2009-08-18 XCon2009 First Day
07:30 - 09:00Registration & Get XCon2009 Data
09:00 - 09:10Begining Speech
09:10 - 10:10 Xu Hao
Xu Hao graduated from Information Security Institute of Shanghai Jiaotong University. Now works on developing information security products and researching advanced security technology. Four years ago began to focus on researching information security technologies, the main direction of research: Windows system kernel, Rootkit detection and attack, the virtualization technology, reverse engineering
Attack the identification system based on the certificate
The safety of the identification is very important to all of us, no mater the private one nor the country. Although the password authentication systems are very easy to use, there are still lots of shortcomings exist. PKI could take the place of the traditional password authentication systems. With the public key cryptosystem, PKI improves the safety class of system a lot. The presentation will discuss the theories of code, certificate and PKI. Then, analyze the Windows management to the local digital certificate, provide the ideas to steal the local certificate and discuss the actual examples. At last, focus on the related notions about the Intelligent Card, analyze it, provide some feasible methods to attack it and proved its possibility by analyze the real examples.
10:10 - 10:30Rest & Coffee Break
10:30 - 11:30 Aseem Jakhar
Aseem Jakhar£¬alias"@", is a security and open source evangelist. He has worked on many enterprise security products ranging from AntiVirus, AntiSpam to mail security and UTM appliances with design and development experience in complex systems and components like Bayesian filters, Rules based antispam engine, Packet reflectors, firewall, SSL proxy, SMTP servers/clients, Attachment filters to name a few. He had speaked on the following conferences: BlackHat Europe 2008, Clubhack 2008, Gnunify 2007,2009, Was also invited to speak at Inbox/Outbox 2008, but could not attend due to some personal reasons.
Fighting Spam with GoD
GoD is short for "Guarantee Of Delivery". The author will describe his initial research done on finding ways to build a trust relationship between the actual Sender and the recipient of an email. While there are many techniques out there on the Internet, none of them address this issue to the full extent. He will discuss and show why most AntiSpam techniques are not adequate in fighting spam and how spammers bypass them. While most of the anti-spam techniques focus on trying to block spams, they also suffer from false positives. The GoD model works in the opposite manner, where it focuses on email acceptance provided the email passes an authenticity test. There have been attempts done in the past for creating such a system/framework such as HashCash(end user) and Trusted Third Party whitelists. The GoD model combines two techniques to guarantee that the email is legitimate and not automated.
11:30 - 12:30 Nguyen Anh Quynh
Nguyen Anh Quynh is a researcher at The National Institute of Advanced Industrial Science and Technology (AIST), Japan. He interests includes computer security, networking, operating system, virtualization, trusted computing, digital forensic, and intrusion detection. He published a lot of academic papers in those fields, and frequently gets around the world to present his research results in various hacking conferences. Quynh obtained his PhD degree in computer science from Keio university, Japan. He is also a member of Vnsecurity, a pioneer security research group in Vietnam.
Detecting rootkits inside Virtual Machine
Recently, virtual machine (VM) has become widely-used, but still we do not have adequate protection for them. This talk discusses the advantages that virtual machine can bring to security from malware detection point-of-view, and presents a new rootkit detector named eKimono. While the whole architecture has been designed to be independent of hypevisor and guest OS, the topic focus on protecting Windows VM running on Xen in this talk. To spot rootkits inside a guest Windows, they run eKimono in Xen's Dom0 and let it scan the memory of the guest VM for suspicious things. The talk details all the layers, explains how they solve challenges in designing and implementing eKimono. The presentation dedicates a part to discuss different types of rootkits, and how eKimono can detect them. Finally, it will discuss the possibility of recovering the infected systems, and how that can be done with eKimono.
12:30 - 14:30Rest & Lunch
14:30 - 15:30 Wang Tielei
Wang Tielei , PHD of Peking University institute of computer, is interested in web and information security, especially in the discovery of binary vulnerabilities and the analysis of malicious code. He had made a speech on NDSS¡¯09 about the technical of detecting integer overflow vulnerability in binary program. And he was the first one, came from China mainland and gave a speech at NDSS as the first author affiliation.
Integer Overflow Vulnerability In Binary System
The presentation is about the research of detecting Integer Overflow Vulnerability In binary system. According to the system the author developed by them own, there were dozens of zero-day integer overflow vulnerabilities in several popular software packages had been detected. Some of them have been released via VUPEN and Secunia and been collected into CVE.
15:30 - 16:00Rest & Coffee Break
16:00 - 17:00 Eduardo Vela
During the day, Eduardo Vela has worked for a couple of the biggest internet companies as a security engineer. During the night, he has discovered (and reported... mostly) all types of vulnerabilities for Symantec, Oracle, Microsoft, Google, Mozilla, and some others (for fun, and learning purposes). Eduardo is currently living in China, but is originally hails from Mexico. He enjoys finding vulnerabilities abusing features, and stressing limits, design errors are the best. His passions include Web Application Security, but Networking hacking has attracted a lot of his attention recently.
