Close

Mastery of Physical Security Overview:

Physical security is an oft-overlooked component of data and system security in the technology world. While frequently forgotten, it is no less critical than timely patches, appropriate password policies, and proper user permissions. You can have the most hardened servers and network but that doesn't make the slightest difference if someone can gain direct access to a keyboard or, worse yet, march your hardware right out the door. Those who attend this session will leave with a full awareness of how to best protect buildings and grounds from unauthorized access. Attendees will not only learn how to distinguish good locks and access control from poor ones, but will also become well-versed in picking, bypassing, access controls, electronic systems, and post-intrusion forensics... convince management that a new investment is necessary by showing them yourself how the server room door can be opened without a key in under a minute! :-) If you have your own lockpick tools, you are welcome to bring them, but this is not necessary. A set of tools will be provided to you as part of the course.

Deviant Ollam's Bio:

While paying the bills as a network engineer and security consultant, Deviant Ollam's first and strongest love has always been teaching. A graduate of the New Jersey Institute of Technology's "Science, Technology, & Society" program, he is always fascinated by the interplay that connects human values and social trends to developments in the technical world. A fanatical supporter of First Amendment rights who believes that the best way to increase security is to publicly disclose vulnerabilities, Deviant has given lockpick demonstrations at ShmooCon, DefCon, Black Hat, ToorCon, HOPE, HackCon, HackInTheBox, ShakaCon, and the United States Military Academy at West Point.

Close

Crash Course on Penetration Testing & Web Application Security Testing with Firefox Overview:

Day 1 - Crash Course in Penetration Testing
This course will cover some of the newer aspects of penetration testing such as Open Source Intelligence Gathering with Maltego and other Open Source tools.

Advanced Scanning, Enumeration, Exploitation (remote and client-side), and Post-Exploitation relying heavily on the features included in the Metasploit Framework will also be covered.

Emphasis throughout the entire workshop will be placed on being as stealthy as possible, and dealing with popular defensive technologies such as:

Network Intrusion Detection/Prevention Systems

Host-Based Intrusion Detection/Prevention Systems

Web Application Firewalls

Anti-Virus

Content-Filtering Proxies

Web Application penetration testing will be covered as well with focus on practical exploitation of cross-site scripting (XSS), cross-site request forgery (CSRF), local/remote file includes, and SQL Injection.

Day 2 - Web Application Penetration Testing with Firefox
There are a few commercial vulnerability scanners and penetration testing tools for the Web Application security space. There are even fewer open-source vulnerability scanners and penetration tools that serve this purpose. Firefox with its collection of security extensions and its relative ease of extension development is fast becoming a Web Application Penetration Testing platform of choice.

This workshop will focus on using Firefox as a Web Application Penetration Testing platform, developing Firefox extensions to automate common penetration testing tasks, and writing extensions to address issues that commercial tools don't.

Joe McCray's Bio:

Founder of LearnSecurityOnline.com. Rapid7 Assessment Practice manager

Close

Dangerous Minds: The Art of Guerilla Data Mining Overview: Download Talk

The inspiration of this study is the dollar bill. More specifically the "Eye of Providence" or the "all-seeing eye" floating the back of the US dollar bill. But this presentation is not about Eyes, or the US Dollar, or the Da Vinnci code but about Knowledge and Information.

It is not a secret that in today's world, information is as valuable or maybe even more valuable that any military tool that we have out there. Information is the key. That is why the US Information Awareness Office's (IAO) motto is "scientia est potential", which means "knowledge is power". The IAO just like the CIA, FBI and others make information their business. Aside from these there are multiple military related projects like TALON,ECHELON, ADVISE, and MATRIX that are concerned with information gathering and analysis.

So now in the context of extremely witty acronyms, we would like to present the Virtual Extraction Review, Insight and Threat Analysis System or VERITAS. Unfortunately, it's not actually a system but a framework but I guess it would have to be because it would have much less impact if we called it VERITAF.

VERITAS is a combination of tools and techniques to conduct data mining for security. Think of it as threat Intelligence in a box. The idea here is to use data mining in order to analyze and gain insight on different threats. This can be used to visualize trends (e.g. security trends, worms, viruses), summarize large data sets (forums, blogs, irc), gather a high level understanding of a topic (e.g. technologies), and automatically categorize different topics for research (malware descriptions). And since it's a framework, you can actually use different tools and techniques in order to get what you need.

In this presentation I will give a high level overview of the framework, provide background on data mining, and present some cases to illustrate the approach.

Mark Ryan Talabis's Bio

Ryan is a Consultant within the Secure DNA Consulting practice. He has over eight years of experience in Information Technology (IT) security, systems analysis and design; and software and web applications development. He has extensive experience in vulnerability assessments and application penetration testing and has specialized expertise in security analysis and computer forensics. Recently, he became a founding member of the Hawaii Honeynet Project. Prior to Secure DNA Consulting, he was the lead analyst of the Philippine Honeynet Project. He was a consultant for the Asian Development Bank (ADB), a lecturer for Ateneo de Manila University and the former Director of Software Development of Slingshot Interactive, a startup internet and database consultancy firm in Manila. He has been involved in the various security analysis activities of the Honeynet Research Alliance, Leurre'Com Project, and performed Incident Handling duties for the Philippine CERT and vulnerability and penetration testing for the Asia-Pacific CERT. He is also the Community Manager for Networks and Security Section of the UNDP-APDIP International Open Source Network. He has an MS in Information Technology; Certified Information Systems Security Professional (CISSP); Certified Information Systems Auditor (CISA); a Microsoft Certified Professional (MCP); a GIAC Certified Incident Handler Certification (GCIH); a GIAC Security Essentials Certification (GSEC). He has presented in a number of conferences such as Blackhat, INFORMS, ISSA, etc. He is also very active in honeynet research and has a number of published papers to his name in various peer-reviewed journals.

