El Hands On de BSides Colombia 2025

Hello everyone, welcome to another episode of Visays, this space where we are mentioning all the spaces that we have in this year Visays Colombia 2025 at the University of Antioquia Remember, the event starts on Wednesday 11, we already started with many with the workshops, we are going to start with the spaces of the 101, hands-on, wardriving, the talks, well, we have an endless number of things for you, the guests, and we are waiting for you there. Today, specifically, we are going to talk about the hands-on, this practical space where with a focus on doing it, practicing it, having a partner to guide it. It is not like the typical theoretical or master's talk, but here is the invitation to

bring the equipment, the tools, install them, configure them and start a practical process or do things there immediately. And today I have a very special guest, to whom I am going to give way. Hello Nico, I can't hear you. Hello, how are you? How are you? Thank you. Hello Nico, how are you? Today we are going to talk specifically about your hands-on, a very interesting card game. Particularly, it excites me a lot because I work on the issue of incident response. And also mention to all the participants that we are going to have six hands-on's. From a practical approach in Metasploit, we will also be with Jonny from HData Recovery on a data recovery issue in

RIDE. Jonny is a reference in these data recovery issues. We will also have a initialization in the part of War Driving before the event, which is something merely practical and to put the tools that we are going to use later. The one from Nico, the one from Rodrigo too, which is an exercise of attack and defense, practical challenges, or without too. one about reverse engineering, reverse engineering principles on binaries in IoT, which I will be giving you, and Nico's, which is this interesting game that brings us, and I would like you to explain a little bit about what this space is about, Nico. Yes, thank you. So the game is called Backdoors and Breaches and it's a game of incident

response, board game. And it's about building scenarios. And then the attack chain is built and we have several types of cards. We have the initial commitment, the pivot and scaling, persistence, C2 and exfiltration, and then we have the procedures. So it's very similar to Dungeons and Dragons. So there's a Dungeon Master or an Incident Commander or whatever. And that person creates the stage. So there are several cards. So here I have one. And we're going to play in Visites Colombia. We're going to be there playing and giving the decks to the people who sit down play a full game, we will give him a deck and as they say in Colombia, it's very cool. So we have the cards, we have the red one, which

is the initial commitment and that is the first step of the attack chain and then we have the pivot and scaling ones, which is the second step. And we also have the Persistence, which is the third step of the Attack Chain. And then at the end we have the C2 and exfiltration. And with those cards the attack chain is built. And then that's like the scenario. And then the blue team or the defense team have to use the tools they have and those are the blue cards. and there are several procedures such as using the sim, using endpoint analysis, the output, there are several and then the joke of the game is that the blue team argues among themselves why they

chose one of these defense cards, right? So, and It works better when you choose the blue cards first because then you can create the scenario and have that thinking about that, which tools you have that equipment because each of these cards, the reds, yellows, purple and browns are detected by one of these blue cards. So it's better to start with the blue cards and build the attack chain from there. Ok, great. Let's go a little bit in the background. Where does the inspiration to create this game come from, Nico? Well, I have a friend here in the community, in San Diego, California, and he helped create the game several years ago. information security. And then one day he told me, "Hey, I already saw that you are getting

involved in the community in Mexico and Colombia and they just launched the Masos in Spanish. So do you want a box of the Masos?" And I said, "Yes, of course." And then in Guadalajara, In March, that was the first time the game was played in Spanish in Latin America. So I had a hands-on there too. And so that's how the idea came about. So my friend offered me a box of decks and it was really good. And now I'm trying to do a tour to give them away. the masses in the congresses to the people who are going to use them to improve the security of the company where they work, right? Because it is something very easy, very simple, very accessible and also fun. Super, super. And it

is also, let's say, that the strategy of a good incident response is very aligned and it is the first phase, which is preparation, right? How do we prepare before it happens? Exactly. How do we list our tools? How do we train ourselves? How do we refine the processes? And if it can be done through a game with things that tools that we can have in an organization or we can propose to implement them, then much better, we will be prepared and at the moment the incident happens we will have a prior knowledge that will reduce the time and the effect that in the end that is what we work for. So, to understand a little, you told me that there was a master, that in this case, let's say

