Adrian Marinescu

About Adrian Marinescu:

Adrian Marinescu, development lead in the Windows Kernel group, has been with Microsoft Corporation since 1998. He joined then to work on few core components such as user-mode memory management, kernel object management and the kernel inter-process communication mechanism. In the heap management area, Adrian designed and implemented the Low Fragmentation Heap, a highly scalable addition to the Windows Heap Manager, and he currently focuses on techniques of reducing the reliability of certain well known heap exploits.

Presentation Title :

Windows Vista Heap Management Enhancements ¨C Security, Reliability and Performance

Presentation Details:

All applications and operating systems have coding errors and we have seen technical advances both in attack and mitigation sophistication as more security vulnerabilities are exploiting defects related to application and OS memory and heap usage. Starting with W2k3 and XP/SP2 Windows incorporated technologies to reduce the reliability of such attacks. The heap manager in Windows Vista pushes the innovation much further in this area. This talk will describe the challenges the heap team faced and the technical details of the changes coming in Windows Vista.


About Darkne2s:

Darkne2s is the youngest researcher in HuaYongXingAn Science and Technology Co. Ltd. research team. He like to research various operating system, especially on the PHP kernel security.


About A1rsupp1y:

A1rsupp1y focus on Linux kernel security research and various operating system, and interested in decode PHP zend.

Presentation Title :

Decode PHP Zend

Presentation Details:

More and more business PHP program is started to use Zend Encoder to protect the source code security, in order to prevent the code been published and stolen. For a long time, this kind of method haven't published, this topic focus on zend technology and proved that Zend encrypting can be decoded.


About CoolQ:

Security reseacher, whose interest covers new type rootkit, forensic analysis, and automatic code audit.

YuXiang Luo

About YuXiang Luo:

Master candidate of IOS - CAS, is majoring in Secure OS. He's familiar with system kernel level development, and also interested in compiler and static code analysis technology. Now he's participating in the R&D of a project, which makes automatic bug analysis based on source code.

Ce Meng

About Ce Meng:

Graduated from tsinghua university computer science department, now is a PhD student at iscas. His research covers IDS£¬audit and trusted OS. He once participated in a hi-tech research and development program of China, with responsibility for the development of IDS alerts analysis utilities. He has a broad interests in computer science, used to dabble in research on computing model, algorithm and cryptology.

Presentation Title:

Automatic Code Audit With GCC

Presentation Details:

Finding software vulnerabilities in a project with thousands of functions is impossible to check one by one. When you just found out About a new kind of bug, do you want to manually review all the functions for the presence of the bug? A better approach is to modify the GCC code. By doing so, you only have to describe the logical vulnerability of the software, then use GCC to detect that kind of bug automatically.

Dave Aitel

About Dave Aitel:

Dave Aitel is one of the world's foremost experts on fuzzing and vulnerability discovery. His SPIKE Fuzzer Creation Suite has been used by commercial and government agencies for testing network protocols for over half a decade. He is the co-author of the Hacker's Handbook and the Shellcoder's Handbook. He founded and is now the CTO of Immunity, Inc., a Miami-based information security company. His original stint was as a computer scientist at the National Security Agency, after which he spent a few years at @stake, a private security consulting firm, and finally started Immunity, Inc. Immunity¡¯s product CANVAS is used by penetration testing firms, government agencies, large financial firms, and other companies who wish to simulate information attacks against their infrastructure.

Presentation Title:

Microsoft System RPC Fuzz

Presentation Details:

Shows significant advancements in fuzzing MSRPC, but is also useful for people who want to write their own fuzzers or think About fuzzer creation.

Enrique Sanchez

About Enrique Sanchez:

Worked for Defcom (now @stake) in their Swedish offices then opened the Spain office as the CTO of Defcom Spain, also a part of the education team that imparted hecking courses all over europe.

Worked in Kaspersky Mexico as leader of the Virus Research and Vaccine Laboratory based in Mexico.


  • GULEV (Veracruz, Mexico): El Falso Sentido de la Seguridad

  • Foro Tecnoatlantico (Vigo, Spain): APenFra ¨C A Pentesting Framwork

  • G-Con III (Mexico DF, Mexico): Corporate Security

  • G-Con III (Mexico DF, Mexico): APenFra ¨C A Pentesting Framework

  • G-Con II (Mexico DF, Mexico): Hacker targeting

  • G-Con I (Mexico DF, Mexico): First Steganographic virus in Unix

  • Defcon 9 (Las Vegas, USA): DIDSE ¨C Distributed Intrusion Detection System Evasion

  • Courses:

    Teached hacking courses at:
  • England
  • France
  • Spain
  • Denmark
  • Germany
  • Finland
  • Sweden
  • Norway
  • Presentation Title:

    Nhacker: A Neural Hacker

    Presentation Details:

        NHacker is a project that was born in 2003 About neural networks and the posibility of reading and learning hacking and programming. The project has been developed solely by Enrique A. Sanchez Montellano and being dropped more than few times, version 2 of NHacker can read different languages which are C, and PHP for now but more languages are being worked into it.

