Sections
Personal tools
You are here: Home program Technical Program
Navigation
Organizers
 
Document Actions

Technical Program

by admin last modified 2007-08-02 07:27


  1. Fyodor Y
    Presentation Title: Use of software agents in network security

    Presentation Details:
    The presentation will detail Meder's and Fyodor's experience of working on agent-based, distributed network framework. One use of such framework is for distributed web application hacking, as would be demonstrated during the presentation. Other applications of the framework would be discussed as well.

    About     Fyodor Y

    Fyodor Y. is not nmap Fyodor (see snort FAQ ;-) link:http://www.snort.org/docs/faq/1Q05/node3.html).

    Fyodor is a happy programmer and has been involved in a number of open- and closed source projects. The most memorable ones are snort and xprobe2. (www.snort.org, http://sys-security.com/blog/xprobe2/). Fyodor never did anything bad or illigal, mostly selling his labour to "serious"corporations within "whitehat" security industry.

    At the moment Fyodor is pursuing his Phd degree in National Taiwan University. (link: http://lion.ee.ntu.edu.tw/modules/professor/)

  2. Jerome Athias
    Presentation Title: Speeding up the exploit development process

    Presentation Details:
    The exploit development process includes repetitive tasks. To accomplish this process, an exploit writer will use various tools andwill often have to repeatedly do the same tasks, again and again... to obtain a nice and reliable exploit. Furthermore, the exploit code will be different depending of the programming language used and of the programmer. MSF eXploit Builder (MSF-XB) is an unique tool to speed up the exploit development process.

    About Jerome Athias

    Jerome Athias is an independent IT security researcher. He's active in many computer security mailing-lists and forums. He also contributes to various security related projects (ie: the Metasploit Framework, freerainbowtables.com)

    Website: https://www.securinfos.info.


  3. Nathan Rittenhouse
    Presentation Title: Byakugan - Automating Exploitation

    Presentation Details:
    The majority of debugging tools have been written by crackers for crackers.  Every day, you can see a new tool that is intended for disabling various anti-debugging mechanisms, automatic tracing for the purpose of unpacking, and identification of cryptographic algorithms.  Very little has been done to aid the efforts of the various monotonous activities that exploit developers are tasked with on a daily basis.  From the minds of metasploit, a WinDbg extension known as Byakugan has been created to correct the problem stated above.  From automating many tasks to automatically identifying and exploiting vulnerable code constructs, Byakugan is one step forward in providing hackers the equivalent of what crackers have had in their arsenal for years.

    About Nathan Rittenhouse

    Nathan has quite an obsession with reverse engineering and is the founder of Noxusfiles.com.  His most well known work is in the area of anti-firewall payloads for the windows operating system, some of which is currently in the Metasploit project.  Nathan has worked professionally in the field of web application security and has spoken at the Interz0ne, Defcon, Toorcon, and HackCon security conferences.


  4. Nam T. Nguyen
    Presentation Title: Unintrusive Back in Time Java Tracers: Methods and Practices

    Presentation Details:
    The presentation discusses about two popular methods to intercept Java method calls: one in the VM layer, another in the byte code layer. Both of them are unintrusive and capable of monitoring multithreade applications, and recording passed-in arguments, as well as returned value. These methods are unintrusive because there is no change to the application under monitor, nor does it know it is being probed. The call log is comprehensive enough to make an exact invocation of any entry in the log, with identical `this` object, passed-in arguments, and presumably returned value.

    This presentation gives the audience an introduction to Java byte code and JVM's tooling interface. The demonstration would show an interestingly useful tool for researchers to selectively monitor call tree of any Java application

    About Nam T. Nguyen

    Nam T. Nguyen holds a first class degree from Nanyang Technological University in Singapore. He is a low-profile, but active member in VNSECURITY group, and Singapore Special Interest Group in Security and Information inteGrity. His interests include code destruction/reconstruction, writing high quality applications, Java and especially Python.


  5. Nguyen Anh Quynh
    Presentation Title: Hijacking Virtual Machines for Fun and Profits

    Presentation Details:
    In general Virtual machine (VM) technology can guarantee strong isolation between VMs, so even if a VM is hacked, other VMs are still tamper-resistant. However, our talk demonstrates that if the attacker takes over the host VM, he can do pretty much anything he wants with the guest VMs. Several sophisticated techniques to hijack the execution of a running VM are presented, which can be used to redirect any VM execution at will without interrupting it.

