HITB Security Conference Agenda for 6th & 7th October 2004

HITB Security Conference Agenda on 6th October 2004



Technical Track A at Westin 1

Technical Track B at Westin 2

Technical Track C at

The Straits

0900  1030

Speaker: Theo de Raadt (Creator/Project Leader OpenBSD & OpenSSH)


Keynote address: Exploit Mitigation Techniques

Abstract: OpenBSD has been auditing software for nearly 10 years, and while we have had significant success, it is clearly not enough. In the last 3 years a new view on preventing attacks has surfaced in the mindset of our group. A software exploit author starts by finding an interesting bug. Writing an exploit is easy because he can rely on a variety of system behaviours which are very deterministic. Many of these behaviours are not required for proper operation. Recently we have developed many new techiques which combine to thwart the attacker, without affecting regular software. We make the Unix process environment difficult to attack much like filling a house full of a variety of burglar traps.



1030  1100

Coffee Break at Westin Grand Ballroom Foyer and The Straits Foyer

1100  1230

Speaker: Ollie Whitehouse (Technical Director @Stake Limited)


Title: Attacks and Counter Measures in 2.5G and 3G Cellular IP Networks

Abstract: This presentation will cover and in addition carry on from the paper published in March 2004 of the same name by @Stake Security: .2.5G and 3.0G cellular technologies are here to stay.. This whitepaper assesses the issues still facing the industry since the GPRS Wireless Security: Not Ready for Primetime paper was published in June 2002. GTP (GPRS Tunneling Protocol) is now widely deployed in a majority of 2.5G and 3.0G cellular networks, and this paper reviews some of the potential attacks against the GTP protocol and the possible effects this will have on cellular providers. It also reviews some of the architectural alternatives that providers can consider. This paper will discuss several new as yet unpublished and undisclosed vulnerabilities in 3G equipment.

Speaker: Jose Nazario (Senior Software Engineer, Arbor Networks)

Title: Packet Mastering

Abstract: The packet manipulation libraries "libdnet", "libpcap", and "libnids" are seen by many as difficult to use. however, they can be easy to use when you start working with them. this talk introduces these three libraries, the core of many interesting network applications. also, this talk will show how to tie them together with event based programming. once you learn these libraries and techniques, interesting network tools are within your grasp. the development language will be in C.

Speaker: Chew Keong Tan (Vice-President SIG^2, Singapore)


Title: Defeating Kernel Native API Hookers



Abstract: Win32 Kernel Rootkits modify the behaviour of the system by Kernel Native API hooking. This technique is typically implemented by modifying the entries within the kernel's System Service Table. Such modification ensures that a detour function installed by the rootkit is called prior to the original native API. The detour function usually calls the original native API and modifies the output before returning the results to the user-space program. This technique allows kernel rootkits to hide files, processes, and prevent termination of malicious processes. This paper gives a short introduction to the technique of Kernel Native API hooking, and proposes a technique for defeating kernel rootkits that hook native APIs by Service Table modification. The proposed technique restores the Service Table directly from user-space and do not require a kernel driver to be loaded.

1230  1330

Lunch Break

1330  1500

Speaker: Adam Gowdiak



Title: Java 2 Micro Edition (J2ME) Security Vulnerabilities


Abstract: The talk will discuss Java 2 Micro Edition (J2ME) security in detail. First, general introduction to mobile Java, KVM, CLDC and MIDP concepts will be given. It will be followed by a detailed description of KVM security architecture, its operation and differences from standard Java Virtual Machine. After that several security issues affecting most of J2ME implementations will be discussed.

In the second part of the talk several vulnerability exploitation techniques specific to mobile Java code will be presented. Along with that, some useful reverse engineering techniques of KVM operation, ROM'ized java bytecode and native methods implementation will be also given.

The third part of the talk will present practical application of reverse engineering techniques discussed in the second part of the talk. This will be done specifically upon the example of the so called "closed" Nokia DCT4 cell phone. Step by step construction of a real life malicious Java midlet application will be also given in this part of the talk.

Some general thoughts about the future of mobile Java code and its implications on mobile devices security will be also given at the end of the talk.

Speaker: Teo Sze Siong (Researcher)


Title: Stealth Virus Design Thru Breeding Concept (Non Polymorphic)

Abstract: Most polymorphic virus design it is not totally flawless because the virus researchers can extract out the important bytes containing the logic of the program and search for the logics signature when scanning for polymorphic viruses. The reason portion signature searching works is because some parts of the code in the virus cannot be modified in order to ensure it works correctly. In order to design a truly stealth virus, we can code a virus that stores a series of program logics in source code to reproduce itself. For example, using the Compiler Class in .NET Framework, we can design a virus to randomly produce another new virus that is totally different from itself. The Compiler Class in the .NET Framework runtime is capable of producing executables from source code without the SDK.

