Speakers
Final speaking line-up to be announced.
Keynote: Dispelling the myths and discussing the facts of global cyber-warfare
Jayson Street
There is a war being raged right now. It is being fought in your living room, in your dorm room even in your board room. The weapons are your network and computers and even though it is bytes not bullets whizzing by that does not make the casualties less real. We will follow the time line of Informational Warfare and its impact today. We will go deeper past the media hype and common misconceptions to the true facts of whats happening on the Internet landscape. You will learn how the war is fought and who is fighting and who is waiting on the sidelines for the dust to settle before they attack.
Jayson E. Street is Chief Information Security Officer at Stratagem One and Assistant VP Information Security at A National Bank. In the past he acted as consultant for the FBI and the US Secret Service as well as guest speaker in several law-enforcement events. Jayson has been interviewed by Forbes and Scientific American regarding his research on the issue of cyber-warfare. Also, he is on the SANS GIAC Advisory Board and his affiliations include Oklahoma ISSA, Infragard, OSVDB and SNOSoft research team.
Practical (Introduction to) Reverse Engineering
Julio Auto, Independent security researcher
A journey through two sides of Reversing: basic and advanced. Covering essential concepts and demonstrating real-world practices, this presentation aims to arm the attendee with sufficient knowledge to immediately start on reverse engineering and achieve real, tangible, useful results.
Julio Auto is an independent security researcher, a "hobby" that he carries during the free time outside his job as a software engineer in one of the biggest brazilian R&D companies in the technology business. As part of his personal research, Julio works on the development of the ERESI project (http://www.eresi-project.org/), which, amongst other things, already enabled him to have a carreer as an international speaker, having lectured in conferences such as H2HC, Ekoparty, and Black Hat Europe. Julio Auto holds a B.Sc. in Computer Science from UFPE and supports the edition of The Bug! Magazine, the appreciation of beer, and the production of quality music.
Intro to Windows Kernel Security Development
Stephen Ridley, Matasano
There is very little salient about Windows kernel auditing and kernel exploitation techniques. This is probably due to the nature of
the security industry these days. Bugs are getting harder to find, so techniques tend to be closely held. There have been some "primer"
presentations on Windows kernel security and some very specific kernel exploitation presentations on specific bugs. This presentation
is more on "lessons learned" while developing kernel security auditing tools for the Windows kernel. Three specific original tools were
written (and will be released with the presentation along with source code).
1. A Kernel-space shellcode test harness (called KHD)
2. A light-weight Kernel-space "detours"
3. A light-weight Kernel-space "NT Object sniffer".
This presentation will also cover a bit on reverse engineering drivers with IDA, and some of the "gotchas" there such as identifying
and reversing DRIVER_OBJECT dispatch functions from kernel drivers. It will also cover and demo some "kernel shellcoding" techniques
and interesting things found within the layout of the kernel. The presentation is targeted at those new to kernel security auditing
and kernel security tool development. Source code for all the original tools released as well as notes and links to reference materials
will also be made available. The goal for this presentation being a "one stop shop" for an introduction to Windows kernel security
development (fuzzing, shellcoding, etc.) Some discussion of public tools will also be a small part of the presentation (Kartoffel, etc.)
Stephen A. Ridley is currently Senior Security Researcher for Matasano Inc. He was formerly a Senior Security Architect at McAfee and at Aegis Research (now ManTech Security and Mission Assurance) supporting the U.S. Defense and Intelligence communities. He lives in Manhattan, NY.
Advanced Payload Strategies: What is new, what works and what is hoax?
Rodrigo Rubira Branco (BSDaemon), CheckPoint / COSEINC
This talk focuses on the shellcode perspective and it's evolution. From the simplest {shell}code to the polymorphism to bypass filters
and I{D|P}S (which has lots of new ideas, like application-specific decoders, decoders based on architecture-instructions, and many
others), passing through syscall proxying and injection, this talk will explain how it works and how effective they are against the
new evolving technologies like network code emulation, with live demonstrations.
There is long time since the first paper was released about shellcoding. Most of modern text just tries to explain the assembly
structure and many new ideas have just been released as code, never been detailed or explained. The talk will try to fix this gap,
also showing some new ideas and considering different architectures.
Rodrigo Rubira Branco (BSDaemon) is a Security Expert at Check Point Software Technologies and a Vulnerability Research Senior
Consultant at the Vulnerability Research Lab (VRL) of COSEINC. He worked as a software Engineer at IBM, member of the Advanced
Linux Response Team (ALRT), part of the IBM Linux Technology Center (IBM/LTC). He is the maintainer of many open-source projects
and has talks at the most important security-related conferences in the world.
Rodrigo is also a member of the RISE Security (www.risesecurity.org).
Advanced SQL Injection
Joseph McCray, Rapid7 / LearnSecurityOnline.com
SQL Injection is a vulnerability that is often missed by web application security scanners, and it's a vulnerability that is often rated
as NOT exploitable by security testers when it actually can be exploited.
Advanced SQL Injection is a presentation geared toward showing security professionals advanced exploitation techniques for situations
when you must prove to the customer the extent of compromise that is possible.
