1. POC
2. 2011
3. Training Course

Finding 0-days

     강사: passket(심준보)
     제목: Finding 0-days
     부제: Black Box Vulnerability Testing for x86 Win32 Binary
 
    - 소스코드를 구할 수 없는 상황에서 x86계열 윈도우즈 바이너리에서 알려지지 않은 보안 취약점을 찾는 방법에
      대해 이야기 합니다.
      이 트레이닝 코스는 크게 3가지를 이야기 합니다.
 
      첫째, 최근 실제 사용되고 있는 프로그램들이 가지는 버그들의 유형
      둘째, 이런 버그들을 효율적으로 찾아내는 방법
      셋째, 버그들을 찾는 방법을 어떻게 자동화하고 최대한 놀고 먹으면서 찾을수 있는지에 대한 방법
 
      트레이닝 코스 기간동안 실제로 참여하시는 분들과 같이 퍼저를 구성하고 국내 범용적으로 사용하는 프로그램에
      대해 제로데이 취약점을 발견하여 간단한 exploit을 제작하게 됩니다.
 
      자세한 트레이닝 코스 내용은 아래와 같습니다.
 
      [1일차]
      - 유명한 프로그램들이 취약했던 버그의 유형과 어떤 프로그램 습관이 이를 유발하게 했는가
        또, 이를 찾기위해서 생각했던 해커들의 사고과정
      - 퍼저의 개념 및 타겟 프로그램 맞춤형 퍼저 만들기
 
      [2일차]
      - 실제 유명 프로그램에 대한 퍼징과 공격가능한 취약점 찾기
      - 간단한 exploit 제작
      - 버그 헌터로 살아가기 위해 집에서 준비해두어야 할 것들

Practical Web Hacking

    강사: silverbug(조주봉)
    제목: Practical Web Hacking
 
    오늘날 일어나고 있는 대부분의 공격방식이 웹해킹을 통한 공격이다.
    웹(HTTP) 서비스는 많은 발전과 새로운 기술로 진화되고 있으며, 그만큼 보안 위협 또한 크다.
    현재 보안 회사의 사업 모델중 하나인 모의해킹의 80%이상이 웹을 통한 모의해킹이다.
 
    [목표]
    웹해킹의 기초와 기본 개념을 설명하고, 실습을 통해 쉽게 웹해킹을 익힐 수 있도록 한다.
    따라하는 웹해킹이 아닌 기본 원리를 알고 해킹해보자.
    해킹 뿐 아니라, 왜 문제점이 일어나는지 알고, 손쉽게 보안할 수 있는 방법에 대해 설명한다.
    아래와 같은 수많은 왜???? 라는 의문을 통해 공격과 방어에 대해 알아보도록한다.
    ...
    왜? 회원정보에 접근하기 전에 패스워드를 다시 묻지?
    왜? IExplorer은 새창 형식이 바뀌었지?
    왜? 다운로드 받을때, 파일명에 특수문자가 임의로 바뀌지?
    왜? ActiveX를 사람들이 싫어할까?
    브라우저는 보안을 위해 무엇을 해주고 있지?
    나는 웹서핑만 했는데? 설마 바이러스에 감염되겠어?
    인터넷에 있는 강좌보고 설정했는데... 왜 공격당했지?
    ...
 
    [목차]
    - HTTP Protocol
    - Server/Client Side Script
    - XSS/CSRF
    - SQL Injection
    - File Upload / File Download
    - LFI/RFI
    - HTTP Authentication
    - Command Injection
    - JavaScript KeyLogger / JavaScript Command Execute
    - Phishing
    - A Simpler Way of Finding 0day
    - 국내 웹 보안의 현실.

