Presentation Title: Social Engineering Fundamentals
Presentation Details:

** Presenting with Dave Mckay

“You might say there are two specialties within the job classification of con artist. Somebody who swindles and cheats people out of their money belongs to one sub-specialty, the grifter. Somebody who uses deception, influence, and persuasion against businesses, usually targeting their information, belongs to the other sub-specialty, the social engineer.” -Kevin Mitnik

In today’s world confidence scams present quite possibly the highest threat to security with in the business world. Control of information, withholding and leaking, can lead to massive failures and losses depending on how skilled the attacker may be. In combination with disinformation and propaganda, social engineering can as fatal as or even lead to loss of customer and shareholder confidence.

About Anthony:

Anthony Zboralski leads Bellua Asia Pacific, an Information Security consulting company based In Jakarta, Indonesia. He has more than 9 years of experience performing penetration tests, assessments, forensics and related services for some of the largest banks in Asia and a dozen Fortune 500 companies including Aerospatiale, Air France, Allianz, AXA, Electricite de France, Lagardere-Matra…

He is also known as Gaius, one of HERT cofounders and wrote some articles for phrack and hert.org (tunnelx, ciscogdb, procx, etc.). Anthony has been involved into hacking and security community since 1989 (started on x25 with otosync and bayernpower [Matthias]). He is 29 now, living in Indonesia with wife and two kids.

Presentation Title: Nematodes - Beneficial Worms
Presentation Details: This presentation presents concepts for taking expoitation frameworks into the next evolution: solving complex security problems by generating robustly controllable beneficial worms. The Why, How, and What of Nematode creation are discussed, along with some concepts in Mesh routing.

Problems discussed include legal issues, controlling your worm, writing an intermediate language, the Nematode Intermediate Language (NIL) for writing robust worms, reliability problems, commications protocols, and future work.

About Dave:

Dave Aitel is the CEO of Immunity, Inc, and is still responsible for research and development for their flagship CANVAS product. In addition, he created and distributes under the Gnu Public license the fuzzing tool, SPIKE, the web application analysis tool SPIKE Proxy, and the remote access tool Hydrogen.

His original stint was as a computer scientist at the National Security Agency, after which he spent a few years at @stake, a private security consulting firm, and finally started Immunity, Inc. Immunity’s product CANVAS is used by penetration testing firms, government agencies, large financial firms, and other companies who wish to simulate information attacks against their infrastructure.

For information regarding sponsorship, please contact:

In the heart of Kuala Lumpur’s business and shopping district, The Westin Kuala Lumpur is the newest five-star hotel in Malaysia’s Golden Triangle. All 384 guest rooms feature the famous Heavenly Bed® and views of either the spectacular KLCC Twin Towers or the historical city of Kuala Lumpur.

Westin’s Executive Residences are fully equipped apartments tailored toward longer stays. Featuring a separate entrance from the main lobby, each apartment features contemporary furnishings, a complete kitchen setup with appliances, exquisite home entertainment system, separate study and workstation with High Speed Internet Access, and a glass enclosed lanai with ample daylight.

In addition, our hotel offers 13 contemporary meeting and conference venues, including The Westin Grand Ballroom with the Martin Architectural Lighting for an extensive variety of lighting effects and projections. We also offer a business center, Executive Club Lounge with 24-hour broadband Internet service, and a spa. Innovative dining options include everything from authentic Italian to Pan Asian, healthy poolside snacks, or a Cuban bar/Latin grill.

RESTAURANTS & LOUNGES

HOTEL SERVICES

GUEST ROOMS & AMENITIES

LOCAL AREA

Jalan Bukit Bintang is the home of the new Westin Kuala Lumpur. An area known as the Golden Mile and situated in the heart of the city’s leading shopping and business district, Jalan Bukit Bintang is renowned for its modern shopping malls, restaurants and nightlife. Our superb location is a mere stone’s throw away from the upscale shopping heavens of Starhill, Lot 10, and K.L. Plaza, and a short walk from Petronas Twins Tower, Menara KLCC, and the new KL Monorail. The vibrant Bintang Walk, where pulsating nightlife and entertainment prevail, lies virtually at our doorstep.

PRICING

Exclusive for attendees of HITBSecConf2005, The Westin Hotel rates during the event will be RM330/night without breakfast and RM350/night with. Please quote “Hack In The Box Security Conference 2005″ when making your reservation.

