View all Speakers

HITBSecConf2005 - Keynote Speakers

1.) Tony Chor, Group Program Manager, Microsoft Internet Explorer, Microsoft Corporation
2.) Mikko Hypponen Chief Research Officer, F-Secure Corp.

HITBSecConf2005 - Conference Speakers

(Listed in alphabetical order)

1. Aaron Higbee, Principal Consultant, Foundstone, a division of McAfee,Inc.
2. Anthony Zboralski (Gaius), Founder, Hackers Emergency Response Team (HERT)
3. Christoff Breytenbach, Senior IT Security Consultant, Sensepost
4. Dave Aitel , CEO, Immunity Inc.
5. Dave Mckay, Independent Security Consultant
6. Emmanuel Gadaix, Founder, Telecom Security Task Force (TSTF)
7. Fabio Ghioni
8. Fabrice Marie, Manager, FMA-RMS
9. Fyodor Yarochkin, Co-Author, X-Probe
10. Jim Geovedi, Information Security Consultant, PT Bellua Asia Pacific
11. Joanna Rutkowska Founder, Invisiblethings.org
12. Jose Nazario, Senior Software Engineer, Arbor Networks
13. Nish Bhalla, VP Consulting Solutions, Security Compass
14. Marc Shoenefeld,Freelance Network Security Consultant
15. Marius Eriksen, Google
16. Meder Kydyraliev, Co-Author, X-Probe
17. Roberto Preatoni, Founder, Zone-H Defacement Mirror
18. Rohyt Belani, Director, Red Cliff Consulting
19. San, Member, X-Focus China
20. Shreeraj Shah, Director, Net-Square Solutions
21. Swaraj, Suresec UK
22. The grugq, Independent Anti-forensics Researcher
23. Tim Pritlove, Chaos Computer Club
24. Zubair Khan, Freelance Network Security Consultant

Presentation Title: Mobile Malware
Presentation Details:

The first real viruses infecting mobile phones were found during late 2004. Since then, dozens of different viruses and Trojans - including cases like Commwarrior, Lasco and Skulls - have been found. Mobile phone viruses use totally new spreading vectors such as Multimedia messages and Bluetooth.

How exactly do these mobile viruses work? We’ll have a look at their code and discuss what factors affect their spreading speeds. Virus writers have always been trying to attack new platforms. What draws them now towards the mobile phone? Are phones as a platform simply widespread enough, or is the possibility of making easy money via phone billing systems driving this development? Where are we now and what can we expect to see in the Mobile Malware of the future?

About Mikko:

Mr. Mikko Hypponen is the Chief Research Officer at F-Secure Corp. He has been analysing viruses since 1991. He has consulted several high-profile organizations on computer security issues, including IBM, Microsoft, FBI, US Secret Service, Interpol and the Scotland Yard. Mr. Hypponen (35) led the team that infiltrated the Slapper worm attack network in 2002, took down the world-wide network used by the Sobig.F worm in 2003 and was the first to warn the world about the Sasser outbreak in 2004.

Mr. Hypponen and his team has been profiled by Wall Street Journal, Vanity Fair, New York Times and Newsweek. He has been an invited member of CARO (the Computer Anti-Virus Researchers Organization) since 1995.

Apart from computer security issues, Mr. Hypponen enjoys collecting and restoring classic arcade video games and pinball machines from past decades. He lives with his family, and a small moose community, on an island near Helsinki.

---

Welcome to the official homepage of HITBSecConf2005 - Malaysia. The main aim of the HITBSecConf conference series is to enable the dissemination, discussion and sharing of deep knowledge network security information. Featuring presentations by respected members of both the mainstream network security arena as well as the underground or black hat community, HITBSecConf2005 - Malaysia will see over 30 of the world’s leading network security specialists down to present their research and findings. Set to take place from September 26th - 29th 2005 at The Westin Kuala Lumpur, the event will feature 6 hands-on technical training sessions and 2-days of deep knowledge presentations.

