All videos are now available on Google Video. Please click here.
The PPT slides and presentation materials can be downloaded from packetstormsecurity
1.)
Presentation Title:
Exploit Mitigation Techniques
Speaker: Theo de Raadt (KEYNOTE SPEAKER 1)
Presentation Details: OpenBSD has been auditing software for nearly 10 years, and while we have had significant success, it is clearly not enough. In the last 3 years a new view on preventing attacks has surfaced in the mindset of our group. A software exploit author starts by finding an interesting bug. Writing an exploit is easy because he can rely on a variety of system behaviours which are very deterministic. Many of these behaviours are not required for proper operation. Recently we have developed many new techiques which combine to thwart the attacker, without affecting regular software. We make the Unix process environment difficult to attack much like filling a house full of a variety of burglar traps.
2.)
Presentation Title:
Java 2
Micro Edition (J2ME) Security Vulnerabilities
Speaker: Adam Gowdiak
Presentation Details: The talk will discuss Java 2 Micro Edition (J2ME) security in detail. First, general introduction to mobile Java, KVM, CLDC and MIDP concepts will be given. It will be followed by a detailed description of KVM security architecture, its operation and differences from standard Java Virtual Machine. After that several security issues affecting most of J2ME implementations will be discussed. In the second part of the talk several vulnerability exploitation techniques specific to mobile Java code will be presented. Along with that, some useful reverse engineering techniques of KVM operation, ROM'ized java bytecode and native methods implementation will be also given.
The third part of the talk will present practical application of reverse engineering techniques discussed in the second part of the talk. This will be done specifically upon the example of the so called "closed" Nokia DCT4 cell phone. Step by step construction of a real life malicious Java midlet application will be also given in this part of the talk. Some general thoughts about the future of mobile Java code and its implications on mobile devices security will be also given at the end of the talk.
3.)
Presentation Title:
Security
Tools Integration Framework (STIF)
Speakers: Fyodor Yarochkin & Meder Kydyraliev
Presentation Details: Meder and Fyodor will be presenting the result of their efforts to create a common platform/API and and data exchange format for active network security tools data proccessing and analysis - Security Tools Integration Framework. The developed framework aims at designing and creating an unified environment for network security tools that, will provide facility for real time data analysis, data proccessing and sharing of such data by means of a simple inference engine.
4.)
Presentation Title: Advanced Information Gathering aka Google Hacking
Speaker: Gareth Davies
Presentation Details: This presentation will cover the wealth of information that can be gathered passively about an individual or organization. Whole sections of penetration tests and vulnerability assessments are now conducted via search engines and various other publicly accessible databases. The talk will cover the lesser known aspects of Google, tools such as Athena and Sitedigger and the amount of random misconfiguration that can be found with a little careful search engine manipulation. Other useful public databases will be covered with some details on how to leverage the maximum amount of detail on any given target. Also an introduction to the Google API and how it can be used or abused during a penetration test or hack attempt. This presentation will include a live demonstration in which the above techniques will used to gather coveted information about both random and targeted organizations.
5.)
Presentation Title: The Art of Defiling: Defeating Forensic Analysis on Unix File Systems
Speaker: The Grugq
Presentation Details: The rise in prominence of incident response and digital forensic analysis has prompted a reaction from the underground community. Increasingly, attacks against forensic tools and methodologies are being used in the wild to hamper investigations. This talk will: familiarize the audience with Unix file system structures; examine the forensic tools commonly used, and explore the theories behind file system anti-forensic attacks. In addition, several implementations of new anti-forensic techniques will be released during the talk. Anti-forensics has cost the speaker one job. This material has never been presented in the North American continent because anti-forensics scares the feds. Find out why.
6.)
Presentation Title:
Packet Mastering
Speaker: Dr. Jose Nazario
Presentation Details: The packet manipulation libraries "libdnet", "libpcap", and "libnids" are seen by many as difficult to use. however, they can be easy to use when you start working with them. this talk introduces these three libraries, the core of many interesting network applications. also, this talk will show how to tie them together with event based programming. once you learn these libraries and techniques, interesting network tools are within your grasp. the development language will be in C.
7.)