normally here it is called first respondent, he is the one who aligns the game the one who says what strategy, where they are going to take the other players. That's how it is. Yes, and that person will have advantages and knows how to create creative stories because one of the game's jokes is to create the stage that is like the real world. So it helps a lot the experience that one has had in their career, in their professional experience to create the stages and to also have answers when they guess, for example, the wrong procedure. So you can choose one of these cards that it won't detect the card that is in the attack chain and that can happen also in the real world

we also have a dice so from 1 to 10 if that is the result of the dice roll then it fails select the correct card and that is useful in the real world because sometimes things are not configured correctly or someone is sick and did not launch the script correctly. There are several things that can happen in the real world. So this game is very fun and also helps a lot to computer security teams to practice and prepare for an incident. Super, super, and it is like that, attending an incident, you can take a log and see a record of something and go the other way, or that can be a signal for one to get distracted and really things and the affections are going the other way

and it is totally valid and that can be in the case of real life what the dice represents. Nico, In the game we also have essential tools that the incident response teams should have. Normally, for example, I always have Volatility, Velociraptor and Desec when it's virtual machines. Do we have something like that there? Exactly what you just mentioned. We have memory analysis in here. And then we also have, there are several, there is crisis management, There is also an analysis of endpoints, there is an analysis of security of protection of endpoints almost the same but no cyber deception this is also a review of the firewall and analysis of the sim so those are the ones that come here in this deck and one of

the reasons why I am doing this tour in all the congresses is because in English there are 10 expansion packs not then that is how - expansion packs for Latin American companies. Because all the expansion packs, for example, here I have one in English. This is the ICS. So a company helped to create this. This is Dragos. It's one of the cybersecurity companies of ICSOT. So to inspire companies there in Latin America to create the expansion packs. in Spanish because that way you can get into the community and you can also help the community in a very fun way. Totally, Nico, and I really appreciate this participation you have with Visays Colombia. It really represents what community is. I know that last

year you were among the participants and this year that you come with these proposals to the region, to Colombia, to bring this, which is pure, practical knowledge, through such a didactic way, it is very valuable for the whole community. Thank you very much, Nico. To you for inviting me and also as I just mentioned, I want to inspire the companies from Mexico and Latin America, Hispanic, to create these expansion packs and so the logo of the company will be here and people will realize that this company exists and that this company is an expert in ventesting or incident response or whatever, in a fun way. Exactly, super, super. In this game we have something about the coordination between

technical and executive teams during an incident, which is a part that is very difficult to handle because the technical part, as one prepares, is facing it and all that, but the executive part is very complicated, the pressure and all that, we have scenarios like that : It depends, so if the... how do you say the master in Spanish? : The first respondent. : The first respondent, so for example, the first respondent can apply pressure to the blue team because there are only 10 turns and if after 10 turns they don't detect everything, then the company is closed, they fired everyone. And then, for example, the main respondent can, for example, say, "They're not going home

today." Or there are also cards that are from Injex, right? So these are the gray ones, they are more advanced. but there is also, for example, the coordinator of incidents takes paternity leave, right? So those are like things from the real world. There is also one like this, for example, It was a pen test, right? Just like, "Ah, it was a pen test. We were doing a test, and you were paying attention to the logs." There's also data uploaded to Pastebin. And so there are several things like applying pressure or as they say in English, "gotchas" So like one thing that one didn't realize until it happened And then yes, with these gray cards you can do

that too So all of that is already inside the game but this is already a little more advanced so that people learn to play play two or three full games and then with these gray cards or better also that they create their own scenarios and play it in your community, between friends or at work, or form a group of computer security to play this game. And the game is also available online. You can go to play.backdoorsandbreeches.com and there you can play in Spanish as well, and in English. And all the expansion packs are ready there and you can play on any computer or tablet in a browser. Super, super, super. A question about the game,

