|
DAY 1 - 16th December 04
START |
END |
TOPIC |
COMPANY |
| 08:00 |
08:45 |
Registration
|
|
| 08:45 |
09:00 |
Open Source Vulnerability Database
|
Jake Kouns |
| 09:00 |
09:45 |
Open Source Vulnerability Database
The Open Source Vulnerability Database (OSVDB), a project to catalog and
describe the Internet's security vulnerabilities, opened for public use
on 31 March 2004. The OSVDB project was launched in 2002 following a realization
in the security community that no independent, community-operated vulnerability
database existed. There were, and still are, numerous vulnerability databases.
Some of these databases are managed by private interests to meet their
own requirements, while others contain a limited subset of vulnerabilities
or have significant restrictions on their content.
None are simultaneously comprehensive, open for free use, and answerable
to the community.
This talk will focus on the successes of the project to
date as well as many new developments that are underway, including the
ability to provide active integration to help improve and analyze open
source security tools. |
|
|
| 09:45 |
10:30 |
Exploits Mitigation Techniques
OpenBSD has been auditing software for nearly 10 years, and while we have
had significant success, it is clearly not enough. In the last 3 years
a new view on preventing attacks has surfaced in the mindset of our group.
A software exploit author starts by finding an interesting
bug. Writing an exploit is easy because he can rely on a variety of system
behaviours, which are very deterministic. Many of these behaviours are
not required for proper operation. Recently we have developed many new
techniques, which combine to thwart the attacker, without affecting regular
software. We make the Unix process environment difficult to attack much
like filling a house full of a variety of burglar traps. |
|
|
| 10:30 |
11:00 |
Coffee Break
|
|
| 11:00 |
11:45 |
Network Forensic
The traditional network perimeter defense of firewalls and IDS is intended
to restrict unwanted network activity from entering or exiting the corporate
network, but it falls short as a reliable defense for larger business
networks. Secondary defenses, or Firelines, can be utilized by network
security firefighters to improve the overall defense of the corporate
network. This talk will discuss several strategies and methods devised
to identify and respond to internal threats, anomalies, and misconfigurations
without the use of traditional IDS or Firewalling methods. |
|
|
| 11:45 |
12:30 |
The Art of Defiling: Defeating Forensic Analysis on Unix File Systems
The rise in prominence of incident response and digital forensic analysis
has prompted a reaction from the underground community. Increasingly,
attacks against forensic tools and methodologies are being used in the
wild to hamper investigations. This talk will: familiarize the audience
with Unix file system structures; examine the forensic tools commonly
used, and explore the theories behind file system anti-forensic attacks.
In addition, several implementations of new anti-forensic techniques will
be released during the talk.
Anti-forensics has cost the speaker one job. This
material has never been presented in the North American continent because
anti-forensics scares the feds. Find out why. |
The Grugg |
|
| 12:30 |
13:15 |
About Shellcode
In this presentation we will see why and how to make unix shellcodes,
the different programs that exist, the different shapes we can give to
them, from raw binary to ascii only, and the different things we can have
them do, from simply exec'inc /bin/sh to complex loads that can jump from
one process to another. |
Philippe Biondi |
|
| 13:15 |
14:00 |
Lunch Break
| |
| 14:00 |
14:45 |
SyScan - New Tool for OS Fingerprinting
OS fingerprinting, both passive and active, has many uses
in network security, forensics, and intrusion detection and prevention.
A new tool, SYNSCAN, has been developed to make OS fingerprinting more
accurate by providing more information about the remote network stack
implementation.
Greg will be describing this tool and it's applications
in network security and specifically for uses with intrusion detection
and prevention. |
|
Greg Taleck |
| 14:45 |
15:30 |
Netflow Based Network Security Analysis
Up until recently, security measures have been enforced
at the perimeter, while ubiquitous deployments of remote access links
and wireless networks were eroding the network boundaries thus defined.
Recent worms history has clearly demonstrated the fact that the threat
is now in the inside, and that the border defenses are getting circumvented.
As this trend is not going to fade away, large networks must be somewhat
domesticated to permit monitoring.
While Network Flow data, as exported by routers, were
designed for accounting, they represent an efficient way to record transactions
occurring on a network for real time or forensic analysis. This talk will
focus on the security applications of Network Flows, and how they can
be used to detect and analyze network misuses in corporate and service
providers' networks.
|
|
Yann Berthier |
| 15:30 |
15:45 |
Coffee and Tea Break |
|
| 15:45 |
16:30 |
Storage Security: Security Threats And Best Practices for Fibre Channel Sans
The presentation will be a formal knowledge transfer session to discuss
tactical methods and high-level strategies to adequately secure storage
infrastructures.
The presentation will begin with a discussion on the several security
issues associated with Fibre Channel Storage Area Networks (SANs). The
session will highlight specific issues and flaws associated with storage
and how attacks may expose critical vulnerabilities. The session will
then progress to a discussion on the tactical methods and strategies to
mitigate identified security problems.
The presentation will cover three to five security topics and specifically
discuss a tactical solution for each of them. The standard and best practices
discussed in the session will focus on authentication/authorization, segmentation,
device configuration (lockdown), auditing/logging, and encryption. Each
topic will be discussed along with a tactical security solution to fully
describe the defensive measures that can protect against storage attacks.
Lastly, the session will highlight the effects of default settings on
networks storage devices, such as SAN switches, which can negatively impact
the security posture on storage infrastructures. |
|
Himanshu Dwivedi - Regional Director, @Stake |
| 16:30 |
17:00 |
Windows Kernel Exploitation
The presentation will highlight mechanisms to exploit the
Windows Kernel for useful local privilege escalation. Unlike "Shatter
Attack" which usually only useful if attacker has physical access
of the computer, Kernel exploitation will escalate the attacker to the
highest level as the kernel itself without any restriction. The presentation
will include usage of undocumented API, memory corruption on device driver,
kernel 'shellcode' as well as other relevant tricks to find and exploit
the Windows kernel-land for a successful privilege escalation.
This page will be updated regularly. Look out for
the latest program…. |
|
SK Chong -
Scan Associates |
| |
|
End of Day 1 |
|
| |
|
|
|
DAY 2 - 17th December 04
|
| Powered by SyScan © 2009 SyScan'09 |
|
