XCon2008 News
Open Time: 2008-11-18
Address: C.KONG HOTEL
Call For Paper:Chinese Version
English Version
Last Update 2008-10-30
  • XCon2008
  • Speakers
  • Registration
  • Sponsorship
  • Past conferences
  • Contact
XCon2008 Conference Schedule
2008-11-18 First Day
TimeSpeakerPersentation
07:30 - 09:00Registration & Get XCon2008 Data
XCon2008 Start
09:00 - 09:10Begining Speech
09:10 - 10:10 Chris Peterson
Chris Peterson, Director of Security Assurance, Microsoft Security Engineering Center. He received his BS in Computer Engineering from the University of New Mexico in 1997. He is now in his 10th year at Microsoft Corporation, currently working as the Director of Security Assurance in the Microsoft Security Engineering Center. Over his career at Microsoft he has worked on a number of key technology areas including the Windows Live ID authentication system, the Live Messenger service, the Security of the MSN and Live Networks, and the security of the Windows operating system. His current role involves the application of the Security Development Lifecycle across all Microsoft products, with particular focus on the Windows operating system. He holds 5 patents in the area of web based authentication and security.
Windows 7 Security Overview
In this presentation, the new security features and mitigation technologies in the next version of the Windows Operating System and the Internet Explorer web browser will be discussed. In addition, the industry leading security engineering practices that are a fundamental part of how Microsoft develops the operating system will be discussed. Demos of certain key security features in Windows 7 and IE 8 will be shown.
10:10 - 10:30Rest & Coffee Break
10:30 - 11:30 Alert7
Wei Wang(aka alert7),the member of XFocus Team,he has been involved in the security community since 1998,discover many vulnerabilities include linux kernel,Oracle,Quicktime,MIT krb5 and so on. he Wrote a book "network Penetration testing" with Xfocus friends at 2005. He work with Mcafee Avert Lab. His blog http://hi.baidu.com/weiwang_blog
Buffer-track using Virtual Machine - Analyze known vulnerability and discover 0day
Currently, the causes of vulnerabilities become more and more complicated, and the analysis of the vulnerability also will be more difficult, and the hard point is in how to analyze the data's flow. Use single manual or script debugger has been far from enough to fit out needs.

