All videos are now available on Google Video. Please click here.
The PPT slides and presentation materials can be downloaded from packetstormsecurity
Internet Explorer Security: Past, Present, and Future
Speaker: Tony Chor (KEYNOTE SPEAKER 1)
Presentation Details: Microsoft’s Internet Explorer team is on the frontline of the battle to protect users from malware and social attacks. Tony Chor will outline threats to secure browsing, discuss Microsoft’s response with Internet Explorer for Windows XP SP2, and detail the implementation of safety features in the upcoming Internet Explorer 7.0, such as the Phishing Filter and Protected Mode.
Speaker: Mikko Hypponen (KEYNOTE SPEAKER 2)
Presentation Details: The first real viruses infecting mobile phones were found during late 2004. Since then, dozens of different viruses and Trojans - including cases like Commwarrior, Lasco and Skulls - have been found. Mobile phone viruses use totally new spreading vectors such as Multimedia messages and Bluetooth. How exactly do these mobile viruses work? We’ll have a look at their code and discuss what factors affect their spreading speeds. Virus writers have always been trying to attack new platforms. What draws them now towards the mobile phone? Are phones as a platform simply widespread enough, or is the possibility of making easy money via phone billing systems driving this development? Where are we now and what can we expect to see in the Mobile Malware of the future?
Assessing Server Security - State of the Art
Speaker: Roeloff Temmingh
Presentation Details: Over 70% of all the open ports on the Internet are web servers. In order to effectively evaluate an organization’s Internet security posture we must be able to effectively assess web server security. This talk takes a comprehensive look at the question of assessing web server security over the Internet. During the talk we consider the progress that has been made in web server security over the last few years, and the progress that has been made in attacking web servers over the same time. We visit the new vulnerabilities introduced by web applications and discuss the thinking applied to discover such vulnerabilities. Finally, we describe the state of the art of web server scanning technology.
Presentation Title: Nematodes - Beneficial Worms
Speaker: Dave Aitel
Presentation Details: This presentation presents concepts for taking exploitation frameworks into the next evolution: solving complex security problems by generating robustly controllable beneficial worms. The Why, How, and What of Nematode creation are discussed, along with some concepts in Mesh routing. Problems discussed include legal issues, controlling your worm, writing an intermediate language, the Nematode Intermediate Language (NIL) for writing robust worms, reliability problems, communications protocols, and future work.
Presentation Title: Hacking Internet Banking Applications
Speaker: Fabrice Marie
Presentation Details: The general public sentiment is that the banks, having always been the guardians of our money, are expert at safeguarding it. Unfortunately, internet corporate banking and personal banking applications are usually ridden with bugs. Internet Banking Applications development is nowadays out-sourced to third party software vendors that have poor understanding of security, and incomplete quality management processes. Most of the time the applications are extremely insecure before they get audited by security professional third-parties. This presentation will demonstrate the various attacks that almost always work (and those that do not), on your “bank-next-door” internet banking application, illustrated with real life statistics. We will outline the regular technical attacks and will focus on a hit parade of business logic attacks. We will steal money from other customers, buy shares for free, and spy on other customers bank records among many other frauds. This demonstration will highlight the solutions to some of the challenges the banks will face online to ensure that their data handling practices are compliant with their country’s privacy regulations and banking regulations among others.
Presentation Title: Java & Secure Programming
Speaker: Marc Schonefeld
Presentation Details: Java is not secure by default, you as a programmer can use its built-in features to make your software more secure, but on the other hand your errors and the flaws in the software stack below (like the JDK) can add a wide range of vulnerabilities to your java based software. The talk is about the causes and effects of coding errors and the techniques to detect them, demonstrated with findings in the current Sun JDK. During the talk we describe “Antipatterns” that have negative influence on coding quality. Antipatterns are related to design patterns but they have more negative than positive side effects while solving a general problem. Other problems discussed are language specific issues like non-final static fields and JDK framework issues like serialisation problems, privileged code and insecurity caused by security-unaware component deployment. All antipatterns are illustrated by real-life vulnerabilities, most of them documented by the corresponding advisories. The underlying code problems were discovered with the help of automated detectors. These detectors are optionally presented in a code-walkthrough.
Presentation Title: Analyzing Code for Security Defects
Speaker: Nish Bhalla
Presentation Details: The objective of the talk is understanding how to review large code bases for security defect. It can be used as methodology to identify security problems when reviewing code. The overall focus will be on the finding security vulnerabilities and the implementation of countermeasures however, the same techniques can also be implemented to help develop secure development practices. Reviewing code to find vulnerabilities is becoming more and more common. Reviewing code is not only useful from a developers point of view but also from an attacker’s point of view. The talk will cover basics of threat analysis, how to assess threats and what are some of the vulnerabilities that could exists in code when performing code reviews for large code bases.