Presentation Title: Cryptography Demystified
Speaker: Suresh Ramasamy
Presentation Details: This paper aims to present the introduction of cryptography, demystifying the terminology behind the elusive technology that seems to be rocket science to most people. Different cryptography standards, methods and algorithms are covered to present the audience a good feel of what cryptography is, what is present in cryptography, types of algorithm used, methods and a brief introduction to the Public Key Infrastructure which covers digital certificates significantly. This paper also discusses issues in implementing cryptography, both at application development and infrastructure level.
8.)
Presentation Title:
Stealth
Virus Design Thru Breeding Concept (Non Polymorphic)
Speakers: Teo Sze Siong
Presentation Details: Most polymorphic virus design it is not totally flawless because the virus researchers can extract out the important bytes containing the logic of the program and search for the logics signature when scanning for polymorphic viruses. The reason portion signature searching works is because some parts of the code in the virus cannot be modified in order to ensure it works correctly. In order to design a truly stealth virus, we can code a virus that stores a series of program logics in source code to reproduce itself. For example, using the Compiler Class in .NET Framework, we can design a virus to randomly produce another new virus that is totally different from itself. The Compiler Class in the .NET Framework runtime is capable of producing executables from source code without the SDK.
In order to accomplish this, let's assume I store a set of source procedures into the virus. When the virus is executed, it will automatically sort the core malicious statements in the right sequence and insert some 'junk statements' in between these malicious codes randomly. Thus, when it compiles and writes a new executable file on disk, a totally new virus is produced. Using this technique to design a computer virus, the signature checking technique is useless for detection no matter how updated the virus pattern/definition files are. Moreover, each time the virus spreads; the resulting executable file is likely to be a new virus that shares 0% similarity from the original virus.
This presentation will include Proof of Concept (POC) code samples written in C# .NET and a demonstration to show how 'breeding concept viruses' can escape detection. The presentation will also include overviews of virus detection techniques, both signature and heuristic, and discuss some new ways to remove viruses more effectively.
1.)
Presentation Title:
Security
Threats from Spamming
Speaker: John T. Draper (KEYNOTE SPEAKER 2)
Presentation Details: The massive rise in spam mail is not only very annoying to all of us who get reminded about how small a specific piece of anatomy is, but it.s becoming a major threat to Internet security as a whole, because of the huge amount of infected hosts. Control of these hosts are now bought and sold as hot commodity, as they are not only used by spam gangs, but are also falling in the wrong hands, and it doesn.t surprise me to learn Al Quaida already has this kind of control. With an estimated number of 750,000 infected PC.s, often remaining dormant, one can imagine the amount of problems this can cause if these were turned loose on critical systems like DNS servers, root name servers, and other vital links. I.m going to focus on my efforts to identify huge numbers of these infected hosts, and through cooperation of the ISP.s identify and shut them down. I do this by collecting spam, and using some custom software I.ve written, I can automatically shut down spam operations almost in real time through the use of this system, and will be prepared to demonstrate it. I.ll also be talking about how I can get viruses to teach me about the .secret. protocols they use and shut them down in real time before they can do damage, which is the focus of my upcoming seminar.
2.)
Presentation Title:
Phreaking
in the 21st Century
Speaker: Emmanuel Gadaix
Presentation Details: Icons like Captain Crunch remind us that there was a time when phreakers were all the rage and abusing CCITT#5 phone switches was open to anybody with a blue box. As most Telco.s upgraded their equipment to support the new, out-of-band, digital SS7 signaling protocol, blue boxing was slowly but surely phased out. Phreakers went legit or quiet. The Internet and its lot of script kiddies became the center of interest.
Is phreaking dead? We beg to differ!
This presentation will focus on advanced phreaking techniques for the 21st century warrior. After a short presentation of current digital telecommunications network (with a focus on GSM/GPRS/EDGE and CDMA/3G) we will study how each element can be compromised for fun and profit. Nothing will be left untouched:
. Core Switching
. Radio Networks
. GPRS infrastructure
. 3G data
. Messaging (SMS, MMS, voicemail, USSD)
. Roaming, subscriber management platforms
. Fraud management
. Customer care systems
. Billing systems
. Mediation systems
. WAP servers
. Intelligent Network services (e.g. prepaid, VPN, conditional forwarding
and screening etc.)
