[ :: mainpage :: register :: conference :: training :: venue map :: agenda :: press/media ]
[ :: capture the flag (CTF) :: zone-h hacking challenge :: open-hack :: forum :: sponsors ]
[ :: contact :: past conferences :: open source security project showcase ]

Conference presentation materials have been released.
You can download them from Packet Storm


Filed under: Conference Speakers — Administrator @ 8:21 pm

April 21, 2005

Presentation Title: Hacking Windows CE
Presentation Details:

The network features of PDAs and mobiles are becoming more and more powerful, so their related security problems are attracting much more attention. This paper will show a buffer overflow exploitation example in Windows CE. It will cover knowledge about the ARM architecture, memory management and the features of processes and threads of Windows CE. It will also shows how to write a shellcode in Windows CE including knowledge about decoding shellcode of Windows CE.

1 - Windows CE Overview
2 - ARM Architecture
3 - Windows CE Memory Management
4 - Windows CE Processes and Threads
5 - Windows CE API Address Search Technology
6 - The Shellcode for Windows CE
7 - System Call
8 - Windows CE Buffer Overflow Exploitation
9 - About Decoding Shellcode
10 - Conclusion

About San:

San is a security researcher, who has been working in the Research Department of NSFocus Information Technology (Beijing) Co., Ltd for more than three years. He’s also the key member of XFocus Team. His focus is on researching and analysing application security, and he’s also the main author of “Network Penetration Technology” (Chinese version book).

Christoff Breytenbach

Filed under: Conference Speakers — Administrator @ 8:21 pm

Presentation Title: Assessing Server Security - State of the Art
Presentation Details:


Over 70% of all the open ports on the Internet are web servers. In order to effectively evaluate an organization’s Internet security posture we must be able to effectively assess web server security. This talk takes a comprehensive look at the question of assessing web server security over the Internet. During the talk we consider the progress that has been made in web server security over the last few years, and the progress that has been made in attacking web servers over the same time. We visit the new vulnerabilities introduced by web applications and discuss the thinking applied to discover such vulnerabilities.

Finally, we describe the state of the art of web server scanning technology.

This talk should be split over two sessions and will cover the following topics:

Web Security - Yesterday & Today:

Web server security has improved dramatically since the dark days of IIS4 and the possibly even darker days of IIS5. In this section we discuss the new protection mechanisms built into Windows 2003 Server and IIS6 in particular. To demonstrate the improvements web servers have made common attack vectors will be discussed and demonstrated against IIS5.x & IIS6 servers.

The Hunt - Finding servers to attack:

Web servers can run on any port on any server. And a single web server may serve numerous different sites. Finding these servers and sites is the first challenge for the attacker. In this section we discuss and demonstrate current ‘footprinting’ methodology and tools, with special focus on the automation of footprinting technologies.

State of the Art - Current Tools & Techniques:

In October 2004 SensePost introduced ‘Wikto” a Windows tool that took CGI scanning to a new level. The integration of search engine technology, combined with the ability to cascade results and the use of fuzzy logic to detect false positives built on the work done in tools like Nikto to produce arguably the best CGI scanner available today. In this section we demonstrate and discuss the thinking behind Wikto and examine the challenges of introducing Wikto technology into the renowned Nessus open source security scanner.

Opening Windows - Analyzing Web Applications:

Insecure web applications are the single biggest threat to web server security today. However, the variety of development approaches and the custom nature of these applications makes the automated discovery of vulnerabilities on such systems near to impossible. Current web application security scanners only reveal the tip of the iceberg and security analysts have access to very simply copy-cat analysis tools. In this section we discuss an alternative approach to black-box web application security assessment and demonstrate new technology designed to enable detailed and intelligent analysis.

Each section will include detailed technical demonstration and an open forum for questions and comments.

About Christoff:

Christoff Breytenbach studied B.Com Informatics at the University of Pretoria, South Africa. During 1999, while still studying, he was employed part time at the University’s Bureau of Institutional Research and Planning as a Natural/Adabas programmer. He started fulltime employment at the end of 1999 doing Visual Basic development work on company secretarial systems. His career moved towards information security in 2000 when he joined NetXactics (formerly eSafe Technologies) where one of his areas of expertise was application integration and technical support of cryptographic tokens.