The Presentation try to introduced virtual machine technology to automate fine-grained analysis of the data stream, and will allow us to know where the pollution data is going to flow to. That will be clearer to analyze vulnerabilities and identify potential vulnerabilities
11:30 - 12:30 Aditya K Sood
Aditya K Sood is an independent Security Researcher and Founder of SecNiche Security. He is a Lead Author for Hakin9 group for writing security and hacking papers. His research has been featured in Usenix; login magazine and Elsevier Network Security Journals. Aditya 's academic background holds a BE and MS in Cyber Law and Information Security from Indian Institute of Information Technology (IIIT-A). He had already spoken at conferences like EuSecWest, XCON, OWASP, CERT-IN etc. In addition to that He is a team lead at Evilfingers community.
His other projects include Mlabs, CERA and Triosec. He has written number of security papers released at packetstorm security, Linux security, infosecwriters, Xssed portal etc. He has also given number of security advisories to forefront companies.
At present he is working as a Security Auditor in KPMG IT Advisory Services where he handles large scale security assessments project.
Rolling Balls ¨C Can You Hack Clients
The world technology works on two sides. The client and server has a perpetual dependency among themselves. This talk is structured to present the ingrained security flaws and inconsistencies that are present in client side software's. Numerous components use client software's that interact directly with the destination server. We will dissect the hacking layout that persists in Instant Messengers like SKYPE, Pidgin, Miranda and sustaining encryption flaws. We will talk RDP, CITRIX and VNC client side insecurities and attacks. The basic concept is to prove how the user interaction leads to exploitation. The client side backdoors and infection through ActiveX Components will be discussed as their vector of infection. Of course browser based vulnerabilities will be stated. Overall this talk will present a complete scenario of hacking clients. It is based on the research conducted and the bugs that have been traversed recently.
12:30 - 13:30Rest & Lunch
13:30 - 14:30 FlashSky
The member of XFocus Team
Building GUI-based plugin of Windbg for Heap Overflow analysis
This presentation is going to discuss the complexity of heap analysis, the problem introduced by Vista's enhancement of heap structure, the limitations of windbg plugins, etc. The author will also explore how to program a GUI based plugin for windbg, which can be used to view the heap information, locating the heap related issues, analyzing and locating the vulnerability.
14:30 - 15:30 MJ0011
Security Researcher, Windows drivers Engineer, Interest in Rootkit/Anti-Rootkit, nickname:MJ0011
Advanced Bootkit-Tophet
This presentation has revealed a new type of bootkit techonology - Tophet, and some of new technology used at itsfirst-generation model Tophet. Tophet.a is not a virus or Trojan Horse, only be demonstrated as advanced penetration and stealth technology.
Bootkit is more advanced Rootkit, the concept mentioned as early as "BootRoot" project by eEye Digital company at 2005. The project used to infected MBR(master boot record) way to achieve bypass the kernel and start-up check. All the boot stuffs is booted earlier than the windows kernel load, to achieve kernel hijacked, all can be called Bootkit, for example, BIOS Rootkit, VBootkit, SMM Rootkit and so on.
MBR \ Boot Sector \ Nt Os loader are all be monitored and defended by HIPS security software as so far, and like the start-up location as BIOS, SMM, ROM firmware is locked or lack of commonness. so how to hijack the windows kernel more effective, easier, common? Tophet.a use a new way: NtBootdd.sys.
At the same time, Tophet.a explored several disk-level penetration£¬stealth technology, can penetrate all the current active defense software and to install, and also could be hidden under any current anti-Rootkit software's detection.
15:30 - 16:00Rest & Coffee Break
16:00 - 17:00 Luciano & Sebastian
Luciano Notarfrancesco is a computer security researcher with more than 10 years experience on the field. Co-founder of netifera, he's currently developing the netifera platform.
Sebastian Muniz worked for several years as a Senior Developer in the telecommunications industry and for the last 3 years as Exploit Writer and Security Researcher. In the last few months he has been working as a Security Consultant for netifera.
In his free time he enjoys disassembling (and sometimes even desoldering) embedded systems like his (ex)DVD Player and (ex)Cable Modem.
The netifera platform: one network one dream
This talk will present netifera, a free and open source platform that provides a framework for creating and integrating security tools with a flexibility that has never been possible before. Providing a set of capabilities across the increasing variety of architectures and operating systems, it allows to run tools in remote and local systems alike, from desktop computers to devices with constrained resources such as embedded systems, without any special considerations in the code.

Netifera is an ecosystem of security information. It integrates all the information that resulted from a tool execution into a central data model in an object-oriented database. This allows netifera to feed the output of tools into new ones, achieving an unprecedented level of collaboration between tools.

During the presentation we will give an introduction to the fundamentals of the architecture and the underlying technologies, and illustrate it with some examples of use. Then we'll talk about the future of the framework. And finally, if time and resources permit, we'll show a live demo.
17:00 - 18:00 XuHao
He graduated from Information Security Institute of Shanghai Jiaotong University. Now work on developing information security products and researching advanced security technology. Four years ago began to focus on researching information security technologies, the main direction of research: Windows system kernel, Rootkit detection and attack, the virtualization technology, reverse engineering
Windows Kernel Protection - Based On Hardware Virtualization Technology
Operation system kernel is no longer safe and trustable because of the development of rootkit technology, and modern anti-virus software can't protect kernel effectively. In 2006, AMD and Intel release their virtualization technology, which can partly control the execution of code under ring0 environment. This presentation summarizes the kernel rootkit technology and then describes how to protect the operation system kernel by hardware virtualization technology. It will demonstrate the implementation of hypervisor frame using Intel VT in detail and several mechanisms to protect the operation system kernel.
2008-11-19 Second Day
TimeSpeakerPersentation
09:00 - 10:00 Alexander Sotirov
Alexander Sotirov has been involved in the security community since 1998, when he started contributing to Phreedom Magazine, a Bulgarian underground technical publication. For the past ten years he has been reverse engineering software, researching vulnerabilities and developing advanced exploitation techniques. His most recent work includes the discovery of the ANI vulnerability in Internet Explorer and Firefox, the development of the Heap Feng Shui browser exploitation technique and bypassing of the exploitation mitigations on Windows Vista. His professional experience includes positions as a security researcher at Determina and VMware.
Bypassing browser memory protections in Windows Vista
Over the past several years, Microsoft has implemented a number of memory protection mechanisms with the goal of preventing the reliable exploitation of common software vulnerabilities on the Windows platform. Protection mechanisms such as GS, SafeSEH, DEP and ASLR complicate the exploitation of many memory corruption vulnerabilities.

