SyScan'12 Singapore - Day 2 (27th April 2012)

speakers

program

registration

training

secoding

Phone4Pwn

travel

about

DAY 2 ( 27th April 2011 )

TIME	TOPIC	SPEAKER
0900 - 1000	ACPI 5.0 Rootkit Attacks Againts Windows 8 This talk will disclose certain new features of the ACPI 5.0 Specification which is now public and was primarily designed to support ACPI on ARM Embedded SoCs for the upcoming release of Windows 8. Some of these new features have important security considerations which have not been traditionally monitored by security products and/or users, specifically in the areas of covert code execution at Ring 0 privileges.	Alex Ionescu
1000 - 1015	Coffee Break
1015 - 1115	iOS Kernel Heap Armageddon This talk starts by giving the audience an overview of the different kernel heap allocators and what they are used for. The talk will discuss how these allocators are related to each other, which contain exploitable meta data and which do not. The previous work: attacks on the zone allocator's freelist will be briefly described Attacking other meta data will be discussed. The relative position of kernel zones, and memory allocated by different allocators will be analyzed to answer the question if a buffer overflow in memory of one kernel zone can overflow data in another kernel zone. Or if overflowing memory of one allocator can overflow into another allocator. The memory layout of C++ kernel objects used by IOKit drivers will be explained and it will be discussed how overwriting them can result in code execution. This talk will also cover what portions of the kernel heap/memory are just readable and writable and which are also executable. Then a more generic technique will be introduced that allows to control the iOS kernel heap layout (heap spraying, heap feng shui) and at the same time allows to fill the kernel heap with application data like C++ kernel objects that when overwritten lead to code execution.	Stefan Esser
1115 - 1215	Post Exploitation Process Continuation With the value of 0 day bugs, and the methods to exploit them and bypass current security protections, increasing; the last thing an exploit writer wants is for the target process to crash and alert the victim that something has happened. Previously it was common to see discussions about fixing the heap, but this is not so anymore and the solution appears to be process migration. This talk will discuss various post exploitation methods that can be used to clean up the target process state, after shellcode execution has been obtained and increase the likelihood of a successful recovery from crash state. There are more options than just terminating the current thread or process, and while some vulnerabilities are relatively easy to recover from others may require more in-depth techniques to recreate the required process state.	Brett Moore
1215 - 1315	Lunch
1315 - 1415	iOS Applications - Different Developers, Same Mistakes If you live in Singapore and use a mobile banking application on your iPhone or iPad, chances are at one time or another I have spent days testing the application you use. Pouring over the source code till my eyes bleed - picking out any security vulnerabilities and bugs, all this so you can enjoy a secure product. From Shenton Way to Harbor Front, Changi Business Park and SunTec, I spend my day-to-day working with the Financial Services Industry; helping companies deploy secure applications to the Singaporean public. The ironic and often humorous aspect of my work is that no matter where I am, or what company I am working for - the vulnerabilities I find are the same. The developers can be French, Japanese, Chinese, Korean or even Singaporean - all developers appear to make the same mistakes when it comes to mobile technology. This presentation will aim to show a cross-section of the state of security of Singaporean FSI mobile applications - direct from the horse's mouth. I will illustrate the risk profile of iOS Applications, the review process and methodology that I follow - and a rundown of the most common vulnerabilities that I have discovered. A rare insight into the otherwise unknown world of mobile banking applications in the Lion City, and an overall view of the state of Singaporean mobile application security.	Paul Craig
1415 - 1430	Break
1430 - 1530	Automating the Identification of Data Structures Inside Binaries The presentation will demonstrate a system able to extract data structure information from binaries using static and dynamic analysis using an Intermediate Language for the x86 instruction set. It will also show the current limitations and challenges on the implementation of the system. The system is projected to not depend on symbols (PDB) and there will be a demonstration of the extraction process against Microsoft binaries.	Edgar Barbosa
1530 - 1600	Coffee Break
1600 - 1700	Lighting Talks
1700 - 1730	Prize Giving Ceremony and Lucky Draw
End of SyScan'12 Singapore

The organizer reserves the rights to change the program.

Day 1 - 26th April

Patron of SyScan:

Platinum Sponsor:

Gold Sponsor:

Silver Sponsor:

Mega Sponsor:

Media Supports:

© Copyright, 2011, SyScan