Christoff joined AST Security Management in 2001 as an information security architect, specialising in network security consulting, architecture design and implementations. Just one of the various projects he was involved in, included Microsoft Certificate Services architecture design as a partner consultant to Microsoft Consulting Services South Africa. In August of 2002, Christoff joined SensePost as a senior IT security consultant involved in the various assessment services SensePost provides, including internal-, external-, architecture-, web application- / services- and database security assessments. Christoff has presented various talks (Internet Solutions’ Internetix conference, MSUG, ISSA, TechEd, etc.), papers (editorial for ITP Asia etc.), and presented various Black Hat- and SensePost training sessions, both locally and internationally. Christoff holds various certifications, including CISSP and MCSE in Security.

Nish Bhalla

Filed under: Conference Speakers — Administrator @ 8:21 pm

Presentation Title: Analyzing Code for Security Defects
Presentation Details: The objective of the talk is understanding how to review large code bases for security defect. It can be used as methodology to identify security problems when reviewing code. The overall focus will be on the finding security vulnerabilities and the implementation of countermeasures however, the same techniques can also be implemented to help develop secure development practices.

Reviewing code to find vulnerabilities is becoming more and more common. Reviewing code is not only useful from a developers point of view but also from an attacker’s point of view. The talk will cover basics of threat analysis, how to assess threats and what are some of the vulnerabilities that could exists in code when performing code reviews for large code bases.

About Nish:

Nishchal Bhalla is a specialist in product testing, code reviews, web application testing, host and network reviews.

He has coauthored “Buffer Overflow Attacks: Detect, Exploit & Prevent”and is a contributing author for “Windows XP Professional Security” and “HackNotes: Network Security”. Nish has also been involved in the open source projects such as OWASP and YASSP. He has also written articles for securityfocus.com and also spoken at web seminars for Global Knowledge and University of Florida.

Prior to joining Security Compass, Nish was a Principal Consultant at Foundstone, where he performed numerous security reviews for major software companies, online banking and trading web sites, and e-commerce sites. He also helped develop and teach the “Secure Coding” class, the Ultimate Hacking, Ultimate Web Hacking and Ultimate Hacking Expert classes. Prior to working at Foundstone, Nish provided engineering and security consulting services as an independent consultant to a variety of organizations including Sun Microsystems, Lucent Technologies, TD Waterhouse & The Axa Group.

Nish holds his Masters in Parallel Processing from Sheffield University, is a post graduate in Finance from Strathclyde University and a Bachelor in Commerce from Bangalore University.

Marius Eriksen

Filed under: Conference Speakers — Administrator @ 8:21 pm

Presentation Title: TBA
Presentation Details: TBA

About Marius:

Marius Eriksen is a software engineer at Google, Inc. and is an OpenBSD developer. He has developed and maintained many open source projects and has failed to release many more. Marius has mostly been involved with systems security, distributed filesystems, networking middleware and security and general operating systems kernel development. Marius’ recent open source work include work on transparent end-to-end networking portability and contextual user interfaces.

Marc Shoenefeld

Filed under: Conference Speakers — Administrator @ 8:20 pm

Presentation Title: Java & Secure Programming
Presentation Details:

Java is not secure by default, you as a programmer can use its built-in features to make your software more secure, but on the other hand your errors and the flaws in the software stack below (like the JDK) can add a wide range of vulnerabilities to your java based software. The talk is about the causes and effects of coding errors and the techniques to detect them, demonstrated with findings in the current Sun JDK.

During the talk we describe “Antipatterns” that have negative influence on coding quality. Antipatterns are related to design patterns but they have more negative than positive side effects while solving a general problem. Other problems discussed are language specific issues like non-final static fields and JDK framework issues like serialisation problems, privileged code and insecurity caused by security-unaware component deployment.