        NHacker is based on the theory and technology of developing a network that works just like a hacker when is reading code, creating stacks, adding and removing variables, checking sizes, filters, functions, recurrencies, etc.

        This gives NHacker the ability to read code and understand if a bug is present, if the bug can be reached and how to reach the bug, thus giving the network the hability to write code for exploitation of the bug in particular, writting logs About it and giving information to the reader on how to modify the exploit or reach the bug manually.

        This new kind of technology can bring software to it's knees by just letting NHacker run for few days or even hours if the program is not big and find new and complex vulnerabilities, giving back time to the security specialist in finding new techniques or coding them into the NHacker.

    The technology behind NHacker is neural networks, and abstraction of thinking, this gives out the neurons simplicity but at the same time the hability to read, and evaluate a specific case, dropping the result into the evaluation and decision making neurons to be able to then talk to the stack neurons to be able to modify the stack in question and then talk to the exploit writting neurons if a bug has been reached and EIP or EBP can eventually taken over, since that is the function and final destination of NHacker, it really doesn't matter how long or how dificult can be the reaching of the bug, at the end if EIP or EBP can be taken over, NHacker will backtrace the stacks, the functions and write the exploit to reach the bug.

        NHacker was written in C++ to be able to take advantage of Object Oriented Programming thus having the flexibility of creating as many stacks, function reads, neural networks, and neurons as posible and without any dificulty, this design makes adding new languages, new functions or neurons to NHacker really easy and the learning curve is low.

    Fabrice Marie

    About Fabrice Marie:

    Fabrice Marie is a senior security consultant working for FMA-RMS, a small dedicated security firm based in Singapore with offices in Kuala Lumpur. Developer by trade for many years, he has been involved in the information security field for over 7 years. His interests are in cryptography, trusted operating systems, secure programming, open source and firewalling techniques. For the last three years he has been breaking mostly bank and telco web applications in the region, as well as performing penetration tests for them. He holds a bachelor in IT from France, and a CISSP.

    Presentation Title :

    Host-based Application Intrusion Prevention Systems

    Presentation Details:

    Intrusion detection systems have existed for the last 20 years, and trends have shifted from using HIDS to using NIDS. Intrusion Detection Systems can only see symptoms of intrusions on a single host or set of hosts if distributed (for HIDS), and intrusions on network segments (for NIDS).

    Unfortunately today attacks target web applications and there is very little a NIDS or HIDS would catch of these, because they examine lower level protocols and symptoms. Typically IDSes are too generic for complete application protection or application attack detection.

    Moving forward, this presentation will propose a new approach to protecting your data from attackers: Host-based Application Intrusion Prevention Systems.

    We will introduce important new concepts of Application Intrusion Prevention Systems (AIPS), which complements regular NIPS. We will provide a few concrete and effective methods that could be used to perform the application intrusion prevention. Finally we will look at the limitation of AIPS.

    Hopefully, this presentation will pave the way to a new generation of Intrusion Prevention Systems.

    Why is your material different or innovative or significant or an important tutorialApplication security has become increasingly important and yet current IDS technologies cannot catch interesting application hacking.The goal of this presentation is to bootstrap this area of research by providing a simple and reliable framework design and methodology. and on the topic of Hacking Internet Banking Applications in particular.


    About Funnywei:

    The Member of XFocus Team . CS PHD. Focus on security technical research and professional information security loopholes Vulnerability Discovery in the excavation for many years, successive XCon published in a number of high technology content of the speech

    Presentation Title: Vulnerability Discovery 's Past, Present, Future

    Presentation Details:

    Vulnerability discovery technology has been developed for many years, this presentation summarized the methods and techniques of vulnerability discovery with author's research experiences in this area over years, it also clarified the main develop threads and discussed the current hots and directions of this technology.

    Fyodor Yarochkin

    About Fyodor Yarochkin :

    Fyodor Yarochkin is a security hobbyist and happy programmer with a few years spent in business objectives and the "security" service delivery field. These years, however, weren't completely wasted - Fyodor has been contributing his spare time to a few open and closed source projects, that attracted limited use among non-business oriented computer society. He has a background of system administration and programming and holds Engineering degree in Software Engineering and pursuing his Phd degree in Taiwan National University.

