Here’s what’s in each package.
HITBSecConf2006 - Malaysia - PACK 1
KEYNOTE 1 - Schneier on Security - Bruce Schneier
Security Engineering in Windows Vista - Ian Hellen and Vishal Kumar
Playing with Botnets for Fun and Profit - Thorsten Holz
Taming Bugs - The Art of Writing Secure Code - Paul Boehm
Application Intrusion Prevention Systems - Fabrice Marie
Attacking the IPV6 Protocol Suite - Van Hauser
Writing Metasploit Plugins - From Vulnerability to Exploit - Saumil Shah
x.805 Standard - Ching Tim Meng
The World Through the Eyes of a Signature Developer - Jonathan Limbo
Client Honeypots - It’s Not Only the Network - Michael Davis
Triple Play; Triple Threats? IPTV Security - Yen-Ming Chen
Firefox Security - Window Snyder
Pentesting Java/J2EE - Discovering Remote Holes - Marc Schoenefeld
Visualizing Source Code for Auditing - Lisa Thalheim
HITBSecConf2006 - Malaysia - PACK 2
KEYNOTE 2: What application security tools vendors don’t want you to know and the holes they will never find - Mark Curphey and John Viega
Scapy and IPV6 Networking - Phil Biondi and Arnaud Ebalard
Finding Secrets in ISAPI - Nish Bhalla
Pentesting Windows Vista BitLocker Drive Encryption from the Inside - Douglas MacIver
HPP - A New Approach to Cybercrime - Raoul Chiesa
The Biggest Brother - Roberto Preatoni and Fabio Ghioni
Towards an Invisible Honeypot Monitoring System - Nguyen Anh Quynh
Hacking a Bird in the Sky - Hijacking VSAT Connections - Jim Geovedi and Raditya Iryandi
Smasing the stack for Profit; period - Rohyt Belani
Using Neural Networks and Statistical Machinery to Improve Remote OS Detection - Javier Burroni and Carlos Sarraute
MOSREF - Using Cryptography and Injectable Virtual Machines in Security - Wes Brown
Hacking Trust - Anthony Zboralski and Dave McKay
Yet Another Web Application Testing Toolkit - Fyodor Yarochkin and Meder Kydyraliev
VoIP Phreaking - SIPhallis Unveiled - The Grugq
Subverting Vista Kernel for Fun and Profit - Joanna Rutkowska
A bonus video of the charity auction is also included on the Day 2 pack! On a related note, the Call for Papers for HITBSecConf2007 - Dubai is now open! See you guys next year!
]]>Presentation Materials:
http://conference.hitb.org/hitbsecconf2006kl/materials/ or http://conference.hackinthebox.org/hitbsecconf2006kl/materials/
Official Photos:
HITBSecConf2006 - Setup and Misc
HITBSecConf2006 - Training Day 1 and Day 2
HITBSecConf2006 - Conference Day 1 and Day 2
HITBSecConf2006 - Post Conference Party
Post Conference Press Coverage:
Computer World: Post-Sept. 11 security measures seen doing more harm than good
Computer World: At hacker conference, Microsoft gets credit for effort
CSO Online: HITB: Technology Outpacing Security Advances
Computer World: HITB - VOIP presents major security risk, expert warns
ARNnet: HITB - Researcher to make Blue Pill even harder to detect
Linux World: HITB - Be prepared, IPv6 is coming sooner than you think
CSO Online: Bruce Schneier: We Are Losing IT Security War
Computer World: Control Charlie
Zone-H: HITB Day 1 - Schneier on Security: 10 Trends
Zone-H: HITB Day 2 - Hackers Ain’t Bad
VoIP Lowdown: VoIP a Hackers Dream
BBC - Security Fears Raised at Conference
BBC (Radio) - Digital Planet
The Star - Delving deep into the hacker culture
BBC - Microsoft engaging with hackers
The Star - Hacking out of the box
BBC Television (Oct 7th) - Click - Microsoft engaging with hackers
Foreign Language
LOO3.com
CSO Online (China)
Microsoft recurre a los piratas
Microsoft se reune con hackers
Detalles del post: Microsoft lanza una nueva versión de Windows
Microsoft busca “hackers” para mejorar su sistema
“Hack in the Box” (Russian)
Blog Posts
Paul Ooi
HITB CTF Team @ Work
HITBSecConf Reports on Nanyang
HITBSecConf2006 - Training
HITBSecConf2006 - Conference Day
Sheep in the Box Source Code Released
HITBSecConf2006 - Finished
Meling Mudin
I pay to be called the boss
HITBSecConf2006 - CTF Summary
HITBSecConf2006 - CTF Winner
Sheep in the Box
Nanyang Article on CTF
Xwings
Red Dragon - CTF Summary
Prabu -HITBSecConf2006 - 9 Days Away
Geek00l - HITB Conference 2006
Christian Seifert - Client Honeypot presentation at the Hack In The Box Conference
nemesisv - Back from HITB 2006
Fyodor Yarochkin - Another Con
Meder Kydyraliev - HackInTheBox
Nitesh Dhanjani - Hack In The Box 2006
Thorsten Holz - Hack In The Box 2006 Honeypot Summary
F-Secure Weblog - HITB2006
Akram - Enough Said
Day 1
1.) Welcome Address by MCMC
2.) Bruce Schneier - Schneier on Security (WEBCAST SESSION)
3.) Ian Hellen and Vishal Kumar - Security Engineering in Windows Vista
Day 2
1.) Mark Curphey and John Viega - What application security tools vendors don’t want you to know and holes they will never find!