1. POC
2. 2011
3. Event

Events of POC2011

# "CD Capture The Flag" by Hackerschool(http://www.cdctf.com)
- A hacking contest for under 13 years old
- This covers hacking, security, programming-algorithm, quiz, etc.
- Qualifying round: October 29, 2011(online, 10:00 ~ 22:00 KST)
- Final round: Nov. 3(in the POC2011 event room, 10:00 ~ 20:00 KST)
 

# "Power of XX" by SISS(http://www.powerofxx.com)
- A hacking contest for only women
- Qualifying round: October 29, 2011(online, 10:00 ~ 22:00 KST)
- Final round: Nov. 3(in the POC2011 event room, 10:00 ~ 20:00 KST)
 
# "Hack The Packet" by Bunny Black(http://www.hackthepacket.com)
- A packet hacking contest based on network traffic dumps
- 1st qulifying: October 18, 2011(online, 19:00 ~ 22:00 KST)
- 2nd qulifying: Nov. 3(in POC2011 event room)
- Final Round: Nov. 4(in POC2011 event room)
 
# "Hack My Mind" by Y0U&M3
- Quiz contest about hacking/security
- Qulifying and final Round: Nov. 3 ~ 4(in POC2011 event room)
 
# "Hand Reversing" by SecurityFirst
- Read printed assembly codes and guess the result!
- Nov.3(in the POC2011 event room)
 
# "Hunt-and-peck Programmer" by SecurityFirst
- You are an excellent programmer, but if you use our keyboard...
- Nov. 3~4(in POC2011 event room)
 
# "Beat the Keyboard & Mouse" by SecurityFirst
- Just beat as strong as you can.
- Nov. 3~4(in POC2011 event room)
 
# "Multiplayer" by Guardian
- Show your web, reversing, cryptography, and programming skill(in the POC2011 event room).
 
# "Power of Chaos" by Layer7
- Just enjoy(in the POC2011 event room)!
 
# "SSLStrip for POC" by gilgil
- SSLStrip captures inbound and outbound HTTP traffic, analyzes in plain text format and notifies that important
  private information can be disclosed.
          

1. POC
2. 2011
3. Speaker

Hubris, "Red Dawn(Analysis of Red Star Linux of North Korea)"

Hubris is retired from the USAF, where he spent his last four years as a Computer, Network, Cryptography, and Telephone Switching Technician (2E2x1). His military qualifications include: Theater Battle Management Core Systems (TBMCS), Fedora System Administration, Sun Solaris, Combat Communications, Equipment Control Officer, Wire Dog. Hubris has spoken at Dartmouth University(RF-ID attack vectors, Modern Electronic Warfare), Hope(Hacking Terrorist Networks), Defcon2011(Modern Cyber Warfare), Phreaknic(Social Engineering), Pump-Con(Trolling for Sensitive Information), Toor Camp(Trolling for Sensitive Info).
 
Missions: Global War on Terrorism, Joint Expeditionary Force Experiment, Global Strike, maintained 24 hours Combined Air and Space Operations Center(CAOC)
 
Educating the listeners on the methods used by the elite North Korean hackers to gain access to the systems of the West. To show that North Korea is a serious threat to national security in the realm of cyber space. Demonstrate how to use their proprietary operating system as a attack os. To show the built in features of spyware, and how the enemy uses it to monitor its own citizins in North Korea. Finally how the Red Star Os can be taken over by a malicious user to undermine the Great Leader. For educational purposes only, All copys of Red Star os should be considered rooted by the DPRK!
          

Michael Sutton, "Corporate Espionage for Dummies: The Hidden Threat of Embedded Web Servers"

Michael Sutton has spent more than a decade in the security industry conducting leading-edge research, building teams of world-class researchers, and educating others on a variety of security topics. As Vice President of Security Research, Michael heads Zscaler ThreatLabZ, the research and development arm of the company. Zscaler ThreatLabZ is responsible for researching emerging topics in web security and developing innovative security controls, which leverage the Zscaler in-the-cloud model. The team is comprised of researchers with a wealth of experience in the security industry.
 