This presentation will include Proof of Concept (POC) code samples written in C# .NET and a demonstration to show how 'breeding concept viruses' can escape detection. The presentation will also include overviews of virus detection techniques, both signature and heuristic, and discuss some new ways to remove viruses more effectively.

Speaker: NSS MSC  








1500  1530

Coffee Break at Westin Grand Ballroom Foyer and The Straits Foyer

1530  1700

Speaker: thegrugq



Title: The Art of Defiling: Defeating Forensic Analysis on Unix File Systems


Abstract: The rise in prominence of incident response and digital forensic analysis has prompted a reaction from the underground community. Increasingly, attacks against forensic tools and methodologies are being used in the wild to hamper investigations. This talk will: familiarize the audience with Unix file system structures; examine the forensic tools commonly used, and explore the theories behind file system anti-forensic attacks. In addition, several implementations of new anti-forensic techniques will be released during the talk. Anti-forensics has cost the speaker one job. This material has never been presented in the North American continent because anti-forensics scares the feds. Find out why.

Speaker: Fyodor Yarochikin & Meder Kydyraliev


Title: Security Tools Integration Framework (STIF)



Abstract: Meder and Fyodor will be presenting the result of their efforts to create a common platform/API and and data exchange format for active network security tools data proccessing and analysis - Security Tools Integration Framework. The developed framework aims at designing and creating an unified environment for network security tools that, will provide facility for real time data analysis, data proccessing and sharing of such data by means of a simple inference engine.


1700 1800

Speaker: Suresh Ramasamy (TimeDotCom Security Division)


Title: Cryptography Demystified


Abstract: This paper aims to present the introduction of cryptography, demystifying the terminology behind the elusive technology that seems to be rocket science to most people. Different cryptography standards, methods and algorithms are covered to present the audience a good feel of what cryptography is, what is present in cryptography, types of algorithm used, methods and a brief introduction to the Public Key Infrastructure which covers digital certificates significantly. This paper also discusses issues in implementing cryptography, both at application development and infrastructure level.

Speaker: Kamal Hilmi Othman (NISER)







HITB Security Conference Agenda on 7th October 2004


Technical Track A at Westin 1

Technical Track B at Westin 2

Technical Track C at

The Straits

0900 1030

Speaker: John T. Draper aka Captain Crunch (SpamCrunchers)


Keynote address: Security Threats from Spamming


Abstract: The massive rise in spam mail is not only very annoying to all of us who get reminded about how small a specific piece of anatomy is, but itís becoming a major threat to Internet security as a whole, because of the huge amount of infected hosts. Control of these hosts are now bought and sold as hot commodity, as they are not only used by spam gangs, but are also falling in the wrong hands, and it doesnít surprise me to learn Al Quaida already has this kind of control. With an estimated number of 750,000 infected PCs, often remaining dormant, one can imagine the amount of problems this can cause if these were turned loose on critical systems like DNS servers, root name servers, and other vital links. Iím going to focus on my efforts to identify huge numbers of these infected hosts, and through cooperation of the ISPs identify and shut them down. I do this by collecting spam, and using some custom software Iíve written, I can automatically shut down spam operations almost in real time through the use of this system, and will be prepared to demonstrate it. Iíll also be talking about how I can get viruses to teach me about the secret protocols they use and shut them down in real time before they can do damage, which is the focus of my upcoming seminar.



1030 1100

Coffee Break at Westin Grand Ballroom Foyer and The Straits Foyer

1100 1200

Speaker: Sukhdev Singh (Senior Security Consultant, Internet Security Systems Pte Ltd)


 Title: Protecting Your Business From Phishing & Internet Attacks



Abstract: There are as many pitfalls in cyberspace as there are in the real world. Although phishing has been around for a while, new reports suggest that it is growing in volume. These scams try to con people of personal information, such as credit card numbers and bank security codes. Phishers set up websites resembling those run by legitimate companies. They lure people to these sites using email that purportedly comes from big-name firms, making them look very credible to catch the victims offguard.


While phishing has historically consisted of attacks aimed at individual consumers, some phishing attacks trick recipients into installing malicious software, or malware. One recent phishing attack instructed recipients to download a patch for their operating system. In reality, the "patch" installed a back door into the system for later use by a hacker.

