Presentation Title: Microsoft Windows RPC security vulnerabilities
Presentation Details: The presentation will discuss security vulnerabilities of Microsoft Windows operating systems in the context of RPC communication component. In the beginning a brief introduction to Microsoft RPC with special emphasis on its security will be provided. Further on, the talk will cover reverse engineering techniques that have been successfully applied during the process of a security audit of Windows RPC services along with a description of tools that have been developed for this purpose. Finally, detailed information with regard to exploitation techniques for both stack and heap-based RPC security vulnerabilities will be provided on the basis of examples of recently discovered vulnerabilities.

Presentation Title: Security Myths
Presentation Details: The presentation will discuss various security myths that are still common in the security community. The talk will be strongly based upon history and experiences of the LSD Research Group and most well known projects and events the group participated in. Using the specific case studies, impact of several dangerous security myths related to specific technologies or a general approach to security problems will be presented. Finally, the holistic view of the group on security of complex information systems will be presented.

This presentation is aimed at general audience without the requirement of any experience and skills in the field of computer and network security. Its assumed duration is between 45 and 60 minutes, including time for questions and possible discussion.

About LSD:

The general concept of the Last Stage of Delirium Research Group grew in late 1996. From its very beginning it has been an independent (and non-commercial) informal organization, established by a group of four computer fascinates seeking for expert knowledge in the field of computer and network security. At the beginning we were mainly focused on gaining experience in various operating systems' domains (AIX, *BSD, HP-UX, IRIX, Linux, SCO, Solaris, Unicos and Win32). There are four official members of LSD Research Group. These are Michal Chmielewski, Sergiusz Fonrobert, Adam Gowdiak and Tomasz Ostwald (all founders of the group). Currently all work as security engineers in the same research center. Their interests and currently maintained projects can be divided into several categories:

• Development of technologies for gaining access to systems.
• Techniques for complex and complete penetration tests.
• Methodologies of security management of large, distributed and heterogeneous environments.
• Research experiment with new security solutions, such as distributed host based intrusion detection and prevention systems.
• Security vulnerabilities research.

Presentation Title: Defending Web Applications: Strategies, methods and practices
Presentation Details: Web applications can not be defended by firewall or any other security products. Web application defense strategies require secure coding at application level, knowing your application and protecting them by human intelligence. Knowing your application can lead to profiling your web assets in logical way. Profiling web assets provides better picture of various possible attacks set. Knowing entire attack set greatly helps in designing and implementing defense strategies. Various new design strategies are evolving in area of secure web coding, implementing HTTP/HTTPS security server extensions and following secure practices.

About Shreeraj Shah:

Shreeraj is founding member of Net-Square, the company has a strong security research and software development capability. Net-Square has been instrumental in developing and exporting web security components to well known companies in Security arena like Foundstone and NTObjectives. He leads research and development arm of Net Square. He has over 5 years of experience with system security architecture, system administration, network architecture, web application development, security consulting and has performed network penetration testing and application evaluation exercises for many significant companies in the IT arena. In the past Shreeraj worked with Chase Bank and IBM in area of web security.

Shreeraj graduated from Marist College with a Masters in Computer Science, and has a strong research background in computer networking, application development, and object-oriented programming. He received his graduate degree in Computer Engineering from Gujarat University, and an MBA from Nirma Institute of Management, India. Shreeraj has also authored a book titled "Web Hacking: Attacks and Defense" published by Addison Wesley.

Presentation Title: Hacking with Linux Kernel Modules
Presentation Details: LKMs allow users to write code in the kernel space. Therefore, it becomes extremely easy to use LKMs to perform System Call Interception in order to perform tricks such as: Hide files and processes, trojanize executables, write shell backdoors, and much more. These are the tricks used by authors of most malicious backdoors. Hopefully, this knowledge will allow individuals that have been infected by such backdoors to understand how they work, and how to detect them. Also, two specific examples on how to use LKMs to perform Intrusion Detection will be presented: 1) Howto intercept sys_execve to detect Trojan binaries 2) Howto write your own sandbox environment. In addition, changes within the 2.5+ Kernels will also be discussed. At the end of this presentation, any audience member with minimal programming skills will be able to write his or her own LKMs using the techniques described.  

About Nitesh:

Nitesh Dhanjani is a senior consultant at Ernst & Young's Advanced Security Center. He has performed network, application, web-application, wireless, source-code, host security reviews and security architecture design services for clients in the Fortune 500.

Nitesh is the author of "HackNotes: Unix and Linux Security" (Osborne McGraw-Hill). He is also a contributing author for the best-selling security book "Hacking Exposed 4" and "HackNotes: Network Security".

