X'Con 2004 Information Security Conference
|
|
Closed sucessfully at 18th September 2004
|
X'Con 2004 Presentations Documents :
|
FlashSky |
Windows Kernel Device Driver Exploit
|
The presentation will mainly discuss on various problems in exploiting the windows buffer-overflow in kernel mode. Furthermore, details about sechedule implements of Windows OS will be given for make them clearly. Last some examples will be shown to demo how it works, one of them is the exploit against "Symantec Multiple Firewall Remote DNS KERNEL Overflow"
|
funnywei |
Static Detection of Vulnerability by Data Flow Analysis
|
Introduction to vulnerbilities research based data-flow analysis.
|
san |
Shellcode Penetrate Firewall |
This presentation will focus on how to use the current connection of the attack or how to reuse the server's port or other technology that can penetrate the firewall protect.
|
|
Matt Conover |
Reliable Windows Heap Exploits |
Introduction to heap exploits, Windows heap internals, Arbitrary memory overwrite, explained Applications for arbitrary memory overwrite + exploitation demos, Special notes for heap shellcodes, XP SP2 |
|
Philippe Langlois |
Large Networks and extreme security networks security management |
The presentation will show a classical scenario of security policy deployment within network devices through time. From the easy first deployment to massive rules sets after several generation of changes for adding new business. It will also emphasize all the reasons that make policies heavier through time and propose methods to remedy by cleaning and maintaining the active policies to the smallest set possible. |
|
sk from scan-associates.net |
Windows Local Kernel Exploitation |
The presentation will highlight mechanisms to exploit the Windows Kernel for useful local privilege escalation. Unlike "Shatter Attack" which usually only useful if attacker has physical access of the computer, Kernel exploitation will escalate the attacker to the highest level as the kernel itself without any restriction. The presentation will include usage of undocumented API, memory corruption on device driver, kernel 'shellcode' as well as other relevant tricks to find and exploit the Windows kernel-land for a successful privilege escalation. |
|
Hume |
Binary Comparison of Security Patch |
The presentation will highlight Comparison of patch ¡ê-A common method to diclose what?¡¥s hidden in patch; Some comparison methods and their defects as to security patch; |
|
flier |
.NET Security |
.NET Security |
|
Plan9 |
Advanced shellcode Technique |
The presentation will highlight How Going through Firewall?¡é Evading NIDS?¡éAvoiding Application filter?¡éDefeating stack protect mechanism?¡éEvading HIDS |
|
Hui |
Active Defense System to Contain Internet Worm |
In this paper, three categories of active technologies to contain Internet worm were introduced: vaccination for containing susceptible machines, forcing shutdown for containing infected machines, and bidirectional leading for containing worm spreading traffic. These technologies can be adopted to construct one or more automated Internet worm defense systems in any phase of Internet worm defense: prevention, detection, containment and elimination. |
|
Liulifeng |
VoIP network security threats and strategies |
VoIP network security threats and strategies. |
|
Liangbin |
Enforcing the Principle of Least Privilege with a State-Based Privilege Control Model |
A privilege is a special right that a process must possess to perform some security - relevantfunctions.Abuse of a privilege may lead to very serious security problem.The integrity of a privileged process may be compromised severely due to various causes, such as: - vulnerabilities in a system
- malicious codes
- buffer overflow, etc.
Solution: effectively enforce the principle of least privilege. |
|
Lance |
Realization of Security Events Management System via OPENSTF |
Realization of Security Events Management System via OPENSTF |
|
TK |
Reliable enumerating the Windows processes in ring3 |
Reliable enumerating the Windows processes in ring3 |
|
Seak |
Embeddable AntiVirus engine in tiny granularity |
- Challenges to AV dialectics
- Processing in tiny granularity
- Embeddable Engine |
|
Zhuergang |
The Research of Survivability Evaluation & Analysis Model |
. Why do we need survivability¡ê?
. Some Concepts of survivability
. The model of survivability evaluation & analysis
. Case study of survivability analysis |