Close

The Truth about Web Application Firewalls: What the vendors do not want you to know Overview: Download Talk

Web Application Firewalls (WAFs) are quickly taking their place within the network in order to protect web applications against common security holes such as Cross Site Scripting and SQL injection. They are known by other names such as 'Deep Packet Inspection Firewalls' because they look at every request and response within the TLS, HTTP, SOAP, XML-RPC, Web Service layers. Web Application Firewalls can be either software, or hardware appliance based and are typically installed in front of a webserver in an effort to try and shield it from incoming attacks. Today WAF systems are considered the next generation product to protect websites against web hacking attacks.

During this presentation we will show in practice how the big names of Web Application Firewalls can be identified, detected and we will introduce new attacks to evade specific products. Additionally, we will show how Web Application Firewalls can be vulnerable to the same vulnerabilities that they try to protect Web Applications from.

Bonus: we will be releasing a new tool and a new exploit.

Wendel Guglielmetti Henrique and Sandro Gauci's Bio

Wendel Guglielmetti Henrique has worked with IT since 1997, during the last 7 years he has worked in the computer security field. He found vulnerabilities in many softwares like Webmail systems, Access Points, Citrix Metaframe, etc. Some tools he wrote already were used as examples in articles in national magazines like PCWorld Brazil and international ones like Hakin9 Magazine. During the past 3 years he has been working as a Penetration Tester.

Sandro Gauci is the owner and Founder of EnableSecurity (www.enablesecurity.com) where he performs R&D and security consultancy for mid-sized companies. Sandro has over 8 years experience in the security industry and is focused on analysis of security challenges and providing solutions to such threats. His passion is vulnerability research and has previously worked together with various vendors such as Microsoft and Sun to fix security holes. Sandro is the author of the free VoIP security scanning suite SIPVicious (sipvicious.org).

Close

$1.7 Trillion Under Siege (or the role of penetration testing and vulnerability scanning in a really big bank): Download Talk

Taking technical security knowledge and putting it to work in a huge organizations presents many challenges. Among them, how do you communicate technical needs to non-technical people responsible for funding and other key decisions, and then deliver something useful and cost-effective? In this presentation, I plan to use the case study of the Global Vulnerability Management program in my organization to discuss the following:

i) What are we trying to do here: Just what is a global threat and vulnerability management program about? What kind of threats does a large organization face? Are they different then a smaller one?

ii) What are the problems we face: Just what kind of threats do we face? How do you get accurate threat information? how do you convey the seriousness of these issues? how do you co-coordinating resources? how do you deal with regulators and auditors?! How does a techie get his point across in a massive corporate environment?

iii) What was our approach: Technologies we bought, technologies we had to buy. Processes we had to implement and things we had to concede. Making tools do not things that they may not be advertised for. Working with different teams from different fields.

iv) Some more on tools: what's good? what's bad? how do you deal with the bad? why are there so many vendors and how come none of them make what I need?

v) Dealing with regulators and audit issues: Not the most interesting topic, and it drives you nuts, but we need to talk about it (only briefly though)

vi) The future: Where are we going with this?

Mark Stamford's Bio:

Mark's entry into the world of computers came in 1981 when his parents bought him a Sinclair ZX81 (a powerful beast with 1k or RAM). He then proceeded to become acquainted with its workings, then moved on through various machines up to the Mac that his writing this on. Along the way he watched Wargames, got interested in security and went from there. In a professional sense he has worked a couple of jobs in the security field including being the network security bod for a financial trading company, security consultant for a big 4 firm, and now works for a large financial institution heading up the Global Threat and Vulnerability Management Program (that’s a long title to have to put on a card). Where he is responsible for the security of approx 200,000 systems running on a variety of platforms and doing a variety of things.

He also enjoys music (making and listening), getting outside and enjoying nature, the occasional beer with good conversation and the fine movies of Steven Seagal.

Close

Exploit or Exception? Overview: Download Talk

One of my former students said to me, "...the hardest part I find about the job [bug hunting primarily via fuzzers] is identifying what my exceptions are, what causes them, and rather or not they're interesting ..." It turns out this is a bit challenging, particularly if you're new to the world of reverse engineering, debugging, low level exploit development, and such. This talk will walk through examples of fuzzers finding real bugs in software like QuickTime and exploring, technically, rather the bug is "interesting" or not.

Jared DeMott's Bio:

Jared DeMott is a senior security researcher for Crucial Security Inc., frequent speaker, former teacher, and author. He is been deeply involved in the security community since his first job at NSA in 2000. Jared is probably best known for the fuzzing tool, GPF, which he released in 2005.

Close

GSM/GPRS/UMTSsecurity and traffic interception Overview:

I will speak about telecommunications security, focused on GSM/GPRS/UMTS security, traffic interception, mobile phone forensics and anti-forensics,
phone vulnerabilities, how to secure communications, locating mobile phones, secure calls, how to create as secure scenario, (built a own gsm network and how to create a secure pbx to encrypt the calls).
I will do a live demo, sniffing the gsm traffic from different local’s operators with special hardware. The hardware I will use to sniffing the traffic has never been release to the public.

