FREE pass to ROOTCON 9. 

ROOTCON Campus Tour's CTF is not your ordinary hackathon or codefest because it is really an inter-university hacker cup that has intermediate to advance challenges like reverse engineering, return oriented programming, packet sniffing, debugging, web exploits, and many more to mention. 

ROOTCON Campus Tour wouldn't be a reality without the help of Isaac Sabas of Pandora Security Labs and De La Salle University - College of Computer Studies. Thank you for the help and we totally salute you guys!

You don't wanna miss this event! Stay tuned for more updates @ http://campustour.rootcon.net/

Saturday, July 25, 2015

ROOTCON 9 Speakers Lineup: Yes 1337 Speakers Are Here

Still doubtful that we are the premier hacking conference in the Philippines? Then check out our awesome lineup of speakers plus the 1337ness:











Carlos Tingson

Carlos Tingson is currently a student pursuing an MSc in Information Security here at the Information Security Group, Royal Holloway University of London under a British Chevening Scholarship. He specialized in Cyber Security and Cyber Crime. Carlos Tingson is an Army Captain by profession, his latest assignment is with the Presidential Security Group, based in Malacanang Park, Manila. he previously served with the Army's Special Operations Command and the 2nd Infantry Division. He graduated from the Philippine Military Academy with a degree in Information Systems. He also hold a Postgraduate Diploma in Research and Development Management from the University of the Philippines. A Certified Ethical Hacker (v. 7), Computer Hacking Forensics Investigator (v. 8), and EC-Council Certified Security Analyst. Carlos Tingson have been a regular Rootcon attendee since RC6. Not a pirate, Not a ninja, but had his fair share of ass kicking.











Christopher Elisan

Christopher Elisan is a seasoned reverse engineer and malware researcher. He is currently the Principal Malware Scientist at RSA. He has a long history of digital threat and malware expertise, reversing, research and product development. He started his career at Trend Micro as one of the pioneers of TrendLabs. This is where he honed his skills in malware reversing. After Trend Micro, he built and established F-Secure's Asia R&D where he spearheaded multiple projects that include vulnerability discovery, web security, and mobile security. After F-Secure, he joined Damballa as their resident malware subject matter expert and reverse engineer. Aside from speaking at various conferences around the world, he frequently provides expert opinion about malware, botnets and advance persistent threats for leading industry and mainstream publications. Christopher Elisan is also a published author. He authored "Advanced Malware Analysis" and "Malware, Rootkits and Botnets." He co-authored "Hacking Exposed: Malware and Rootkits." All books are published by McGraw-Hill. 











Jason Haddix

Jason is the Director of Technical Operations at Bugcrowd. Jason trains and works with internal analysts to triage and validate hardcore vulnerabilities in mobile, web, and IoT applications/devices. He also works with Bugcrowd to improve the security industries relations with the researchers. Jason’s interests and areas of expertise include mobile penetration testing, black box web application auditing, network/infrastructural security assessments, cursory mainframe security analysis, cloud architecture reviews, wireless network assessment, binary reverse engineering, and static analysis. He is also a frequent player on the Shellphish CTF team. Jason lives in Santa Barbara with his wife and two children. 











JIM

JIM is not just one entity. As much as we want to introduce them to you guys, I'm sorry but for now they are marked as CLASSIFIED and shouldn't be disclosed yet. All we know is that ninjas p4wn teh n1gh7.











John Menerick

John works on Security at NetSuite. John’s interests include cracking clouds, modeling complex systems, developing massive software-defined infrastructures, and is the outlier in your risk model.











Jose Ramon Palanco 

Jose Ramon Palanco is currently CTO of Drainware, Inc., a security company with offices in U.S and Spain: Palo Alto (California) and Madrid. In the past he has worked at Deloitte CyberSOC, managing incidents response (Tier 3). He studied Telecommunications Engineering at the University of Alcala de Henares and Master of IT Governance at the University of Deusto. He has been speaker at OWASP, ROOTEDCON and MALCON. 











Lu Zhao

Lu Zhao got his Ph.D. in Computer Science with specialties in trusted computing, abstract interpretation, formal verification and program logic. He worked in designing and developing static analyzers for security at HP Fortify for three years, during which he gave talks about analyzing programs to find vulnerabilities in conferences and filed two patents in the security analysis area. He is now a principal application security engineer at NetSuite Inc. His primary job is building security features for NetSuite cloud services including securing data accesses, eliminating vulnerabilities, and preventing attacks. He also works on security reviews and automated security testing. He has a wide range of interests in computing, including security, programming languages, abstract interpretation, program analysis, formal verification, and automated constraint solving. 











Markku Kero

Currently Markku Kero is the CEO of Eqela and Job and Esther Technologies. He also serves as Chief Software Architect for both companies. Over the last 15 years, Markku has been the driving force behind some of the most compelling technologies that have consistently been ahead of their time, overseeing the implementation of a 2G-compatible mobile voice over IP technology implementation, a mobile messaging system unifying email, SMS and instant messaging, a multi-device operating system and now automated programming language translation technology. He has founded and managed several companies in this field, previously Inceptions, Inc. and Kolipri Communications, currently Job and Esther Technologies and Eqela. 