We will also provide LIVE audio streams of the entire conference throughout both days as well. Please click here for the conference agenda.
]]>We have space for 10 teams as always and this year’s line up so far includes:
1.) F1r3wAll burn3r5 - SIG^2 SINGAPORE
2.) Team Zone-H - ITALY
3.) Qb1t - SIG^2 SINGAPORE
4.) Project Tango UITM - MALAYSIA
5.) Stealther - MALAYSIA
6.) FullDupl3x - MALAYSIA
7.) Tango Junior UITM - MALAYSIA
8.) Kickers - SINGAPORE
9.) DOKDO-KOR (PADOCON) - KOREA
Team servers will be configured with Ubuntu 6.06 (FreeBSD option is no longer offered)
Hints
Prizes
1st Place - RM3,000
2nd Place - RM2,000
3rd Place - RM1,000
For the full list of rules and regulations, please take a look at the Capture The Flag page.
UPDATE: On a related note, we have updated the Press/Media page with all the pre-conference coverage that HITBSecConf has received thus far.
]]>Keynotes:
What application security tools vendors don’t want you to know and holes they will never find!
Papers & Presentations:
The world through the eyes of a signature developer
Security Engineering in Windows Vista
Pen Testing Windows Vista BitLocker Drive Encryption from the Inside
Triple Play; Triple Threats? IPTV Security
Pentesting Java/J2EE: Discovering Remote Holes
Subverting Vista Kernel for Fun and Profit
VoIPhreaking: SIPhallis Unveiled
Attacking the IPv6 Protocol Suite
A new approach to Cybercrime: The Hackers Profiling Project (HPP)
Playing with Botnets for Fun and Profit
Taming Bugs: The Art and Science of Writing Secure Code
Application Intrusion Prevention Systems: A new approach to protecting your data
Writing Metasploit Plugins - From Vulnerability to Exploit
Client Honeypots - It’s not only the network
Visualization of Source Code for Auditing
Towards an Invisible Honeypot Monitoring Tool
Smashing the stack for profit - period
Hacking a Bird in The Sky: Hijacking VSAT Connections
Using Neural Networks and Statistical Machinery to Improve Remote OS Detection
Yet Another Web Application Testing Toolkit (YAWATT)
MOSREF: Using Cryptography and Injectable Virtual Machines in Security
If you haven’t registered for your seats, you are strongly encouraged to do so early as places are limited and spaces are going fast!
]]>
Welcome to the official homepage of HITBSecConf2006- Malaysia. The main aim of the HITBSecConf conference series is to enable the dissemination, discussion and sharing of deep knowledge network security information. Featuring presentations by respected members of both the mainstream network security arena as well as the underground or black hat community, HITBSecConf2006 - Malaysia will see over 30 of the world’s leading network security specialists down to present their research and findings. Set to take place from September 18th - 21st 2006 at The Westin Kuala Lumpur, the event will feature 7 hands-on technical training sessions and 2-days of deep knowledge presentations.