    Note: Fyodor is not "nmap Fyodor". (

    Meder Kydyraliev

    About Meder Kydyraliev:

    Meder Kydyraliev is a security researcher interested in network security and applications of AI techniques in ethical hacking. Lately, together with Fyodor, he has been researching to find an intelligent way to automate security assessment processes to free up some time for creative stuff. Meder has obtained his B.S. in software engineering from AUCA/Kyrgyzstan and is currenlty working as an associate for KPMG Singapore doing infosec assessments.

    Presentation Title:

    Applying AI Techniques To Network Intrusion Automation

    Presentation Details:

    Fyodor and Meder in their presentation will uncover the findings and experience obtained during the research work and development of several network security tools, that use various AI techniques to automate data processing and imrpove effectiveness of security test. The presentation will include demonstration of the tools which Fyodor and Meder worked on during past 2 years.

    Zhuting Pan

    About Zhuting Pan:

    He used study in Qinghua Youngster Class for Application and Computer. Graduated from Qinghua University computer and science technology department. He used was the CTO in Is-One Co. Ltd.. Now he is the CTO in Venustech Info. Tech.

    Presentation Title :

    Trusted and Security

    Presentation Details:

    Virus, Worms, Intrusion, Misuse and so on vulnerabilities in security area which pushed the Anti-virus, vulnerability scanning, intrusion detection, firewall and so on things facing the vulnerable security technology tools and management. Along with the information security management system, the trust computing and the structured security method have been accepted. Security is going to a whole new world. How the attacking and defending could find the space between the structured security environment?

    Structure have its dialectic way: simple and complex, close and open, tight and loose and so on. So vulnerability and structured feature is a continuous research subject.

    Marc Schonefeld (Independent Network Security Consultant)

    About Marc Schonefeld:

    Marc Schonefeld is an external PhD student at the University of Bamberg in Germany. His research covers the analysis of interdependencies between programming flaws (antipatterns) and vulnerabilities in software. By developing a framework for flaw detection he found a range of serious bugs in current java runtime environments (JDK) and other java based applications and middleware systems(like Jboss, Cloudscape database, a€|). Some of his findings led to the publication of a number of advisories by Sun Microsystems. In 2004 he presented at DIMVA and D-A-CH conferences and was speaker at Blackhat and RSA in 2003. Also in 2004 he was finalist for the European Information Security Award for his work on java based security antipatterns.

    Presentation Title:

    Pentesting Java/J2EE - Discovering Remote Holes

    Presentation Details:

    Java/J2EE is a widely used industry standard for business applications, although designed with security in mind, flaws in the J2EE framework implementation may lead to holes in the J2EE protection model. This is especially a problem when remote attackers are allowed to influence control flow on the server. This talk addresses the root causes for this problem such as flaws the underlying JRE. Demonstrating these bugs aims to educate system and application developers to code their own classes and therefore get less vulnerable J2EE servers and applications in the future.

    Matt Conover

    About Matt Conover:

    MMatt Conover is a principal security research for Symantec, where he has worked the last 3.5 years, in Advanced Threat Research (group). He has been working at Symantec the last 3.5 years. His area of expertise is Windows security: he has presented on detecting Windows kernel-mode rootkits, Windows heap exploitation, and is now primarily focused on Windows Vista. Matt has been involved in the security commpany since the late 90's. He has already released several Windows security and reversing tools at Presented at CanSecWest 2002 and 2004, SyScan 2004 and 2005, XCon 2004 and 2005, RSA 2005.

    Presentation Title :

    Assessment of the Windows Vista Security Model

    Presentation Details:

    This presentation provides an in-depth technical assessment of the security improvements implemented in Windows Vista, focusing primarily on the areas of User Account Protection and User Interface Privilege Isolation. This presentatoin discusses these features and touches on several of their shortcomings. It then demonstrates how it is possible to combine these attacks to gain full control over the machine from low integrity, low privilege process.

    Saumil Shah

    About Saumil Shah:

    Founder and CEO, Net-Square Solutions Pvt. Ltd.

    Saumil continues to lead the efforts in e-commerce security research and product development at Net-Square. His focus is on researching vulnerabilities with various e-commerce and web based application systems, system architecture for Net-Square's tools and products, and developing short term training programmes. Saumil also provides information security consulting services to Net-Square clients, specializing in ethical hacking and security architecture. He holds a designation of Certified Information Systems Security Professional. Saumil has had more than nine years experience with system administration, network architecture, integrating heterogenous platforms, and information security and has perfomed numerous ethical hacking exercises for many significant companies in the IT area. Saumil is a regular speaker and trainer at security conferences such as BlackHat, RSA, IT Underground etc.