. Legal interception gateway
. Signaling devices
. Content aggregators
. Network Management Systems
We will also partially unveil the phreakers holy grail: Abusing out-of-band signaling by compromising SS7 nodes.
3.)
Presentation Title: Information Network Security Issues in the Communications and Multimedia
Industry
Speaker: Toh Swee Hoe
Presentation Details: In issues of information and network security, the Malaysian communications and multimedia industry is guided by the 10th National Policy Objective of the Communications and Multimedia Act 1998 (Act 588), and that is, to ensure information security and network reliability and integrity. In the liberalized industry, network infrastructure in Malaysia is privately owned, and it is thus imperative for network owners to ensure the security and reliability and integrity of the network so that consumers feel safe and have full confidence in its delivery. The converging communications and multimedia industry and rapid technological changes have also posed new challenges to the security of the networks. The paper will discuss the issues surrounding the communications and multimedia industry and the challenges. To address the challenges, the paper will highlight several of these initiatives that the MCMC is working on in addressing those concerns.
4.)
Presentation Title:
Windows
Local Kernel Exploitation
Speaker: SK Chong
Presentation Details: This presentation will highlight mechanisms to exploit the Windows Kernel for useful local privilege escalation. Unlike "Shatter Attack" which is usually only useful if an attacker has physical access of the computer, Kernel exploitation will escalate the attacker to the highest level of the kernel itself without any restrictions. The presentation will include usage of undocumented APIs, memory corruption in device drivers, kernel 'shellcode' as well as other relevant tricks to find and exploit the Windows kernel-land for a successful privilege escalation.
5.)
Presentation Title:
Web
Services - Attacks and Defense Strategies, Methods and Tools
Speaker: Shreeraj Shah
Presentation Details: Web services business is projected to grow from $1.6 billion (2004) to $34 billion (2007). Web services are being integrated with web applications and consumed by other businesses over the Internet using HTTP/HTTPS protocols. This makes Web Applications even more vulnerable since they cannot be protected by Firewalls and become easy prey for attackers. Next generation web application attacks have arrived and are here to stay. These attacks are targeted towards vulnerable and poorly written web services.
The web service is the new security Lego Land. The main building blocks are UDDI, SOAP and WSDL. This presentation will briefly touch upon each of these aspects. It is important to understand this new set of attacks together with the security controls to be put in place to protect web services. This presentation will cover new methodologies of assessment and defense strategies. It is important to understand what kinds of tools are out there. At the same time it is important to learn to build your own tools since web services are highly customized and generic tools may not always serve the purpose. This presentation is just what you need to get you started on the right track...
6.)
Presentation Title: Protecting Your
Business From Phishing & Internet Attacks
Speaker: Sukhdev Singh
Presentation Details: There are as many pitfalls in cyberspace as there are in the real world. Although phishing has been around for a while, new reports suggest that it is growing in volume. These scams try to con people of personal information, such as credit card numbers and bank security codes. Phishers set up websites resembling those run by legitimate companies. They lure people to these sites using email that purportedly comes from big-name firms, making them look very credible to catch the victims offguard. While phishing has historically consisted of attacks aimed at individual consumers, some phishing attacks trick recipients into installing malicious software, or malware. One recent phishing attack instructed recipients to download a patch for their operating system. In reality, the "patch" installed a back door into the system for later use by a hacker.
7.)
Presentation Title: Asymmetric
Warfare and Interception Revealed
Speakers: Roberto Preatoni & Fabio Ghioni
Presentation Details: An indepth explanation of everything you've ever wanted to know about how to evade interception and how you get intercepted anyway. This presentation will cover a strategic (with a little technology) overview of a basic asymmetric warfare battleplans. Items that will be discussed include:
1) Types of interception implemented as of today and
what will be implemented in the near future
2) Technology set up for National Security and Critical Infrastructure
protection: Defensive and Offensive capabilities of the deployed
Multi-Dimensional Asymmetric Warfare Array.
3) Examples of Governmental and Business implementations of the complete
array or modules of the above
4) Potential impacts of such technology on both privacy and national
security
5) Cyber attacks : an abstract built on Zone-H's experience
8.)
Presentation Title: PANEL DISCUSSION
Presentation Details: NO DETAILS