Event Details

Venue: The Westin Kuala Lumpur
199 Jalan Bukit Bintang
55100 Kuala Lumpur

Date: 26th September
Time: 0900 - 1800
Item: 6-tracks Hands-On Technical Training (Day 1)

Date: 27th September
Time: 0900 - 1800
Item: 6-tracks Hands-On Technical Training (Day 2)

Date: 28th September
Time: 0900 - 1800
Item: Dual Track Security Conference & Capture The Flag ‘Live Hacking’ Competition (Day 1)

Date: 29th September
Time: 0900 - 1800
Item: Dual Track Security Conference & Capture The Flag ‘Live Hacking’ Competition (Day 2)

Hands-On Technical Training

TECH TRAINING 1: Web Application – Attacks and Defense
Trainer: Shreeraj Shah Founder/Director, Net-Square Consulting

TECH TRAINING 2: Exploiting & Defending Networks
Trainer: Nish BhallaVP Consulting Solutions, Security Compass

TECH TRAINING 3: War Driving Kuala Lumpur
Trainers: Anthony Zboralski (Gaius),Founder Hackers Emergency Response Team (HERT) & Jim Geovedi, Information Security Consultant PT Bellua Asia Pacific.

TECH TRAINING 4: Packet Mastering The Monkey Way
Trainers: Dr. Jose NazarioSenior Software Engineer, Arbor Networks and Marius Eriksen Software Engineer, Google.com

TECH TRAINING 5: Digital Investigations: Practical Digital Forensic Analysis
Trainer: The Grugq

TECH TRAINING 6: Hacking By Numbers - Guerilla Edition
Trainer: Christoff Breytenbach

TECH TRAINING 7: The Exploit Laboratory - Buffer Overflow Black Arts
Trainers: Saumil Udayan Shah (Founder, Net-Square) & SK Chong (Security Consultant, SCAN Associates).

HITBSecConf2005 - Keynote Speakers

1.) Tony Chor, Group Program Manager, Microsoft Internet Explorer, Microsoft Corporation
2.) Mikko Hypponen, Chief Research Officer, F-Secure Corp.

HITBSecConf2005 - Conference Speakers

(Listed in alphabetical order)

1. Aaron Higbee, Principal Consultant, Foundstone, a division of McAfee,Inc.
2. Anthony Zboralski (Gaius), Founder, Hackers Emergency Response Team (HERT)
3. Christoff Breytenbach, Senior IT Security Consultant, Sensepost
4. Dave Aitel , CEO, Immunity Inc.
5. Dave Mckay, Independent Security Consultant
6. Emmanuel Gadaix, Founder, Telecom Security Task Force (TSTF)
7. Fabio Ghioni
8. Fabrice Marie, Manager, FMA-RMS
9. Fyodor Yarochkin, Co-Author, X-Probe
10. Jim Geovedi, Information Security Consultant, PT Bellua Asia Pacific
11. Joanna Rutkowska Founder, Invisiblethings.org
12. Jose Nazario, Senior Software Engineer, Arbor Networks
13. Nish Bhalla, VP Consulting Solutions, Security Compass
14. Marc Shoenefeld,Freelance Network Security Consultant
15. Marius Eriksen, Google
16. Meder Kydyraliev, Co-Author, X-Probe
17. Roberto Preatoni, Founder, Zone-H Defacement Mirror
18. Rohyt Belani, Director, Red Cliff Consulting
19. San, Member, X-Focus China
20. Shreeraj Shah, Director, Net-Square Solutions
21. Swaraj, Suresec UK
22. The grugq, Independent Anti-forensics Researcher
23. Tim Pritlove, Chaos Computer Club
24. Zubair Khan, Freelance Network Security Consultant

---

View all Trainings

TECH TRAINING 1: Web Application – Attacks and Defense
Trainer: Shreeraj Shah Founder/Director, Net-Square Consulting

TECH TRAINING 2: Exploiting & Defending Networks
Trainer: Nish BhallaVP Consulting Solutions, Security Compass

TECH TRAINING 3: War Driving Kuala Lumpur
Trainers: Anthony Zboralski (Gaius),Founder Hackers Emergency Response Team (HERT) & Jim Geovedi, Information Security Consultant PT Bellua Asia Pacific.

TECH TRAINING 4: Packet Mastering The Monkey Way
Trainers: Dr. Jose NazarioSenior Software Engineer, Arbor Networks and Marius Eriksen Software Engineer, Google.com

TECH TRAINING 5: Digital Investigations: Practical Digital Forensic Analysis
Trainer: The Grugq

TECH TRAINING 6: Hacking By Numbers: Guerilla Edition
Trainer: Christoff Breytenbach

TECH TRAINING 7: THE EXPLOIT LABORATORY - BUFFER OVERFLOW BLACK ARTS
Trainers: Saumil Udayan Shah (Founder, Net-Square) & SK Chong (Security Consultant, SCAN Associates).

