THIS PAGE IS NO LONGER BEING UPDATED.

Click here to continue.

Well we’re back from HITBSecConf2005 Bahrain and the photos from the event are available online at http://photos.hackinthebox.org/. On behalf of the HITB Crew, we wish to express our heartfelt gratitude to all the speakers and sponsors who supported us for this conference! Thank you!

We will also be putting the presentation slides online in the coming days.

On a side note do stay tuned for the announcement regarding HITBSecConf2005 - Kuala Lumpur, Malaysia… Seeing that it’s our 5th conference, we’re planning something extra special. It’s gonna be cool…

The Star (Malaysia)

Building on the successes of past security conferences, the organiser of the annual Hack In The Box Security Conference (HITBSecConf), has decided to stage another conference outside of Malaysia.

According to Hack In The Box Sdn Bhd, the conference will be held in Manama, Bahrain, from April 10-13 and will feature more than 18 of the world’s renowned hackers and network security researchers. Other experts hailing from Europe, Britain, United States, Canada, Australia and Asia Pacific will also be on hand to present their latest research.

“We’ve had extremely good response to our past conferences in Malaysia and we hope that expanding the HITBSecConf2005 in the Middle East will promote the sharing and dessemination of deep-knowledge technical information,” said Dhillon Andrew Kannabhiran, founder and chief executive of Hack In The Box.

The company first started organising its HITBSecConf four years ago. In recent years, it has managed to attract some of the world’s best-known hackers such as Theo De Raadt and John T. Draper as well as Polish celebrity hackers – The Last Stage of Delirium (LSD) Research Group – who gained fame for “breaking the Windows operating system” in 2003.

Computerworld Malaysia

THE organiser of the popular Hack In The Box Security Conference (HITBSecConf) has announced that over 18 of the world’s renowned hackers and network security researchers would be attending the fourth HITBSecConf, to be held in Manama Bahrain from April 10-13. Organised in partnership with E-Security Gulf Group, a security services and security solutions reseller based in Manama, HITBSecConf2005 will feature experts who will be on hand to present their latest research and findings in the computer and network security fields.

HITBSecConf2005 will run over a period of four days, with a two-day multi-track deep-knowledge network security conference followed by another two days of hands-on technical workshops. Prominent keynote speakers include Bruce Schneier, CTO of Counterpane Internet Security; Paul Mcnabb, general manager and director of business development of Argus Systems; and Jorge Sebastiao, CEO of E-Security Gulf Group.

Bruce Schneier is an internationally renowned security technologist and the author of eight books, including his current bestseller, Beyond Fear: Thinking Sensibly about Security in an Uncertain World. Schneier also designed the popular Blowfish and Twofish encryption algorithms — the latter a finalist for the new Federal Advanced Encryption Standard (AES). He has served on the board of directors of the International Association for Cryptologic Research, and is an advisory board member for the Electronic Privacy Information Centre.

AME Info

This year marks the first time the HITBSecConf is being held outside its main venue in Kuala Lumpur, Malaysia.

A prime network security conference, the HITBSecConf receives visitors from all over the world every year and is represented by some of the biggest names in the network security industry presenting their latest research and findings annually. With growing incidences of security attacks and hacking, businesses around the world have a profound need to implement complete security solutions. The HITBSecConf addresses these security issues on both a regional and international scale, providing solutions for businesses. Speakers at the conference will include: Bruce Schneier, Founder and Chief Technical Officer of Counterpane Internet Security and Paul Mcnabb, General Manager and Director of Business Development of Argus Systems Group.

Gulf Daily News

Bahrain is hosting the Hack In The Box (HITB) 2005 global IT security conference for the first time in the region starting on April 10, announced eSecurity Gulf Group (eSgulf). Two days of workshops with the participation of international, regional and local security experts will follow the two-day conference, being held at the Taj Palace Hotel in Manama. HITB is a well-known event especially in Asia and is sponsored by the non-profit Hack In The Box organisation.

