| |
|
DAY 1 - 16th December 04
START |
END |
TOPIC |
COMPANY |
| 08:00 |
08:45 |
Registration
|
|
| 08:45 |
09:00 |
Welcome and Opening |
|
| 08:45 |
09:45 |
Open Source Vulnerability Database
The Open Source Vulnerability Database (OSVDB), a project to catalog and describe the Internet's security vulnerabilities, opened for public use on 31 March 2004. The OSVDB project was launched in 2002 following a realization in the security community that no independent, community-operated vulnerability database existed. There were, and still are, numerous vulnerability databases. Some of these databases are managed by private interests to meet their own requirements, while others contain a limited subset of vulnerabilities or have significant restrictions on their content.
None are simultaneously comprehensive, open for free use, and answerable to the community.
This talk will focus on the successes of the project to date as well as many new developments that are underway, including the ability to provide active integration to help improve and analyze open source security tools. |
|
Jake Kouns |
| 09:45 |
10:30 |
Exploits Mitigation Techniques Theo de Raadt - Project Leader, OpenBSD
OpenBSD has been auditing software for nearly 10 years, and while we have had significant success, it is clearly not enough. In the last 3 years a new view on preventing attacks has surfaced in the mindset of our group.
A software exploit author starts by finding an interesting bug. Writing an exploit is easy because he can rely on a variety of system behaviours, which are very deterministic. Many of these behaviours are not required for proper operation. Recently we have developed many new techniques, which combine to thwart the attacker, without affecting regular software. We make the Unix process environment difficult to attack much like filling a house full of a variety of burglar traps. |
|
|
| 10:30 |
11:00 |
Coffee Break
|
|
| 11:00 |
11:45 |
Network Forensic |
|
| 11:45 |
12:30 |
The Art of Defling: Deffeating Forensic Analysis on Unix |
The Grugg |
| 12:30 |
13:15 |
About Shellcode
In this presentation we will see why and how to make unix shellcodes, the different programs that exist, the different shapes we can give to them, from raw binary to ascii only, and the different things we can have them do, from simply exec'inc /bin/sh to complex loads that can jump from one process to another. |
|
Philippe Biondi |
| 13:15 |
14:00 |
Lunch |
|
| 14:00 |
14:45 |
SyNSCAN - New Tool for OS Fingerprinting
OS fingerprinting, both passive and active, has many uses in network security, forensics, and intrusion detection and prevention. A new tool, SYNSCAN, has been developed to make OS fingerprinting more accurate by providing more information about the remote network stack implementation.
Greg will be describing this tool and it's applications in network security and specifically for uses with intrusion detection and prevention.
|
|
Greg Taleck |
| 14:45 |
15:30 |
Netflow Based Network Security Analysis
The traditional network perimeter defense of firewalls and IDS is intended to restrict unwanted network activity from entering or exiting the corporate network, but it falls short as a reliable defense for larger business networks. Secondary defenses, or Firelines, can be utilized by network security firefighters to improve the overall defense of the corporate network. This talk will discuss several strategies and methods devised to identify and respond to internal threats, anomalies, and misconfigurations without the use of traditional IDS or Firewalling methods. |
|
Yann Berthier |
| 15:30 |
15:45 |
Tea Break |
|
| 15:45 |
16:30 |
Storage Security : Security Threats and Best Pratices for Fibre Channel SANS Himanshu Dwivedi - Regional Director, @stake
The presentation will be a formal knowledge transfer session to discuss tactical methods and high-level strategies to adequately secure storage infrastructures.
The presentation will begin with a discussion on the several security issues associated with Fibre Channel Storage Area Networks (SANs). The session will highlight specific issues and flaws associated with storage and how attacks may expose critical vulnerabilities. The session will then progress to a discussion on the tactical methods and strategies to mitigate identified security problems.
The presentation will cover three to five security topics and specifically discuss a tactical solution for each of them. The standard and best practices discussed in the session will focus on authentication/authorization, segmentation, device configuration (lockdown), auditing/logging, and encryption. Each topic will be discussed along with a tactical security solution to fully describe the defensive measures that can protect against storage attacks. |
|
|
| 16:30 |
17:15 |
Windows Kernel Exploitation SK Chong - Scan Associates
The presentation will highlight mechanisms to exploit the Windows Kernel for useful local privilege escalation. Unlike "Shatter Attack" which usually only useful if attacker has physical access of the computer, Kernel exploitation will escalate the attacker to the highest level as the kernel itself without any restriction. The presentation will include usage of undocumented API, memory corruption on device driver, kernel 'shellcode' as well as other relevant tricks to find and exploit the Windows kernel-land for a successful privilege escalation.
This page will be updated regularly. Look out for the latest program… |
|
Scan Associates |
| |
|
End of Day 1 |
|
| |
|
|
DAY 2 - 17th December 04
|
| Powered by SyScan © 2009 SyScan'09 |
|