Prior to joining Zscaler, Michael was the Security Evangelist for SPI Dynamics where, as an industry expert, he was responsible for researching, publishing, and presenting on various security issues. In 2007, SPI Dynamics was acquired by Hewlett-Packard. Previously, Michael was a Research Director at iDefense where he led iDefense Labs, a team responsible for discovering and researching security vulnerabilities in a variety of technologies. iDefense was acquired by VeriSign in 2005. Michael is a frequent speaker at major information security conferences; he is regularly quoted by the media on various information security topics, has authored numerous articles, and is the co-author of Fuzzing: Brute Force Vulnerability Discovery, an Addison-Wesley publication. Michael holds a Master’s degree in Information Systems Technology from George Washington University and a Bachelor of Commerce from the University of Alberta.
 
Today, everything from television sets to photocopiers have an IP address and an embedded web server (EWS) for device administration. Need to record a show? Start the DVR with a mobile app. Want a digital copy of a previously photocopied document? No problem. While embedded web servers are now as common as digital displays in hardware devices, sadly, security is not. What if that same convenience exposed photocopied documents online or allowed outsiders to record your telephone conversations? A frightening thought indeed.
 
Software vendors have beenforced to climb the security learning curve. As independent researchers uncovered embarrassing vulnerabilities, vendors had little choice but to plug the holes and revamp development lifecycles to bake security into products.Vendors of embedded web servers have faced minimal scrutiny and as such are at least a decade behind when it comes to security practices. Today, network connected devices are regularly deployed with virtually no security whatsoever.

The risk of insecure embedded web servers has been amplified by insecure networking practices. Every home and small business now runs a wireless network, but it was likely set up by someone with virtually no networking expertise. As such, many devices designed only for LAN access are now unintentionally Internet facing and wide open to attack from anyone, regardless of their location.
 
Leveraging the power of cloud based services, Zscaler spent several months scanning large portions of theInternet to understand the scope of this threat. Our findings will make anybusiness owner think twice before purchasing a wifi enabled?device. We’ll share the results of our findings, reveal specific vulnerabilities in a multitude of appliances and discuss how embedded web servers will represent a target rich environment for years to come. Additionally, w’ll unveil the latest iteration of brEWS, a free EWS scanner and crowd sourcing initiativedesigned to build a global database of EWS fingerprinting data. Traditionalsecurity scanners largely ignore EWSs and gathering appropriate fingerprinting data is a challenge as most reside on LANs where external scanning is not an option. As such, we are issuing a call to arms to collectively gather and share this information.

Passket, "Some Tricks of Exploiting"

Not Available.

# redhidden, "Summary of Flash File Format & 0-days and Analysis of Real Malicious Flash File Attack"

RedHidden is a security researcher who works for AhnLab. She is excellent at malicious code analysis, network traffic analysis, vulnerability analysis. She is the first woman speaker of POC!
 
The era of APT attack has arrived. APT(Advanced Persistent Threat) is a kind of attack whose main purpose is to steal core information of a specific company or organization through the persistent attack. Especially, the vulnerability of application document is used to attack the internal system with social engineering. In this presentation, she will introduce the structure of Flash file which can be used for APT attack as well as through the web attack, and analyze some important known 0-days. And from the perspective of analyst, she will introduce some techniques how to catch hold of the features of real malicious Flash(swf) files and how to analyze them with demo.

silverbug, "Truth and Falsity of Various Services"

Silverbug is a Security Researcher working in AhnLab, Inc. His main job is to analyze malware and vulnerabilities, and is interested in security threat research. He has participated in Defcon CTF finals and won hacking contests many times. His work and research were presented in POC2009 and POC2010.
 
Silverbug will present various security problems in WIFI and authentication through SNS messages in some web sites and real name authentication. He will also demonstrate jailbroken iOS and Android key/pattern unlock. And he will show CSRF and XSS attacks are easy to launch in some conditions.

vessial, "A New Threat Based on Chinese P2P Network"

vessial is a research scientist in IDT@ McAfee Labs, provide security detection solution for NIPS, focuses on protocol specification analysis, reverse engineering , P2P security research, Botnet & malware detection, mobile security etc.
 