PaTa's Bio:

I’m playing and doing research with telecommunications since I was a child. Nowadays, I’m the coordinator of the telecommunications line at Imaginarium, which is the most specialized toy retail chain in the world, with 340 shops in 28 countries. You can find more information at www.imaginarium.info. Besides, I’m the responsible for two models of mobile phones for children. I have been working at www.indra.es in the past
I have been speaker in some security conferences. Foro Tecnoatlantico Caixa Nova. 2005. Oviedo. Spain Ciclo de conferencias San Alberto Magno. 2005. Murcia University. Spain 1º Congreso Internacional de Hackers. 2004. Manizales University . Colombia G-Con Three, México D.F. 2004. México D.F Undercon. 2003 Murcia. Spain G-Con Two, México D.F 2003. México D.F.

Close

Exploiting Rich Content Overview:

As RIA (Rich Internet Application) technologies flourish onto the marketplace many wonder what impact they will have on the security landscape. Routinely iSEC Partners performs assessments of emerging technologies to better understand their risks and how to remediate these risk in live deployments. As RIA technologies advance vendors move to complex file formats as a solution to deliver rich content. With this in mind iSEC Partners performed an assessment of various file formats used by the popular RIA implementations. During the assessment of these technologies several issues were discovered in the popular technologies. At initial glance these issues may appear harmless. This presentation will demonstrate how these often considered low risk issues can be carefully exploited to have a much deeper impact. Developers should be aware of these common programming mistakes when developing complex file formats, which are especially critical in Rich Internet Applications.

Riley Hassell's Bio:

Riley Bruington Hassell is an internationally recognized security professional. He is an industry expert in the fields of application security assessment, software reverse engineering and malware analysis. Mr. Hassell discovered and disclosed of some of the most critical software vulnerabilities to date. Throughout the year 2000 and 2001 he was responsible for several critical vulnerabilities, each having major repercussions on the security industry at large. Most notably Mr. Hassell was responsible for the discovery of the first critical remote vulnerabilities in Windows 2000 and Windows XP. He also discovered the vulnerability that triggered the Code Red Internet worm. His initial dissection of the worm was used to develop and put in place protect measures to safeguard the network targeted by Code Red, the Whitehouse public network. Taking his research a step further he forecast future worm technologies and presented during presentations at the Blackhat security conference. During the year 2002 Mr. Hassell performed an assessment of the popular security products. During his assessment he discovered critical vulnerabilities in several leading security products, pushing security vendors to take a second look at their software. Mr. Hassell spent the following several years working with start up ventures to pioneer product technologies in the patch management, intrusion prevention, vulnerability analysis and malware analysis fields. Mr. Hassell is currently working with internationally renowned security assessment firm iSec Partners.

Close

Challenge of Windows physical memory acquisition and exploitation Overview: Download Talk

In 2008, companies and governements interests for Microsoft Windows physical memory growed significantly. Acquisition was one of this challenge. Author will present a free and open-source tool he created called win32dd to acquire in various format windows physical memory.
Moreover, he will show how interoperability between exiting format can help incident response engineers, and investigators to improve their results in the extracting information process through existing free tools like Microsoft Windows Debugger.

Matthieu Suiche's Bio:

Matthieu Suiche is a security researcher who focus on reverse code engineering and volatile memory forensics. He had been speaker in various security conferences such as PacSec, BH USA, EUROPOL High Tech Crime Meeting. His previous research on Windows hibernation helped several investigators from all around the world to extract information from an undocumented microsoft file format. He is reachable through his website at http://www.msuiche.net

Close

Microsoft patches little sister but forgets big brother Overview: Download Talk

This presentation introduces methods used by hackers/attackers to hunt vulnerabilities in Microsoft Windows products, such as Internet Explorer and the Windows operating system. These include reverse engineering, surfing the Web, and diffing Microsoft modules. The presentation also covers why these methods are innovative or significant, and includes an important tutorial. Attackers can use these methods to hunt for zero-day exploits.

Summary of the points we plan to cover:

* Introduce past zero-day exploits * Discuss how they were found * Why attackers hunt for zero-days * How a programmer's bug is a hacker's treasure * Microsoft silently fixed vulnerabilities * Hunting zero-days the easy way: DIFFING!

Moti Joseph's Bio:

Moti Joseph has been involved in computer security since 2000. For the past 7 years, he has been working on reverse engineering exploit code and developing security products. He is currently a Senior Security Researcher with Websense Security Labs.

Close

Packing and the Friendly Skies Overview: Download Talk

Many of us attend cons and other events which involve the transportation of computers, photography equipment, or other expensive tech in our bags. If our destination if far-flung, often air travel is involved... this almost always means being separated from our luggage for extended periods of time and entrusting its care to a litany of individuals with questionable ethics and training.

After a particularly horrible episode of baggage pilferage and tool theft, I made the decision to never again fly with an unlocked bag. However, all "TSA compliant" locks tend to be rather awful and provide little to no real security. It was for this reason that I now choose to fly with firearms at all times. Federal law allows me (in fact, it REQUIRES me) to lock my luggage with proper padlocks and does not permit any airport staffer to open my bags once they have left my possession.

In this talk, I will summarize the relevant laws and policies concerning travel with weapons. It's easier than you think, often adds little to no extra time to your schedule (indeed, it can EXPEDITE the check-in process sometimes), and is in my opinion the best way to prevent tampering and theft of bags during air travel.