    While the proposed methods are not limited to any kind of virtual machine, we demonstrate them with Xen Virtual Machine. In a demo, the attacker only needs to dynamically injects 2 bytes into a running Linux VM to capture (and later replay) all the keystrokes and output screen of the VM's consoles. The hijacking does not generate any negative impact in I/O performance, therefore not likely to cause any
    suspect to the VM's owner.

    Meanwhile, the hijacking technique can also offer great benefit for the white-hat people. The second demo proves that with less than 10 bytes injected into a protected VM, we can have a file-system integrity tool. Compared to traditional approaches like Tripwire or AIDE, this IDS offers some advantages such as: real-time detection, zero deployment cost, richer intrusion evidence, and less exposed to attacker.

    The presented technique works with any kind of OS-es, and need absolutely no modification to the kernel of the guest VMs or to the hypervisor. Besides, everything is done inside the user-space, thus straightforward to implement, and requires no deep knowledge about OS kernel.

    About Nguyen Anh Quynh

    Nguyen Anh Quynh is a postdoctoral researcher at National Institute of Advanced Industrial Science and Technology (AIST), Japan . His research interests include computer security, networking, data forensic, virtualization, Trusted Computing and Operating System. His papers have been published in various academic conferences, such as ACM, IEEE, LNCS, Usenix among others. Quynh is a contributor of numerous open source projects (notably are Xen Virtual Machine and Linux kernel). He loves to get involved with the industry, and he gave talks at hacking conferences such as EusecWest, HackInTheBox, Hack.lu. Quynh obtained PhD degree of computer science in Keio University , Japan. He is also a member of VNSECURITY, a pioneer information security research group in Vietnam.


  6. Mikado and Red Dragon
    Presentation Title: Cheating Massively Multiplayer Online Game for Fun and Profit

    Presentation Details:
    Millions people around the world play massively multiplayer online games every day and the online game market is a fast growing multi billion dollars market. The number of online games being developed is increasing very fast each year. In order to prevent the game cheating, most of games are integrated with anti-cheating systems. Anti-cheating systems normally developed by third party companies such as nProtect GameGuard, Punkbuster, VAC, HackShield, Xtrap, ..  or by the game development companies themselves (e.g WoW's warden by Blizzard, Survival Project's IOProtect of IO Entertainment, ..). These anti-cheating systems employ many layers of cheating prevention from userspace to kernel space in order to detect and prevent different ways of cheating such as:

    • Anti patching by periodical checking for the integrity of game files and game process.
    • Anti API hooking on both user mode and kernel mode by hooking critical functions and monitoring their integrities (and re-hooking / re-patching frequently).
    • Anti code injection.
    • Anti game client memory reading / writing.
    • Anti debugging, reversing by encrypting, obfuscating executable files with strong file packer / encryptor / protector
    • Anti Windows message hooking / blocking user input simulation (keyboard, mouse macros) to game process.
    • Anti screenshot capturing, anti hooking some DirectX related functions.
    • Anti game packet intercepting, connection redirection / relaying / proxifying  by protecting Winsock APIs and monitoring destination game server addresses / packet latency.
    • Providing data and packet encryption layer to the game.
    • Sending synchronous packets to prevent cheater from disabling the hacking prevention system itself from game client as well as anti packet-based (out-game / clientless) bot.
    • Anti well-known game hacking tools by scanning all processes / files / memory against it's signature database.
    • Global Hardware ID ban from cheater
    • etc

    In this talk, we will present different approaches and techniques to make game hacking / mod / trainer / bot, analyzing of some popular anti-cheating systems and different ways to bypass those anti-cheating systems. This talk will also discuss about security and privacy issues which are related to anti-cheating systems since many of them employ rootkit technologies in order to detect and prevent cheating.


    About Mikado and Red Dragon

    Mikado is currently a computer science student. He has worked for a Korean company on game reversing and autoplay/bot development for Massively Multiplayer Online Role-Playing Games (MMORPG). His interests include reverse engineering, system programming and security. Mikado is an active member of VNSECURITY and 4VN groups.