Presentation Title: Internet Explorer Security: Past, Present, and Future
Presentation Details:

Microsoft’s Internet Explorer team is on the frontline of the battle to protect users from malware and social attacks. Tony Chor will outline threats to secure browsing, discuss Microsoft’s response with Internet Explorer for Windows XP SP2, and detail the implementation of safety features in the upcoming Internet Explorer 7.0, such as the Phishing Filter and Protected Mode.

About Tony:

Tony Chor is the Group Program Manager of the Microsoft’s Internet Explorer team. He is responsible for leading the IE team’s security response as well as for driving the design, development, and release of new versions of IE including IE 6 in XP SP2 and IE 7 for XP and Windows Vista.

Tony is a fifteen year veteran of Microsoft and has worked on a variety of projects including digital imaging in Windows Vista, MSN Explorer, Works, Encarta Online, Bookshelf, Picture It!, and Golf. He holds a B.S. in Computer Science from Stanford University.

Presentation Title: Corp. vs. Corp: Profiling Modern Espionage
Presentation Details:

** Presenting with Roberto Preatoni

An impressionistic overview of what makes the difference today and in the future (in the digital playground) in the balance of power between economic and military powers. The presentation will also cover a description of the business behind espionage worldwide as well as the asymmetric organizations that are the real master of puppets.

- How do digital espionage asymmetric networks work
- Secret servicies and network mercenaries
- Prevention and monitoring vs data retention and “special laws” in today’s terrorism and data theft situations.

About Fabio:

Fabio Ghioni is advisor to several Multinational Corporations as well as Governments. He is the leading expert in the field of information security, competitive intelligence and intrusion management in an asymmetric environment. As consultant to several different Government institutions he has been the key to the solution of several terrorism cases in the past. He has serviced leading international corporations involved in the military, telecommunications, banking and technology industries. His key fields of research range from mobile and wireless competitive security to the classification of information and forensics technologies applied to identity management and ambient intelligence.

---

Look out for the special edition Zone-H Comic “Clustermind” that will be released at HITBSecConf2005 - Malaysia!

Presentation Title: Trends in Real World Attacks: A Compilation of Case Studies
Presentation Details:

The number of reported security incidents has always been proportional to the number of vendor-issued vulnerabilities. However, recently this trend seems to have broken. This can be attributed to an increase in attacks against custom applications, attacks targeting end-users, zero-day exploits, and self-propagating worms. This presentation will discuss such trend-breaking real world attacks ranging from the installation of keystroke-logging Trojans on end-user machines through an IE buffer overflow to attacks against wireless clients. Each case study will discuss the motivation of the attack, an overview of the underlying technical details and its impact on business.

About Rohyt:

Rohyt Belani is a Director with Red Cliff Consulting. His expertise encompasses the areas of wireless security, application security and incident response. Rohyt is also an experienced and talented instructor of technical security education courses.

Prior to joining Red Cliff, Mr. Belani was a Principal Consultant at Foundstone. Earlier in his career, he was a Research Group Member for the Networked Systems Survivability Group at the Computer Emergency Response Team (CERT).

Mr. Belani is a frequent author of articles for SecurityFocus, a reputed information security portal. He is also a contributing author for the Osborne publication, Hack Notes – Network Security. Rohyt is a regular speaker at various industry conferences and forums like OWASP, HTCIA, FBI-Cyber Security Summit, HP World, New York State Cyber Security Conference and HackInTheBox-Malaysia. Additionally, he has presented at several Institute of Electrical and Electronics Engineers (IEEE) and Association for Computing Machinery (ACM) -sponsored conferences on the topics of fault-tolerant distributed systems, wireless networks, and advanced network simulation.

Mr. Belani holds a Bachelor of Engineering in Computer Engineering from Bombay University and a Master of Science in Information Networking from Carnegie Mellon University. He is a Certified Information Systems Security Professional (CISSP).