All antipatterns are illustrated by real-life vulnerabilities, most of them documented by the corresponding advisories. The underlying code problems were discovered with the help of automated detectors. These detectors are optionally presented in a code-walkthrough.

About Marc:

Marc Schonefeld is an external PhD student at the University of Bamberg in Germany. His research covers the analysis of interdependencies between programming flaws (antipatterns) and vulnerabilities in software. By developing a framework for flaw detection he found a range of serious bugs in current java runtime environments (JDK) and other java based applications and middleware systems(like Jboss, Cloudscape database, …). Some of his findings led to the publication of a number of advisories by Sun Microsystems. In 2004 he presented at DIMVA and D-A-CH conferences and was speaker at Blackhat and RSA in 2003. Also in 2004 he was finalist for the European Information Security Award for his work on java based security antipatterns.

Jose Nazario

Filed under: Conference Speakers — Administrator @ 8:20 pm

Presentation Title: Analyzing all that data: Techniques for sifting haystacks and finding needles.
Presentation Details: Previously, gathering data was a difficult task, and so simple data analysis techniques worked well. now with access to information increasing, and the need to get an even broader coverage of events, making sense of mountains of data has never been more pressing. The great risk in this scenario is missing an indicator or losing data.

This presentation will introduce you to a number of techniques for making sense of large collections of data, including sorting and clustering techniques, fuzzy matching, and trend analysis. These techniques have applicability in numerous applications, such as mail filtering and network event analysis.

About Jose:

Dr. Jose Nazario is a worm researcher and senior software engineer at Arbor Networks. Dr. Nazario’s research interests include large-scale Internet trends such as reachability and topology measurement, Internet events such as DDoS attacks and worms, source code analysis methods and datamining. He routinely writes and speaks on Internet security in forums that include NANOG, USENIX Security, BlackHat Briefings, CanSecWest and SANS. Dr. Nazario holds a Ph.D. in biochemistry from Case Western Reserve University.

Dr. Nazario is also the author of the ground-breaking book entitled “Defense and Detection Strategies against Internet Worms” which offers insight into worm trends and behavior, while providing practical protection techniques. Dr. Nazario was also co-author on the book “Secure Architectures with OpenBSD”.

Joanna Rutkowska

Filed under: Conference Speakers — Administrator @ 8:20 pm

Presentation Title: Hide-And-Seek: Defining the Roadmap for Malware Detection on Windows
Presentation Details:

The presentation aims towards defining a detailed list of vital operating system parts as well as a methodology for malware detection. The list will start on such basic levels as actions needed for file system and registry integrity verification, go through user-mode memory validating (detecting additional processes, hooked DLLs, injected threads, etc…) and finally end on such advanced topics as defining vital kernel parts which can be altered by modern rootkit-based malware (with techniques like Raw IRP hooking, various DKOM based manipulations or VMM cheating)

By no means will the presented list be complete, however, the author believes that, in contrast to what many other people may think, there is only a finite number of methods which can be used by malware to compromise a system and hopefully in the future (with the help of the community) the list will “stabilize” and become more complete. Such a reference roadmap/list, will help raise the level of awareness on what is still missing with regards to malware detection and will hopefully stimulate the creation of better detection tools, leaving less and less space for malware to survive.

The presentation will be supported with live demos, in which some interesting malware will be shown as well as detection tools catching it (including some new tools from the author). Some of the topics will be touched briefly (like file system verification), while some other areas, like kernel-level integrity verification will be discussed very deeply (together with description of the latest advances in rootkit technology). At the end, the subject of implementation specific attacks against malware detectors will be briefly discussed.The presentation will focus on the Windows 2000/XP/2003 family of operating systems.

About Joanna:

Joanna Rutkowska is an independent security researcher. Her main interest is in stealth technology, that is, in the methods used by attackers to hide their malicious actions after a successful break-in. This includes various types of rootkits, network backdoors and covert channels. She is interested in both detecting this kind of activity and in developing and testing new offensive techniques.

