X'Con 2004 Information Security Conference

  Closed sucessfully at 18th September 2004

X'Con 2004 Presentations Documents :

FlashSky

Windows Kernel Device Driver Exploit

The presentation will mainly discuss on various problems in exploiting the windows buffer-overflow in kernel mode. Furthermore, details about sechedule implements of Windows OS will be given for make them clearly. Last some examples will be shown to demo how it works, one of them is the exploit against "Symantec Multiple Firewall Remote DNS KERNEL Overflow"

funnywei

Static Detection of Vulnerability by Data Flow Analysis

Introduction to vulnerbilities research based data-flow analysis.

san

Shellcode Penetrate Firewall

This presentation will focus on how to use the current connection of the attack or how to reuse the server's port or other technology that can penetrate the firewall protect.


Matt Conover

Reliable Windows Heap Exploits

Introduction to heap exploits, Windows heap internals, Arbitrary memory overwrite, explained Applications for arbitrary memory overwrite + exploitation demos, Special notes for heap shellcodes, XP SP2


Philippe Langlois

Large Networks and extreme security networks security management

The presentation will show a classical scenario of security policy deployment within network devices through time. From the easy first deployment to massive rules sets after several generation of changes for adding new business. It will also emphasize all the reasons that make policies heavier through time and propose methods to remedy by cleaning and maintaining the active policies to the smallest set possible.


sk from scan-associates.net

Windows Local Kernel Exploitation

The presentation will highlight mechanisms to exploit the Windows Kernel for useful local privilege escalation. Unlike "Shatter Attack" which usually only useful if attacker has physical access of the computer, Kernel exploitation will escalate the attacker to the highest level as the kernel itself without any restriction. The presentation will include usage of undocumented API, memory corruption on device driver, kernel 'shellcode' as well as other relevant tricks to find and exploit the Windows kernel-land for a successful privilege escalation.


Hume

Binary Comparison of Security Patch

The presentation will highlight Comparison of patch ¡ê-A common method to diclose what?¡¥s hidden in patch; Some comparison methods and their defects as to security patch;


flier

.NET Security

.NET Security


Plan9

Advanced shellcode Technique

The presentation will highlight How Going through Firewall?¡é Evading NIDS?¡éAvoiding Application filter?¡éDefeating stack protect mechanism?¡éEvading HIDS


Hui

Active Defense System to Contain Internet Worm

In this paper, three categories of active technologies to contain Internet worm were introduced: vaccination for containing susceptible machines, forcing shutdown for containing infected machines, and bidirectional leading for containing worm spreading traffic. These technologies can be adopted to construct one or more automated Internet worm defense systems in any phase of Internet worm defense: prevention, detection, containment and elimination.


Liulifeng

VoIP network security threats and strategies

VoIP network security threats and strategies.


Liangbin

Enforcing the Principle of Least Privilege with a State-Based Privilege Control Model

A privilege is a special right that a process must possess to perform some security - relevantfunctions.Abuse of a privilege may lead to very serious security problem.The integrity of a privileged process may be compromised severely due to various causes, such as: - vulnerabilities in a system
- malicious codes
- buffer overflow, etc.
Solution: effectively enforce the principle of least privilege.


Lance

Realization of Security Events Management System via OPENSTF

Realization of Security Events Management System via OPENSTF


TK

Reliable enumerating the Windows processes in ring3

Reliable enumerating the Windows processes in ring3


Seak

Embeddable AntiVirus engine in tiny granularity

- Challenges to AV dialectics
- Processing in tiny granularity
- Embeddable Engine


Zhuergang

The Research of Survivability Evaluation & Analysis Model

. Why do we need survivability¡ê?
. Some Concepts of survivability
. The model of survivability evaluation & analysis
. Case study of survivability analysis