This work explores the limitations of all aforementioned protection mechanisms, specifically focusing on flaws in their implementation in popular browsers on the Windows platform. I will demonstrate a variety of exploitation techniques using popular browser plugins such as Flash, Java and .NET that can be used to bypass the protections and achieve reliable remote code execution. .
10:00 - 10:30Rest & Coffee Break
10:30 - 11:30 kuza55
kuza55 has been an active member of the web application security research community for the past several years, publishing several papers and presented his findings recently at the 24th Chaos Communications Congress and Bluehat v7. He is the R&D Team Lead at SIFT where he gets paid to break things, and more importantly in his spare time as an independent security researcher, breaks things for the fun of it.
Same Origin Policy
The Same Origin Policy is the most talked about security policy which relates to web applications, it is the constraint within browsers that ideally stops active content from different origins arbitrarily communicating with each other. This policy has given rise to the class of bugs known as Cross-Site Scripting (XSS) vulnerabilities, though a more accurate term is usually JavaScript injection, where the ability to force an application to echo crafted data gives an attacker the ability to execute JavaScript within the context of the vulnerable origin.

This talk takes the view that the biggest weakness with the Same Origin Policy is that it must be implemented by every component of the browser independently, and if any component implements it differently to other components then the security posture of the browser is altered.As such this talk will examine how the 'Same Origin Policy' is implemented in different circumstances, especially in active content, and where the Same Origin Policy is not really enforced at all.
11:30 - 12:30 Adam Laurie
Adam Laurie is a Director of The Bunker Secure Hosting Ltd. He started in the computer industry in the late Seventies, working as a computer programmer on PDP-8 and other mini computers, and then on various Unix, Dos and CP/M based micro computers as they emerged in the Eighties. He quickly became interested in the underlying network and data protocols, and moved his attention to those areas and away from programming, starting a data conversion company which rapidly grew to become Europe's largest specialist in that field (A.L. downloading Services). During this period, he successfully disproved the industry lie that music CDs could not be read by computers, and, with help from his brother Ben, wrote the world's first CD ripper, 'CDGRAB'. At this point, he and Ben became interested in the newly emerging concept of 'The Internet', and were involved in various early open source projects, the most well known of which is probably their own¡ª'Apache-SSL'¡ªwhich went on to become the de-facto standard secure web server. Since the late Nineties they have focused their attention on security, and have been the authors of various papers exposing flaws in Internet services and/or software, as well as pioneering the concept of re-using military data centres (housed in underground nuclear bunkers) as secure hosting facilities. Adam has been a senior member of staff at DEFCON since 1997, and also acted as a member of staff during the early years of the Black Hat Briefings.

Adam Laurie is member of the Bluetooth SIG Security Experts Group.
Practical RFID hacking
RFID is being embedded in everything... From Passports to Pants. Door Keys to Credit Cards. Mobile Phones to Trash Cans. Pets to People even! For some reason these devices have become the solution to every new problem, and we can't seem to get enough of them....

