Stefan Esser
   Vulnerability Discovery in Closed Source/Encrypted PHP Application
 
  
   
 GilGil
   VoIP Hacking
 
  
   
 Mudsplatter
   Physical Hacking and Security Just for Fun
 
  
   
 Hasegawa
   Attacking with Chracter Encoding for Profit and Fun
 
  
   
 Ero Carrera
   Analysis and Visualization of Common Packers
 
  
  
 
 Grugq
   How the Leopard Hides His Spots: OS X Anti-Forensics Techniques
 
  
   
 Dual & gotofbi
   Hacking the Cable Modem
 
  
  
 
 Xpl017Elz
   New Local & Remote Exploit to Get Over Exec-shield Protection
 
  
   
 ICBM
   Frontline Report: Fighting Against Malware in China
 
  
   
 Lukas Grunwald
   ePassport Reloaded, 2 Years After and Still Not Secure
 
     
 Kuza55
   Same Origin Policy Weakness
 
     
 Shades
   Analysis of the Contest Files
 
 
---

 Dual5651 & gotofbi, "Hacking the Cable Modem"

Dual5651 is a student of Konkuk University. He has been researching rootkit technique on Windows platform and reversing engineering technique. He also runs his own website of reversing engineering and hacking. He was one of main members of 2008 KISA Hacking Defense Contest champion team. He also enjoyed the CTF of Defcon 16 as a member of Taekwon-V team. 

gotofbi is a student of British Columbia Institute of Technology(BCIT). He's usually interested in win32 malware's custom packing to avoid from anti-virus. However, he starts to focus on his main interest towards embedded  operating system. He has been actively involved in one of largest modem hacking forum(sbhacker.net) and he is one of moderator as well. 

This is something about for internet providers to hide from their customers like ARP Spoofing. They will show how to use internet anonymously and for nothing and will discuss other problems and solution. In addition, the attacking ways oriented from fundamental cable modem structure. will be discussed. 


--------------------------------------------------------------------------------

 GilGil, "Something New, Unknown, and Critical about VoIP"

GilGil is a freelancer programmer and was a speaker of POC2006 and POC2007. 



--------------------------------------------------------------------------------

 Grugq, "How the leopard hides his spots: OS X Anti-Forensic Techniques"

Grugq has been at the forefront of forensic research and VoIP security. He is also a writer of Phrack magazine. If you want to know more, ask Google.

This talk will retrace the core anti-forensic techniques and methologies, and show how they can be applied to deafeat forensic analysis of OS X systems. More importantly, this talk will examine how an anti-forensic attacker can move beyond the file system and where anti-forensic data hiding attacks will move in the future. 

This talk will include attacks against the OS X file system(HFS+), as well as attacks beyond the file system. There will be 0-day OS X bugs as well as previously unreleased attacks against Microsoft file systems. 

If you are a hacker, you'll discover a new world of data storage, and if you're a forensic investigator ... be prepared to never discover anything again. 



--------------------------------------------------------------------------------

 Hasegawa, "Attacking with Character Encoding for Profit and Fun"

Yosuke Hasegawa is an engineer of NetAgent Co.,Ltd. and was born in 1975. He has received the Microsoft MVP award for Windows Security every year since 2005. He has investigated on the security issues that the character encoding such as Unicode causes. He has discovered a lot of vulnerabilities of various software applications including Internet Explorer and Mozilla Firefox so far, such as CVE-2008-4020, CVE-2008-0416, CVE-2008-1468, CVE-2007-2225, CVE-2007-2227 and so on.

In the world of web-based applications rapidly growing these days, text data in the form of HTML or XML is more widely used than ever. Character encoding here is so important a kind of meta-data for text data that neglecting it often results in serious security flaws. 

Even apart from issues concerning web applications, various confusions happen during the transition from legacy encoding schemes such as EUC-JP or Shift_JIS to the latest one namely the Unicode. Such clutters at times could bring about security problems. In addition, tricks related to character encoding is not only an issue in data handling by software but also a human factor issue with its remarkable visual effect, hence providing a robust tool for attackers. This session will sort out security concerns related to character encoding and consider "how" to cope with "what" kind of attack.future. 