    Red Dragon (RD) is currently working as a Principal Security Consultant where he focuses on application security, code audit, penetration testing and helping his company to develop security products. RD is a seasoned security researcher with more than 12 years of security and hacking experience and member of several international security research groups including THC and HERT. He has spoken at several security conferences and written articles for various security publications. RD is a founding member of the VNSECURITY, a pioneer information security research group in Vietnam and organizer of VNSECON 2007.
     

  7. Paul Craig
    Presentation Title: Next Generation .NET Attacks

    Presentation Details:
    In 2002 Microsoft released v1.00 of .NET, an amalgamate of languages; designed to replace Visual Basic/Visual C++/Visual J++ and ASP and to permanently change Windows development practises.
    From the web application perspective it was essential that .NET did not become as fundamentally insecure, and easily exploited as ASP. In true Microsoft fashion, a new security model was introduced which forced developers to write web applications in a manor Microsoft consider secure. .NET also features many layers of data integrity and anti-exploitation methods.

    Exploits of the ASP era, such as Cross Site Scripting, SQL injection and directory traversal file access vulnerabilities are now a shadow of the past. These vulnerabilities have become significantly harder, or at times impossible to exploit within .NET.
     
    The last two years of my life have consisted of finding vulnerabilities in commercially developed .NET web applications. I have discovered functionality based vulnerabilities which are commonly created by .NET developers, and vulnerabilities located within the .NET language parser itself. .NET vulnerabilities are subtle, harder to exploit and a world apart from the previous ASP generation.

    This presentation will combine my own research and experience, along with the research of others, to fully illuminate the threats within the .NET applications of today. My own research includes new methods of web application exploitation, unique to .NET and not previously released.
    Examples will be used to show each method of exploitation in a real world scenario, and how the vulnerability can be used to leverage access within a web application.

    Advances in web application penetration testing are rare and research on topic has for the most part stagnated. This presentation aims to disclose new methods of exploitation, understanding and insight into exploiting the Microsoft based web applications of the future.


    About Paul Craig

    Paul Craig is a security consultant for Security-Assessment.com, and provides Security-Assessment.com Ltd clients with application audit reviews, vulnerability assessment and intrusion testing.


  8. Red Dragon
    Presentation Title: UPnP Hacking - You Plug n Pray

    Presentation Details:
    to be annouced

    About Red Dragon

    Red Dragon (RD) is currently working as a Principal Security Consultant where he focuses on application security, code audit, penetration testing and helping his company to develop security products. RD is a seasoned security researcher with more than 12 years of security and hacking experience and member of several international security research groups including THC and HERT. He has spoken at several security conferences and written articles for various security publications. RD is a founding member of the VNSECURITY, a pioneer information security research group in Vietnam and organizer of VNSECON 2007.


  9. Richard Johnson
    Presentation Title: Logical Fuzzing

    Presentation Details:
    This presentation will discuss methods for advancing the state of the art of fuzzing. Fuzzing has attained a high level of interest in the software security research community over the last couple years, however advances in fuzzing technology have been fairly slow to surface publicly. A brief overview of the most effective public fuzzers will introduce the audience to the basic concepts of "dumb fuzzing" and provide the foundation for the rest of the discussion which will delve into topics including:
        - Target profiling with binary analysis frameworks
        - Building fuzzers with fuzzing frameworks
        - Creating feedback loops for self-analysis
        - Genetic programming applications in fuzzing


    About Richard Johnson

    Richard Johnson is a computer security specialist who spends most of his time playing in the realm of software vulnerabilities and debugging automation. Richard currently works on Microsoft's software security team focusing primarily on reviewing design and implementation and exploring vulnerability mitigations for complex systems. Areas of interest include memory management hardening, program analysis automation, and rootkit technologies. Richard has released public code for binary integrity monitoring, call tracing, and reverse engineering. Richard is also a Senior Editor for the Uninformed Research Journal and a long time resident of the Hick.org ranch.


