|XCon2008 Conference Schedule|
|2008-11-18 First Day|
|07:30 - 09:00||Registration & Get XCon2008 Data|
|09:00 - 09:10||Begining Speech|
|09:10 - 10:10||
Chris Peterson, Director of Security Assurance, Microsoft Security Engineering Center. He received his BS in Computer Engineering from the University of New Mexico in 1997. He is now in his 10th year at Microsoft Corporation, currently working as the Director of Security Assurance in the Microsoft Security Engineering Center. Over his career at Microsoft he has worked on a number of key technology areas including the Windows Live ID authentication system, the Live Messenger service, the Security of the MSN and Live Networks, and the security of the Windows operating system. His current role involves the application of the Security Development Lifecycle across all Microsoft products, with particular focus on the Windows operating system. He holds 5 patents in the area of web based authentication and security.
Windows 7 Security Overview
In this presentation, the new security features and mitigation technologies in the next version of the Windows Operating System and the Internet Explorer web browser will be discussed. In addition, the industry leading security engineering practices that are a fundamental part of how Microsoft develops the operating system will be discussed. Demos of certain key security features in Windows 7 and IE 8 will be shown.
|10:10 - 10:30||Rest & Coffee Break|
|10:30 - 11:30||
Wei Wang(aka alert7),the member of XFocus Team,he has been involved in the security community since 1998,discover many vulnerabilities include linux kernel,Oracle,Quicktime,MIT krb5 and so on. he Wrote a book "network Penetration testing" with Xfocus friends at 2005. He work with Mcafee Avert Lab. His blog http://hi.baidu.com/weiwang_blog
Buffer-track using Virtual Machine - Analyze known vulnerability and discover 0day
Currently, the causes of vulnerabilities become more and more complicated, and the analysis of the vulnerability also will be more difficult, and the hard point is in how to analyze the data's flow. Use single manual or script debugger has been far from enough to fit out needs.
The Presentation try to introduced virtual machine technology to automate fine-grained analysis of the data stream, and will allow us to know where the pollution data is going to flow to. That will be clearer to analyze vulnerabilities and identify potential vulnerabilities
|11:30 - 12:30||
Aditya K Sood
Aditya K Sood is an independent Security Researcher and Founder of SecNiche Security. He is a Lead Author for Hakin9 group for writing security and hacking papers. His research has been featured in Usenix; login magazine and Elsevier Network Security Journals. Aditya 's academic background holds a BE and MS in Cyber Law and Information Security from Indian Institute of Information Technology (IIIT-A). He had already spoken at conferences like EuSecWest, XCON, OWASP, CERT-IN etc. In addition to that He is a team lead at Evilfingers community.
His other projects include Mlabs, CERA and Triosec. He has written number of security papers released at packetstorm security, Linux security, infosecwriters, Xssed portal etc. He has also given number of security advisories to forefront companies.
At present he is working as a Security Auditor in KPMG IT Advisory Services where he handles large scale security assessments project.
Rolling Balls ¨C Can You Hack Clients
The world technology works on two sides. The client and server has a perpetual dependency among themselves. This talk is structured to present the ingrained security flaws and inconsistencies that are present in client side software's. Numerous components use client software's that interact directly with the destination server. We will dissect the hacking layout that persists in Instant Messengers like SKYPE, Pidgin, Miranda and sustaining encryption flaws. We will talk RDP, CITRIX and VNC client side insecurities and attacks. The basic concept is to prove how the user interaction leads to exploitation. The client side backdoors and infection through ActiveX Components will be discussed as their vector of infection. Of course browser based vulnerabilities will be stated. Overall this talk will present a complete scenario of hacking clients. It is based on the research conducted and the bugs that have been traversed recently.
|12:30 - 13:30||Rest & Lunch|
|13:30 - 14:30||
The member of XFocus Team
Building GUI-based plugin of Windbg for Heap Overflow analysis
This presentation is going to discuss the complexity of heap analysis, the problem introduced by Vista's enhancement of heap structure, the limitations of windbg plugins, etc. The author will also explore how to program a GUI based plugin for windbg, which can be used to view the heap information, locating the heap related issues, analyzing and locating the vulnerability.
|14:30 - 15:30||
Security Researcher, Windows drivers Engineer, Interest in Rootkit/Anti-Rootkit, nickname:MJ0011
This presentation has revealed a new type of bootkit techonology - Tophet, and some of new technology used at itsfirst-generation model Tophet. Tophet.a is not a virus or Trojan Horse, only be demonstrated as advanced penetration and stealth technology.
Bootkit is more advanced Rootkit, the concept mentioned as early as "BootRoot" project by eEye Digital company at 2005. The project used to infected MBR(master boot record) way to achieve bypass the kernel and start-up check. All the boot stuffs is booted earlier than the windows kernel load, to achieve kernel hijacked, all can be called Bootkit, for example, BIOS Rootkit, VBootkit, SMM Rootkit and so on.