Venue: The Westin Kuala Lumpur
199 Jalan Bukit Bintang
55100 Kuala Lumpur
Date: 18th September
Time: 0900 - 1800
Item: 7-tracks Hands-On Technical Training (Day 1)
Date: 19th September
Time: 0900 - 1800
Item: 7-tracks Hands-On Technical Training (Day 2)
Date: 20th September
Time: 0900 - 1800
Item: Dual Track Security Conference & Capture The Flag ‘Live Hacking’ Competition (Day 1)
Date: 21st September
Time: 0900 - 1800
Item: Dual Track Security Conference & Capture The Flag ‘Live Hacking’ Competition (Day 2)
TECH TRAINING 1 - Advanced Web Application & Services Hacking
Trainer: Umesh Nagori (Vice President, Net-Square) & Lyra Fernandes (Principal Analyst, Net-Square)
TECH TRAINING 2 - Attacking & Defending Networks (Advanced Linux Edition)
Trainer: Nish Bhalla (VP Consulting Solutions, Security Compass)
TECH TRAINING 3 - The Exploit Laboratory
Trainers: Saumil Shah (Director, Net-Square) & SK Chong (Scan Associates)
TECH TRAINING 4 - Tactical VoIP : Applied VoIPhreaking
Trainer: The Grugq (Independent Network Security Researcher)
TECH TRAINING 5 - War Driving .Gov
Trainers: Anthony Zboralski (Founder HERT & PT Bellua Asia Pacific) with Jim Geovedi (Member HERT & Security Consultant PT Bellua Asia Pacific).
TECH TRAINING 6 - Structured Network Threat Analysis and Forensics
Trainers: Meling Mudin (spoonfork) & Lee Chin Sheng (geek00l)
TECH TRAINING 7 - Yin and Yang of Java Security Programming
Trainer: Marc Schonefeld
1.) Bruce Schneier (Chief Technology Officer, Counterpane Internet Security)
2.) Mark Curphey (Vice President, Foundstone Professional Services - A division of McAfee Inc.)
3.) John Viega (Chief Security Architect, McAfee Inc.).
1.) Anthony Zboralski (Founder, HERT & PT. Bellua Asia Pacific)
2.) Arnaud Ebalard (Security Research Engineer, EADS Corporate Research Center)
3.) Carlos Sarraute (Senior Researcher, Core Security Technologies)
4.) Ching Tim Meng (Regional Security Consultant, Lucent Worldwide Services)
5.) Douglas MacIver (Penetration Engineer, Microsoft Penetration Team, Microsoft Corporation)
6.) Fabio Ghioni (Independent Advisor to various MNCs and Government organizations)
7.) Fabrice Marie (Manager, FMA-RMS Singapore/Malaysia)
8.) Fyodor Yarochkin (Co-Author, XProbe)
9.) Ian Hellen (Security Program Manager, Windows Security Engineering Team, Microsoft Corporation)
10.) Javier Burroni (Senior Developer of Core Impact, Core Security Technologies)
11.) Jim Geovedi (Member of HERT & Security Consultant, PT Bellua Asia Pacific)
12.) Joanna Rutkowska (Senior Security Researcher, COSEINC)
13.) Jonathan Limbo (Security Researcher, Cisco Systems)
14.) Lisa Thalheim (Independent Network Security Consultant)
15.) Marc Schonefeld (Independent Network Security Consultant)
16.) Meder Kydyraliev (Co-Author, XProbe)
17.) Michael Davis (Member, The Honeynet Project.)
18.) Nguyen Anh Quynh (PhD student of Keio university, Japan)
19.) Nish Bhalla (VP Consulting Solutions, Security Compass)
20.) Paul Boehm (Founding member of TESO Security, Security Consultant, SEC Consult)
21.) Philippe Biondi (Research Engineer at EADS Corporate Research Center)
22.) Raditya Iryandi (Information Security Consultant, Bellua Asia Pacific)
23.) Raoul Chiesa (Board of Directors Member@ Mediaservice.net ISECOM Group & TSTF)
24.) Roberto Preatoni (Founder, Zone-H Defacement Mirror)
25.) Rohyt Belani (Director, Mandiant)
26.) Saumil Shah (Director, Net-Square)
27.) Thorsten Holz (HoneyNet Project Germany, Independent Network Security Researcher)
28.) The Grugq (Independent Network Security Researcher)
29.) Van Hauser (Founder, THC.org and Security Consultant at n.runs GmbH)
30.) Vishal Kumar (Security Program Manager, Secure Windows Initiative Team, Microsoft Corporation)
31.) Wes Brown (Founder, Ephemeral Security)
32.) Window Snyder (Chief Security Something-or-Other, Mozilla Foundation)
33.) Yen Ming Chen (Senior Managing Consultant, Foundstone - A division of McAfee Inc.)