<pre>
<font face="맑은 고딕">

 Sionics & kaientt
   7.7 DDoS: Unknown Secrets & Botnet Counter Attack
 
  
   
 Xu Hao
   Attacking Certificate-based Authentication System & Microsoft InfoCard
 
  
   
 Stefan Esser
   Shocking News in PHP Exploitation
 
  
   
 MJOO11
   Analyzing VMware Operating System & Detecting Rootkit from Outside
 
  
   
 Tielei Wang
   Detecting Integer Overflow Vulerabilities in Binaries
 
  
  
 
 Tora
   Vulnerability Discovery with Happy Reverse Engineering
 
  
   
 Moti Joseph
   Microsoft Patches Little Sister But Forgets Big Brother
 
  
  
 
 Raditya lryandi
   Hacking Satellite: New Universe to Discover
 
  
   
 Alexander Sotirov
   Bypasssing Memory Protection on Windows 7
 
  
   
 Sandro Gauci
   When the Internet & Telephony Mix: Security Flaws in VoIP Systems
 
     
 binoopang
   Analysis of Reverse Engineering Contest Files
 
     
 unknown
   Topic That Can't Be Here, But Interesting...
 

 
---

* Alexander Sotirov, "Is Exploitation Over? Bypassing Memory Protections on Windows 7" 

     Alexander Sotirov is an independent security researcher with more than ten years of experience with vulnerability       research, reverse engineering and advanced exploitation techniques. His most recent work includes exploiting MD5       collisions to create a rogue Certificate Authority, bypassing the exploitation mitigations on Windows Vista and       developing the Heap Feng Shui browser exploitation technique. His professional experience includes positions as a       security researcher at Determina and VMware. Currently he is working as an independent security consultant in New       York.

 

     He is a regular speaker at security conferences around the world, including CanSecWest, BlackHat and Recon.      Alexander is a program chair of the USENIX Workshop on Offensive Technologies and is one of the founders of the      Pwnie Awards.

 

    The difficulty in exploitation of memory corruption vulnerabilities has increased significantly with the introduction of     the exploitation mitigation features in modern operating systems. The combination of GS stack cookies, SEHOP, ASLR     and DEP in Windows 7 in theory prevents almost all cases of control flow modification in a vulnerable application.     Vulnerabilities on Linux and the iPhone are also much more difficult to exploit than they have been at any point in the     past.

 

     Is exploitation over? This presentation will discuss the challenges facing exploit developers on hardened systems

     today and will outline the most promising directions for future exploitation research. I will focus not on failure of      common software to opt-in into the protections, but on the future of exploitation assuming that all current      protections are universally applied.

 

 

* MJ0011, "Analyzing VMWare Operating System and Detect Rootkit from Outside" 

       MJ0011 is working at 360safe as a kernal security researcher and windows driver engineer. His long time        experiences on windows kernel security , Rootkit / Anti-Rootkit,reverse engineering,kernel mode vulnerability        attack & defense, enables him to provide  more 200 million 360safe users with stable kernel-level safety protection        product. He uncovered many kernel secuirty vulnerabilites and faults in Windows operating systems including        Windows XP and Windows 7. At Xcon2008 he introduced Tophet, a Bootkit with multi high-level attacking methods.

 

       This presentation will present a mechanism to analyse VMWare's inner operating system from outside and        detect Rootkit in it. This method, which does not depend on any interface or backdoor provided by VMWare, can        stably hidden detect and clear Rootkit outside the operating system . What will also be introduced here includes the        method to read and write the physical memory of Vmware virtual machine at run time and how to achieve the        complete Rootkit detection function using this method such as detect and dump of the hidden kernel module, detect        and terminate hidden process,detect and clear inline hook and object hook. A Rootkit detecting tool, WMXARK,        based on the Vmware virtual machine's memory access library will be published for the first time. WMXARK will        implement the complete Anti-Rootkit function towards the inner operation system of VMWare virtual machine.

  

* Moti Joseph, "Microsoft Patches Little Sister But Forgets Big Brother" 

       Moti Joseph has been involved in computer security since 2000. For the past 9 years, he has been working on        reverse engineering exploit code and developing security products . was a speaker in Blackhat USA 2007 &        ShakaCon Security Conferences and he is currently a Senior Security Researcher with Websense Security Labs.

 

         In this presentation, some past 0-day exploits and the easy way to hunt 0-days will be introduced. And the        speaker discuss how software vulnerabilities are found and something about 0-days.

  

* Raditya lryandi, "Hacking VSAT: Play around with Physical till Session Layer" 

      Raditya Iryandi has been a technology junkie since he was a teenager. He loves dealing with telecommunication        systems such as satellite, Wi-Fi and modern phreaking. Recently he joined Bellua Asia Pacific as an information        security consultant. Prior to joining Bellua, he was Technical Director at C2PRO Consulting.

 

       Since mid 1950s, satellite communication systems have made enormous advances in capability and        performance. Internet access over satellite, digital content distribution, wide area network (WAN) connectivity,        video teleconferencing, distance learning, and telephony services sent over satellites have become integral to our        society. Unfortunately, security has not kept pace and the current satellite systems are vulnerable to a variety of        attacks.

  

* Sandro Gauci, "When the Internet and Telephony Mix: Security Flaws in VoIP Systems" 

      Sandro Gauci is the owner and Founder of EnableSecurity where he performs R&D and security consultancy 

       for mid-sized companies. Sandro has over 9 years experience in the security industry and is focused on analysis of        security challenges and providing solutions to such threats. His passion is vulnerability research and has previously        worked together with various vendors such as Microsoft and Sun to fix security holes. Sandro is the author of the        free VoIP security scanning suite SIPVicious, VOIPPACK for CANVA and VOIPSCANNER.com

 

 

       This presentation will describe security flaws in VoIP systems that are exposed on the Internet. Such issues can be        remotely exploited by attackers operating from the safety of their home. He will explore security vulnerabilities that        may seem to be valid features of the system. Apart from theoretical attacks, He will also look at how some of these        security holes are being abused by attackers for profit.

