Speakers Speaker Bios & Topics
Andrey Andrey is the Chief Security Researcher and Software Engineer at Elcomsoft. Co-invented ThunderTables (which are improved RainbowTables) and was first to bring GPU acceleration to password recovery. M. Sc. IT and CISSP.

Evolution of iOS Data Protection and iPhone Forensics: from iPhoneOS to iOS 5

iOS 5 is the latest and most advanced mobile OS from Apple. Besides tweaking UI and UX, Apple has made some changes to Data Protection mechanisms that were introduced in iOS 4. Those changes provide better security for users, but they also impose additional hurdles for mobile phone forensic process. This talk will provide detailed discussion of iOS Data Protection, focusing on both technical description of defenses and on circumventing certain protections to provide forensic access to the data stored on the iOS devices. iOS versions from iOS 3 (iPhoneOS 3) to iOS 5 will be covered.
Chengyun Chu Chengyun Chu is a Senior Security Development lead of MSRC Engineering defense team. He joined Microsoft in 2001. He and his defense team generate mitigations and workarounds for use in the monthly Microsoft security bulletins, provide detailed vulnerability documentation for MSRC cases, and act as the engineering technical lead for the Microsoft company-wide Software Security Incident Response Process (http://www.microsoft.com/security/msrc/incident_response.mspx#ESB).

Exploit Mitigation Improvements in Windows 8

Over the past decade, Microsoft has added security features to the Windows platform that help to mitigate risk by making it difficult and costly for attackers to develop reliable exploits for memory safety vulnerabilities. Some examples of these features include Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), and Visual C++¡¯s code generation security (GS) protection for stack-based buffer overruns. In Windows 8, Microsoft has made a number of substantial improvements that are designed to break known exploitation techniques and in some cases prevent entire classes of vulnerabilities from being exploited. This presentation will provide a detailed technical walkthrough of the improvements that have been made along with an evaluation of their expected impact. In closing, this presentation will look beyond Windows 8 by providing a glimpse into some of the future directions in exploit mitigation research that are currently being explored by Microsoft.
Xiaochen Cui Xiaochen Cui £¬network ID£ºHannibal. Co-founder of team509 security technology research team. He has focused on the field of Reverse Engineering and Computer forensics over ten years. Teach at shanghai some college now. Translator of surreptitious software (simplified Chinese version), and speaker of xkungfoo 2008 (raid5 internals)

File Analysis Vs File System Analysis

After more than ten years of development and research, the traditional data recovery technology that based on file system analysis is ripe and development potential of it is very limited. In this article, the author used Reverse Engineering technology in data recovery, analysis file format, and based on analysis result, come up with a new data recovery method. Follow-up, the author generalization the principle into malware aided analysis.In some case, by use new method, the author solve many problem that can¡¯t be solved by traditional data recovery technology.
Paul Craig Paul Craig, Assessment.com based in Singapore. Paul is an accomplished hacker, security researcher and published author. Previously Paul has spoken at conferences around the globe including Defcon, Syscan, Hack In The Box, Kiwicon and Hack.lu. Paul considers himself a hacker by nature, living and breathing security, exploitation and shells.

Hacking Graphically Restricted Environments

Paul Craig is the self-proclaimed "King of Kiosk Hacking", you have likely heard of him or his tool iKAT (Interactive Kiosk Attack Tool). iKAT has become the world de-facto standard for hacking graphically restricted environments such as Internet Kiosks terminals, Citrix Servers and published online applications. This talk will detail how graphically restricted environments function, what security measures are implemented and how the security model is designed.
Vulnerabilities, work-around¡¯s and ¡®magical tricks¡¯ will then be demonstrated to show how the security model of a controlled environment can be bypassed, exploited, and leveraged to gain command execution. If you have ever wanted to increase your Citrix, Kiosk or touch screen dumb-terminal hacking abilities, this is the talk for you.
During this presentation new tools and technology will be released, along with v2012 of the Interactive Kiosk Attack Tool.
Stefan Esser Stefan Esser is best known in the security community as the PHP security guy. Since he became a PHP core developer in 2002 he devoted a lot of time to PHP and PHP application vulnerability research. However in his early days he released lots of advisories about vulnerabilities in software like CVS, Samba, OpenBSD or Internet Explorer. In 2003 he was the first to boot Linux directly from the hard disk of an unmodified XBOX through a buffer overflow in the XBOX font loader. In 2004 he founded the Hardened-PHP Project to develop a more secure version of PHP, known as Hardened-PHP, which evolved into the Suhosin PHP Security System in 2006. Since 2007 he works as head of research and development for the German web application company SektionEins GmbH that he cofounded.