Mon Nunez

Mon has more than more than 14 years experience in network management and security, specializing in computer security, large-scale network deployment, system administration, and network forensics. He has been a consultant to international organizations such as WHO and NEC, is the Co-Head Security Architect of DOST-ICTO for the Integrated Government Project (iGov), the Network Infrastructure and Security Consultant of the UP Computer Center, and is currently the Director for Security at Chikka Philippines. 

A member of Team Manila, Mon, with Paul Prantilla, has competed in the DEFCON 22 in Las Vegas this 2014. The team participated in multiple contests achieving 4th out of 264 teams for the Network Forensics Puzzle Contest (NFPC), and also 4th at the Capture the Packet Contest (CTP) championship round. They also competed in the 2014 Capture The Flag contest at Hack In The Box, Kuala Lumpur -- making them the first and only team from the Philippines to ever compete in an international CTF event. 

As an advocate for continuous learning, Mon got his Masters Degree in Computer Science from UP Diliman and is now taking up his PhD in Computer Science in the same university, researching on hypervisor security and software defined networks. Believing in the importance of knowledge sharing, he teaches Network Security to graduate students in UP. 











Paul Prantilla

Paul Prantilla got his masters in Computer Science from UPLB and currently is working on his PhD on Computer Security in UP Diliman. After a brief stint teaching graduate school, Paul became the first IT Director of UPLB, worked in the United Nations Population fund, and then in Chikka Philippines. While in Chikka, Paul worked with Mon Nunez to launch groundbreaking IT services in Smart - including Smart PowerApp and Internet for All. During this time, they became regular attendees of DEFCON and consistently attained a top 4 finish in multiple DEFCON contests. Currently, Paul works as the Director of Planning and Strategic Roadmapping in Globe's IT Division. 











Paul Sabanal

Paul Sabanal is a Security Researcher on IBM Security's X-Force Advanced Research Team. He has more than a decade of experience in the Information Security industry, mainly focusing on reverse engineering and vulnerability research. He has previously presented at several conferences such as Blackhat and Hack In The Box, primarily on the topics of reverse engineering, sandbox vulnerabilities, and mobile security. His main research interests these days are in protection technologies, mobile malware, and IoT security. When not in front of a computer, he enjoys Disney movie nights with his daughter, playing weird instruments in a band, and pajama wrestling. 











Philippe Z Lin

Philippe Lin is a staff engineer in Trend Micro. He works in data analysis, machine learning, fast prototyping and threat research. He was a BIOS engineer in Open Computing Project. Active in open source communities, he is a hobbyist of Raspberry Pi / Arduino projects and the author of Moedict-Amis, an open source dictionary of an Austronesian language. 











Ray Torres

Ray Torres is an IT Security enthusiast and practitioner. He likes to read daily updates of security-related topics and tries to maintain a white-hat mentality at all times when he sees a new CVE. *wink wink*. He graduated from the University of the Philippines Diliman and has a bachelor’s degree in Computer Science (he doesn’t like to brag but he graduated as Magna Cum Laude from the said university *wink*). Currently he is taking his postgraduate studies in the same university. He also goes to the gym 3 times a week and tries to maintain a healthy lifestyle. On his leisure time, he reads legal-thriller books by John Grisham or looks for open wifi access points (for free internet of course). 











Steve Miller

Steve Miller is an incident response professional and the Security Strategist for FireEye in Asia-Pacific and Japan. Steve has over 10 years of experience in areas such as computer forensics, communications signals analysis and intelligence program management. 

Steve's background includes work for the U.S. Army, the National Security Agency, Cornell University, the U.S. Department of State, and the U.S. Department of Homeland Security. 

As a part of FireEye's 24x7 incident response service, Steve leads security operations in APJ and also contributes to threat research and detection management. In his spare time, he rides a totally rad BMW F800GS motorcycle.

RC9 Schedule Live


ROOTCON 9 schedule now live

Day 1:

8:00 - 8:45 Registration - Check-in
8:45 - 9:00 Opening Remarks
9:00 - 9:45 How to Shot Web: Better Web Hacking in 2015 (Keynote) by: Jason Haddix
9:45 - 10:30 BackDooring Git by: John Menerick
10:00 Games Opening (Capture The Flag, Badge Hacking, WiFi Warrior)
10:30 - 11:15 How safe is my system from reverse engineering by: Markku Kero
11:15 - 12:00 Unmasking Malware by: Christopher Elisan
12:00 - 13:00 Break
13:00 - 13:45 Fixing CSRF Vulnerabilities Effectively by: Lu Zhao
13:45 - 14:30 Hacking Time by: Carlos Tingson
14:30 - 15:30 What Hacker Sees by: JIM
15:15 - 16:00 Break / SpeedTalk
16:00 - 16:45 Panel Discussion


Tuesday, July 21, 2015

Pandora Security Labs at RC9


ROOTCON would like to welcome our newest sponsor this ROOTCON 9. 