--------------------------------------------------------------------------------

 ICBM(Zhao Wei), "FrontLine Report: Fighting Against Malware in China"

Zhao Wei  is the CEO and co-founder of KnownSec Inc, which is a Beijing-based anti-malware company mostly focused on stopping web malware in China. Prior to founding KnownSec, he was a security researcher at VenusTech and McAfee. He has been actively involved in computer security for nearly ten years, and he has found several vulnerabilities in Windows and Linux software. He has helped China Anti-Malware Alliance a lot in their fight against malware rampancy in China. His focus now is on the most common distribution of malware: vulnerable web browsers and malicious web sites. Because most of the world's malware comes from Chinese web sites, and founders of KnownSec are experts in Chinese security area, KnownSec is the best company to address this problem and make the internet safer for everyone. 



--------------------------------------------------------------------------------

 Lukas Grunwald, "ePassport Reloaded, 2 Years After and Still Not Secure"

Lukas Grunwald is the CTO and Co-Founder of NeoCatena Networks Inc. NeoCatena provides RFID security solutions and services; their products minimize business risks inherent to RFID technology and offer solutions for industries such as retail, logistics, pharmaceutical, access control and government. pharmaceutical, access control and government. Mr. Grunwald draws on his 15 years of experience in the IT Security field, to specialize in the security of wireless/wired data and communication networks, forensic analysis, audits and active networking.  Mr. Grunwald is often featured in industry publications, such as Wired and RFID Journal. He also participates actively in conferences such as Hackers at Large, Hacking in Progress, Network World, Internet World, Linux World (USA/Europe), Linux Day Luxembourg, Linux Tag, CeBIT and Blackhat Briefings. 

The talk will have a look for the new attempts to secure the ePassport, and shows how broken the actual concept still is. It will cover some additional international implementation tries and errors. 



--------------------------------------------------------------------------------

 Mudsplatter, "Physical Hacking and Security Just for Fun"

Mudsplatter has has worked Network Technician Supervisor (Non-Commissioned Officer) of United States Air Force for 5 years. Now, he works for NSHC. He has technical skills especially in the network hardware, protocols, file transfer, network configurations, network security, and network design. 

In United States Air Force, he ensured stability and reliability of Classified and Non-Classified Networks in battlefield situations. And he maintained physical and logical network security by applying all National Security Agency (NSA) policies. He also leaded a team of networking technicians to ensure battle readiness for the Global Strike System in the Combined Air and space Operation Center(CAOC). 

He will talk about physical hacking like dumpster diving, locking picking, pretexting, rogue networks, etc and their solutions. He will demonstrate how to do the physical hacking. 


--------------------------------------------------------------------------------

 Kris Kaspersky, "Reversed Buffer Overflow - Cross Stack Overflow"

Kris Kaspersky.    Living and feeding in the shadows with only his own company, rotting into a solitary of hollow existence, Kris (who actually is a gray mouse, a.k.a. nezumi [japanese], a.k.a. souriz [french], a.k.a achbar/×¢?›×‘×? [Hebrew]) slept, until he had found out this way leads to nowhere. onliness seems like a good idea, until you realize you're going to spend it alone and a sort of death will happen. that in the end we are alone, and there is nothing but the cold, dark wasteland of eternity. just the endless procession of days, months... years. out of the cold, dark wasteland of eternity, kris only have himself. and his computers (six boxes). and telescopes (three). and the sky with thousands stars. the dark and clean sky of the far-far-far from civilization place hosts souriz's den (the lab). disassembling, debugging, reversing, kind of "this is not something I _do_ this is something I _am_". sort of "always seeks the answer, but only fins more questions". 

Ever felt a great depression? "the pulse" film describes it: "??¦like a bullet from behind, something dark, something coming through me, so fast, just like an arrow and the last thing you ever want is for it to get to you. I don't know what it is, but it grabs ahold, it takes your will to live. everything that made you, you is gone. you don't want to talk, you don't want to move. you're a shell. it spreads all over your body, and your body dies right out from under you, and the next thing you know, you're just a pile of ash!"  this is exactly what I was feeling for years. but... suddenly something has happened. something has changed. kris is remaining in the shadows, but now it's different. this is why I've decided to appear on the conference. 