Speaker: by Toh Swee Hoe (General Manager, Monitoring and Enforcement Division, MCMC)


Title: Information Network Security Issues in the Communications and Multimedia Industry


Abstract: In issues of information and network security, the Malaysian communications and multimedia industry is guided by the 10th National Policy Objective of the Communications and Multimedia Act 1998 (Act 588), and that is, to ensure information security and network reliability and integrity. In the liberalized industry, network infrastructure in Malaysia is privately owned, and it is thus imperative for network owners to ensure the security and reliability and integrity of the network so that consumers feel safe and have full confidence in its delivery. The converging communications and multimedia industry and rapid technological changes have also posed new challenges to the security of the networks. The paper will discuss the issues surrounding the communications and multimedia industry and the challenges. To address the challenges, the paper will highlight several of these initiatives that the MCMC is working on in addressing those concerns.


Speaker: Gareth Davies





Title: Advanced Information Gathering aka Google Hacking




Abstract:  This presentation will cover the wealth of information that can be gathered

passively about an individual or organization. Whole sections of penetration

tests and vulnerability assessments are now conducted via search engines

and various other publicly accessible databases. The talk will cover the lesser

known aspects of Google, tools such as Athena and Sitedigger and the amount of random misconfiguration that can be found with a little careful

search engine manipulation. Other useful public databases will be covered with some details on how to leverage the maximum amount of detail on any given target. Also an introduction to the Google API and how it can be used or abused during a penetration test or hack attempt. This presentation will include a live demonstration in which the above techniques will used to gather coveted information about both random and

targeted organizations.


1200 1330

Lunch Break

1330 1500

Speaker: Emmanuel Gadaix (Founder, Telecom Security Task Force [TSTF])


Title: Phreaking in the 21st Century

Abstract: This presentation will focus on advanced phreaking techniques for the 21st century warrior. After a short presentation of current digital telecommunications network (with a focus on GSM/GPRS/EDGE and CDMA/3G) we will study how each element can be compromised for fun and profit. Nothing will be left untouched:

. Core Switching
. Radio Networks
. GPRS infrastructure
. 3G data
. Messaging (SMS, MMS, voicemail, USSD)
. Roaming, subscriber management platforms
. Fraud management
. Customer care systems
. Billing systems
. Mediation systems
. WAP servers
. Intelligent Network services (e.g. prepaid, VPN, conditional forwarding and screening etc.)
. Legal interception gateway
. Signaling devices
. Content aggregators
. Network Management Systems

We will also partially unveil the phreakers holy grail: Abusing out-of-band signaling by compromising SS7 nodes.

Speaker: Roberto Preatoni (Founder, Zone-H Defacement/Cybercrime Archive) & Fabio Ghioni

Title: Asymmetric Warfare and Interception Revealed

Abstract: An indepth explanation of everything you've ever wanted to know about how to evade interception and how you get intercepted anyway. This presentation will cover a strategic (with a little technology) overview of a basic asymmetric warfare battleplans. Items that will be discussed include: 1) Types of interception implemented as of today and what will be implemented in the near future
2) Technology set up for National Security and Critical Infrastructure protection: Defensive and Offensive capabilities of the deployed Multi-Dimensional Asymmetric Warfare Array.
3) Examples of Governmental and Business implementations of the complete array or modules of the above
4) Potential impacts of such technology on both privacy and national security
5) Cyber attacks : an abstract built on Zone-H's experience.


1500 1630

Speaker: Shreeraj Shah (Director, Net-Square Consulting)



Title:  Web Services - Attacks and Defense Strategies, Methods and Tools


Abstract: Web services business is projected to grow from $1.6 billion (2004) to $34 billion (2007). Web services are being integrated with web applications and consumed by other businesses over the Internet using HTTP/HTTPS protocols. This makes Web Applications even more vulnerable since they cannot be protected by Firewalls and become easy prey for attackers. Next generation web application attacks have arrived and are here to stay. These attacks are targeted towards vulnerable and poorly written web services.

The web service is the new security Lego Land. The main building blocks are UDDI, SOAP and WSDL. This presentation will briefly touch upon each of these aspects. It is important to understand this new set of attacks together with the security controls to be put in place to protect web services. This presentation will cover new methodologies of assessment and defense strategies. This presentation is just what you need to get you started on the right track...


Speaker: SK Chong (Co-Founder & Security Consultant, Scan Associates Sdn Bhd)


Title: Windows Local Kernel Exploitation




 Abstract: This presentation will highlight mechanisms to exploit the Windows Kernel for useful local privilege escalation. Unlike "Shatter Attack" which is usually only useful if an attacker has physical access of the computer, Kernel exploitation will escalate the attacker to the highest level of the kernel itself without any restrictions. The presentation will include usage of undocumented APIs, memory corruption in device drivers, kernel 'shellcode' as well as other relevant tricks to find and exploit the Windows kernel-land for a successful privilege escalation.

Speaker: Jorge Sebastiao  












1630 1700


Coffee Break at Westin Grand Ballroom Foyer and The Straits Foyer


1700 1800

Panel Discussion




-- END --