Deviant Ollam's Bio:

While paying the bills as a network engineer and security consultant, Deviant Ollam's first and strongest love has always been teaching. A graduate of the New Jersey Institute of Technology's Science, Technology, & Society program, he is always fascinated by the interplay that connects human values and social trends to developments in the technical world. A fanatical supporter of First Amendment rights who believes that the best way to increase security is to publicly disclose vulnerabilities, Deviant has given lockpick demonstrations at ShmooCon, DefCon, Black Hat, ToorCon, HOPE, HackCon, HackInTheBox, and the United States Military Academy at West Point

Close

The Art of Espionage Overview: Download Talk

We have all heard the stories about looted laptops, misplaced media, and stupid user mistakes that have lead to losses in the millions. But what about the incidents that don't get published or noticed? This upbeat presentation will discuss the role that espionage plays in today's corporate world and will introduce many new attack and defense techniques. Previously unpublished case studies, a live demonstration, and audience participation will be used to help arm the audience with the basic knowledge needed to implement a multilayered security program that will help defend against these dangerous threats.

Luke McOmie (Pyr0)'s Bio:

Luke McOmie is a Security Consultant for BT/INS. Luke helps protect and defend hundreds of the world's largest companies and organizations. He specializes in Corporate Espionage and Physical Security but is well versed in everything from Risk Analysis and Incident Response. Formerly a senior consultant at the Department of the Interior (Bureau of Communications and Technology), he managed a national CSIRT responsible for Active Threat Defense, Risk Mitigation, and Incident Response. Luke is a senior staff member (goon) at the DEFCON Security Conference (http://www.defcon.org) and also contributes to several computer security organizations including the r00tcellar Security Team, 303 and Security Tribe.

Close

Dynamic Tracing for Exploitation and Fuzzing Overview: Download Talk

This talk will cover the use of dynamic tracing for exploitation development and fuzzing. We will show the audience how dtrace can be used to help track down bugs, visualize code coverage and gather critical information about the application. We will apply these techniques on OS X and FreeBSD giving specific examples and discussing dtrace's limitations. We will also show how a custom programmatic debugger and be created to overcome dtraces limitations. Building on previous work, we will show how dtrace can be used for fuzzing libraries and devices drivers.

Tiller Beauchamp's Bio:

Tiller Beauchamp is a principal security consultant at IOActive, where he helps provide comprehensive security services to customers around the world. Beauchamp enjoys breaking his customers' products and then figuring out how to fix them. His latest areas of interest include application and protocol exploitation, covert channels and malware. Beauchamp has spoke at Blackhat, Defcon and Recon and holds a M.S. degree in Computer Science from the University of Oregon.

Close

Securing With the Enemy: Social Strategy and Teams of Rivals Overview: Download Talk

While computer science is not traditionally viewed as a social science, problems in its domain are inherently social in nature - relating to people, their interactions and the relationships between them and their organizational contexts. The broad scope of the field of "security engineering" and increasing recognition that economics and psychology are integral parts of security are good examples of this, but only begin to scratch the surface. We will present this unexpected new lens and examine the two areas of economics and psychology in security, extracting insights and generalizing concepts to help attendees understand how these perspectives might be useful in their own roles.

Sarah Blankinship will introduce the perspective and explain its application in the Microsoft security ecosystem over the last few years. Sarah is a Senior Security Strategist, an 'EcoStrategist', leading the Security Ecosystem Strategy team within the Microsoft Security Response Center (MSRC) to engage security communities from around the world to research and respond to software vulnerabilities.

Jon Pincus will apply the similar perspective of social science theories to the field of static analysis as it relates to security. Jon's return to static analysis (he was architect of PREFix and PREfast from 1995-2001) provides an opportunity for unique perspective, highlighting where progress has been made, where it hasn't, and identifying remaining barriers to pervasive deployment of static analysis tools -- in particular, user interface challenges for defect understanding and work-in-context. Developments in disciplines like "gender HCI" and captology may offer paths forward. At the same time, efforts like SAMATE and Coverity's Scan are building the social infrastructure to the community as a whole to follow the lead of the security research community and incorporate an explicit ecosystem focus.

The important theme to discuss is opportunities for shared goals and cooperation from organizations and people usually seen as rivals: security researchers and software engineers, developers and security auditors, employees of bitter competitors. In many situations, well-chosen "teams of rivals" strategies -- while easy to overlook -- offer substantial benefits and positive-sum outcomes. We'll close the session by showing how to apply this approach to several timely challenges in the computer security field.

Sarah Blankinship and Jon Pincus's Bio:

Pincus' previous relevant work includes leading the Analysis and Development of Awesome STRAtegies project as General Manger for Strategy Development in Microsoft’s Online Services Group; creating the static analysis tools PREfix and PREfast (now available in Visual Studio) at my startup Intrinsa and then at Microsoft Research.

Blankinship's team, the Microsoft Security Response Center Ecosystem Strategy Team, operates at the intersection of technology and people and strives to understand how vulnerabilities affect the Internet as a whole and the collaboration is meant to advance and improve security. Sarah is an advocate of uniting people, passion and policy to address common security concerns.

Close

Playing with Heyoka: spoofed tunnels, undetectable data exfiltration and more fun with DNS packets Overview: Download Talk

DNS Tunneling is a well known technique, and various free tools are available to play with it. However, its full power has not been fully unleashed yet: several of the existing tools are mostly targeted to read email for free from an airport lounge and not to be used as a deadly post-exploitation weapon. Also, they all suffer from the fact that a DNS tunnel is painfully slow and quite easy to detect and locate.