  10. Rodrigo Rubira Branco and Domingo Montanaro
    Presentation Title: KIDS - Kernel Intrusion Detection System - Going Deeper

    Presentation Details:
    This presentation intend to cover specifically the most necessary and more undocumented area of the computer security: attacks to the core of the systems (Kernel-level attacks which can defeat the existing security models). As all we know, security systems generally runs with the kernel privilegies (like pax, lids, selinux and more others) and can be bypassed if the kernel itself has been compromised.

    Attempts to protect the kernel mode (like canary protection into the kernel mode, introduced by Windows 2003 and pax-randkstack/noexec protections) exist, but are restrict in protecting the exploitation, not preventing the exploitation consequences. St. Michael is an open-source project, that covers Solaris and Linux (in the future, I plan to port it to NetBSD systems too) and try to offer a security integrity checks into that systems (it will check filesystem, kernel structures and MBR of the system against any attempt to change or any changes, and have the capability to recover the system or take it down).

    During the presentation, many test-attacks will be used to explain how the StMichael actually works to defeat/detect attacks. Also, a sample will be showed, using StMichael and many others kernel security related tools (special focus into PAX).

    This presentation is intendeed to go deeper into the subject showed in Hack In The Box Conference, Dubai/2007.

    About Rodrigo Rubira Branco and Domingo Montanaro

    Rodrigo Rubira Branco (BSDaemon) is a Software Engineer at IBM, member of the Advanced Linux Response Team (ALRT), part of the IBM Linux Technology Center (IBM/LTC) Brazil also working in the IBM Toolchain (Debugging) Team for PowerPC Architecture. He is the maintainer of the StMichael/StJude projects (www.sf.net/projects/stjude), the developer of the SCMorphism (www.kernelhacking.com/rodrigo) and has talks at the most important security-related events in Brazil (H2HC, SSI, CNASI). Rodrigo is also a member of the Rise Research (www.risesecurity.org).

    Domingo Montanaro is an Information Security Specialist, has been working with High Technology crime investigation for private companies including the financial market in the majority and also for law enforcement as Forensics Connoisseur. Expertise in Data Recovery, Incident Handling, Response and Tracking, Evidence Collection, Forensics and Anti-Forensics Search and Development and Information Leakage issues. H2HC - Hackers 2 Hackers Conference organizer (Latin America's most important Hacking conference).


  11. Skyper
    Presentation Title: Build your own GSM interceptor for $900

    Presentation Details:
    This presentation is an introduction to the GSM Scanner Project. I will will present the hardware and software required to build your own GSM interceptor. I will explain how the protocol works and how to intercept GSM packets. I will show some example packets that should make us worried worried. I will then explain weaknesses in A5/1 and discuss some ideas of how to (practicaly) crack A5/1. The last part of the presentation focuses on various ideas of what else you can do with a GSM interceptor.

    This presentation will open the eyes of the audience who still believe that GSM is secure. It will spark some ideas of future attack and research on the GSM network. It will explain how to use hardware for 900 USD to build your own GSM receiver. The goal of the talk is to make the audience never again make a gsm phone call without beeing worried that 3 other people are listening in and to give new ideas on how to attack a gsm network.

    About Skyper

    Skyper is running the segfault.net project. He provides a secure and private research environment to others. He is a privacy advocate and enjoys breaking things. He likes phone phreaking and computer security (formerly known as hacking). Skyper did research with team-teso, was the editor of a online hacking magazine for 6 years and does now research with the gurus at thc.org. His experience are network protocols and cryptography.


  12. Sun Bing
    Presentation Title: Firmware Security - BIOS Hacking

    Presentation Details:
    In this white paper, I’m going to discuss the security issues of firmware and share my research experiences on some firmware security related topics, including the “Chipset Security”, “Shadow/ROM BIOS Hacking’ and “EFI Security”. Because few people are engaged in firmware security research field, also only extremely limited resources can be obtained and used, you may find many contents in this paper are very interesting and valuable, especially as one of the most essential and attractive sections, I will disclose a fire-new BIOS hijacking method by exploiting the so-called “Top-Block Swap” functionality supported by some new-fashioned south bridge chipsets (such as Intel ICHx series), which enable our injected codes (Rootkits or something else) to gain execution control easily even before the system BIOS.