Hotels within the vicinity of The Westin

Agora Hotel	Budget
Allson Genesis Hotel Bukit Bintang	Hotel
Bintang Warisan Hotel	Hotel	unrated
Cardogan Hotel	Budget	unrated
Chinatown Inn	Budget
Comfort Inn	Budget	unrated
Concorde Hotel Kuala Lumpur	Hotel
Corona Inn	Budget	unrated
Dorsett Regency Kuala Lumpur	Hotel
Equatorial Hotel Kuala Lumpur	Hotel
Federal Hotel Kuala Lumpur	Hotel
Fortuna Hotel	Hotel
Hotel Capitol Kuala Lumpur	Hotel	unrated
Hotel Grand Olympic	Hotel
Imperial Hotel	Budget	unrated
Impiana Hotel Kuala Lumpur	Hotel
Istana Hotel	Hotel
JW Marriott Hotel	Hotel
KL Plaza Suites	Service Apartment
Katari Hotel	Budget	unrated
KL Lodge Hotel	Hotel
Malaya Hotel Kuala Lumpur	Hotel
Mandarin Court Hotel KL	Hotel
Meliá Kuala Lumpur	Hotel
Midah Hotel	Hotel
Mirama KL	Budget	unrated
Nova Hotel	Hotel
Orkid Hotel	Budget
Park Inn International Kuala Lumpur	Hotel	unrated
Park Royal Kuala Lumpur	Hotel
Pudu Raya Hotel	Budget
Sungai Wang Hotel	Budget	unrated
Swiss-Inn Kuala Lumpur	Hotel
The Coronade Hotel Kuala Lumpur	Hotel
The Malaysia Hotel	Budget	unrated
The Pacific Regency Hotel Apartments	Service Apartment	unrated
The Regent Kuala Lumpur	Hotel
The Royale Bintang Kuala Lumpur	Hotel	unrated

Title: Digital Investigations: Practical Digital Forensic Analysis
Trainer: The Grugq (Anti-Forensics Specialist)
Capacity: 30 pax
Seats left: 9
Duration : 2 days
Cost: (per pax) RM1800 (early bird) / RM2200 (non early-bird)

REGISTER NOW

Overview

As the number of IT security incidents increases month upon month, the need for effective digital investigation techniques grows. This course teaches students how to conduct a successful digital forensic investigation, and builds a solid base of knowledge for further learning. Using a task-oriented approach, students will learn digital forensic analysis techniques and methodologies which can be applied immediately. During the course, strong emphasis is placed on technical understanding and skills.

The core curriculum of the course revolves around multiple File System Intensive sessions, focusing on file systems used on both Windows and UNIX/Linux platforms such as NTFS and Ext2FS. These File System Intensives use a combination of lectures and task-oriented hands-on lab exercises to instruct and reinforce the deep, low-level, file system knowledge crucial for effective digital forensic analysis and investigations. The lab exercises will teach core skills, such as how to:

* seize and preserve digital media
* recover deleted files (both manually and with tools)
* uncover evidence of tampering
* build a time-line

Each File System Intensive concludes with a sample investigation, reinforcing the skills developed within the course and building an understanding of how to successfully conduct a real investigation.

During the File System Intensive sessions, students will learn about the forensic analysis process, as well as the techniques and methodologies necessary for successful digital forensic investigations.

Prerequisites

Students should be comfortable using Linux as an operating environment. Students will be assigned machines (desktops) in pairs. Each machine will include a Linux installation, including X windows. Development tools (e.g. gcc, make, etc.) will be installed, however no development experience is required. All tools will be provided on CD-ROM.

About The Grugq

The Grugq has been at the forefront of forensic research for the last six years, during which he has been pioneering in the realm of anti-forensic research and development. During this time, he has also worked with a leading IT security consultancy and been employed at a major financial institution. Most recently he has been involved with an innovative security software development start-up company. Currently the Grugq is a freelance forensic and IT security consultant. While not on engagements, the Grugq continues his research on security, forensics and beer.

Title: Hacking By Numbers - Guerilla Edition
Trainer: Christoff Breytenbach, Sensepost
Capacity: 22 pax
Seats left: 20
Duration : 2 days
Cost: (per pax) RM2000 (early bird) / RM2400 (non early-bird)

REGISTER NOW

OVERVIEW

Reality, Theory and Practice! This course is the “How did they do that?” of modern hacking attacks. From start to finish we will lead you through the full compromise of a company’s IT systems, explaining the tools and technologies, but especially the thinking, strategies and the methodologies for every step along the way. “Hacking By Numbers - Guerilla Edition” will give you a complete and practical window into the methods and thinking of hackers.