Pandora Security Labs is formed through the combined expertise of security analysts from leading IT security companies and researchers from the academe world. Our founder firmly believes that the combination of industry experience, education and continuous research is the best formula for providing innovative best quality products and services.


Visit them at https://www.pandoralabs.net/

Monday, July 20, 2015

ROOTCON 9 Sponsors: We Salute You!


ROOTCON would like to highlight and thank the sponsors for this incoming hacker conference and information security gathering:



Netsuite is an American software company based in San Mateo, California, that sells a group of software services used to manage a business's operations and customer relations. Customers access these services over the internet paying a periodic subscription fee. Netsuite | Security provides a host of advanced functionality to secure the application including role-based access, strong encryption, robust password policies and more. NetSuite adds further layers of security such as application-only access and restricting access to only certain IP addresses to provide complete confidence and peace of mind.


Rapid7's IT security solutions deliver visibility and insight that help you make informed decisions, create credible action plans, and monitor progress. They simplify compliance and risk management by uniquely combining contextual threat analysis with fast, comprehensive data collection across your users, assets, services and networks, whether on premise, mobile or cloud-based. Rapid7 has been recognized as one of the fastest growing security companies by Inc. Magazine and as a "Top Place to Work" by the Boston Globe. Rapid7 currently maintains the Metasploit Framework and other security tools.



Kaspersky Lab is an international software security group operating in almost 200 countries and territories worldwide. The company is headquartered in Moscow, Russia, with its holding company registered in the United Kingdom. Kaspersky Lab currently employs over 2,850 qualified specialists. It has 31 representative territory offices in 30 countries and its products and technologies provide service for over 300 million users and over 250,000 corporate clients worldwide. The company is specially focused on large enterprises, and small and medium-sized businesses. Kaspersky Lab offers consumer security products, such as anti-virus, anti-malware and firewall applications, in addition to security systems designed for small business, corporations and large enterprises. Corporate solutions include protection for workstations, file servers, mail servers, payment gateways, banking servers, mobile devices, and internet gateways, managed through a centralized Administration Kit. 



Hewlett Packard Fortify on Demand is part of HP Enterprise Security Products in the HP Software business, providing application security products and services for enterprise customers to assess, assure and protect enterprise software and applications from security vulnerabilities. Fortify offerings included Static Application Security Testing and Dynamic Application Security Testing products, as well as products and services to support Software Security Assurance, or repeatable and auditable secure behaviors, over the course of a software application's life cycle. 


Netpoleon Solutions Pte Ltd was established in 2000 in Singapore. It is a leading regional VAD (Value-Added Distributor) in IT Network and Security. The company serves  a wide range of industries and customers across Singapore, Philippines, Malaysia, Thailand, Indonesia and Vietnam, , spearheading emerging technologies and delivering future-proofed solutions built for consolidation, virtualization, big data analytics, security operations centre and cloud computing. 



iSecure Networks, Inc. is a software vendor company whose strength revolves around selling, marketing and implementation of thoroughbred IT products, coupled with the ability to support and adapt to the constant changes and advances brought about by information technology. The company provides a full suite of networking and security products that gives leverage to companies, big or small, to stay afloat in today's competitive business environment. It has forged alliances with the world's most recognized brands such as Astaro Corporation, Kasperlsy Labs., Aep Networks, eEye Technologies Inc., Pheenet Technologies. 




Citibank Philippines is the Philippines chapter of Citibank established in 1902. It started when when the International Banking Corporation opened its first branch in Manila. Currently, it is one of the largest commercial banks in the Philippines. Citibank has been involved with financial mergers and acquisitions. One of the largest investments in the country is the site building in Bonifacio Global City, Taguig City. 




SecurityMatters™ is the first and only security magazine in the Philippines that provides in-depth insights and helpful tips for physical and IT security, fire and life safety, protection professionals and anyone who is interested in understanding how to prevent risky situations, accidents and any form of danger. The magazine covers relevant security issues that impact the practitioners’ professional growth, social networking activities and career development. 



The Philippine Daily Inquirer was a daily newspaper founded on 9 December 1985 by publisher Eugenia Apóstol, columnist Max Solivén, together with Betty Go-Belmonte (wife of House Speaker Feliciano "Sonny" Belmonte) during the last days of the regime of the Philippine dictator, Ferdinand Marcos, becoming one of the first private newspapers to be established under the Marcos regime. It is popularly known as the Inquirer, is the most widely read broadsheet newspaper in the Philippines,with a daily circulation of 260,000 copies. It is one of the Philippines' newspapers of record. It is a member of the Asia News Network.

Want to sponsor ROOTCON? It is never to late to be part of its success. We want you to be in this exciting event.

Why sponsor? Sponsoring ROOTCON event provides you the unique opportunity to connect with the greater Info Sec community, to build brand awareness and show your company’s support of an important cause: Security Awareness.

It is definitely a WIN-WIN situation!!!

Download the sponsorship package  or visit the sponsorship section