In this presentation, he will disclose how to exploit Chinese biggest P2P network of Thunder launch a large-scale DDOS attack. And from this topic he will introduce the Thunder network architecture, and its design flaw and potential threat. He will let you know the truth with some demos.

x82, "Android Rootkit & Touch Pad Based Keylogger"

X82(You Donghun) is the director of smart platform security lab in Inetcop. He is also on his doctoral program in information security. He has given lectures to various national institutions and in seminars and conferences with various security related topics. He has written and publicized numerous security advisories and POC exploits since 2002. He also worked for SNOSOFT as a security advisor checking their security advisories and writing exploits. Check his website for more information.
 
We have seen various linux kernel hooking techniques of some pioneers. This presentation covers hooking techniques that can be used in linux kernel based on Android platform using ARM(Advanced RISC Machine) process. This presentation is composed of three parts. First part is the 4 hooking techniques that can be used on ARM linux kernels on any machine. Second one is about transforming existing linux kernel rootkit into a smart phone rootkit. The last part is how to access kernel via kmem device. It is necessary because the rootkits only work on certain version of kernels. The mottos of the presentation are 'smart' and 'simple'. He focuses on hooking by modifying the least kernel memory and by taking the simplest way. In addition, Touch pad keylogger that can be used on Android linux will be explained.

Xu Hao & Chen Xiaobo, "Rootkit for iPhone & Ways to Launch a Real Attack"

Chen Xiaobo is a research scientist of McAfee Labs. He participated in computer security since 2000, working on Scanner, HIPS products. Now he mainly focuses on vulnerabilities/new technologies for vulnerability exploitation and iOS exploitation.
 
Xu Hao now focuses on OSX/iOS software development and security research. Also he has more than 5 years experience on Windows security research. Main research areas: OSX/iOS/Windows security, Rootkit and malware, hardware virtualization technology, reverse engineering, smart card & PKI.
 
In this topic we will firstly introduce how to develop rootkit for iOS. The functions of rootkit will include retrieving location and key logger. We show the technique how to implement a backdoor in kernel level. After that, we intend to demonstrate way to install rootkit. So in this part, we take JBM3 as example. We will analyze the vulnerability used by it and show how to rewrite the exploit to install our rootkit. At the end, the DEMO will be shown.

Yaniv Miron, "SCADA Dismal, or, Bang-bang SCADA"

Yaniv Miron is an information security consultant and researcher currently working at "IL Hack" as a security consultant and researcher for major organizations. Yaniv is a senior instructor at the "IL Hack Institute" that teaches hacking classes in Europe. Yaniv is the founder of the largest Israeli hacking convention - IL.Hack. Yaniv is certified as a CISO from the Israel Institute of Technology and a Certified Locksmith. Yaniv spoke at security and hacking conferences all around the world (BlackHat/SyScan/CONFidence/HackerHalted/OWASP/IL.Hack…). Yaniv is highly skilled with hands on penetration testing and security research and found many security vulnerabilities (Microsoft/Oracle/IBM…).
 
Water, Oil, Nuclear, Electric, The air you breathe, wouldn’t it be fun to hack into it? In this presentation I will show you the ease of hacking into the systems that runs our lives (SCADA - Supervisory Control And Data Acquisition), how weak are their protocols and how lame they are deployed. If you wanna play with the big boys systems - be in this SCADA hacking talk. A new tool will be reveled in the talk.

zwell, "Introduction about the Unique Web Hacking Techniques of Chinese Hackers"

zwell is the author of Pangolin(a sql injection test tool), and author of JSky(a web vulnerability scanner), and author of iiScan(first free online web security scanner of the world). He founded NOSEC. LTD. Now he works at Qihoo 360.
 
zwell will analize his famous SQL Injection tool, Pangolin in detail. And he will present  web security testing techniques. In addition to these, he will talk about Chinese web security situation. He will also discuss what we can do together.

1. POC
2. 2011
3. Sponsor

Sponsors

Supporting Friends