It is being held for the fifth time and focuses on an in-depth knowledge on security and will end on April 13. eSgulf chief executive officer Jorge Sebastiao said the onference primarily aims to promote security awareness to security professionals and their counterparts working in organisations. HITB 2005 targets different levels of security expertise of different sectors including IT managers, application developers, auditors and security consultants.

Below are the list of sponsors and supporting organizations that have come forth to make HITBSecConf2005 - Bahrain a success!

We are proud to announce the finalized list of Sponsors and Supporting Organizations for HITBSecConf2005 - Bahrain.

Microsoft Corporation
Argus Systems Group
Bahrain International Circuit
Gulf Air
Kingdom University Bahrain
Instec Digital Systems
Oracle Corporation
SIAG
Duroob Technology
Qatar Airways

HITBSecConf2005 - Bahrain is also supported by

Bellua Asia Pacific
X-Focus China
Bahrain Information Technology Society

We are proud to announce the latest speaker additions to HITBSecConf2005 - Bahrain.

KEYNOTE SPEAKERS:

Bruce Schneier - Founder and Chief Technical Officer, Counterpane Internet Security
Paul Mcnabb - General Manager and Director of Business Development, Argus Systems Group
Jorge Sebastiao - Chief Executive Officer, E-Security Gulf Group.

The following presenters have also announced their paper titles.

Meder Kydyraliev & Fyodor Yarochkin
Anthony Zboralski (Gaius)
Roberto Preatoni & Fabio Ghioni
Emmanuel Gadaix

In the next couple of days we will be announcing the updated training/workshop tracks that will be conducted on the 12th & 13th April 2005.

Presentation Title: The Latest on Digital Security
Presentation Details: TBA

About Bruce Schneier (Founder and Chief Technical Officer, Counterpane Internet Security):

Internationally-renowned security technologist and author Bruce Schneier is both a Founder and the Chief Technical Officer of Counterpane Internet Security, Inc. the world’s leading protector of networked information - the inventor of outsourced security monitoring and the foremost authority on effective mitigation of emerging IT threats.

Schneier is responsible for maintaining Counterpane’s technical lead in world-class information security technology and its practical and effective implementation. Schneier’s security experience makes him uniquely qualified to shape the direction of the company’s research endeavors, as well as to act as a spokesperson to the business community on security issues and solutions.

Schneier is the author of eight books, including his current best seller, Beyond Fear: Thinking Sensibly about Security in an Uncertain World, which tackles the problems of security from the small to the large: personal safety, crime, corporate security, national security. Secrets & Lies: Digital Security in a Networked World, which was published in October 2000, has sold 100,000 copies. One of his earlier books, Applied Cryptography, now in its second edition, is the seminal work in its field and has sold over 150,000 copies and has been translated into five languages. He writes the free email newsletter Crypto-Gram, which has over 100,000 readers. He has presented papers at many international conferences, and he is a frequent writer, contributing editor, and lecturer on the topics of cryptography, computer security, and privacy.

Schneier designed the popular Blowfish and Twofish encryption algorithms, the atter a finalist for the new Federal Advanced Encryption Standard (AES). Schneier served on the board of directors of the International Association for Cryptologic Research, and is an Advisory Board member for the Electronic Privacy Information Center.

Schneier holds an MS degree in computer science from American University and a BS degree in physics from the University of Rochester.

Presentation Title: The Challenges of OS Security
Presentation Details: TBA

About Paul Mcnabb (General Manager and Director of Business Development, Argus Systems Group):

Paul A. McNabb, General Manager and Director of Business Development, brings over 20 years experience with UNIX software development and administration to Argus. Mr. McNabb developed the architecture of the world’s first third-generation trusted operating system, including the design, development, and testing of many of Argus’ secure UNIX products. In addition, he supervised the unprecedented ITSEC certification of Argus security applications.

Mr. McNabb previously served as Manager of Trusted Products for Addamax Corporation from March 1988 through February 1993, where he was responsible for supporting the security evaluation of all trusted security products. From 1984-1985, he was employed as the Director of Research Facilities for the Computer Science Department at Purdue University. In this capacity, Mr. McNabb was responsible for managing the purchase and administration of all departmental hardware and software. He received a Master of Science degree in Computer Science from Purdue University in 1984.