MBR \ Boot Sector \ Nt Os loader are all be monitored and defended by HIPS security software as so far, and like the start-up location as BIOS, SMM, ROM firmware is locked or lack of commonness. so how to hijack the windows kernel more effective, easier, common? Tophet.a use a new way: NtBootdd.sys.
At the same time, Tophet.a explored several disk-level penetration£¬stealth technology, can penetrate all the current active defense software and to install, and also could be hidden under any current anti-Rootkit software's detection.
|15:30 - 16:00||Rest & Coffee Break|
|16:00 - 17:00||
Luciano & Sebastian
Luciano Notarfrancesco is a computer security researcher with more than 10 years experience on the field. Co-founder of netifera, he's currently developing the netifera platform.
Sebastian Muniz worked for several years as a Senior Developer in the telecommunications industry and for the last 3 years as Exploit Writer and Security Researcher. In the last few months he has been working as a Security Consultant for netifera.
In his free time he enjoys disassembling (and sometimes even desoldering) embedded systems like his (ex)DVD Player and (ex)Cable Modem.
The netifera platform: one network one dream
This talk will present netifera, a free and open source platform that provides a framework for creating and integrating security tools with a flexibility that has never been possible before. Providing a set of capabilities across the increasing variety of architectures and operating systems, it allows to run tools in remote and local systems alike, from desktop computers to devices with constrained resources such as embedded systems, without any special considerations in the code.
Netifera is an ecosystem of security information. It integrates all the information that resulted from a tool execution into a central data model in an object-oriented database. This allows netifera to feed the output of tools into new ones, achieving an unprecedented level of collaboration between tools.
During the presentation we will give an introduction to the fundamentals of the architecture and the underlying technologies, and illustrate it with some examples of use. Then we'll talk about the future of the framework. And finally, if time and resources permit, we'll show a live demo.
|17:00 - 18:00||
He graduated from Information Security Institute of Shanghai Jiaotong University. Now work on developing information security products and researching advanced security technology. Four years ago began to focus on researching information security technologies, the main direction of research: Windows system kernel, Rootkit detection and attack, the virtualization technology, reverse engineering
Windows Kernel Protection - Based On Hardware Virtualization Technology
Operation system kernel is no longer safe and trustable because of the development of rootkit technology, and modern anti-virus software can't protect kernel effectively. In 2006, AMD and Intel release their virtualization technology, which can partly control the execution of code under ring0 environment. This presentation summarizes the kernel rootkit technology and then describes how to protect the operation system kernel by hardware virtualization technology. It will demonstrate the implementation of hypervisor frame using Intel VT in detail and several mechanisms to protect the operation system kernel.
|2008-11-19 Second Day|
|09:00 - 10:00||
Alexander Sotirov has been involved in the security community since 1998, when he started contributing to Phreedom Magazine, a Bulgarian underground technical publication. For the past ten years he has been reverse engineering software, researching vulnerabilities and developing advanced exploitation techniques. His most recent work includes the discovery of the ANI vulnerability in Internet Explorer and Firefox, the development of the Heap Feng Shui browser exploitation technique and bypassing of the exploitation mitigations on Windows Vista. His professional experience includes positions as a security researcher at Determina and VMware.
Bypassing browser memory protections in Windows Vista
Over the past several years, Microsoft has implemented a number of memory protection mechanisms with the goal of preventing the reliable exploitation of common software vulnerabilities on the Windows platform. Protection mechanisms such as GS, SafeSEH, DEP and ASLR complicate the exploitation of many memory corruption vulnerabilities.
This work explores the limitations of all aforementioned protection mechanisms, specifically focusing on flaws in their implementation in popular browsers on the Windows platform. I will demonstrate a variety of exploitation techniques using popular browser plugins such as Flash, Java and .NET that can be used to bypass the protections and achieve reliable remote code execution. .
|10:00 - 10:30||Rest & Coffee Break|
|10:30 - 11:30||
kuza55 has been an active member of the web application security research community for the past several years, publishing several papers and presented his findings recently at the 24th Chaos Communications Congress and Bluehat v7. He is the R&D Team Lead at SIFT where he gets paid to break things, and more importantly in his spare time as an independent security researcher, breaks things for the fun of it.