‘Guerilla’ is SensePost’s ‘community-oriented’ course, designed to address the needs the the community - students, hobbyists & researchers. Like all our courses, it is strongly method based and emphasizes structure, approach and thinking over tools and tricks. The course is popular with beginners, who gain their first view into the world of hacking, and experts, who appreciate the sound, structured
approach.

WHO SHOULD ATTEND

Information security officers, system and network administrators, security consultants, government agencies and other nice people will all benefit from the valuable insights provided by this class. Remember that this course is practical and of an extremely technical nature, so a basic understanding of networking, security, Unixâ„¢ and NTâ„¢ is a course prerequisite.

About Christoff

Christoff Breytenbach studied B.Com Informatics at the University of Pretoria, South Africa. During 1999, while still studying, he was employed part time at the University’s Bureau of Institutional Research and Planning as a Natural/Adabas programmer. He started fulltime employment at the end of 1999 doing Visual Basic development work on company secretarial systems. His career moved towards information security in 2000 when he joined NetXactics (formerly eSafe Technologies) where one of his areas of expertise was application integration and technical support of cryptographic tokens.

Christoff joined AST Security Management in 2001 as an information security architect, specialising in network security consulting, architecture design and implementations. Just one of the various projects he was involved in, included Microsoft Certificate Services architecture design as a partner consultant to Microsoft Consulting Services South Africa. In August of 2002, Christoff joined SensePost as a senior IT security consultant involved in the various assessment services SensePost provides, including internal-, external-, architecture-, web application- / services- and database security assessments. Christoff has presented various talks (Internet Solutions’ Internetix conference, MSUG, ISSA, TechEd, etc.), papers (editorial for ITP Asia etc.), and presented various Black Hat- and SensePost training sessions, both locally and internationally. Christoff holds various certifications, including CISSP and MCSE in Security.

Presentation Title: Corp. vs. Corp: Profiling Modern Espionage
Presentation Details:

** Presenting with Fabio Ghioni

An impressionistic overview of what makes the difference today and in the future (in the digital playground) in the balance of power between economic and military powers. The presentation will also cover a description of the business behind espionage worldwide as well as the asymmetric organizations that are the real master of puppets.

- How do digital espionage asymmetric networks work
- Secret servicies and network mercenaries
- Prevention and monitoring vs data retention and “special laws” in today’s terrorism and data theft situations.

About Roberto:

Roberto Preatoni (aka Sys64738): 37, is the founder of the defacement/cybercrime archive Zone-H (http://www.zone-h.org). He’s also CEO of an International ITsec company (Domina Security) which is active in European and former soviet countries. He has been globetrotting, lecturing in several ITsec security conferences, including Defcon in the US. He has been interviewed by several print and online newspapers where he shares his experiences relating to cyberwar and cybercrimes.

Look out for the special edition Zone-H Comic “Clustermind” that will be released at HITBSecConf2005 - Malaysia!

** Presenting with Meder Kydyraliev

Presentation Title: STIF-ware Evolution
Presentation Details:

Meder and Fyodor have been working on their concept of common framework to unify offensive part of heterogeneous security data and security tools into a single unit - security tools framework. At this conference they will be presenting the evolution of STIF framework into what they call now “STIF-ware” - a set of STIF relevant modules that would allow the computer security hobbists to build, control and monitor the distributed network of “automated hacking” agents, guided by set of goals and targets, assigned to the system.

Expect this presentation to include some new tools and hopefully some exciting demos.

About Fyodor:

Fyodor Yarochkin is a security hobbyist and happy programmer with a few years spent in business objectives and the “security” service delivery field. These years, however, weren’t completely wasted - Fyodor has been contributing his spare time to a few open and closed source projects, that attracted limited use among non-business oriented computer society. He has a background of system administration and programming and holds Engineering degree in Software Engineering.