Mr. McNabb is the deputy director of the University of Illinois Center for Advanced Research in Information Security (CARIS) and is also chairman of the ASP Industry Consortium (ASPIC) Best Practices Security Subcommittee.

Mr. McNabb has participated in defining security issues and economic solutions for architectures ranging from ASP and ISP hosting environments to government and defense information systems. He is a Certified Information Systems Security Professional (CISSP) and has over 20 years direct experience in Internet/ARPAnet development and security. He is a frequent lecturer before industry and academic groups and has been a speaker at more than 40 security conferences and symposia in North America, Europe, Asia and Australia.

Presentation Title: TBA
Presentation Details: TBA

About San: TBA

Presentation Title: TrustedBSD Security Policy Implementation through the MAC Framework
Presentation Details:

The TrustedBSD project is a non-profit effort for the development of FreeBSD’s security extensions. One of the more unique and definitely most powerful extensions is the MAC framework. By touring through the currently available ACL solutions, the benefits of MAC (and the benefits to come) will be made very clear. The TrustedBSD MAC framework permits extensions to be introduced at compile-time, boot-time or at run-time, and provides a number of services to support dynamically introduced policies, including policy-agnostic object labeling services and application interfaces. By tackling the design of the MAC framework through the analysis of the actual implementation, hackers will be introduced to the powerful MAC API that allows virtually infinite flexibility in security policy design, implementation and layering.

About Samy Al Bahra:

Samy Al Bahra has been involved with open-source for over four years, and contributes regularly as a TrustedBSD and arabeyes.org developer. An enthusiastic hobbyist at heart, Samy has contributed to a wide range of other open-source projects and serves as one of the representatives of the Saudi Computer Society’s Linux group (as a regular lecturer). Samy has also served as one of the technical reviewers for Addison Wesley’s “The Design and Implementation of the FreeBSD Operating System” and has several articles littered across the internet.

Presentation Title: Cyber Skirmishes
Presentation Details:

High-tech information warfare is fast becoming a reality. The term information warfare covers a wide range of activity, including corporate and military espionage and intelligence collection, psychological operations and perception management, attacks on communication systems, consumer fraud, and information piracy. In addition, the concept covers specifically computer-related issues: viruses, Trojan horses, and deliberate and targeted hacking efforts such as computer break-ins and denial-of-service attacks (where hackers flood an Internet server with traffic to overload and disable it). Cyber warfare is politically-motivated computer hacking that inflicts severe societal harm, and may also effect nation’s economy and defense. Cyber Warfare is so rapid that it may not give an opponent enough time to “surrender” before permanent and devastating damage is done. It has recently become of increasing importance to the military, the intelligence community, and the business world. Military planners are now imagining soldiers at computer terminals silently invading foreign networks to shut down radars disable electrical facilities and disrupt phone services.

# Introducing Cyber warfare
# Globalization of Cyber Warfare
# Outsourcing Warfare
# Cyber Targets
# Psychology of Modern Warfare
# Cyber Weapons
# Retaliation and Defense Tools

# Cyber battleground of Palestine and Israel
• Political and social effects caused by hacking incidents ( Real Examples)
• Targets
• Searching More Targets
• Famous Hacker Groups
• Volunteer Hackers
• Formation of Groups and their strategies
• Globalizing the war
• Tactics

# Cyber battleground of Iran and USA
• Political and social effects caused by hacking incidents ( Real Examples)
• Targets
• Searching More Targets
• Famous Hacker Groups
• Volunteer Hackers
• Formation of Groups and their strategies
• Globalizing the war
• Tactics

# Cyber battleground of China and USA
• Political and social effects caused by hacking incidents ( Real Examples)
• Targets
• Searching More Targets
• Famous Hacker Groups
• Volunteer Hackers
• Formation of Groups and their strategies
• Globalizing the war
• Tactics

