| 0800 - 0830 |
Registration
|
|
| 0830 - 0845 |
Welcome and Keynote Speech
|
Dr. Thaweesak Koanantakool
Director, National Electronic and Computer Technology Center Thailand
|
| 0845 - 0915 |
Responsible Disclosure
|
Microsoft
|
| 0915 - 1015 |
Coordinated Network Intrusions is not an easy thing to handle. Automated Coordinated Network
Intrusions could be even greater mess. A tool-human gluing framework, STIF, has evolved and
developed into a coordinated intrusion intelligence management system. Now to be released
with further enriched functionality, data publishing interface (including SQL, plain text,
and TCP/IP socket interfaces) , multiple user interfaces (including web front-end and an IRC bot),
pluggable architecture (plug and play your favorite tools ;)).
|
Fyodor Yarochkin and Meder Kydyraliev
|
| 1015 - 1030 |
Coffee Break |
|
| 1030 - 1130 |
This talk will focus on manual inspection of kernel code when available and fuzzing kernel bugs in
closed source operating systems by using common sense. The presenters will tell the audience what to
look for and where to look, and they will be shown some rather interesting examples.
Some of the issues that will be handled are:
- stack overflows
- Heap overflows
- Integer overflows & signedness issues
- Race conditions (missing locks, ...)
- Information leaks
It is expected that the audience has some (limited) experience with these attacks and has some basic
understanding of operating system internals. Examples will be taken from Linux, Mac OS X, Free- and OpenBSD.
|
Ilja van Sprundel
Suresec.org
|
| 1130 - 1200 |
|
Jason Pearce
Cisco Thailand
|
| 1200 - 1300 |
Lunch Break |
|
| 1300 - 1400 |
"You might say there are two specialties within the job classification of con artist.
Somebody who swindles and cheats people out of their money belongs to one sub-specialty,
the grifter. Somebody who uses deception, influence, and persuasion against businesses,
usually targeting their information, belongs to the other sub-specialty, the social engineer."
-Kevin Mitnik
In today's world confidence scams present quite possibly the highest threat to security with in
the business world. Control of information, withholding and leaking, can lead to massive failures
and losses depending on how skilled the attacker may be. In combination with disinformation and
propaganda, social engineering can as fatal as or even lead to loss of customer and shareholder
confidence.
|
Dave McKay and Anthony Zboralski
|
| 1400 - 1500 |
iSCSI is insecure. SCSI calls have traditionally been used from an IDE hard drive to the motherboard
(the grey ribbon inside your computer). iSCSI takes all the benefits of SCSI and the connectivity of
IP to provide large volumes of storage dynamically to any machine, any time, over any IP network.
While iSCSI brings a tremendous amount of connectivity benefits, it simply has ignored security. Any
protocol or product that controls large volumes of critical data should strongly support the core
principles of security, including authentication, authorization, and availability. Unfortunately iSCSI
does not support these aspects very well nor does it enable many of these principles by default.
Furthermore, vendors like Microsoft, Cisco, NetApp, and EMC are pushing iSCSI into the market, but
are failing to address the security issues that their customers will face.
The iSCSI Security presentation will contain three specific sections to educate users about the
drastic security problems that are being overlooked with iSCSI storage. The presentation will include
an Introduction/Protocol Overview, a description and demonstration of iSCSI Attacks, information on the
iSCSI Defenses for each attack identified, and a short Conclusion. The presenter will described the
security weaknesses, issues, and exploits concerning authentication and authorization and will follow-up
each discussion with a demonstration of the actual attack. iSCSI attacks will show how 300 gigabytes of
data can be compromised over the IP network without a single username of password. The attack demonstration
will show how application and operating system security is important, but should not overshadow storage
devices. The demonstration will also show that a compromise of a storage device can be equal to compromising
10 to 20 applications and/or operating systems combined, both of which are accessible over the IP network.
|
Himanshu Dwivedi
iSecPartners
|
| 1500 - 1530 |
Coffee and Beer Break |
|
| 1530 - 1630 |
"The telecommunications landscape is undergoing multiple revolutions, from analog to digital,
from simple mobility to complex roaming, from TDM to VoIP, from centralized to distributed, from
proprietary systems to open standards and more importantly, from a closed environment to an
increasingly interconnected world. Those changes are creating new security challenges, and the
battle between privacy advocates and law enforcement is far from being over. As legal interception
techniques become more ubiquitous, solutions to counter them such as cryptography and distributed
non-standard protocols, are increasing in popularity. Similarly, hacking techniques and countermeasures
for the new communications protocols such as VoIP, 3G/4G, IMS, WiMAX and others, are gaining in
complexity and are becoming a growing concerns for authorities, operators and subscribers alike."
|
The Grugq
Emmanuel Gadaix - Telecom Security Task Force
|
| 1630 - 1730 |
This talk aims to dispel the myths surrounding Mac OSX regarding it's ability to stand
up to viruses and malicious code. The talk would begin with an introduction to ppc architecture,
showing a few basic assembly instructions, then go into an overview of the mach-o format.
Following this i would run through a few methods of infecting mach-o files which i have
worked on recently, showing C based proof of concepts for these.
I would also look at hooking functions and stealing arguments and some mach-o specific anti
debug method. Finally i would finish up with a conclusion about the likelihood of infection on
OSX showing possible attack vectors etc.
|
Neil Archibald
Suresec.org
|
| 1730 - 1830 |
In the world of intrusion detection, intrusion prevention and hacker research honeypots are a
quite a new and interesting technology. But only few know there is more to achieve with honeypots
than just catch an intruders attention. Honeypots could reward you with versatile results and this
presentation will be interesting to you even if you are familiar with deploying IDS/IPS/Honeypot
systems. We will give an overview of the existing tools and provide you with a methodology to start
your own forensic examinations.
|
Krisztian Piller and Sebastian Wolfgarten
|
| |
End of Day 1 |
|