In this talk we will introduce a few new tricks that will allow us to:
- Improve the tunnel speed, by leveraging the fact that most DNS servers are happy to process packets that are not exactly 100% compliant to the RFCs
- Make the DNS tunnel a lot harder to detect, by spoofing the source IP address of the queries, therefore spreading the traffic signature among all the hosts of the subnet.

Of course there will be a demo, in which we will release the first official version of Heyoka, a brand new tool implementing these ideas.

Alberto Revelli and Nico Leidecker's Bio:

Alberto (aka icesurfer) lives and works in London, where he enjoys the bad weather and the astronomical cost of living. He works as a penetration tester and researcher for Portcullis Computer Security, spending most of his time breaking into web applications and into anything else that happens to tickle his curiosity. He has co-authored the OWASP Testing Guide, is a contributing author of the book "SQL Injection Attacks and Defense" (ISBN: 978-1-59749-424-3) and has developed sqlninja, an open source SQL Server exploitation toolkit (http://sqlninja.sourceforge.net)

Nico got his degree in Computer Science at the Karl-Ruprechts University of Heidelberg, Germany, with a Thesis regarding an Authority Based Extension to the ARP Protocol to prevent MITM attacks. He now works as a penetration tester for Portcullis Computer Security, and in his spare time enjoys analyzing the security of databases (http://www.leidecker.info/downloads/Having_Fun_With_PostgreSQL.pdf) and developing various security tools (http://www.leidecker.info/projects/)

Close

Emerging Trends in Security and Risk Management Overview: Download Talk
The evolution of Security and Risk Management has progressed considerably since the days when a “Firewall” was considered “Security”. Today’s trends involve a greater focus on Risk Management as a corporate function that extends well beyond computers and IT, and extends into the Board Room, into business operations, and is inclusive in its needs. This talk will discuss new models of governance and oversight, new roles that have been taken up by Chief Security Officers, how the process of inclusion has raised awareness and participation in the Security and Risk Management process, and how new operational models have strengthened company’s resilience.

The talk will discuss new models of governance that include stakeholders from multiple areas of the business, approaches to awareness that create higher levels of participation and success, methods to improve efficiencies in security operations, and organizational structures that include key risk management personnel in the process.

Daniel Blander's Bio:

Daniel is President of the consulting firm Techtonica,Inc. and CEO of InfoSecurityLab, Inc. He has over twenty years of experience building world-wide security organizations for international companies in the financial, technology, retail, healthcare, manufacturing, airline, and telcom industries. He has developed unique programs for achieving compliance, governance, operational efficiency, and security awareness and brings a unique perspective from his international experience and contacts. Daniel’s work resulted in his nomination in 2008 as Information Security Executive of the Year for the West by the Executive Alliance.

Close

Sniff keystrokes with lasers/voltmeters: Side Channel Attacks Using Optical Sampling of Mechanical Energy Emissions and Power Line Leakage Overview: Download Talk

TEMPEST attacks, exploiting Electro Magnetic emissions in order to gather data, are often mentioned by the security community, movies and wanna-be spies (or NSA employees we guess...).

While some expensive attacks, especially the ones against CRT/LCD monitors, have been fully researched and described, some others remain relatively unknown and haven't been fully (publicly) researched.

Following the overwhelming success of the SatNav Traffic Channel hijacking talk we continue with the tradition of presenting cool and cheap hardware hacking projects.

We will explore two unconventional approaches for remotely sniffing keystrokes on laptops and desktop computers using mechanical energy emissions and power line leakage. The only thing you need for successful attacks are either the electrical grid or a distant line of sight, no expensive piece of equipment is required.

We will show in detail the two attacks and all the necessary instructions for setting up the equipment. As usual cool gear and videos are going to be featured in order to maximize the presentation.

Andrea Barisani & Daniele Bianco's Bio:

Andrea Barisani is a security researcher and consultant. His professional career began 8 years ago but all really started when a Commodore-64 first arrived in his home when he was 10. Now, 17 years later, Andrea is having fun with large-scale IDS/Firewalls deployment and administration, forensic analysis, vulnerability assessment, penetration testing, security training and his Open Source projects. He eventually found that system and security administration are the only effective way to express his need for paranoia.

Being an active member of the international Open Source and security community he's maintainer/author of the tenshi, ftester projects as well as the founder and project coordinator of the oCERT effort, the Open Source Computer Emergency Reponse Team.

He has been involved in the Gentoo project, being a member of the Gentoo Security and Infrastructure Teams, and the Open Source Security Testing Methodology Manual, becoming an ISECOM Core Team member. Outside the community he has been a security consultant for Italian firms and he's now the co-founder and Chief Security Engineer of Inverse Path Ltd.

He has been a speaker and trainer at PacSec, CanSecWest, BlackHat and DefCon conferences among many others, speaking about SatNav hacking, 0-days, LDAP and other pretty things.

Daniele Bianco is a system administrator and IT consultant. He began his professional career as a system administrator during his early years at university. His interest for centralized management and software integration in Open Source environments has focused his work on design and development of suitable R&D infrastructure.

For the time being Daniele is working as a consultant for Italian astrophysics research institutes, involving support for the design, development and the administration of IT infrastructure.

One of his hobbies has always been playing with hardware and recently he has been pointing his attention on in-car wireless and navigation systems. He's the resident Hardware Hacker for international consultancy Inverse Path Ltd.

Daniele holds a Bachelor's degree in physics from University of Trieste.

