POC2007 - Power of Community
Archieves of POC2007
:: Admission Card of POC 2007 ::
:: Opening Movie of POC 2007 ::
You can see the movie if you click here.
This movie was made by Sung Joon-young of NSHC. Thank you, Joon-young!
:: Technical Section ::
:: Open Source Speakers ::
* Videos are not available right now, but will be uploaded some day.
* The some detailed articles of the conference book "WeAreHackers" will not open to the world.
You can get the book only in the conference place.
:: Some Stuffs for Break Time ::
:: Pictures of POC 2007 ::
:: Sponsors of POC 2007 ::
:: Special Thanks ::
Thank you, Casper(Xcon), Kana(Black Hat Japan), and Thomas(SysCan) for your concern and help!
Let's enjoy drinking soju one more time. ^^
:: Mook "Hacking & Security"(1st) ::
Speakers of POC 2007
:: Technical Section ::
Arranged in Alphabetical order...
• AmesianX, "How to Implement COM Monitor(tracing COM modules in real-time)"
AmesianX is the administrator of powerhacker.net. He enjoyed the CTF of Defcon 15 as a member of Song of Freedom team.
AmesianX will show you the way to monitor important information through the real-time COM hooking. And he will also demonstrate how to implement advanced COM worm using this technique.
• @tlas, "VulnCatcher: Fun with Vtrace and Programmatic Debugging"
@tlas is the leader of the Defcon 14, 15 CTF winner team 1@stPlace.
Many hours are spent researching vulnerabilities in proprietary and open source software for each bug found. Many indicators of potential vulnerabilities are visible both in the disassembly and debugging, if you know what to look for. How much can be automated? VulnCatcher illustrates the power of programmatic debugging using the VTRACE libraries for cross-platform debugging.
• Casper, "Forensics and Anti-Forensics"
He will discuss forensics and anti-forensics. Casper is the 'real' keynote speaker of POC2007.
• Daiki Fukumori, "Attacking Web2.0"
He reported vulnerabilties more than 100 in 2006.
In this presentation, what changes has occured and what kind of vulnerabilities we have in the world of Web2.0 will be overviewed, will show the attacking method and its countermeasures. As a result, we all recognized again that Web2.0 has been constracted on the cloud of vulnerabilities. He will show the following:
* Attacking Browser Restriction (Cross Domain Policy)
* Attacking Blog and Wiki
* Attacking RSS Software
* Attacking Other Web2.0 Software
* Defending Web2.0
• Dave Aitel, "Writing exploits using Immunity Debugger"
Dave Aitel has worked at the US National Security Agency, the consulting firm @stake (now Symantec), and is the founder and CTO of Immunity, Inc. He is best known for vulnerability research and is the author of the SPIKE fuzzer creation suite. Immunity is a Miami Beach based information security company who's flagship product CANVAS is used by penetration testing groups around the world.
Dave will go over heap overflows and writing scripts and a few other things that Immunity Debugger can do that other debuggers can't.
• Hendrik Scholz, "Hacking VoIP Routers"
Hendrik Schols is a VoIP developer and systems engineer at Freenet Cityline in Kiel, Germany.
Hendrik will introduce the world of VoIP/SIP enabled Integrated Access Devices(IADs, i.e. you DSL router). After a description of their embedded features and issues, the talk will outline the general approach to attack these devices: Location devices, identification and the final attack. The main part of the talk depicts attacks that we found during research as well as by operating large networks based on various devices. Attacks include SPIT attacks, information leaks as well as the ever popular crash. He will open unreleased 0day attacks.
• i3eat, "Hacking with Nintendo DS"
i3eat is a member of Security First at Department of Information Security Engineering, SoonChunHyang University and padocon. Padocon is a university hacking and security research group.
He will present the ways you can use NDS(Nintendo DS) as a hacking tool. He will show you the following:
* Remote attack and control against vulnerabilities
* LAN(local area network) DoS attack
He will talk about some potential attack scenarios and protection ways, too.
• Linzi(Reserved Speaker), "Another idiosyncratic attack"
Linzi is a researcher of HuaYongXingAn Science Technology Co., Ltd in China. He focuses on popular and newest research about hacking and security technology His main work is source reviewing and pentest
With a rapid development of network security, more and more network attacks tend to redirect their real attacks to application layer today, comparing with the hacking of system vulnerabilities several years ago. This topic mainly discusses how to keep away from conventional and unconventional attacks by hackers through several attack methods adopted by hackers.
• silverbug, "The Ways to Hack your Cell Phones"
silverbug works for AhnLab.
He will show you how to hack your cell phone. You will come to know how to recover deleted phone numbers, deleted messages, and how to control the games running on the cell phone. Even more, you will see how to access the password of cell phone. And he will show how to implement a tool for hacking cell phones.
• Sun Bing, "VMware 0day or Bios Boot Hijacking "
Sun Bing is a Chinese inforamtion Security researcher and has more than 7 years of experinences in Windows kernel and information security techniques research and development, especially with deeply delving into buffer overflow prevention, rootkit detection, firmware security and, x86 virtualization.He has spoken at several security conferences, such as Xcon 2006 and 2007, POC2006, EuSecWest2007, Black Hat Europe 2007, Syscan2007 etc.
He will be able to speak about his research of VMware 0day or Bios Boot Hijacking. Which subject do you want him to speak about? It's up to him.^^
:: Open Source Section ::
• GilGil, "SnoopSpy 2(Advanced Network Hacking & Security Tool)"
GilGil is a freelancer programmer. He will release a program named "SnoopSpy 2" which is a packet capturing network security tool. By using SnoopSpy 2, you can do the following things.
* password sniffing on SSL web browser
* text sniffing on SSH client
* sniffing chatting contents of messenger on cipher protocol
* VoIP sniffing and phishing
* FPS game hacking
* XSS cookie capturing on other web client(for additional)
This tool will be released to the world after POC2007 in this page.
• Grugq, "Hacking Sucks: Presentation the Hash Hacking Harness"
Grugq has been at the forefront of forensic research and VoIP security. He is also a writer of Phrack magazine.
He will present a new penetration testing assistance tool to bridge the gap between vanilla command line hacking and graphical exploit environments. This new tool provides progmmatic control to normal shell interactions. Utilising this powerful building block, based on Python and incorporating Expect-like functionality, this tool enables numberous new capabilities for todays's systems security analisyt. Several bundled modules exit, including:
* Anti forensic trace-free remote execution of scripts and binaries
* Inline safe file transfer(no more uuencode + cate!)
* Aliases for common post-login commands(e.g. 'unset HISTFILE')
* Sanity checks for $PATH and $LD_PRELOAD
It can be easiliy extended via the plugin system.
POC2007 Conference Schedule
# Sponsors of POC2007
Please contact "pocadm at gmail.com" if your corporation is interested in the sponsorship of POC2008. We will post the banner of your corporation in the web site of POC forever. And we will give you a chance for you and your company to show your possibility and to advertise your products. Your sponsorship will be quite helpful to upgrade the image of your corporation.
# Supporting Friends
Copyright(c) 2006 ~ 2009 Powerofcommunity All rights reserved.