Well, who I am? um, honestly, I don't know. had I self-identify it would be my job. no, not the reversing. this is just a hobby. I'm unemployed or self-employed or... whatever else. I used to refer myself as an independent consultant, writer, journalist, free-lancer, etc. I've published a lot of books and going to publish much more. I love to share my knowledge with people, this is why I'm writing books, lecture RE-courses for a free and do many other things 

Currently, I'm working (remotely) for Endeavor Security, Inc (a major signature provider) where I've met the best RE-team and found almost unrestricted freedom, which is very rare in nowadays business world. 

OK, unofficial part is over. time to be more ceremonial. Well, the style of writing has been turned to the formal channel, where Kris Kaspersky is 32 years old unmarried man, who has over 15 years of software engineering and reverse engineering experience. He has published more than 20 books about system programming and has been translated to English, Chinese, and Polish. He has published more than 300 articles for magazines print. Kris' most recent books are here. 


For decades, hackers have been overflowing the stack only in one direction: from lower to higher addresses. Yesterday it worked and today it doesn't  modern compilers, OS, CPU has presented many protection techniques designed to prevent buffer overflow. They have mitigated it to a certain extent. Integer overflow is fighting for dear life, but the battle has almost ended. Too bad for hackers. The good news is that  the death is not the end, since everything has two ends. With regards to the stack it is the top and the bottom. 

Have you ever tried to perform buffer overflow in reverse direction? Have you thought that consuming the heap might cause stack overflow? Have you heard about red and yellow guard pages (speaking in the DEC's terms)? Have you wondered how to bypass stack overflow protection to overwrite the stack of another thread or the neighboring heap block? 

So, what's it all about? Well, it's about the land that nobody is aware of. It's about secure programming, stack overflow exception handling (nobody, I mean _nobody_ does it right), cross-stack attacks, recursive stack overflow and stuff. This is something really new  something you have not knew before. 

This speech is based on my own researches with a little help of Iouri Kharon (the greatest and smartest person ever: co-author of IDA-Pro, creator UniLink linker and win32 emulator  Doswin32) and Chris Weber (Casaba Security). Partially the material has been published by "XAKEP" (a Russian magazine), but never been completely disclosed before. 


--------------------------------------------------------------------------------

 kuza55, "Same Origin Policy Weakness"

kuza55 has been an active member of the web application security research community for the past several years, publishing several papers and presented his findings recently at the 24th Chaos Communications Congress and Bluehat v7. Alex is an Associate at SIFT where he gets paid to break things, and more importantly in his spare time as an independent security researcher, breaks things for the fun of it. 

The Same Origin Policy is the most talked about security policy which relates to web applications, it is the constraint within browsers that ideally stops active content from different origins arbitrarily communicating with each other. This policy has given rise to the class of bugs known as Cross-Site Scripting (XSS) vulnerabilities, though a more accurate term is usually JavaScript injection, where the ability to force an application to echo crafted data gives an attacker the ability to execute JavaScript within the context of the vulnerable origin. 

This talk takes the view that the biggest weakness with the Same Origin Policy is that it must be implemented by every component of the browser independently, and if any component implements it differently to other components then the security posture of the browser is altered. As such this talk will examine how the 'Same Origin Policy' is implemented in different circumstances, especially in active content, and where the Same Origin Policy is not really enforced at all. 


--------------------------------------------------------------------------------

 Stefan Esser, "Vulnerability Discovery in Closed Source/Encrypted PHP Application"

Stefan Esser is an independent Security Consultant, that is well known in the security community  for his advisories about popular Open Source Software packages like Linux, NetBSD, Samba, Cyrus IMAPD, Gaim, Ethereal, CVS, Subversion, MySQL and PHP. He is also known as the first who completely broke the DRM of the Microsoft XBOX with software only exploits. Visit the web site. 



--------------------------------------------------------------------------------

 Shade, "The Analysis of the Contest Binaries"

The winner  will show his(her) analysis about malware, spyware, new kind of web script, traffic packet file, and a binary for common reverse engineering analysis. You can see and learn the winner's skill of reverse engineering. 


--------------------------------------------------------------------------------

 Xpl017Elz, "New Local & Remote Exploit to Get Over Exec-shield Protection 2"