Prior to joining Ernst & Young, Nitesh worked as consultant for Foundstone Inc. where he performed attack and penetration reviews for many significant companies in the IT arena. While at Foundstone, Nitesh both contributed to and taught parts of Foundstone s "Utimate Hacking: Expert" and "Ultimate Hacking" security courses.

Nitesh has been involved in various educational and open-source projects and continues to be active in the area of system and Linux kernel development. He has published technical articles for various publications such as the Linux Journal.

Nitesh gratuated from Purdue University with both a Bachelors and Masters degree in Computer Science. While at Purdue, he was involed in numerous research projects with the CERIAS (Center for Education and Research Information Assurance and Security) team. During his research at Purdue, Nitesh was responsible for creating content for and teaching C and C++ programming courses to be delieverd remotely as part of a project sponsored by IBM, AT&T, and Intel.

Presentation Title: Hacking software and hardware in a PDA/GSM Device
Presentation Details: The computer world is getting mobile and connected at faster and faster rates. The latest developments are the integration of mobile phones and PDA's connected with WiFi and GPRS. This presentation will show some means of hacking such a device both at the software and hardware level.

As an example the XDA (also known as T-mobile PDA, Qtek or Siemens SX 45 ) will be used. Internal aspects of the ARM based PocketPC Phone Edition will be shown, as well as how the phone portion is connected to it. Examples from simple applications such as unlocking the phone to more complicated attacks will be demonstrated such as how to discover and use JTAG in understanding and attacking embedded devices.

About Job:

Job de Haas got involved in the area of Internet and security in 1991, during his studies in Electrical Engineering, when he responded to Internet providers' offers to hack their sites and win a free account. Following post-graduate studies in Electrical Engineering and three years of work in aerospace robotics at the Netherlands National Aerospace Laboratory he worked for DigiCash, where he acquired experience in cryptographic techniques used in secure, anonymous payment systems for the Internet.

Presentation Title: Putting the Eye on IDS
Presentation Details: Nowadays, a lot of organizations are deploying Intrustion Detection Systems (IDSes) as part of their security infrastructure. In Malaysia, we have seen IDS deployments in the public sector, and also private sector. However, there are a few questions that are always asked by these organizations when deploying IDSes: What is in it for my organization? Unlike other security devices such as firewalls and VPNs, organizations do not see the immediate value of having an IDS. This is due to vendors who are only keen on selling their products, but never understanding the needs of an organization. This presentation will uncover some of the tactics employed by vendors when pushing their products, and will allow organizations to better decide on an IDS implementation.

About Mel:

Meling Mudin is a freelance network security consultant specializing in the areas of intrusion detection and network intrusion analysis. Prior to becoming a freelancer, spoonfork worked as Security Consultant, Software Engineer and System Architect for SCAN Associates Sdn. Bhd. His last major role was as lead architect and designer for SCAN's Managed Security Services solutions. During his free time, he maintains Snort Malaysia's presence located at http://www.my-snort.org. He also fills his idle hours hacking code in Perl.

Articles/Research Papers:

• The Tuxtendo's Tuxkit Rootkit Analysis
• The occasional hacking of web applications
• Design Concept for a Strictly Anomaly-Based Web IDS
• Exploiting Weaknesses in Intrusion Detection Systems
• Nessus Attack Analysis Using Snort
• Understanding IP Fragmentation

Presentation Title: Silence of the LAMP
Presentation Details: TBA

About Saleh:

Mohamad Saleh Bin Mohamad Raub (pokleyzz) is Security Consultant for SCAN Associates; a Malaysian based consulting and security Services Company. SCAN Associates is also two-time winner of the Capture the Flag hacking competition held last year in Malaysia. Pokleyzz is the author of over 18 white papers detailing exploit details and security vulnerabilities, in closed and open source applications. He is also a seasoned Web security auditor, having done extensive research on security issues within the PHP programming language amongst several others.

Presentation Title:From Script Kiddies to Security Consultants
Presentation Details: Frequently, the press has misrepresented hackers, crackers and script kiddies. There is a lot of myth and aura about practitioners of computer and network security. This presentation traces the journey of one such individual as he progresses from playing with the public switched telephone system to the TCP/IP networks of today, and the mobile and 3G networks of tomorrow.

About Dinesh:

Dr. Dinesh Nair is Internet Technology Architect for Alphaque.Com and has been involved in Internet and Security issues since 1986. In 1996 with Thian Seong Yi, he successfully breached security at Asiaconnect.com in response to a challenge by the company. He currently is involved in Managed Services Provisioning and architecting Internet deployed services and applications and was responsible for architecting Malaysia's Multimedia Super Corridor Telemedicine Flagship Application with WorldCare Asia Pte Ltd.