    Previously, Saumil was the Director of Indian operations for Foundstone Inc, where he was instrumental in developing their web application security assessment methodology, the web assessment component of FoundScan - Foundstone's Managed Security Services software and was instrumental in pioneering Foundstone's Ultimate Web Hacking training class.

    Prior to joining Foundstone, Saumil was a senior consultant with Ernst & Young, where he was responsible for the company's ethical hacking and security architecture solutions. Saumil has also worked at the Indian Institute of Management, Ahmedabad, as a research assistant and is currently a visiting faculty member there.

    Saumil graduated from Purdue University with a master's degree in computer science and a strong research background in operating systems, networking, infomation security, and cryptography. At Purdue, he was a research assistant in the COAST (Computer Operations, Audit and Security Technology) laboratory. He got his undergraduate degree in computer engineering from Gujarat University, India. Saumil is a co-author of "Web Hacking: Attacks and Defense" (Addison Wesley, 2002) and is the author of "The Anti-Virus Book" (Tata McGraw-Hill, 1996)

    Presentation Title:

    Writing Metasploit Plugins From Vulnerability To Exploit

    Presentation Details:

    This talk shall focus on exploit development from vulnerabilities. We have seen many postings on security forums which vaguely describe a vulnerability, or sometimes provide a "proof-of-concept" exploit.

    The Metasploit Framework is a powerful tool to assist in the process of vulnerability testing and exploit development. The framework can also be used as an engine to run exploits, with different payloads and post-exploitation mechanisms.

    In this talk, we shall look at how we can construct exploits from published vulnerabilities, using facilities provided by the Metasploit framework. A Unix and a Windows vulnerability example shall be covered. Next we shall demonstrate how to write this exploit as a Metasploit plug-in, so that it can be integrated into the Metasploit Framework.

    Participants shall get insights into discovery and verification of vulnerabilities, finding the entry points, gaining control of program flow, choices of shellcode and finally writing a working exploit for the vulnerability. Participants shall also get an overview of Metasploit's internal modules and how to integrate custom exploits with the Metasploit framework.

    Bing Sun
    About Bing Sun :

    Bing Sun is the Senior Technical Specialist at Internet Security One (China) Ltd. currently, and has held security related positions at several famous companies heretofore, such as Rising and Siemens. SUN BING has more than 6 years of experience in Windows Kernel and Security Techniques (Anti-Virus, Firewall, IPS etc) research & development, especially with deeply delving into Buffer Overflow Prevention and Rootkit Detection. His main work previously involves participating in Rising Anti-Virus Software¡¯s development, publishing the paper <<The Design Of Anti-Virus Engine>> at xfocus, taking charge of the design and development of a desktop security product¡ªLinkTrust IntraSec¡­.

    Presentation Title:

    The Application of the Virtual Machine Technique Under x86 On Security Field

    Presentation Details:

    Just as shown by its title, this presentation is mainly about The Machine Virtualization Technology under x86 architecture, with the focus on its Application On The Computer Security Fields, and the whole presentation will be organized in three sections. In the first section, I will give a brief introduction of VM related background knowledge, and take the VMware Workstation as an example to discuss the internals of Type II Virtual Machine Monitor (VMM) intensively as well. And next comes the most important section¡ªthe application of VM technology, I¡¯ll bring forward a complete technical scheme on how to implement a VM Based Rootkit (VMBR), whose working principle is totally different from all presently prevalent Rootkits, and it¡¯s almost impossible to detect and clear out it by using ordinary software method in theory. Finally, we have a demonstration section where a prototype program of my recently developed VMBR will be shown, which achieves the fire-new stealth by running the target OS (Windows 2000 Professional) at a lowered privilege (ring1).

    Yanhui Tu

    About Yanhui Tu:

    Long term researching on database security development. The writer of "database security and programming technology" by Qinghua University Press, "database recovery technology" by Publishing House of Electronics Industry, and so on. Developed Jin Shan Database security 2006, Jin Shan file shatter mechine.

    Presentation Title :

    NTFS File System Kernel Analysis and Database Security

    Presentation Details:

    NTFS file system is the most useful file system in WindowsNT Knerel operating system. This topic will analyze the NTFS file system from the bottom part, will deep analyze at file management and storage, file access, file log, file catalog implement and disk space management and release. It will have the discussion on the database recovery and database security erase, and will demonstrate the file delete recovery.