Corp. vs. Corp: Profiling Modern Espionage
Speakers: Roberto Preatoni & Fabio Ghioni
Presentation Details: An impressionistic overview of what makes the difference today and in the future (in the digital playground) in the balance of power between economic and military powers. The presentation will also cover a description of the business behind espionage worldwide as well as the asymmetric organizations that are the real master of puppets.
- How do digital espionage asymmetric networks work
- Secret servicies and network mercenaries
- Prevention and monitoring vs data retention and “special laws” in today’s terrorism and data theft situations.
Trends in Real World Attacks: A Compilation of Case Studies
Speaker: Rohyt Belani
Presentation Details: The number of reported security incidents has always been proportional to the number of vendor-issued vulnerabilities. However, recently this trend seems to have broken. This can be attributed to an increase in attacks against custom applications, attacks targeting end-users, zero-day exploits, and self-propagating worms. This presentation will discuss such trend-breaking real world attacks ranging from the installation of keystroke-logging Trojans on end-user machines through an IE buffer overflow to attacks against wireless clients. Each case study will discuss the motivation of the attack, an overview of the underlying technical details and its impact on business.
Presentation Title: Hide-And-Seek: Defining the Roadmap
for Malware Detection on Windows
Speaker: Joanna Rutkowska
Presentation Details: The presentation aims towards defining a detailed list of vital operating system parts as well as a methodology for malware detection. The list will start on such basic levels as actions needed for file system and registry integrity verification, go through user-mode memory validating (detecting additional processes, hooked DLLs, injected threads, etc…) and finally end on such advanced topics as defining vital kernel parts which can be altered by modern rootkit-based malware (with techniques like Raw IRP hooking, various DKOM based manipulations or VMM cheating) By no means will the presented list be complete, however, the author believes that, in contrast to what many other people may think, there is only a finite number of methods which can be used by malware to compromise a system and hopefully in the future (with the help of the community) the list will “stabilize” and become more complete. Such a reference roadmap/list, will help raise the level of awareness on what is still missing with regards to malware detection and will hopefully stimulate the creation of better detection tools, leaving less and less space for malware to survive.
The presentation will be supported with live demos, in which some interesting malware will be shown as well as detection tools catching it (including some new tools from the author). Some of the topics will be touched briefly (like file system verification), while some other areas, like kernel-level integrity verification will be discussed very deeply (together with description of the latest advances in rootkit technology). At the end, the subject of implementation specific attacks against malware detectors will be briefly discussed. The presentation will focus on the Windows 2000/XP/2003 family of operating systems.
Presentation Title: Project Blinkenlights
Speaker: Tim Pritlove
B L I N K E N L I G H T S
In 2001, Project Blinkenlights developed the “Blinkenlights light installation in Berlin, Germany turning the “Haus des Lehrers building at Alexanderplatz into a huge computer screen, worlds most interactive light installation achieving a broad range of public participation. The “screen consisted of 18 windows in 8 ﬂoors therefore providing a matrix of 144 monochrome “pixels that could be individually turned on and off. Blinkenlights combined the charme of a low tec installation with high-profile computer programming and managed to deliver a high level of participation for the public. People could send in their own animations to be played back on the screen. They could also play the classic computer game Pong in real time just using their mobile phone.
A R C A D E
Encouraged by the great success of the installation, the group got invited to join the Nuit Blanche art exhibition in 2002 in Paris to create the successor project named “Arcade. Targetting the Biblioth que nationale de France, the group managed to build worlds big gest interactive light installation so far. The installation made use of greyscaling redefining the appearance and flexibility compared to the original installation. The screen used 26 windows on 20 ﬂoors resulting in 520 “pixels. Each pixel allowed displaying 8 dierent brightnesses. The installation covered 3370 square meters making it visible from many kilometers away.
Presentation Title: Hacking Windows CE
Presentation Details: The network features of PDAs and mobiles are becoming more and more powerful, so their related security problems are attracting much more attention. This paper will show a buffer overflow exploitation example in Windows CE. It will cover knowledge about the ARM architecture, memory management and the features of processes and threads of Windows CE. It will also shows how to write a shellcode in Windows CE including knowledge about decoding shellcode of Windows CE.