IOS kernel heap armageddon revisited

Previous work on kernel heap exploitation for iOS or Mac OS X has only covered attacking the freelist of the kernel heap zone allocator. It was however never discussed before what other kernel heap memory allocators exist or what kernel heap allocation functions wrap these allocators. Attacks against further heap meta data or attacking kernel application data has not been discussed before.
This talk will introduce the audience to the big picture of memory allocators in the iOS kernel heap. It will be shown how attacks can be carried out against other meta data stored by other allocators or wrappers. It will be shown how memory allocated into different zones or allocated by different allocators is positioned to each other and if cross attacks are possible. It will be shown how overwriting C++ objects inside the kernel can result in arbitrary code execution. Finally this talk will leverage this to present a generic technique that allows to control the iOS kernel heap in a similar fashion as JavaScript is used in today's browser exploits to control the user space heap.
TBsoft TBsoft is a senior researcher of Microelectronics and Embedded System Lab of Antiy. Since the late of 1990s, he has researched anti-virus and data recovery under the DOS system. He gradually transferred research direction into hardware security research and development. Former XCon speaker, on behalf of Microelectronics and Embedded System Lab of Antiy.

Attack Time--Security Risks of Traditional Timer

In the traditional PC scene, many security attacks and defenses are related to time. From modification the time of AV software and damage the time value of the system log, or to detect rootkit by the methods of instruction cycle for defenders. But in a non-PC scene, some security problems of industrial or civil timer have been ignored. This paper contains general discussion, analysis and summary of this problem, and interference demo will be shown.
Wang Wei Wang Wei£¨ID alert7£©is one of the core members of Xfocus team, three XCons' speaker. Independent discovery security vulnerabilities of many companies. (Microsoft£¬ORACLE£¬ADOBE£¬QUICKTIME£¬LINUX KERNEL£¬TREND MICRO,CA etc.) Former senior researcher of McAfee Labs, he is now the CTO of VULNHUNT in charge of Code Audit Labs.

After Discovery 0day-- A Responsible Disclosure Process of Security Vulnerabilities

It is not a difficult thing to discovery 0day for security researchers, and to get the recognition they deserve from security circles, but how to report bugs to security companies? It is inevitable to have vulnerabilities in security products for security companies, and to get the recognition from their users and circles, but how to deal with the vulnerabilities reported from researchers? In February¡¯s Free Bugs Hunt, we assist fix many browsers¡¯ bugs including IE, chrome, Opera, firefox, Safari, QQ ,360 , Maxthon ,aliyun, Baidu etc. This paper will share some undisclosed details about CVE-2012-1875 with you. The real communication story with security companies to tell you the problems we currently encountered during the disclosure process of vulnerabilities. We try to find a win-win way both researchers and security companies to accept.
WanMing WanMing currently works in HuaYongXingAn Science & Technology Co., LTD. He has been engaged in computer viruses' research, Rootkit/Anti-Rootkit and software protection for a long time.

Ramble on Attack Electronic Commerce

This research is mainly focused on analyzing and discussing the transaction process of Electronic Commerce(such as Bank transfer, Online payment etc.) and the security problems and exploit methods of the 1st generation UKEY which currently used in electronic commerce platform. For 2nd generation UKEY, I analyze the potential problems and some problems due to improper design in trading platform software. Most trading platform didn't use 2nd generation UKEY due to its high cost. In the end of paper, I will show you a low-cost way to replace the 2nd generation UKEY.
Jin Yang Jin Yang, XCon2011 speaker, served in COMODO Group in US and now work at Kingsoft Corpoartion Limited in Beijing as a security researcher. He engages in cloud security solution research and development based on Windows platform and system security research of Windows.

HSTP(HIPS Safety Test Platform)

HSTP (HIPS Safety Test Platform) is to run on the Windows system HIPS software attack test, so as to find the HIPS software in defense of logical flaws. And HSTP senior test components: Rootkit:Shadow64 (for x64) / "ReturnSys" restore system(for x64).
Jeffery Moss Jeffery Moss, is VP and Chief Security Officer of ICANN and the founder and director of Black Hat and DEFCON, a global technical security conference and a hacker conference respectively. He is also an Advisor at the U.S. Department of Homeland Security Advisory Council.

Why I don't trust anything

©2002-2012 XCon Organizing Committee & HuaYongXingAn Science Technology Co., Ltd. All rights Reserved.