Presentation Topic: The Value of Computer Forensics
Presentation Details: Incident Response (IR) Handling is a hot topic among many organizations these days. Many IT managers in this part of the region are beginning to realize the inevitability of their critical mission systems being compromised. It.s a matter of time. Computer forensics is a component of IR whereby it involves an investigation process to determine what has occurred when a system was compromised.

This presentation would introduce the world of computer forensics to the audience and more importantly, its importance in an organization.s security framework. In addition, the presentation would also touch on how to perform a thorough computer forensic in a legally binding manner. Lastly, an introduction to an assortment of forensic tools that comprises of commercial programs and open-source tools would be presented as well. During the course of the presentation, the speaker would share his consulting experiences with clients ranging from multi-national organizations to government bodies to the audiences.

About CM:

Chun Meng has more than 5 years experience in the IT security field and is responsible for providing consulting services and security training for Spectrum Edge's customers. Areas of expertise include designing security management infrastructures, systems security, system forensics and ethical hacking focusing on Unix and Windows platforms. Chun Meng has provided his expertise to various financial institutions, government bodies, and multinationals primarily in Singapore and Malaysia. Prior to joining Spectrum Edge, Chun Meng worked as a consultant for Infinitum Security in Singapore, performing mainly ethical hacking and security systems audit work. In addition, he has contributed articles to CNET Asia as well as being an avid speaker at major security conferences in his own free time. Chun Meng graduated from Monash University with a Bachelors Degree in Electrical Engineering and is a Certified Information Systems Security Professional (CISSP).

Published Articles:

• Can Managed Security Services really solve your security problems?

Presentation Topic: Advanced Exploit Development
Presentation Details: This presentation focuses on the tools, techniques, and frameworks that can be used to write truly advanced exploit code. Some basic exploit information will be covered, as well as the current state of development, recent trends, and an exclusive look at a number of previously unreleased tools. Attendees will be provided with early access to version 2.0 of the Metasploit Exploit Framework; this package implements many of the techniques presented.

About HD:

HD is one of the founding members of Digital Defense, a security firm that was created in 1999 to provide network risk assessment services. In the last four years, Digital Defense has become one of the leading security service providers for the financial industry, with over 200 clients across 43 states. Service offerings range from automated vulnerability assessments to customized security consulting and penetration testing. HD developed and maintains the assessment engine, performs application code reviews, writes exploits, and is often involved in penetration tests.

Before Digital Defense, HD was one of the youngest employees of Computer Sciences Corporation; developing security tools for the Department of Defense while still in high school. HD has created and contributed to many open-source security projects, presented at a handful of conferences, and has been publicly active in the info-sec community since 1997.

Research sites:

MetaSploit Project: http://www.metasploit.com
Digital Offense: http://www.digitaloffense.net

Presentation Topic: Advanced Linux Kernel Keylogger
Presentation Details: This presentation will discusses some of the more advanced techniques in writing kernel based keyloggers and will present the newest release of THC-vlogger 2.1 with new keystroke logging techniques and more features such as centralized logging. THC-vlogger, first presented in Phrack Magazine #59, enables the capability to log keystrokes of all administrator/user's sessions via console, serial port and Telnet/SSH remote sessions, switching logging modes by using magic passwords, stealthily sending logged data to centralized remote server.

Its smart mode can automatically detect password prompts to log only sensitive user and password information. This talk will also discusses the recently published tool in PHC's 'fake' phrack #62 dealing in the detection and disabling of Sebek, a host based honeypot monitoring tool of the Honeynet project. The presentation will also discuss the advantages of THC-vlogger 2.1 over Sebek and other similar keylogger tools.

About RD:

RD is a seasoned hacker and active member of The Hacker's Choice (THC). His security papers have been published in Phrack magazine and other security publications. RD is also a founding member of the Vietnamese security research group vnSecurity, a pioneer infosec security consulting company in Vietnam.

Published Articles:

• Writing Linux Kernel Keylogger

Presentation Title: Event-driven system security vulnerabilities, an overview and demonstration
Presentation Details: The event-driven model is used to implement software systems like graphical user interfaces (GUIs). An example of such a GUI is Microsoft Windows which we examine in detail. In an event-driven system, applications communicate with each other and with the system through events. While in Windows NT/2000/XP/2003 there is memory protection between applications belonging to different users, there is no protection against receiving events. Thus, events turn out to be a vector of attack.