Our Favorite XSS Filters and How to Attack Them
Present several techniques that have been used, are being used, and could be used in the future to bypass, exploit and attack some of the most advanced XSS filters. These would include the new IE8 XSS Filters, browser addons (NoScript), server side IDSs (mod_security, PHP-IDS), and human log-review. We will present innovative techniques that expand the scope of what we think we know about XSS filters. We will give you some ideas on what to do to find your own based upon some real world examples, discoveries, techniques and attacks.
17:00 - 18:00 Sun Bing
Sun Bing is an excellent Chinese Information Security Researcher at an Anti-Virus Software company, and he has many years of experiences on Windows kernel and information security techniques research and development, especially with deeply delving into buffer overflow prevention, rootkits detection, firmware security and x86 virtualization, and has spoken at several security conferences, such as Xcon, Black Hat and CanSecWest etc.
Go Deep Into The Security of Firmware Update
As we all know nowadays many PC devices have their own firmware, such as the network adapter, video card, motherboard, micro embedded controller etc, and usually their firmware update processes are proprietary (vendor-specific) and not well-documented, however keeping them secret doesn¡¯t mean they have been secure enough and attack-proof. This presentation will uncover the mystery behind various firmware update processes (Dell CMOS token and RBU, the structure of Dell BIOS update image file, SPI BIOS read/write method, EC and AMT firmware reflashing), which are primarily based on Dell Latitude D630/E6400 etc, and discuss the relevant security issues.
2009-08-19 Second Day
09:00 - 10:00 John Lambert
John Lambert, Partner Security Development Lead, Microsoft Corporation, has been at Microsoft nine years. He runs the Security Science team in the Microsoft Security Engineering Center (MSEC). This team develops more effective and scalable ways to find vulnerabilities, researches and applies innovative exploit mitigation techniques to Microsoft products, and analyzes exploit trends. Previously at Microsoft, John worked in the Windows Security group.
Microsoft's Counter-Zero Day Strategy
Zero day attacks represent one of the most difficult class of issues for both Microsoft customers and its response teams. This talk explains Microsoft's strategy for countering the threat from zero day vulnerabilities by increasing attacker costs and diminishing their returns. Topics discussed include the Security Development Lifecycle (SDL), digital counter-measures, and specific examples using Microsoft security bulletins. This talk also touches on how the attack community has responded to these actions and what that means for the industry and Microsoft customers.
10:00 - 10:30Rest & Coffee Break
10:30 - 11:30 FunnyWei
FunnyWei is PHD and the member of XFocus Team.
The Introduction Of A Tool Which Analyze The Usability Of Vulnerability
Abnormal usability analysis is one of important bottlenecks of the Fuzz vulnerability mining technology. So after fuzzing out a great deal of abnormity, it is very important to analyze why it has happened and discriminate the value of vulnerability's usability in a short time. The presentation raises the controllable data tracking and executive control technology, and preliminarily materialized the tool which aided analyze the usability of vulnerability. At last will give a demo with the newly discovered problem: the destroy of the word¡¯s memory.
11:30 - 12:30 Chen Chen & Jeongwook Oh
Chen Chen works on Venus Tech.
Jeongwook Oh works on eEye's flagship product called "Blink". He develops traffic analysis module that filters attacker's traffic. The analysis engine identifies protocol integrity violations by protocol parsing and lowers the chances of false positives and false negatives compared to traditional signature based IPS engines. He's also interested in blocking ActiveX related attacks.He runs Korean security mailing list called Bugtruck(not bugtraq).
Fight against 1-day exploits: Diffing Binaries vs Anti-diffing
It became crucial to make 1-day exploits more difficult and time-consuming so that the vendors can earn more time for the consumers to apply patches. Even though using severe code obfuscation is not an option for Microsoft's products, they can still follow some strategies and techniques to defeat the binary diffing processes without forsaking stability and usability. The presentation is going to show the methods and tactics to make binary differs life harder. And will show the in-house tool that obfuscates the binaries in a way that especially binary differs confused. This process is called anti-binary diffing.
12:30 - 14:30Rest & Lunch
14:30 - 15:30 Antiy Lab
Antiy Lab (www.antiy.com)
Rediscovery on the Attack of Equipment and Signal
Last year, viruses have appeared on the American forces¡¯ printers in Iraq. Following that prospect, the engineers of Antiy Labs dedicate a topic about the safe search of hardware again.
15:30 - 16:00Rest & Coffee Break
16:00 - 17:00XCon2009 Panel Discussion
17:00 - 17:20XCon2009 Lucky Draw
17:20 - 17:30Closing Speech
©2003-2009 XCon Organizing Committee & HuaYongXingAn Science Technology Co., Ltd. All rights Reserved.