# Cyber battleground of India and Pakistan
• Political and social effects caused by hacking incidents ( Real Examples)
• Targets
• Searching More Targets
• Famous Hacker Groups
• Volunteer Hackers
• Formation of Groups and their strategies
• Globalizing the war
• Tactics

# Capabilities of Al Qaeda
# Al Qaeda’s Interest In Cyber Warfare
# Al Qaeda’s Cryptography as Communication
# Cyber attacks during war of Terrorism
# Cyber attack on Al Qaeda by US
# Cyber Defense Strategies
# How hacking affect military operations?
# Influencing Foreign Policy
# How cyber attacks can spark a Real War?
# Cyber Propaganda and Terrorism
# ECHELON
# Revolution in Military affairs and C4I
# International Law
# Future of Cyber Warfare

About Zubair:

Zubair Khan is a freelance network security consultant. He has been researching mainly on DDoS Attacks and also on various other facets of network security for the past six years. He has given network security consultancy to top organizations of Pakistan. Recently he worked as a network security consultant for C4i of Pakistan. C4i is one of the directorates of Pakistan Army providing secure mode of communication for peacetime and war.

Zubair is founder of hacker’s conferences in Pakistan. His two major events Islamabad Hackers Training Camp 2004 and Islamabad Hackers Convention 2005 turned out to be a huge success. These events created a platform for security professionals in Pakistan. He has also conducted security trainings at various forums which includes government organizations. His research and work is recognized by Chairman of Pakistan Engineering Development Board and Chairman of Pakistan Engineering Council. His work and efforts to create network security awareness are greatly appreciated by high officials of country and also by media agencies.

Presentation Title: Malicious Code Analysis
Presentation Details: This presentation will introduce the audience to the types of malicious code out there today, and how they go about doing what they do by analyzing them behaviourally, and also by reverse engineering the code. We will also examine the various propagation vectors, and what to expect to see in the future. Finally, a discussion of how anti-virus solutions are reactive and how to pro actively protect the network from malicious code by performing trend analysis.

Why is this dicussion important?

Anti-virus companies are reactive. As new viruses emerge and begin infecting customers, these companies then acquire the code, analyze it , and push out a signature to protect their customers. This approach is going to become obsolete with the way things are going. Security professionals will have to become proactive and understand the workings of malicious code, and then be able to protect their networks from the inside.

About Ahmad Elkhatib:

Ahmad Elkhatib is a currently an information security consultant with InnoKAT, a company specializing in security professional services, where he helps top enterprises in the region by designing and implementing their security strategies. Previous to InnoKAT, Ahmad worked at iDEFENSE where he was a Vulnerability Research Engineer with iDEFENSE Labs. He then later moved to the Malicious Code Team as a Malicious Code Analyst. In that role Ahmad analyzed, assessed and reported on cyber threats to iDEFENSE’s Fortune 100 customers. Ahmad also worked with British Telecom’s BTExact as a Wireless Network Security Engineer. He also was an IT consultant for the Computer Aided Engineering Network (CAEN) at the University of Michigan - Ann Arbor. Ahmad holds a degree in Computer Engineering from the University of Michigan - Ann Arbor and is a certified BS ISO 17799 Lead Auditor. Ahmad is also a member of the Information Systems Security Association - Northern Virginia chapter and has participated and presented at various security conferences and academic institutions.

Presentation Title: Whispers On The Wire - Network Based Covert Channels, Exploitation and Detection
Presentation Details:

The presentation aims to acquaint the listener with the intriguing theme of network based covert channels and describes how these copse data communication and hiding techniques can be, and are being actively exploited over various communication networks. It gives the reader a detail insight on the background, methods, tools, detection techniques and future implications associated with them. This presentation will provide the latest insight in to this rapidly evolving field.

About Pukhraj:

Pukhraj Singh is an information security researcher and a technology evangelist. He is currently employed at the Indian R&D base of a Silicon Valley headquartered security start-up. He is a part of the team working on a patent pending, avant-garde device which will prevent intrusions in an novel way. He had a short stint of working with Network Intelligence India, a leading security solutions provider in Asia-Pac region where he worked on varied information security domains like penetration testing, incidence response and vulnerability assessment. Having an innate interest in making people more aware about security and its importance in present scenario, he has spoken in many national conferences and technology meets and written in some leading security resource websites (SecurityFocus.com) and newspapers.