This presentation will explain the basics of event-driven systems, provide demonstrations, give an overview of existing work on security vulnerabilities in event-driven systems and discuss future developments.

About Simos:

Simeon (simos) Xenitellis is a PhD student at the Information Security Group, Royal Holloway University of London, United Kingdom. He holds an M.Sc. in Information Security from Royal Holloway University of London, United Kingdom. He did his first degree at the TEI of Athens, Greece in Informatics (Computer Science).

His research interests include identification methodologies for security vulnerabilities, vulnerabilities in event-driven systems and static analysis. He has written a guide on open-source public-key infrastructures (http://ospkibook.sourceforge.net/) and wishes to find the time to work more on it.

Published Articles:

- Security vulnerabilities in Event-Driven Systems
- A New Avenue of Attack: Event-driven System Vulnerabilities

Top

Presentation Title: New Generation Frauds
Presentation Details:

Security is not the issue of devices, its the issue of people. Many creditcard companies/banks are changing their panorama of e-transactions such as upgrading Traditional Magnetic Strip to Smart chip based authentication or dual authentication, unfortunately every change has a counter effect like New Generation Cloning (Smart Card Cloning).

This presentation will discuss the new generation frauds such as credit card cloning, smartcard cloning, credit card "trading", smartcard "ripping" with some case studies.

The presentation also discusses online money laundering issues which may impact the govt and financial sectors adversely.

About Ravi:

Ravi completed PG Honors in Computer Science from RGICS, Hyderabad. He supported major media sources in respect of featured stories on the impact of cyber crime in Asia. Ravi possesses the premier Certified Ethical Hacker certification from EC Council, International Council of E-Commerce Consultants, USA. He has worked extensively with leading IT firms in the world, testing and identifying vulnerabilities in their networks, databases and products with various self designed and customised tools.

These have covered a diverse range of industries and such specialized fields as banking specialized in providing "anti-ATM hi-jacking" solutions. He has executed major projects related to telecommunications security and net telephony (where he identified major vulnerabilities for one of the world's largest internet phone firms).

Currently he is heading penetration testing, security practice and investigation teams at NSS. Net Psychology is one of his favourite topics. Ravi has also built a formidable reputation as a "cyber sleuth", and has successfully investigated many cases of computer abuse/misuse through network and computer forensics. He is researching on Hacking, Online Frauds & Prevention at Centre for Information and Network Security, University of Pune and he has devised many exploits like FSO (file system objects) and Docs (system Reshell calling). He has conducted numerous seminars/workshops on "Ethical Hacking" in India, Malaysia, dubai and Singapore. ELERT in Dubai, Ethical Hacking in KL, ATM, Creditcard & GSM frauds in Singapore and Technological Social Engineering in Singapore.

Presentation Title: Threats to Wireless Networks - War Driving
Presentation Details: Wireless networks have become one of the most interesting targets for hackers today. Organizations today are deploying wireless technology at a rapid rate, often without considering all security aspects. This rapid deployment is due, in part, to the low cost of the devices, ease of deployment, and the large productivity gains.

The 1980s, saw "war dialing"--dialing phone numbers until an open modem is found--to access networks. The '90s Internet boom saw other means of attack, such as IP scanners and packet sniffers. Enter the next generation of nefarious network intrusion: war driving.

This presentation shall touch upon the issues related to wireless security.

About Anurana:

He heads the Business Continuation & Disaster Recovery Planning practice of the company. Anurana is a Certified Information Systems Security Professional (CISSP), this security certification is administered by the International Information Systems Security Certification Consortium or (ISC)2. He has formulated the Disaster Recovery and Airbase Rehabilitation plans for the Indian Air Force. He is a certified Open Source Security Expert. A number of published technical cyber security white papers are to his credit. He was awarded the Gold Medal by the USI - a defence think tank for his research paper on cyber security and knowledge management in the armed forces. An ex-fighter pilot from the Indian Air Force awarded a gallantry award for successful handling and risk management of an air-borne emergency situation.

Presentation Title: Snort over IPv6
Presentation Details: TBA

About Pandir:

Shaheezul (Pandir Harris) is currently a programmer for SCAN Associates, focusing on the network security area. At the same time, he is also an IPv6 enthusiast. For past couple of years, he has been working on few IPv6 applications such as IPv6 protocal traslator(NAT-PT), and mobile IPv6. He was also involved in the development of the first and only Malaysian IPv6 tunnel broker (http://tbroker.manis.net.my/) and always exprimenting with latest applications. He was also a co-author on some conference and technical papers presented in APRICOT and IPv6 Summit events.