Close

Rage Against the Kiosk Overview: Download Talk

My name is Paul Craig, and I am the self proclaimed "King of Kiosk Hacking". Last year at Defcon 16, I released iKAT v1.0 (The Interactive Kiosk Attack Tool). iKAT is an online tool designed to allow users to hack an internet Windows Kiosk terminal, in less than one minute. Thousands of Kiosks worldwide have accessed iKAT and witnessed its Kiosk hacking power. Kiosk vendors ran for cover after the Defcon release, fixing their software and explicitly blocking iKAT and my techniques. The year is now 2009, and I have spent my spare time playing with more Kiosks. With even more success than ever before!

iKAT v2.0 is now ready to be released, with more oh-day, more tools and more tricks, to provide you with the ultimate Kiosk hacking experience.

Paul Craig's Bio:

Paul Craig Paul Craig is a principal security consultant at Security-Assessment.com in Auckland New Zealand, where he runs two teams of penetration testers out of Auckland and Wellington. Paul is an active security researcher, published author, and a devoted hacker. Paul specializes in application penetration testing, and has spoken at various conferences around the globe. Paul is a passionate about security and thrives on privilege escalation and popping shells whenever possible.

Close

Advanced SQL Injection Overview: Download Talk

SQL Injection is a vulnerability that is often missed by web application security scanners, and it's a vulnerability that is often rated as NOT exploitable by security testers when it actually can be exploited.

Advanced SQL Injection is a presentation geared toward showing security professionals advanced exploitation techniques for situations when you must prove to the customer the extent of compromise that is possible.

The key areas are:

* IDS Evasion * Privilege Escalation * Re-Enabling stored procedures * Obtaining an interactive command-shell * Data Exfiltration via DNS

Joe McCray's Bio:

Founder of LearnSecurityOnline.com. Rapid7 Assessment Practice manager

Close

Application Security: For Hackers and Developers (3 day) Overview:

There are four technical skills required by security researchers, software quality assurance engineers, or developers concerned about security: Source code auditing, fuzzing, reverse engineering, and exploitation. All these skills and more are covered in a new and exciting Crucial Security course developed by senior security researcher Jared DeMott. C/C++ code has been plagued by security errors resulting from memory corruption for a long time. Problematic code is discussed and searched for in lectures and labs. Web auditing is covered using WebGoat. Fuzzing is a topic book author DeMott knows about well. Mutation file fuzzing and framework definition construction (Sulley and Peach) are just some of the lecture and lab topics. When it comes to reversing C/C++ (Java and others are briefly discussed) IDA pro is the tool of choice. Deep usage of this tool is covered in lecture and lab. Exploitation discussions and labs are the final component. You’ll enjoy exploiting BSD local programs to Vista browsers using the latest techniques.

Jared DeMott's Bio:

Jared DeMott is a senior security researcher for Crucial Security, based in Chantilly, Virginia. Crucial Security provides state-of-the-art technical engineering and security services to the most elite branches of the Federal Government’s law enforcement and intelligence communities, engineering solutions to meet their demanding requirements. Mr. DeMott previously worked for the NSA and currently teaches computer engineering University classes in the evenings. He has spoken at security conferences such as Black Hat, Defcon, ToorCon, and Shakacon. This background provides an ideal blend of skills for teaching cutting edge security material, in a fun and instructive manner.

Close

Introduction to Malware Analysis (3 day) Overview:

Security researchers are facing a growing problem in the complexity of malicious executables. While dynamic black-box automation tools exist to discover what malware will do on a given execution, it is often important for an analyst to know the full capabilities of a given malware sample. What port does it listen on? What password does it expect for backdoor access? What files will it write to? What will it do tomorrow that it didn't do today?

This class will focus on teaching attendees the steps required to understand the functionality of given malware samples. This is a hands-on course. Attendees will work on real-world malware through a series of lab exercises designed to build their expertise in understanding the analysis process.

Scott Lambert and Jason Geffner's Bio:

Scott Lambert is a Security Program Manager on the Microsoft Malware Protection Center (MMPC) team at Microsoft. He owns advancing internal binary analysis tools in support of vulnerability analysis and automatic signature generation.

Prior to joining Microsoft, Lambert developed, maintained and supported numerous computer security applications ranging from Vulnerability Assessment and Risk Management software to Network and Host- Based Intrusion Detection/Prevention Systems for companies such as L-3 Network Security, Veridian Information Solutions, Symantec Corporation and TippingPoint, a division of 3Com. In addition, he developed and implemented test plans for the evaluation of both wired and wireless Intrusion Detection Systems and performed advanced protocol analysis in support of research and validation of various computer and network vulnerabilities and attack techniques.

Jason Geffner joined Next Generation Security Software Ltd. in June of 2007 as a Principal Security Consultant. Prior to joining NGS, Jason spent nearly three years as a Reverse Engineer on Microsoft Corporation's Anti-Malware Team, where his work involved analyzing malware samples, deobfuscating binaries, and writing tools for analysis and automation. Jason was the Security Research & Response owner of the Windows Malicious Software Removal Tool (MSRT). He chose which new malware families for the MSRT to detect and clean each month based on his analysis of the telemetry and trends of the underground malware community. Jason authored tens of thousands of malware signatures and dozens of malware analyses based on static and dynamic analyses of obfuscated binaries. His work on the MSRT helped hundreds of millions of Windows users each month keep their computers safe and secure. While at Microsoft, Jason was recognized for his reverse engineering skills and for his efforts to drive awareness of reverse engineering practices throughout the company by being given the formal job title "Reverse Engineer"; Jason was the only Microsoft employee with this title.

