loader image
img not found!

Speaker: Omar Espino


Profile

Security researcher, bug hunter, international speaker, and expert in vulnerability analysis and penetration testing. He has reported valid security issues in top-tier companies such as Google, Apple, Microsoft, Facebook, Twitter, Telegram, Nokia, Sony, Slack, Atlassian, Netflix, and others, earning a place in each of their security halls of fame.


Security Issue Reports

  • Google VRP: Discovery of local files on Google’s production server.
  • Apple: PII exposure, full contact list, primary phone number, and iCloud email disclosure; local file read via a ZIP file and symbolic links in the iOS Files app.
  • Google VRP: From JavaScript injection to compromising Cloud Shell servers.
  • Google VRP: Local variables from /etc/environment exfiltrated in Google Earth Pro desktop.
  • Yahoo!: From JavaScript injection to fully compromised user account.

Main Track:

Hands-On Hacking: Flaws AI Can’t Replicate (Yet)

Hands-On Hacking: Flaws AI Can’t Replicate (Yet) is a talk designed to challenge the idea that Artificial Intelligence can do everything. Through concrete, real-world use cases, it highlights the limitations of AI in offensive security and demonstrates why human intuition, creativity, and experience remain critical in hacking. The session shows that, at least for now, AI is far from replacing human-driven hacking techniques.

Workshop:

OSINT Tactics: What the Internet Knows About You (That You Didn’t Know About)
This workshop is designed to provide practical knowledge on Open Source Intelligence (OSINT), using only publicly available and legally accessible information found on the Internet. By the end, participants will be able to audit their online presence and understand the real scope of publicly accessible information.

We constantly generate seemingly irrelevant data that can be collected to build a detailed profile of a person or entity, exposing “private” information that any attacker could access.

  • Introduction to Digital Footprint: Fundamental concepts about the information we expose and the tools used to collect it.
  • Exploiting Public Sources: Advanced use of search engines (Google Dorks), social media, and public records to locate specific information.
  • Investigation Methodology: Data acquisition processes, noise filtering, and source validation to ensure the accuracy of findings.
  • Metadata Analysis: Extracting hidden data from images and digital documents (location, timestamps, devices) to gather additional context.
  • Correlation and Pivoting: Techniques to connect scattered data points (an email address, a username) and expand the investigation surface.
  • Using Specialized Tools: Practical setup and use of software and frameworks designed to automate data discovery, collection, and visualization.
  • Digital Hygiene and Mitigation: How to reduce personal exposure and protect privacy against these information-gathering techniques.