Nico, and it is: are lessons learned in the game contemplated or is that already left behind? No, it is not contemplated. Which one? The part of lessons learned. : Yes, so that's at the end, right? So when someone creates the scenario, you can also put that at the end or you can, during the game, during the incident, El master puede escribir las cosas que están pasando y después de eso le puede decir a los jugadores, no se dieron cuenta de esto o no se dieron cuenta de eso o se les olvidó que tenemos esta tecnología. Entonces, el master... It must be someone who knows the company's environment, because that way they can create the scenario specifically for the company and they can also have that knowledge that came

out of the board game. Super, super. Well, we invite the participants, if they have any questions, Nico will be here. I'll pass it to you so you can help us answer it. Ask it. There are people in here watching this live. I didn't realize. Okay. Done. What other success stories did you mention in Guadalajara? Yes, I'm an organizer, I help with a congress in Guadalajara called HACO Guadalajara. and HackDL and it's very cool because the congress is in a green space so it's outside and not inside and they also have mezcal, they have mariachis, live music and they have many speakers that come from everywhere this year we had from Ecuador, Peru, the United States obviously from Mexico,

Ecuador and Argentina. The congress is very small, so you can talk to people, meet other attendees, And there is also another one in Defcon in Las Vegas, that we are both involved in this, it's called La Villa. And there we create a space for people who arrive at Defcon, the Latino people, to get together and get to know each other. Because there are more than 30,000 attendees at Defcon every year. We are creating a meeting point for all the people who arrive from Latin America because there are many people who arrive but they don't know where the other Latinos are. So we are creating that space. Ok, great. Nico, how long did it take to create the game for your friend? I think

it lasted at least a year more or less because they had to review it several times and play with each other in the company and after that, several years ago, they launched the purple, the core deck and after that companies started to help with expansion packs and then the game is always evolving because any company can create an expansion pack and add something to the game. So if we have like 5 expansion packs, then we have a lot of options for the attack chain, for the procedures, for the injects. So it's something very fun and I'm excited to share it with the community there in Colombia. Thank you very much. I imagine that each company that creates an extension pack is focused on its core

business, its business line. Each one has specific actions to protect and on that side they go and that nourishes a lot those who play and the participants. Yes, and there are several that focus on pentesting, there are several that focus on incident response. I just asked someone if I can pass the link, so I'll grab it right now. I'll take the opportunity to ask you again and paste the link of the virtual game here. What is the link? I just sent it in the chat. Ah, ready, perfect. So that people can look at it. There we have it. And also if people want to start creating scenarios before the congress and want to play like the master there, I'm happy to help with that

and to play with them. Because I've already heard my scenarios and I've narrated them several times. So, yes, I invite people to create scenarios and maybe next week I'll teach those scenarios at the congress. Perfect, that's great. Thank you, Nico. Nico, why can't B-Sides participants lose this hands-on? Why? Because this hands-on combines several things. Combines fun, community, learning, and also preparation for an incident. So, all of that mixed in a hands-on activity - in the congress, sorry, to play with the people and to teach people how to play the game. I already checked the weather and it's going to be raining, so we're going to have to find a space inside, but I'm very excited to be

playing with the community and with the people and the assistants there in Colombia. Ok, perfect. Thank you very much, Nico, for being part of the event. We will be there pending. I want to play a stage. I arrive on Wednesday, so we can start playing until Thursday morning or Wednesday night, if you dare. That's perfect. And well, to all participants, remember that the Visayas begins on Wednesday, June 11, with the different spaces, workshops, trainings, spaces for 101 beginners, the hands-on, which is for the VIPs who are included. Remember, all the information is on the page, the talks are at 3:14 pm War Driving too, the party, everything is there, there is a special link that says on the page: www.bizaizco.org How to survive in the Bizaiz

2025, University of Antioquia, we are waiting for you there, please do not miss it. Bye Nico, thank you very much. One last question, I was talking to Gio and he was telling me that the beer is ready. Of course, we have beer from the event, We do it normally every year and it is ready for you to enjoy it at the party. Remember that they are spaces to do networking, professional relationship. The two values ​​that the event has is technical, practical knowledge and professional relationship on security issues. And beer. And beer. Thank you very much, Nico. See you soon. Bye bye. Thank you. Bye.