Jason graduated from Cornell University in 2004 with a Bachelor of Science in Computer Science. He spent his summer of 2003 with Compuware Corporation where he performed full source code recovery on malware samples and penetration-tested in-house copy-protection systems via reverse engineering. During the summer of 2002, Jason worked for Pitney Bowes, where he reverse engineered software security solutions and developed process-stealthing technologies.

Jason holds several patents in the fields of reverse engineering and network security. He is a Program Committee member of the Reverse Engineering Conference (REcon) and a Program Committee member of the International Conference on Malicious and Unwanted Software, is a regular trainer at Black Hat and other industry conferences, is often credited in industry talks and publications, and has been actively reverse engineering and analyzing software protection methods since 1995.

Close

Computer Forensics (3 day) Overview:

Electronic evidence can be collected from a variety of sources. Within an organization’s network, evidence will be found in any form of technology that can be used to transmit or store data. This course was specifically designed for Shakacon III and is based off of Secure DNA’s own HELIX Forensic Reference Model.

First, we give you an in-depth overview of the legal and evidence gathering processes that you should be adhering to and covers why you should be establishing guidelines for your organization, what team member roles should be established and when you should be utilizing forensic techniques. Next, a practical application of open-source tools will show you the essential information that should be captured from a live network analysis. We’ll be covering various file systems and how they store their data showing you numerous artifacts that can be gathered and beneficial to your investigation. Finally, we’ll cover how to preserve the evidence allowing you to archive and further analyze the data offline.

All audiences will gain legal knowledge from this course and the hands-on practical exercises are tailored at an intermediate level to allow for a variety of individuals to benefit from the course material. Students are required to provide a laptop computer for their personal use.

Ryan Wentzel's Bio:

Ryan Wentzel is currently a Senior Consultant within the Secure DNA Consulting Practice. Prior to Secure DNA, he was a law enforcement officer cross ordained as a federal agent assigned to a Hi-Tech Crimes Task Force where he investigated hundreds of technology related cases and provided expert courtroom testimony on numerous occasions. He has specialized expertise in Computer Forensics and E-Discovery and is currently Hawaii’s only publicly documented EnCase Certified Examiner. Ryan has given numerous presentations on various technology topics and recently founded Secure DNA’s Forensic Training Division which provides computer forensic training to local individuals and organizations.

Close

Crash Course on Penetration Testing & Web Application Security Testing with Firefox (2 day) Overview:

Day 1 - Crash Course in Penetration Testing This course will cover some of the newer aspects of penetration testing such as Open Source Intelligence Gathering with Maltego and other Open Source tools.

Advanced Scanning, Enumeration, Exploitation (remote and client-side), and Post-Exploitation relying heavily on the features included in the Metasploit Framework will also be covered.

Emphasis throughout the entire workshop will be placed on being as stealthy as possible, and dealing with popular defensive technologies such as:

- Network Intrusion Detection/Prevention Systems - Host-Based Intrusion Detection/Prevention Systems - Web Application Firewalls - Anti-Virus - Content-Filtering Proxies

Web Application penetration testing will be covered as well with focus on practical exploitation of cross-site scripting (XSS), cross-site request forgery (CSRF), local/remote file includes, and SQL Injection.

Day 2 - Web Application Penetration Testing with Firefox There are a few commercial vulnerability scanners and penetration testing tools for the Web Application security space. There are even fewer open-source vulnerability scanners and penetration tools that serve this purpose. Firefox with its collection of security extensions and its relative ease of extension development is fast becoming a Web Application Penetration Testing platform of choice.

This workshop will focus on using Firefox as a Web Application Penetration Testing platform, developing Firefox extensions to automate common penetration testing tasks, and writing extensions to address issues that commercial tools don't.

Joe McCray's Bio:

Founder of LearnSecurityOnline.com. Rapid7 Assessment Practice manager

+===============================================================================================================================================+
]     ______     __     __     __            _______   ______   .______         .______      ___      .______    _______ .______    _______.    [
]    /      |   /  \   |  |   |  |          |   ____| /  __  \  |   _  \        |   _  \    /   \     |   _  \  |   ____||   _  \  /       |    [
]   /  ,----'  / ^  \  |  |   |  |      ____|  |_____/  |__|  \_|  |_) [     ___|  |_) [___/  ^  \    |  |_) [__|  |__   |  |_) [  ]  ,----'    [
]   ]  |      / /_\  \ |  |   |  |     / ___    _____   ____   _       /    / __    ______   /_\  \   |   ______    __|  |      /  \   \        [
]   \  `-----' _____  \|  `---'  `----' /   |  |     \  `--'  / |  |\  `---' /  |  |     /  _____  \__|  |      |  |_____|  |\  \---'  [        [
]    \________/     \__________________/    |__|      \______/  |__| \______/   |__|    /__/     \_______|      |___________| `._______/        [
]                                                                                                                                               [
+===============================================================================================================================================+