Presentation Title: Unix Kernel Auditing
Presentation Details:

This paper will deal with finding security flaws in unix kernels. Today kernel related security bugs are more important then ever, This is because the average administrator is paying attention to security these days. He/she will usually narrow down everything that can be ran as another user (network daemons, cron scripts, suid and sgid binairies, webapplications, …).

These are in most cases all programs that run in userspace and are usually fairly easy to narrow down. Things are not that easy when it comes to kernels. Most people see kernels as as blackboxes and will stay away from them except for some compile configurations. This is where the problem lies. besides the fact that it is very hard to minimize your kernel they are also a perfect target for attack. Unlike some network applications and suid/sgid binaries kernels have a lot (+1000) of inputs that a user initially controls. Given that no sofware is flawless, and the most unix kernels have more then 1000 inputs it’s safe to say that all unix kernels have severe security bugs that have yet to be discovered.

This paper will describe some common steps into looking for specific security flaws and will try to stipulate where to look for them.

About Ilja:

Ilja van Sprundel is a employee of Suresec Ltd. and has a passion for somewhat offensive computer security. Among other things he has previously implemented a secure credit card transaction solution. Ilja also attended the RWTH-Aachen summerschool of applied I.T security where he learned a great deal about offensive and defensive security mechanisms. He is also the winner of the 21c3 stacksmashing contest and a member of the Netric security research group.

Presentation Title: Wireless Prevention and Protection
Presentation Details: TBA

About Dr. Khaled Negm:

Khaled E. A. Negm, Ph.D., MIEEE, ISSA, ISACA, CISA, FMICTP. MECT*/NATO, USENIX. Dr. Negm is a member of the Information Systems Security Association (ISSA)-USA and Information Systems Audit and Control Association (ISACA)-USA. He is the Associate Chairman for the Security Standards Committee and Secretary for the Scientific Committee of the ISSA for the Middle East and Asia. He is also a member of the Technical Committee of Security Standards of the IEEE and the USENIX group.

He is currently Associate Professor in Etisalat College of Engineering, UAE. For the last 16 years Dr. Negm has been involved in carrying out responsibilities for the Network Security Architecture, including the design, implementation, and administration of firewalls, Web servers, proxy servers, SecureID and other network security components for several Governmental Departments, Security Agencies, Banks and Educational Institutes. He has also provided training and consulting in the areas of security solutions and security audits involving corporate security policies, designing and implementing the corporate firewall solutions, and providing secure access for remote systems.

Dr. Negm is a Senior Member of the IEEE and Member of the Applied Computational Society. His current interest lies in IPSEC, Wireless Security, IT Forensics and the AAA Wireless Problems. Dr. Negm is listed in Who’s Who in Information Technology and Networks Systems Security and Nominated to be the Professional of the Year 2004 (of IT Security) by the International Association of Networking Professionals-USA.

Presentation Title: TBA
Presentation Details: TBA

About Javed: TBA

Presentation Title: Toward Architectural Challenges of Secured Mobile Devices
Presentation Details:

Security is critical to a wide range of current and future wireless data applications and services. In this research proposal I would like to highlight the challenges posed by the need for security during system architecture design for wireless handsets, and provide an overview of emerging techniques to address them. My talk-objective evidently supports that directions.

There are several challenges unique to wireless devices and their environment, which will be addressed in my speech. I envision that, in addition to new security protocols optimized for the wireless environment, new system architectures and system design methodologies will be required to address many of these challenges, including the wireless security processing gap . I would like to mention the ways to discover & minimize those security gaps. Security considerations will become an integral part of system design for wireless handsets, rather than being addressed as an afterthought.

About Manzur:

Manzur Ashraf is a lecturer in the department of computer science & engineering, BRAC University, Dhaka.