Registration for HITBSecConf2005 - Malaysia will open
1st June 2005.The pricing for the conference will be RM360 early bird (ends 1st August 2005) and RM450 non-early bird. Students (you must produce a valid student card upon registration at the venue) will be charged RM250. As seats are limited, you are encouraged to REGISTER EARLY.

Below are the list of sponsors and supporting organizations that have come together to support HITBSecConf2005 Kuala Lumpur, Malaysia. For sponsorship options please e-mail dhillon -at- hackinthebox.org or cbelinda -at- hackinthebox.org to request for our Sponsorship Proposal document.

Overview

The game attempts to test a security administrator’s ability to secure a complex system with unknown but required functionality. While this task seems rather odd, this is similar to a day job as a security consultant: a customer has a large dot.com site, they don t know what it does (the IT staff have all left), and they want it to be secure. And don’t turn it off, there is live traffic running on it. The HITBSecConf CtF game models this situation as follows:

· Players are provided with a table, one 5-point power outlet, and one Ethernet connection.
· Players get a class-C network address space, and all traffic coming to the player s connection is reverse-NAT’d so that the source of traffic cannot be identified. This eliminates the obvious defence of filtering all traffic from other teams using a simple firewall.
· Players are handed a reference system at the beginning of the game. The reference system is guaranteed to provide all the Services required by the Score Server. The Flags which the Score Server is looking for have already been implanted in each team’s reference system. This becomes the Home Flag of the team.
· The actual Services required by the Score Server are secret, and subject to change throughout game play.
· The reference system is riddled with security vulnerabilities, and may possibly include vulnerable Services, such as telnet and FTP.
· To score a home point, a team’s server must fully satisfy the Score Server’s requested interactions, and the team’s Flag must be intact on their server.
· To score an own3d point, the Score Server must be fully satisfied with the Services on other team’s server, the attacking team’s Flag must be present on other team s server, and the attacking team’s server must also be fully functional. This is to prevent a team from deploying only attackers, and not bothering to defend.
· To discourage DoS attacks and lazy bulk scanning, each team is charged a penalty for bandwidth coming from their connection. This penalty may include temporary disconnection from the network and thus the loss of home points as the Score Server will not be able to score the team.

Having to both simultaneously defend the home position and at the same time to plant your Flag in an opponent’s server to score 0wn3d points makes the game much more challenging and even handed. In addition to making the game more interesting, the format of the game tries to mirror situations as it would happen in the real world.

Apart from the security expertise needed, some measure of intuition and creative investigation would be required to guess the Services and Flags the Score Server is looking for. Having an attack-only strategy would thus not be beneficial as the points lost in not being able to fulfil the Score Servers request would be difficult to regain.

Attack and Defend

This Capture the Flag will be the fifth CtF game to be held in Malaysia, after the hugely successful games held during HITB Security Conference in 2002, 2003, 2004 and INFOSEC 2003. This year, we’re continuing the highly successful format we deployed last year - whereby each participating team will be given a server to defend, and at the same time launch penetrative attacks against the other teams. As such, participants must know how to attack and plant Flags on opponent.s servers in order to score points, and at the same time, know how to defend their own box from being compromised and losing points.

While all this is happening, the CtF Score Server will be keeping track of Services and Flags running on each team’s chosen server, so teams can’t totally close all Services on the box either. If the Score Server does not detect a Service/Flag on the chosen server, it will deduct points for the team concerned. Teams will not know which Services/Flags the Score Server is looking for, and will have to infer this from the game play. This setup duplicates a common computing infrastructure environment in the enterprise.

The Reference Distribution

Sounds easy? Think again. Prior to the game, teams will be given a reference distribution server that has been preinstalled. A number of Services will be running on the server with Flags implanted in some of them. These Flags are known as the Home Flags. Do note though that the Services may or may not be vulnerable. Some of the Services may or may not be needed to run at all.

The Score Server that will attempt to establish connections to the Services and ensure they are running and at the same time check for the presence of the Flags. Points will be given if the Service is up, or deducted if the Service is down or a Flag can’t be found. The catch is, teams will not know which Services the Score Server will check before hand. Thus, they must be able to differentiate between legitimate Score Server connections and attacks from opponents during the competition itself. Teams however are allowed to patch any Services which are vulnerable, keeping in place any Flags that the Score Server may be looking for.

