ISACA Challenge for Young Professionals

ISACA Madrid has launched, for fourth time, a challenge for young professionals with the main goal of encouraging young people to innovate and promote in the Audit, Information Security and Information Security Governance fields. This is the fourth edition where young professionals can demonstrate their skills and knowledge about new threats, risks and tools, and this is a good opportunity to show our last researches and development projects to the security community, and at the end, it's a good opportunity to teach what we know to improve the security world.

The first edition in 2014, I was there with my proposal about “¿estamos vendidos?” but I got the second prize, was for Daniel Echeverry Montoya & Ismael González with their good job about "Tortazo para la recolección de información y auditoría de repetidores en la red de TOR". TORTAZO is an opensource tool to collect information and conduct attacks against exit nodes of TOR network. It also works on "Zombie" mode allowing us to create a botnet on those nodes compromised through SSH. This mode allows the parallel execution of commands against botnet or complete a given set of computers.

ISACA Challenge 2014
The second edition in 2015 was for my paper called “Juego de Troyanos” where I analysed how the Zeus malware works and I developed a “similar” trojan malware with Domain Generation Algorithms to bypass black lists and antivirus software. In fact, most of the ransomwares like CryptoLocker or CryptoWall still use the DGA technique to bypass security protections like IP and domain reputation. It was an “easy” way to demonstrate that anyone can develop a trojan malware to bypass common security safeguards.

ISACA Challenge 2015

Last year, Juan Antonio Velasco Gómez and Diego Jurado Pallarés got the first prize with “Deception PI - Análisis de las Tendencias de Ataques de Malware en Sistemas Señuelo para Informática Forense”. The work presented was made to detect, study and analyze certain types of computer attacks, specifically Secure Shell (SSH) attacks, using the technology of decoy systems, commonly known as Honeypots. They configured a small network of sensors, integrated in small dimensions platforms (Raspberrys). This network consisted of two sensors located in different cities (Madrid and Granada) that will allow them to classify and analyze the results and malware samples obtained in the experiment. 

ISACA Challenge 2016

The requirements for the ISACA challenge are the same as always. If we are young people with less than 35 years old and we have something interesting to show and teach about Audit, Information Security or IT governance, this is your challenge. Write a paper and send it to ISACA.

For more information about the challenge, click on here, and if you need any help with your paper, let me know.

Regards my friend and remember, drop me a line with the first thing you're wondering.