Note: Fyodor is not ‘nmap Fyodor’. (http://www.snort.org/docs/faq.html#1.2)

** Presenting with Fyodor Yarochkin

Presentation Title: STIF-ware Evolution
Presentation Details:

Meder and Fyodor have been working on their concept of common framework to unify offensive part of heterogeneous security data and security tools into a single unit - security tools framework. At this conference they will be presenting the evolution of STIF framework into what they call now “STIF-ware” - a set of STIF relevant modules that would allow the computer security hobbists to build, control and monitor the distributed network of “automated hacking” agents, guided by set of goals and targets, assigned to the system.

Expect this presentation to include some new tools and hopefully some exciting demos.

About Meder:

Meder Kydyraliev is a security researcher interested in network security and applications of AI techniques in ethical hacking. Lately, together with Fyodor, he has been researching to find an intelligent way to automate security assessment processes to free up some time for creative stuff. Meder has obtained his B.S. in software engineering from AUCA/Kyrgyzstan and is currenlty working as an associate for KPMG Singapore doing infosec assessments.

Presentation Title: Cyber Skirmishes
Presentation Details:

High-tech information warfare is fast becoming a reality. The term information warfare covers a wide range of activity, including corporate and military espionage and intelligence collection, psychological operations and perception management, attacks on communication systems, consumer fraud, and information piracy. In addition, the concept covers specifically computer-related issues: viruses, Trojan horses, and deliberate and targeted hacking efforts such as computer break-ins and denial-of-service attacks (where hackers flood an Internet server with traffic to overload and disable it). Cyber warfare is politically-motivated computer hacking that inflicts severe societal harm, and may also effect nation’s economy and defense. Cyber Warfare is so rapid that it may not give an opponent enough time to “surrender” before permanent and devastating damage is done. It has recently become of increasing importance to the military, the intelligence community, and the business world. Military planners are now imagining soldiers at computer terminals silently invading foreign networks to shut down radars disable electrical facilities and disrupt phone services.

# Introducing Cyber warfare
# Globalization of Cyber Warfare
# Outsourcing Warfare
# Cyber Targets
# Psychology of Modern Warfare
# Cyber Weapons
# Retaliation and Defense Tools

# Cyber battleground of Palestine and Israel
• Political and social effects caused by hacking incidents ( Real Examples)
• Targets
• Searching More Targets
• Famous Hacker Groups
• Volunteer Hackers
• Formation of Groups and their strategies
• Globalizing the war
• Tactics

# Cyber battleground of Iran and USA
• Political and social effects caused by hacking incidents ( Real Examples)
• Targets
• Searching More Targets
• Famous Hacker Groups
• Volunteer Hackers
• Formation of Groups and their strategies
• Globalizing the war
• Tactics

# Cyber battleground of China and USA
• Political and social effects caused by hacking incidents ( Real Examples)
• Targets
• Searching More Targets
• Famous Hacker Groups
• Volunteer Hackers
• Formation of Groups and their strategies
• Globalizing the war
• Tactics

# Cyber battleground of India and Pakistan
• Political and social effects caused by hacking incidents ( Real Examples)
• Targets
• Searching More Targets
• Famous Hacker Groups
• Volunteer Hackers
• Formation of Groups and their strategies
• Globalizing the war
• Tactics

# Capabilities of Al Qaeda
# Al Qaeda’s Interest In Cyber Warfare
# Al Qaeda’s Cryptography as Communication
# Cyber attacks during war of Terrorism
# Cyber attack on Al Qaeda by US
# Cyber Defense Strategies
# How hacking affect military operations?
# Influencing Foreign Policy
# How cyber attacks can spark a Real War?
# Cyber Propaganda and Terrorism
# ECHELON
# Revolution in Military affairs and C4I
# International Law
# Future of Cyber Warfare

About Zubair:

Zubair Khan is a freelance network security consultant. He has been researching mainly on DDoS Attacks and also on various other facets of network security for the past six years. He has given network security consultancy to top organizations of Pakistan. Recently he worked as a network security consultant for C4i of Pakistan. C4i is one of the directorates of Pakistan Army providing secure mode of communication for peacetime and war.

Zubair is founder of hacker’s conferences in Pakistan. His two major events Islamabad Hackers Training Camp 2004 and Islamabad Hackers Convention 2005 turned out to be a huge success. These events created a platform for security professionals in Pakistan. He has also conducted security trainings at various forums which includes government organizations. His research and work is recognized by Chairman of Pakistan Engineering Development Board and Chairman of Pakistan Engineering Council. His work and efforts to create network security awareness are greatly appreciated by high officials of country and also by media agencies.