The Reference Distributions and Services chosen for each operating system will be announced 1st August 2005

Rules

· NO flooding of network. A 30 minutes NO GAME penalty and points deductions will be given to teams that who are found to be flooding the network.
· NO Denial of Service (DoS) attack. A 30 minutes NO GAME penalty and points deductions will be given to teams that are found to be launching DoS attacks
· All teams must obey PIT STOP calls. PIT STOP calls are rest intervals where all teams must leave the game area to facilitate for the CtF judges to update the score, and/or do maintenance work etc.
· NO harassment of other opponents (verbal abuse, etc).
· NO physical attack.
· NO attacking of Score Servers. Teams that attack Score Servers will be given points deductions.

Game Play
The Game

1. Teams are allocated their own network block.
2. They must defend one host (the reference server) and keep it running.
3. Teams attack each other.
4. Teams will attempt to plant their Home Flag on their opposing team’s servers to replace the opponent’s Flag.
5. Teams with the highest accumulated points at the end of the game wins.

Scoring

1. +10 points for each successful Flag/Service request from Score Server.
2. +20 points for each successful Flag planted on opponent server.
3. -10 points for each failed Flag/Service request from Score Server.
4. -20 points if server is compromised and opponent’s Flags is detected.
5. -100 points for DoS attack.
6. Score server polls are randomized at a regular interval.

NOTE: Keeping Services up and running is vital to get more points. Team scores are updated after every Service poll. This will give the teams hints as to what/which Services the Score Server will be polling for.

Reference Distribution

1. Teams will be given reference CDs upon request that will contain the Operating System.

2. They can choose to upgrade port or replace the Services; however Teams must note that the Score Server may look for specific Flags hidden inside some Services. Any upgrade/port/replacements of these services must include the Flags or the Team will start to lose points very quickly.

3. Teams can choose between these OSes: FreeBSD, Gentoo, Fedora Core 2

4. The Reference Distribution OSes will be as per the last official release of the operating system by the vendor or OSS project. The Reference Distributions will not be patched, bugfixed or altered in any way from the stock sources as released on the date of the official release.

5. Teams are responsible for bringing their own patches, vulnerability fixes, bugfixes and other tools necessary to patch up the system.

6. Teams must indicate the choice of OS upon registration.

7. Teams ARE NOT ALLOWED to run their servers off CDs. This is absolutely prohibited. Teams that are found to do this will be eliminated from the game.

8. Teams ARE NOT ALLOWED to run their servers off honey pots. This is absolutely prohibited. Teams that are found to do this will be eliminated from the game.

9. External/Third Party Firewalls ARE ABSOLUTELY outlawed. However, teams may set up any OS based firewalls (e.g. IPTables, IPChains, IPFW, IPFilter) on the server itself.

10.Teams ARE NOT ALLOWED to bring extra servers.

11. If the Teams have to reinstall their server OS, the Reference Distribution MUST be used. The Organizing Team will NOT inform the Team what Services are needed to be run or are being counted by the Score Server. The Organizing Team will NOT provide the Flags for the Team for reinstallation.

12. Any action which causes the Score Server to dislike the Team’s Services and Flags are solely the fault of the team and the Team will lose points for this.

Hints

· Plan, plan, plan.
· Be organized. 1 team principal. 1 firewall/IDS expert. 1 l33t sysadmin. 1 l33t hacker. 1 code junky would be a good line up.
· Learn, learn, learn. Learn what the Score Server wants, and please it.
· Learn how to attack the reference distributions.
· Choose your OS wisely. If you chose an OS with less security issues, then you will have less time defending and more time attacking others.
· Learn the importance of taking backups, in order to restore yourself to a known state in the unlikely event that your server has been r00ted or 0wn3d.

Final Judgement

· At all times, the decision of the CtF Organizing Team is final on any matter in question.
· Team Leader’s should feel free to work with the CtF Organizing Team to resolve any disputes that may arise.

Prizes

Seeing that this will be our 5th Capture The Flag competition, we are looking to line up some pretty sweet prizes for the winners of this years CTF. Stay tuned for details here

Acknowledgements

The HITBSecConf organizing committe would like to give shoutouts, ninja greetz and ghetto loves to The Ghetto Hackers, who came out with the attack and defense concept for the CtF game. The Ghetto Hackers have been organizing the CtF game for Defcon since 2002! Much love!