This talk will look at the underlying technology, what it's being used for, how it works and why it's sometimes a BadIdea(tm) to rely on it for secure applications, and, more worryingly, how this off-the-shelf technology can be used against itself... Software and Hardware tools and techniques will be discussed and demonstrated, and a range of exploits examined in detail.
12:30 - 13:30Rest & Lunch
13:30 - 14:30 Jeff Moss
Jeff Moss, Jeff Moss, also known as Dark Tangent, is the founder of the Black Hat and DEF CON computer hacker conferences. He graduated from Gonzaga University with a BA in Criminal Justice. He worked for Ernst & Young, LLP in their Information System Security division and was a director at Secure Computing Corporation where he helped establish the Professional Services Department in the United States, Asia, and Australia¡£
Western Hacking Culture
TBA
14:30 - 15:30 swordlea
Swordlea, director of research and development, is a senior professional of ASM/C/C++, and one of key designers of AVL SDK antivirus engine. His research interest includes antivirus technique, reverse engineering, etc. Some other colleagues work with swordlea to show the representation, whose aren¡¯t introduced respectively.
Printer Virus ,fact or rumor ?
In a February piece for the Memphis Commercial Appeal, a retired air force man mused on the subject of information warfare and how it might be used to strike Iraq down. Dabbling in a little history, the author recounted how in Gulf War I the U.S. drew up plans to take down an Iraqi anti-aircraft system with "specially designed computer viruses [to] infect the system from within. Agents inserted the virus in a printer shipped to an Iraqi air defense site."
Special Forces men were also said to have infiltrated Iraq, where they dug up a fiber-optic cable and jammed a computer virus into it. "It remained dormant until the opening moments of the air war, when it went active..." wrote the columnist. Iraq's air defense system was vanquished.
-----http://www.theregister.co.uk/2003/03/10/one_printer_one_virus_one/
This story was reported at domestic and abroad, the above mentioned cases have been repeatedly raised. also its authenticity has been questioned repeatedly. Antiy micro-electronics and embedded laboratory is derived through in-depth analysis, detail the implementation of the possibility and feasibility and several related offensive and defensive skills.
Finally Antiy labor will present a five minutes scenario to show: not to alter any software's driver in the mainstream of the current secure configuration system, to control the real system by hardware modify.
15:30 - 16:00Rest & Coffee Break
16:00 - 16:30Presentation Grouping Free Exchange
16:30 - 17:30XCon2008 Panel Discussion
17:30 - 17:45XCon2008 Lucky Draw
17:45 - 18:00Closing Speech
XCon2008 Close
Speaker Presentation
Adam Laurie
Adam Laurie is a Director of The Bunker Secure Hosting Ltd. He started in the computer industry in the late Seventies, working as a computer programmer on PDP-8 and other mini computers, and then on various Unix, Dos and CP/M based micro computers as they emerged in the Eighties. He quickly became interested in the underlying network and data protocols, and moved his attention to those areas and away from programming, starting a data conversion company which rapidly grew to become Europe's largest specialist in that field (A.L. downloading Services). During this period, he successfully disproved the industry lie that music CDs could not be read by computers, and, with help from his brother Ben, wrote the world's first CD ripper, 'CDGRAB'. At this point, he and Ben became interested in the newly emerging concept of 'The Internet', and were involved in various early open source projects, the most well known of which is probably their own¡ª'Apache-SSL'¡ªwhich went on to become the de-facto standard secure web server. Since the late Nineties they have focused their attention on security, and have been the authors of various papers exposing flaws in Internet services and/or software, as well as pioneering the concept of re-using military data centres (housed in underground nuclear bunkers) as secure hosting facilities. Adam has been a senior member of staff at DEFCON since 1997, and also acted as a member of staff during the early years of the Black Hat Briefings.

Adam Laurie is member of the Bluetooth SIG Security Experts Group.
Practical RFID hacking
RFID is being embedded in everything... From Passports to Pants. Door Keys to Credit Cards. Mobile Phones to Trash Cans. Pets to People even! For some reason these devices have become the solution to every new problem, and we can't seem to get enough of them....