    About Sun Bing

    Sun Bing is the Research Scientist at an Information Security company currently, and has held security related positions at several famous companies heretofore, such as Rising and Siemens. SUN BING has more than 6 years of experience in Windows Kernel and Security Techniques (Anti-Virus, Firewall, IPS etc) research development, especially with deeply delving into Buffer Overflow Prevention, Rootkit Detection and x86 Virtualization. His main works previously involve participating in Rising Anti-Virus Softwares development, publishing the paper (The Design Of Anti-Virus Engine) at xfocus, taking charge of the design and development of a desktop security product-LinkTrust IntraSec, and speaking at security conferences such as XCON2006, POC2006, EuSecWest 2007, and BlackHat EU 2007...


  13. Thai N. Duong
    Presentation Title: Zombilizing The Web Browsers Via Flash Player 9

    Presentation Details:
    The Socket class in ActionScript 3.0, which supported in Flash Player 9 or higher, allows us to make socket connections and to read and write raw binary data from any services using binary protocols. Flash Player was found to be vulnerable to the classic DNS Spoofing attack since, not like the web browers, it doesn't pin DNS at all. Even if Adobe decides to fix this bug later on, there's still many other Anti-DNS pinning techniques known to affect Flash.

    This presentation will focus on a live demonstration leveraging on Socket class and Flash's DNS vulnerability to zombilize victim web browsers to launch malicious attacks against the intranets and the Internet. In essence, the victim web browser becomes a zombie controlled by the attackers. In the demo, I will use the victim browser as a proxy server to:
    • Scan any IP addresses and any ports in the intranets and the Internet
    • Relay socket connections to any ports in the intranets and the Internet
    • Exploit CSRF vulnerability to reconfigure the victim's ADSL modem/router
    • Launch DDoS web attacks similar to the infamous (in Vietnam) xFlash attack

    The presented technique works on all web browsers supporting Flash Player 9 and OS independence. At the end of the presentation, I will discuss some workaround methods to mitigate this threat.

    About  Thai N. Duong

    Thai Duong is the IT Security Manager at one of the largest banks in VN where he helps to build and secure the core-banking and e-banking infrastructure. His interests include web security,  building reliability yet easy to use software and contributing to open source projects. Thai Duong is an active blogger at http://vnhacker.blogspot.com.

  14. van Hauser
    Presentation Title: to be annouced

    Presentation Details:
    To be annouced

    About van Hauser

    In 1995, van Hauser founded the longest living hacking group which is still highly active today: The Hacker’s Choice (www.thc.org). In his long history of greyhat activities, van Hauser has created some well loved tools like THC-Scan, hydra & amap (also part of Nessus), secure_delete, parasite and many more; He has also written numerous research papers including “Placing Backdoors through Firewalls”, “How to cover your tracks” and “Anonymizing Unix Systems”. He has presented at various international network security conferences.

     
  15. Tran Vien Ha
    Presentation Title: ôhay - remote shell over instant messenger system

    Presentation Details:
    Once an attacker has gained access to a system, he/she will install backdoor routines on systems to let him/her back in later.In order to  avoid detection, the attacker often uses stealth mechanisms to communicate with his/her backdoor across the network.
    Most known tools that implement such kind of communication mechanisms utilize peer-to-peer client server architecture. From attacker point of view, the weak-point of this architecture is that once the backdoor server has been detected, administrator can trace back easily the backdoor client.

    The yahoo messenger is undoubtedly one of the most popular instant messengers worldwide.Employers do not like it because of its impact on productivity. From network security point of view, having yahoo messenger installed is not risk-free.

    The speaker will show how easy an attacker can abuse the yahoo messenger system to create a remote command line shell called ôhay.ôhay takes advantage of yahoo services to be a true interactive shell and to bypass firewalls.
    The communication between ôhay client and server is specially harder to be detected because it gets through yahoo servers.

    This talk discusses also the possible countermeasures.

    About Tran Vien Ha

    Vien Ha is a software engineer of softwareAG, Belgium.

Program is subject to change.

 
« July 2008 »
Su Mo Tu We Th Fr Sa
12345
6789101112
13141516171819
20212223242526
2728293031
 
Powered by Plone CMS, the Open Source Content Management System