The key areas are: IDS evasion, privilege escalation, re-enabling stored procedures, obtaining an interactive command-shell,
data exfiltration via DNS.
Joseph McCray is currently Assessment Practice Manager at Rapid7 and founder at LearnSecurityOnline.com. He was formerly a U.S. Army
Information Assurance Network Engineer (Multi-National Forces Iraq), performed IA network assessments for U.S. Army installations,
assisting with several Secure Network Architecture deployment initiatives and with the deployment of several IDS/IPS systems. He also
had a position as Intrusion Analyst for the U.S. Army Regional Computer Emergency Response Team.
Joseph is currently teaching security courses at Johns Hopkins University (JHU), University of Maryland Baltimore College (UMBC)
and universities and training centers around the United States.
Secure Log Centralization, Analysis & Security Visualization
Gustavo Monteiro, Independent security researcher
The challenge to guarantee that non-tampered, legitimate and correct information is sent across the network and arrives unmodified into a central log server is one of the crucial steps for a through log analysis. This talk focuses on how to perform secure log traversal and storage through a potentially hostile network. This lecture starts with the very begining of log analysis, passing through the attacks that could compromise the availability and integrity of logs, and ends up with a demonstration of Splunk, to introduce the concept of security visualization.
Gustavo Monteiro is an undergraduate student of Computer Science at Catholic University of Pernambuco. In the past he worked with penetration testing and in the past years he has been working with Log Analysis and Event Correlation for security management.
GSM For Fun and Profit
David Batanero, Independent researcher
What happens when you pick up your mobile phone? Are you calls secured? How can you improve your privacy? How secure is your smartphone/mobile phone? Is your mobile network reliable? Why don't use encryption for your conversations, why don't use a PBX? Is secure to use VoIP? If you find a mobile phone, why don't you do a forensic? I will try to answer these questions, as part of the presentation I will show a live demonstration of the GSM traffic sniffing in a mobile phone, and what is possible to do with it.
David Batanero has been involved in GSM security research for about eight years. He spoke at some security-focused conferences including G-Con II, G-Con III, Caixanova-Tecnoatlantico, and has given lectures in universities at Colombia and Spain. He currently works as coordinator for a line of telecommunications products in a multinational.
Exploiting PDF Readers
Felipe Andres Manzano, Independent security researcher
I've been playing with PDF embedded formats for around a year now, and I have coded a couple of tiny libraries that enable the creation of "nasty" PDFs files from scratch. I'd like to show a really small Python lib that allows the construction of simple PDFs, clearing the way for the coding of specific fuzzers. To keep it from being a complete mind trip, I will show how to actually build trivial PDFs, and how to make a fuzzer out of it, targeting some arbitrary embedded tags. Finally, I'll try to transmit the fear of PDFs files 'explaining' a complete -not-stack-based- exploit for some known vulnerability (presumably #OCERT-2008-007).
Felipe is an independent security researcher mainly focused on software vulnerabilities. He is also a nine-to-fiver Software Engineer at an undisclosed company. In the past he enjoyed being part of the Exploit Writers Team at CORE Security Technologies and before that a nmap ninja at flowgate.net. Previous to obtain his BSc in Computer Science at Universidad Nacional de Rosario, Argentina, he took his first steps in security adding MLS to a Linux kernel FS for a university-hosted R+D project.
Ut cognitione visus: ut ipso intellecto - BinNavi v2
Tiago Assumpção, zynamics
Complexity and synthesis. Two nouns that often pair up since people started crafting artificial languages to describe
sophisticated systems.
To the linguist, a "synthetic language" is one with a high ratio of semantically meaningful pieces (morphemes)
marshalled throughout its lexicon.
When a lot is to be said -- by means of a compact structure --, collection, organization and comprehension represent an epic
movement to the interpreter. Often an epic fail.
This is what reverse engineering modern software is. And this is the case wherein BinNavi posits a tuning to human
cognition. If you happen to not be a philosopher but, rather, a software hacker, this speech, too, targets you: interact with
binary code and with "hidden" data structures as they were part of your ordinary speech. Dead or live analysis by means of
scripting and visualization. Be able to abstract an executable file: be it the language structure, via the RE intermediate language,
or be it the program flow, assisted by graph-theoretic and data modeling procedures.
Be you the philosopher or the hacker, be your analysis experience utterly shifted.
The above, all too wordy? Sit back and watch the pretty pictures come together in a full blown 0day exploit.
Curious and enthusiastic about, basically, every thing. Tiago has found out to enjoy certain things more than others: fine wines,
single malts, pens and panama hats. Less materialist objects such as Bas Alberts, Literature and Logic.
When approaching the ground, at zynamics, he's been thinking about program analysis and visualization, reverse engineering,
bug-hunting and hugging.
Ordinarily, Tiago is at Poetry and in the Classics. He studies Classical Languages at the Federal
Univesity of Paraiba (UFPB) while, he insists, "Rhetoric and Literature can tell more, in a sounder manner, than Mathematics."
Sponsors
Platinum
Gold
Silver
Media Partner