This talk will look at the underlying technology, what it's being used for, how it works and why it's sometimes a BadIdea(tm) to rely on it for secure applications, and, more worryingly, how this off-the-shelf technology can be used against itself... Software and Hardware tools and techniques will be discussed and demonstrated, and a range of exploits examined in detail.
Aditya K Sood
Aditya K Sood is an independent Security Researcher and Founder of SecNiche Security. He is a Lead Author for Hakin9 group for writing security and hacking papers. His research has been featured in Usenix; login magazine and Elsevier Network Security Journals. Aditya 's academic background holds a BE and MS in Cyber Law and Information Security from Indian Institute of Information Technology (IIIT-A). He had already spoken at conferences like EuSecWest, XCON, OWASP, CERT-IN etc. In addition to that He is a team lead at Evilfingers community.
His other projects include Mlabs, CERA and Triosec. He has written number of security papers released at packetstorm security, Linux security, infosecwriters, Xssed portal etc. He has also given number of security advisories to forefront companies.
At present he is working as a Security Auditor in KPMG IT Advisory Services where he handles large scale security assessments project.
Rolling Balls ¨C Can You Hack Clients
The world technology works on two sides. The client and server has a perpetual dependency among themselves. This talk is structured to present the ingrained security flaws and inconsistencies that are present in client side software's. Numerous components use client software's that interact directly with the destination server. We will dissect the hacking layout that persists in Instant Messengers like SKYPE, Pidgin, Miranda and sustaining encryption flaws. We will talk RDP, CITRIX and VNC client side insecurities and attacks. The basic concept is to prove how the user interaction leads to exploitation. The client side backdoors and infection through ActiveX Components will be discussed as their vector of infection. Of course browser based vulnerabilities will be stated. Overall this talk will present a complete scenario of hacking clients. It is based on the research conducted and the bugs that have been traversed recently.
Alexander Sotirov
Alexander Sotirov has been involved in the security community since 1998, when he started contributing to Phreedom Magazine, a Bulgarian underground technical publication. For the past ten years he has been reverse engineering software, researching vulnerabilities and developing advanced exploitation techniques. His most recent work includes the discovery of the ANI vulnerability in Internet Explorer and Firefox, the development of the Heap Feng Shui browser exploitation technique and bypassing of the exploitation mitigations on Windows Vista. His professional experience includes positions as a security researcher at Determina and VMware.
Bypassing browser memory protections in Windows Vista
Over the past several years, Microsoft has implemented a number of memory protection mechanisms with the goal of preventing the reliable exploitation of common software vulnerabilities on the Windows platform. Protection mechanisms such as GS, SafeSEH, DEP and ASLR complicate the exploitation of many memory corruption vulnerabilities.

This work explores the limitations of all aforementioned protection mechanisms, specifically focusing on flaws in their implementation in popular browsers on the Windows platform. I will demonstrate a variety of exploitation techniques using popular browser plugins such as Flash, Java and .NET that can be used to bypass the protections and achieve reliable remote code execution. .
Alert7
Wei Wang(aka alert7),the member of XFocus Team,he has been involved in the security community since 1998,discover many vulnerabilities include linux kernel,Oracle,Quicktime,MIT krb5 and so on. he Wrote a book "network Penetration testing" with Xfocus friends at 2005. He work with Mcafee Avert Lab. His blog http://hi.baidu.com/weiwang_blog
Buffer-track using Virtual Machine ---analyse known vulnerablility and discover 0day
Currently, the causes of vulnerabilities become more and more complicated, and the analysis of the vulnerability also will be more difficult, and the hard point is in how to analyze the data's flow. Use single manual or script debugger has been far from enough to fit out needs.