               .oooooo..o  ooooo   ooooo       .o.       oooo    oooo       .o.        .oooooo.     .oooooo.   ooooo      oooo
              d8P'    `Y8  `888'   `888'      .888.      `888   .8P'       .888.      d8P'  `Y8b   d8P'  `Y8b  `888b.     `88'
              Y88bo.        888     888      .8"888.      888  d8'        .8"888.    888          888      888  88` _      88
               `"Y8888o.    888ooooo888     .8' `888.     88888[         .8' `888.   888          888      888   __¦¦¦¦__  88
                   `"Y88b   888     888    .88ooo8888.    888`88b.      .88ooo8888.  888          888      888 _¦¦¦¯¯¯¯¦¦¦¦__       __¯
              oo     .d8P   888     888   .8'     `888.   888  `88b.   .8'     `888. `88b    ooo  `88b         ¯   _¦_ __ ¯¯¦¦___¦¦¯ 
              8""88888P'   o888o   o888o o88o     o8888o o888o  o888o o88o     o8888o `Y8bood8P'   `Y8b  __¦¦¦¦¦¦¦¯ ¦¦¦¦      _______   
                                                                                                        ¦¦¦¯  ¦¦¯   ¦¦¦¦     ¯ __ ¯¦¦_  
                                                                                                       ¦¦¦¦      _¦_¦¦¦¦_¦_ __¯¦¦¦  ¦¦¦
                                                                                                       ¦¦¦¦     ¦¯  ¦¦¦¦ ¯¦¦¯  ¦¦¦  ¦¦¦
                                                                                                       ¦¦¦¦      ¯  ¦¦¦¦   ¯   ¦¦¦_¦¦¯ 
                                                                                                        ¦¦¦_ ¦¦_    ¦¦¦¦      ¯¦¦¦   
                                                                                                         ¯¯¦¦¦¦¦¦_  ¦¦¦¦       ¦¦¦  
                                                                                                                  ¯ ¦¦¦¦_      ¦¦¦ v3.0
                                                                                                                   _¦¦¦¯       ¦¯
                                                                                                                    ¦¯ 
                 
------------------------------------------
              Shakacon III 
        "Sun, Surf, and C Shells"
             CALL FOR PAPERS
   http://www.shakacon.org/2009CFP.html
------------------------------------------
Who:   Shakacon Crew
What:  Shakacon III
When:  June 11 - 12 2009
Where: Paradise (Honolulu, HI - Hawaii Convention Center)
Why:	 Why NOT?
How:   By plane, boat, canoe, yacht, hydrofoil, stand-up paddle board, jet ski, 
long board, dolphin, whale sled, nuclear submarine, etc.


[Overview]
Sitting around somewhere freezing your a$$ off?  Dreaming about warm days, rainbows, decadent 
tropical drinks sipped out of coconuts? Sure you could drop your 0day in Vegas, bring down the 
Internet in Germany, or satisfy your dark desires in Asia but we think you should submit your 
research or topics to our CFP and maybe win yourself a paid trip to Hawaii.  

The Shakacon security conference is a laid back conference where industry, government, academia 
and independent experts will get together to share knowledge and experience in one of the most
beautiful places on Earth.  

Shakacon will offer local, national, and international participants a casual, social, learning 
environment designed to present a "holistic" security view and the opportunity to network with 
peers and fellow enthusiasts in a relaxed setting.  Leave your ego at the airport (or shoreline 
if you come in via another method)as we look forward to attendees varying in skill level from N00b 
to Ninja.
  
During the day, sessions will include: best practices, case studies, research projects, etc. 
covering all different aspects of the information security landscape .  There will be something 
for everyone and if sitting through talks isn't your cup of kava, there will be exciting events 
and contests for you to sharpen your skills and knowledge on.

[Trainer Opportunities]
Don't want to speak at the Con but have an uncanny ability to teach and a proven track record for 
delivering quality courseware and want to come to Hawaii? We're also interested in bringing in trainers
to provide world class training leading up to ShakaCon (June 8, 9, 10). Submit a synopsis/class agenda, prior 
teaching experience, and maybe get selected to teach in Hawaii.

 
[CFP Details]
(1) Abstract for papers must be submitted to the review committee by _February 15th, 2009_.

(2) Selection notification will occur by _February 27th, 2009_ and abstracts posted to the site 
    on _March 1, 2009_.

(3) Slides for your papers must be submitted by _April 15, 2009_.

 
There are only a limited number of speaking sessions for which the conference organizers will provide 
travel and accommodations.  Speaking slots should be generally limited to 1 hour; however we will
accept "turbo" talk submissions and if we have enough we'll blend them into a block of the conference.

The audience will be a broad mix of professional, academic, and enthusiast, so we welcome both technical 
and non-technical submissions on all aspects of security.  The key criteria are practicality and timeliness.  
We want to provide our attendees with up to date materials they can take away and immediately gain
benefit from as well as new research or tools.  Absolutely NO SALES presentations will be accepted ­ our 
attendees don't show up to hear people talk about what you can sell them or why they need your services - or how 
your new anti0daySaaSuberfuzzymagadget will solve all their security woes.

Proposals should include:

 
<Subject Line:>

 
"Shakacon CFP Submission: <paper title>, <your name>"

<Body>
1. Name, address, and contact info.
2. Employer and/or affiliations.
3. Brief biography.
4. Presentation experience.
5. Topic summary.
6. Reason this topic should be considered.
7. Other publications or conferences where this material has been or will be published/submitted.
  
Please include plain text of all information provided in the body of your email as well as any file attachments. 
The plain text information will be reviewed first to find the most suitable candidates.

Please forward the above information to info (at) shakacon.org in order to be considered.
  
More conference information, registration details, and travel partner deals will be posted to:
 
http://www.shakacon.org


ALOHA FROM THE SHAKACON CREW!

Follow Status on:

http://www.twitter.com/shakacon