1 - Windows CE Overview
2 - ARM Architecture
3 - Windows CE Memory Management
4 - Windows CE Processes and Threads
5 - Windows CE API Address Search Technology
6 - The Shellcode for Windows CE
7 - System Call
8 - Windows CE Buffer Overflow Exploitation
9 - About Decoding Shellcode
10 - Conclusion
Presentation Title: x.25 (in)security in 2005: WHAT,
WHY, WHEN, WHO, HOW
Speaker: Raoul Chiesa
Presentation Details: NO DETAILS
Presentation Title: VoIPhreaking: How to make free phone
calls and influence people
Speaker: The Grugq
Presentation Details: The recent explosion in internet telephony has led to the exposure of the (previously) closed Public Service Telephone Network (PSTN) to the wilds of the internet. Voice over IP (VoIP) technology presents new and interesting security challenges, many of which are completely ignored until after deployment. These security issues, such as new avenues for fraud, present serious risks to tradition telephony companies. This talk explores the technologies behind VoIP infrastructures, focusing on their weaknesses and faults. LIVE DEMOS will help illustrate that attacks which violate VoIP system security are not only practical, but are already here. The era of VoIPhreaking has begun.
Presentation Title: Social Engineering Fundamentals
Speaker: Anthony Zboralski (Gaius)
Presentation Details: “You might say there are two specialties within the job classification of con artist. Somebody who swindles and cheats people out of their money belongs to one sub-specialty, the grifter. Somebody who uses deception, influence, and persuasion against businesses, usually targeting their information, belongs to the other sub-specialty, the social engineer.” -Kevin Mitnik
In today’s world confidence scams present quite possibly the highest threat to security with in the business world. Control of information, withholding and leaking, can lead to massive failures and losses depending on how skilled the attacker may be. In combination with disinformation and propaganda, social engineering can as fatal as or even lead to loss of customer and shareholder confidence.
Presentation Title: Analyzing all that data: Techniques
for sifting haystacks and finding needles.
Speaker: Dr. Jose Nazario
Presentation Details: Previously, gathering data was a difficult task, and so simple data analysis techniques worked well. now with access to information increasing, and the need to get an even broader coverage of events, making sense of mountains of data has never been more pressing. The great risk in this scenario is missing an indicator or losing data. This presentation will introduce you to a number of techniques for making sense of large collections of data, including sorting and clustering techniques, fuzzy matching, and trend analysis. These techniques have applicability in numerous applications, such as mail filtering and network event analysis.
Presentation Title: STIF-ware Evolution
Speakers: Fyodor Yarochkin & Meder Kydyraliev
Presentation Details: Meder and Fyodor have been working on their concept of common framework to unify offensive part of heterogeneous security data and security tools into a single unit - security tools framework. At this conference they will be presenting the evolution of STIF framework into what they call now “STIF-ware” - a set of STIF relevant modules that would allow the computer security hobbists to build, control and monitor the distributed network of “automated hacking” agents, guided by set of goals and targets, assigned to the system.
Presentation Title: Web hacking Kung-Fu and Art of
Speaker: Shreeraj Shah
Presentation Details: Web attacks are on the rise and new methods of hacking are evolving. This presentation will cover new methodologies for web application footprinting, discovery and information gathering with a new range of tools. Web applications are getting exploited using various new injection techniques like advanced SQL injection, LDAP query, XPATH goofing etc. All these new exploit methods will be discussed. The HTTP stack is changing in application frameworks like .NET. The stack can be utilized for defense using HTTP interfaces. Defense methodology for web applications are required to combat new threats emerging in the field.
Presentation Title: Wi-Fi Hotspot Security
Speaker: Jim Geovedi (negative)
Presentation Details: It’s cool to live in a wireless
world. Wireless is the latest thing. It’s the excitement of the year. It’s
the expectation for the decade. Bandwidth for the masses is the hopeful war
cry of the tech
evangelist. The elusive last mile solution. Hotels, airports, coffee shops, pubs, and many places provide Wi-Fi hotspots for yuppies, executives campaign for mobile workplaces, PDAs and smartphones are the latest determiner for the hip. This presentation will cover the basic approach behind Wi-Fi hotspot security design and architecture. During the presentation, vulnerabilities and methods for exploiting Wi-Fi hotspot will be showed.
Presentation Title: Cyber Skirmishes
Speaker: Zubair Khan
Presentation Details: High-tech information warfare is fast becoming a reality. The term information warfare covers a wide range of activity, including corporate and military espionage and intelligence collection, psychological operations and perception management, attacks on communication systems, consumer fraud, and information piracy. In addition, the concept covers specifically computer-related issues: viruses, Trojan horses, and deliberate and targeted hacking efforts such as computer break-ins and denial-of-service attacks (where hackers flood an Internet server with traffic to overload and disable it). Cyber warfare is politically-motivated computer hacking that inflicts severe societal harm, and may also effect nation’s economy and defense. Cyber Warfare is so rapid that it may not give an opponent enough time to “surrender” before permanent and devastating damage is done. It has recently become of increasing importance to the military, the intelligence community, and the business world. Military planners are now imagining soldiers at computer terminals silently invading foreign networks to shut down radars disable electrical facilities and disrupt phone services.
Presentation Title: How
(and Why) to Build a Security Operations Center
Speaker: Mohamad Haron
Presentation Details: NO DETAILS