The Presentation try to introduced virtual machine technology to automate fine-grained analysis of the data stream, and will allow us to know where the pollution data is going to flow to. That will be clearer to analyze vulnerabilities and identify potential vulnerabilities
Chris Peterson
Chris Peterson, Director of Security Assurance, Microsoft Security Engineering Center. He received his BS in Computer Engineering from the University of New Mexico in 1997. He is now in his 10th year at Microsoft Corporation, currently working as the Director of Security Assurance in the Microsoft Security Engineering Center. Over his career at Microsoft he has worked on a number of key technology areas including the Windows Live ID authentication system, the Live Messenger service, the Security of the MSN and Live Networks, and the security of the Windows operating system. His current role involves the application of the Security Development Lifecycle across all Microsoft products, with particular focus on the Windows operating system. He holds 5 patents in the area of web based authentication and security.
Windows 7 Security Overview
In this presentation, the new security features and mitigation technologies in the next version of the Windows Operating System and the Internet Explorer web browser will be discussed. In addition, the industry leading security engineering practices that are a fundamental part of how Microsoft develops the operating system will be discussed. Demos of certain key security features in Windows 7 and IE 8 will be shown.
FlashSky
The member of XFocus Team
Building GUI-based plugin of Windbg for Heap Overflow analysis
This presentation is going to discuss the complexity of heap analysis, the problem introduced by Vista's enhancement of heap structure, the limitations of windbg plugins, etc. The author will also explore how to program a GUI based plugin for windbg, which can be used to view the heap information, locating the heap related issues, analyzing and locating the vulnerability.
Jeff Moss
JJeff Moss, Jeff Moss, also known as Dark Tangent, is the founder of the Black Hat and DEF CON computer hacker conferences. He graduated from Gonzaga University with a BA in Criminal Justice. He worked for Ernst & Young, LLP in their Information System Security division and was a director at Secure Computing Corporation where he helped establish the Professional Services Department in the United States, Asia, and Australia¡£
Western Hacking Culture
TBA
kuza55
kuza55 has been an active member of the web application security research community for the past several years, publishing several papers and presented his findings recently at the 24th Chaos Communications Congress and Bluehat v7. He is the R&D Team Lead at SIFT where he gets paid to break things, and more importantly in his spare time as an independent security researcher, breaks things for the fun of it.
Same Origin Policy
The Same Origin Policy is the most talked about security policy which relates to web applications, it is the constraint within browsers that ideally stops active content from different origins arbitrarily communicating with each other. This policy has given rise to the class of bugs known as Cross-Site Scripting (XSS) vulnerabilities, though a more accurate term is usually JavaScript injection, where the ability to force an application to echo crafted data gives an attacker the ability to execute JavaScript within the context of the vulnerable origin.

This talk takes the view that the biggest weakness with the Same Origin Policy is that it must be implemented by every component of the browser independently, and if any component implements it differently to other components then the security posture of the browser is altered.As such this talk will examine how the 'Same Origin Policy' is implemented in different circumstances, especially in active content, and where the Same Origin Policy is not really enforced at all.
XuHao
He graduated from Information Security Institute of Shanghai Jiaotong University. Now work on developing information security products and researching advanced security technology. Four years ago began to focus on researching information security technologies, the main direction of research: Windows system kernel, Rootkit detection and attack, the virtualization technology, reverse engineering
Windows Kernel Protection - Based On Hardware Virtualization Technology
Operation system kernel is no longer safe and trustable because of the development of rootkit technology, and modern anti-virus software can't protect kernel effectively. In 2006, AMD and Intel release their virtualization technology, which can partly control the execution of code under ring0 environment. This presentation summarizes the kernel rootkit technology and then describes how to protect the operation system kernel by hardware virtualization technology. It will demonstrate the implementation of hypervisor frame using Intel VT in detail and several mechanisms to protect the operation system kernel.
MJ0011
Security Researcher, Windows drivers Engineer, Interest in Rootkit/Anti-Rootkit, nickname:MJ0011
Advanced Bootkit-Tophet
his presentation has revealed a new type of bootkit techonology - Tophet, and some of new technology used at itsfirst-generation model Tophet. Tophet.a is not a virus or Trojan Horse, only be demonstrated as advanced penetration and stealth technology.
Bootkit is more advanced Rootkit, the concept mentioned as early as "BootRoot" project by eEye Digital company at 2005. The project used to infected MBR(master boot record) way to achieve bypass the kernel and start-up check. All the boot stuffs is booted earlier than the windows kernel load, to achieve kernel hijacked, all can be called Bootkit, for example, BIOS Rootkit, VBootkit, SMM Rootkit and so on.
MBR \ Boot Sector \ Nt Os loader are all be monitored and defended by HIPS security software as so far, and like the start-up location as BIOS, SMM, ROM firmware is locked or lack of commonness. so how to hijack the windows kernel more effective, easier, common? Tophet.a use a new way: NtBootdd.sys.
At the same time, Tophet.a explored several disk-level penetration£¬stealth technology, can penetrate all the current active defense software and to install, and also could be hidden under any current anti-Rootkit software's detection.
Swordlea
Swordlea, director of research and development, is a senior professional of ASM/C/C++, and one of key designers of AVL SDK antivirus engine. His research interest includes antivirus technique, reverse engineering, etc. Some other colleagues work with swordlea to show the representation, whose aren¡¯t introduced respectively.
Printer Virus ,fact or rumor ?
In a February piece for the Memphis Commercial Appeal, a retired air force man mused on the subject of information warfare and how it might be used to strike Iraq down. Dabbling in a little history, the author recounted how in Gulf War I the U.S. drew up plans to take down an Iraqi anti-aircraft system with "specially designed computer viruses [to] infect the system from within. Agents inserted the virus in a printer shipped to an Iraqi air defense site."
Special Forces men were also said to have infiltrated Iraq, where they dug up a fiber-optic cable and jammed a computer virus into it. "It remained dormant until the opening moments of the air war, when it went active..." wrote the columnist. Iraq's air defense system was vanquished.
-----http://www.theregister.co.uk/2003/03/10/one_printer_one_virus_one/
This story was reported at domestic and abroad, the above mentioned cases have been repeatedly raised. also its authenticity has been questioned repeatedly. Antiy micro-electronics and embedded laboratory is derived through in-depth analysis, detail the implementation of the possibility and feasibility and several related offensive and defensive skills.
Finally Antiy labor will present a five minutes scenario to show: not to alter any software's driver in the mainstream of the current secure configuration system, to control the real system by hardware modify.
Luciano & Sebastian
Luciano Notarfrancesco is a computer security researcher with more than 10 years experience on the field. Co-founder of netifera, he's currently developing the netifera platform.
Sebastian Muniz worked for several years as a Senior Developer in the telecommunications industry and for the last 3 years as Exploit Writer and Security Researcher. In the last few months he has been working as a Security Consultant for netifera.
In his free time he enjoys disassembling (and sometimes even desoldering) embedded systems like his (ex)DVD Player and (ex)Cable Modem.
The netifera platform: one network one dream
This talk will present netifera, a free and open source platform that provides a framework for creating and integrating security tools with a flexibility that has never been possible before. Providing a set of capabilities across the increasing variety of architectures and operating systems, it allows to run tools in remote and local systems alike, from desktop computers to devices with constrained resources such as embedded systems, without any special considerations in the code.