Same Origin Policy
This talk takes the view that the biggest weakness with the Same Origin Policy is that it must be implemented by every component of the browser independently, and if any component implements it differently to other components then the security posture of the browser is altered.As such this talk will examine how the 'Same Origin Policy' is implemented in different circumstances, especially in active content, and where the Same Origin Policy is not really enforced at all.
|11:30 - 12:30||
Adam Laurie is a Director of The Bunker Secure Hosting Ltd. He started in the computer industry in the late Seventies, working as a computer programmer on PDP-8 and other mini computers, and then on various Unix, Dos and CP/M based micro computers as they emerged in the Eighties. He quickly became interested in the underlying network and data protocols, and moved his attention to those areas and away from programming, starting a data conversion company which rapidly grew to become Europe's largest specialist in that field (A.L. downloading Services). During this period, he successfully disproved the industry lie that music CDs could not be read by computers, and, with help from his brother Ben, wrote the world's first CD ripper, 'CDGRAB'. At this point, he and Ben became interested in the newly emerging concept of 'The Internet', and were involved in various early open source projects, the most well known of which is probably their own¡ª'Apache-SSL'¡ªwhich went on to become the de-facto standard secure web server. Since the late Nineties they have focused their attention on security, and have been the authors of various papers exposing flaws in Internet services and/or software, as well as pioneering the concept of re-using military data centres (housed in underground nuclear bunkers) as secure hosting facilities. Adam has been a senior member of staff at DEFCON since 1997, and also acted as a member of staff during the early years of the Black Hat Briefings.
Adam Laurie is member of the Bluetooth SIG Security Experts Group.
Practical RFID hacking
RFID is being embedded in everything... From Passports to Pants. Door Keys to Credit Cards. Mobile Phones to Trash Cans. Pets to People even! For some reason these devices have become the solution to every new problem, and we can't seem to get enough of them....
This talk will look at the underlying technology, what it's being used for, how it works and why it's sometimes a BadIdea(tm) to rely on it for secure applications, and, more worryingly, how this off-the-shelf technology can be used against itself... Software and Hardware tools and techniques will be discussed and demonstrated, and a range of exploits examined in detail.
|12:30 - 13:30||Rest & Lunch|
|13:30 - 14:30||
Jeff Moss, Jeff Moss, also known as Dark Tangent, is the founder of the Black Hat and DEF CON computer hacker conferences. He graduated from Gonzaga University with a BA in Criminal Justice. He worked for Ernst & Young, LLP in their Information System Security division and was a director at Secure Computing Corporation where he helped establish the Professional Services Department in the United States, Asia, and Australia¡£
Western Hacking Culture
|14:30 - 15:30||
Swordlea, director of research and development, is a senior professional of ASM/C/C++, and one of key designers of AVL SDK antivirus engine. His research interest includes antivirus technique, reverse engineering, etc. Some other colleagues work with swordlea to show the representation, whose aren¡¯t introduced respectively.
Printer Virus ,fact or rumor ?
In a February piece for the Memphis Commercial Appeal, a retired air force man mused on the subject of information warfare and how it might be used to strike Iraq down. Dabbling in a little history, the author recounted how in Gulf War I the U.S. drew up plans to take down an Iraqi anti-aircraft system with "specially designed computer viruses [to] infect the system from within. Agents inserted the virus in a printer shipped to an Iraqi air defense site."
Special Forces men were also said to have infiltrated Iraq, where they dug up a fiber-optic cable and jammed a computer virus into it. "It remained dormant until the opening moments of the air war, when it went active..." wrote the columnist. Iraq's air defense system was vanquished.
This story was reported at domestic and abroad, the above mentioned cases have been repeatedly raised. also its authenticity has been questioned repeatedly. Antiy micro-electronics and embedded laboratory is derived through in-depth analysis, detail the implementation of the possibility and feasibility and several related offensive and defensive skills.
Finally Antiy labor will present a five minutes scenario to show: not to alter any software's driver in the mainstream of the current secure configuration system, to control the real system by hardware modify.
|15:30 - 16:00||Rest & Coffee Break|
|16:00 - 16:30||Presentation Grouping Free Exchange|
|16:30 - 17:30||XCon2008 Panel Discussion|
|17:30 - 17:45||XCon2008 Lucky Draw|
|17:45 - 18:00||Closing Speech|
|Registration and Payment Before 01/10/2008||Registration and Payment Before 15/10/2008||Registration and Payment Before 01/11/2008||Registration and Payment Before 15/11/2008||Registration and Payment At Door|
|USD $250||USD $300||USD $350||USD $400||USD $450|
|Organized by : XFocus Team|
|Website: http://www.xfocus.org , http://www.xfocus.org|
|For Speak: firstname.lastname@example.org|
|For Sponsorship: email@example.com|
|For Information: firstname.lastname@example.org|
|Organized by: HuaYongXingAn Science & Technology Co., Ltd.|
No.302 Area 1 Building D
DeSheng Science Park of ZhongGuanCun Science Park,
No.8 XinJieKouWai Street XiCheng District, Beijing China
|Postal Code: 100088|
|Phone: +86 010 62029792|
|Fax: +86 010 62029791|