  

  

* Sionics & kaientt, "7.7 DDoS: Unknown Secrets & Botnet Counter Attack" 

      Sionics is a security researcher of the global anti-virus company, Hauri. He is on the alternative military         service with the technical research personnel. His main concerns are reverse engineering and vulnerability         analysis. Now, he is doing research in the field of recent security threat analysis and proactive response.

 

        kaientt is a student of department of information security engineering of SoonChunHyang university and a         member of SSM(Samsung Software Membership). He was also a speaker of DISC2009 and ISEC2009.

 

       This presentation will give a brief description of 7.7 DDoS attack and a detailed analysis of attack codes which was        used in 7.7 DDoS attack. The different communication protocol types of three malicious codes and the features of        7.7 DDoS attack will be explained in details through the restoration of source codes. And the condition and total        process, and organic relationship of the malicious code operation will be explained. In addition, background history        of 7.7 DDos will be given.

 

   

* Stefan Esser, "Shocking News in PHP Exploitation" 

       Stefan Esser is best known in the security community as the PHP security guy. Since he became a PHP core        developer in 2002 he devoted a lot of time to PHP and PHP application vulnerability research. However in his        early days he released lots of advisories about vulnerabilities in software like CVS, Samba, OpenBSD or Internet        Explorer. In 2003 he was the first to boot linux directly from the harddisk of an unmodified XBOX through a buffer        overflow in the XBOX font loader. In 2004 he founded the Hardened-PHP Project to develop  a more secure version of        PHP, known as Hardened-PHP, which evolved into the Suhosin PHP Security System in 2006. Since 2007 he works as        head of research and development for the german web application company SektionEins GmbH that he co-founded.        He was a speaker of POC2008 and Black Hat USA 2009.

 

      Remote code execution vulnerabilities in modern PHP applications have become more difficult to find and exploit due       to better education of developers and the wide adoption of Suhosin, web application firewalls and other PHP       environment hardening. E.g. the class of remote file inclusion vulnerabilities is practically dead in modern PHP       installations.

      

      This talk will demonstrate how a well known class of PHP application vulnerabilities that is widely believed to be 

      a DoS vulnerability only, can result in arbitrary PHP code being executed. Furthermore it will be demonstrated how       attacks on PHP applications can be tunneled through web application firewalls like mod_security with ease, 

      bypassing the whole rule engine. And last but not least we will take a look at the recently introduced protections       against interruption vulnerabilities in PHP and how it is still possible to perform post exploitation tricks as presented       at Syscan and Blackhat.

  

      Stefan Esser will show a PHP application 0-day, a mod_security bypass 0-day, and 0-day tricks to still perform       interruption vulnerabilities.

  

* Tielei Wang, "Detecting Integer Overflow Vulnerabilities in Binaries" 

       Wang Tielei , PHD of Peking University institute of computer, is interested in web and information security,        especially in the discovery of binary vulnerabilities and the analysis of malicious code. He had made a speech

      on NDSS???09 about the technical of detecting integer overflow vulnerability in binary program. And he was the        first one, came from China mainland and gave a speech at NDSS as the first author affiliation.

 

       The presentation is about the research of detecting integer overflow vulnerability in binary system. 

       According to the system the author developed by them own, there were dozens of zero-day integer         overflow vulnerabilities in several popular software packages had been detected. Some of them have been        released via VUPEN and Secunia and been collected into CVE.

 

 

* Tora, "Vunerability Discovery with Happy Reverse Engineering" 

      Tora is a reverse engineer and computer forensic analyst currently working in Spain, but probably he's better         known as the captain of the Sexy Pandas. He's been doing RCE since the late 90's and in the last few years he's 

        been working on RCE-helper tools and analysis automation.

 

      There are several methods to analyze binaries and look for security vulnerabilities. We can fuzz protocols or         file formats, we can diff security patches or we can reverse engineer the binaries. In this talk we will focus on the         third option, and how we can improve our bug finding speed and analysis even when working with big and complex         binaries.

 

  

* Xu Hao, "Attacking Certificate-based Authentication System & Microsoft InfoCard" 

      Xu Hao graduated from Information Security Department of Shanghai Jiaotong University. Now he works on        developing information security products and researching advanced security technology. He began to focus on        researching information security technologies five years ago, the main direction of research: Windows kernel,        Rootkit and malware, hardware virtualization technology, reverse engineering, smart card & PKI. And he has        spoken at XCon2008, XCon2009.

 

      Authentication system is widely used to control user access authority. Individuals, companies, governments need 

     the authentication system to protect sensitive information. Username and password authentication system is easy to

     implement, but there are many disadvantages of such system. By comparison, certificate-based authentication      system and Microsoft CardSpace is thought to be much safer.

     

      This paper will firstly introduce some basic knowledge about cryptography, certificate, PKI. And then analyzes       local certificate management of Windows, proposes methods to steal certificate and talks about some real cases.       After that, the paper talks about Microsoft CardSpace feature and gives the way to steal personal information card       stored in CardSpace. At the end, the paper describes the concepts of smart card and the components of a smart card       product. The paper also raises the possible way to attack smart card and discusses online bank case.

  

* linz, alonglog, binoopang, "Analysis of Reverse Engineering Contest Files" 

  

* UK, "Topic That Can't Be Here, But Interesting..." 

      This topic will be presented on the last day of POC2009. POC think it's better not to disclose it now.