Netifera is an ecosystem of security information. It integrates all the information that resulted from a tool execution into a central data model in an object-oriented database. This allows netifera to feed the output of tools into new ones, achieving an unprecedented level of collaboration between tools.

During the presentation we will give an introduction to the fundamentals of the architecture and the underlying technologies, and illustrate it with some examples of use. Then we'll talk about the future of the framework. And finally, if time and resources permit, we'll show a live demo.
  • Fee Detail:
  • Including snack, lunch the Xcon2008 conference(from 11/18/2008 to 11/19/2008) and the materials of Xcon2008.
Registration and Payment Before 01/10/2008 Registration and Payment Before 15/10/2008 Registration and Payment Before 01/11/2008 Registration and Payment Before 15/11/2008 Registration and Payment At Door
USD $250USD $300USD $350USD $400USD $450
  • Please sent a email to xcon@xfocus.org and get Payment information with The Following content, subject: Registration XCon2008
  • Lastmame, Firstname, EMail, Company, Country, City, Address, Postal Code, Special Diet(None, Vegetarian, Muslim)
Organized by : XFocus Team
Website: http://www.xfocus.org , http://www.xfocus.org
For Speak: cfp@xfocus.org
For Sponsorship: sponsorship@xfocus.org
For Information: xcon@xfocus.org
Organized by: HuaYongXingAn Science & Technology Co., Ltd.
No.302 Area 1 Building D
DeSheng Science Park of ZhongGuanCun Science Park,
No.8 XinJieKouWai Street XiCheng District, Beijing China
Postal Code: 100088
Phone: +86 010 62029792
Fax: +86 010 62029791
Website: http://www.huayongxingan.com
E-Mail: xcon@huayongxingan.com
  • ©2003-2008 XCon Organizing Committee & HuaYongXingAn Science Technology Co., Ltd. All rights Reserved.