She develops assessment and detection tools mainly for pen-testing companies. She has previously presented at the 21st Chaos Communication Congress, IT Underground 2004 and HiverCon2003. She lives in Warsaw, Poland.

Jim Geovedi

Filed under: Conference Speakers — Administrator @ 8:19 pm

Presentation Title: Wi-Fi Hotspot Security
Presentation Details:

It’s cool to live in a wireless world. Wireless is the latest thing. It’s the excitement of the year. It’s the expectation for the decade. Bandwidth for the masses is the hopeful war cry of the tech
evangelist. The elusive last mile solution.

Hotels, airports, coffee shops, pubs, and many places provide Wi-Fi hotspots for yuppies, executives campaign for mobile workplaces, PDAs and smartphones are the latest determiner for the hip.

This presentation will cover the basic approach behind Wi-Fi hotspot security design and architecture. During the presentation, vulnerabilities and methods for exploiting Wi-Fi hotspot will be showed.

About Jim:

Jim Geovedi is HERT’s new evil thinker. While most of his time goes towards providing information security advisory and training services to private enterprises and government in Indonesia through Bellua Asia Pacific, in his spare time Jim amuses himself by working on open-source security software and
operating system development projects.

Emmanuel Gadaix

Filed under: Conference Speakers — Administrator @ 8:19 pm

Presentation Title: TBA
Presentation Details: TBA

About Emmanuel:

Emmanuel has been involved in the information security and telecommunications fields for over 12 years. Originally from Western Europe, Emmanuel has been living in Southeast-Asia since 1993. After few years spent at Nokia commissioning mobile networks’ NMS and IN systems, he started his own security consulting company in 1997, which eventually got acquired by Trusecure in 2001.

Emmanuel focuses on the emerging threats facing the telecommunications industry today. He founded the Telecom security Task Force (TSTF) to provide clients with specialized security services for their GSM/GPRS/UMTS/SS7/VoIP/IMS networks. He is a CISSP, a Certified ISO-8583 Financial Transaction Protocol Engineer and a Certified Oracle DBA

Dave Mckay

Filed under: Conference Speakers — Administrator @ 8:19 pm

Presentation Title: Social Engineering Fundamentals
Presentation Details:

** Presenting with Anthony Zboralski (Gaius)

“You might say there are two specialties within the job classification of con artist. Somebody who swindles and cheats people out of their money belongs to one sub-specialty, the grifter. Somebody who uses deception, influence, and persuasion against businesses, usually targeting their information, belongs to the other sub-specialty, the social engineer.” -Kevin Mitnik

In today’s world confidence scams present quite possibly the highest threat to security with in the business world. Control of information, withholding and leaking, can lead to massive failures and losses depending on how skilled the attacker may be. In combination with disinformation and propaganda, social engineering can as fatal as or even lead to loss of customer and shareholder confidence.

About Dave:

Dave McKay is an independent security consultant. McKay has been involved in the information security field for going on 9 years. McKay’s prior employment includes an impressive list of companies where he served in a security capacity including, Hotmail, Google, Microsoft, US Department of Defense and @stake (now Symantec).

McKay is now in Rome writing a book.

« Previous PageNext Page »

Event Organizer

Hack In The Box (M) Sdn. Bhd.

Supported & Endorsed By

Malaysian Communications and Multimedia Commission (MCMC)

Malaysian Administrative Modernisation & Management Planning Unit

Main Sponsor

Microsoft Corporation

Official Airline Partner

Malaysia Airlines

Open-Hack Sponsor

VIA Technologies Inc.

CTF Sponsor

Scan Associates

CTF Prize Sponsor


Media Partners:

The Virus Bulletin Conference takes place at The Burlington, Dublin, Ireland, 5 to 7 October 2005. Register here.

Phrack Magazine

Our Speakers Are Supported By:

Bellua Asia Pacific

F-Secure Corporation

Supporting Organizations


Chaos Computer Club (Germany)

X-Focus China

Zone-H Defacement Mirror

Xatrix Security


Special Interest Group in Security & Information InteGrity Singapore