POC2008 - Power of Community

Home | Notice | Speakers | Schedule | Register | Training | Venue  | Events | PastCon | Contact


 

# Archieves of POC2008

 Stefan Esser

  Vulnerability Discovery in Closed Source/Encrypted PHP Application

 

 

 GilGil

  VoIP Hacking

 

 

 Mudsplatter

  Physical Hacking and Security Just for Fun

 

 

 Hasegawa

  Attacking with Chracter Encoding for Profit and Fun

 

 

 Ero Carrera

  Analysis and Visualization of Common Packers

 

 

 Grugq

  How the Leopard Hides His Spots: OS X Anti-Forensics Techniques

 

 

 Dual & gotofbi

  Hacking the Cable Modem

 

 

 Xpl017Elz

  New Local & Remote Exploit to Get Over Exec-shield Protection

 

 

 ICBM

  Frontline Report: Fighting Against Malware in China

 

 

 Lukas Grunwald

  ePassport Reloaded, 2 Years After and Still Not Secure

   

 Kuza55

  Same Origin Policy Weakness

   

 Shades

  Analysis of the Contest Files

   

* Videos are not available right now, but will be uploaded some day.

* Kuza55's PPT file will be updated after Xcon2008.

 


# Pictures of POC 2008 

 

 


# Speakers of POC 2008

Dual5651 & gotofbi, "Hacking the Cable Modem"

Dual5651 is a student of Konkuk University. He has been researching rootkit technique on Windows platform and reversing engineering technique. He also runs his own website of reversing engineering and hacking. He was one of main members of 2008 KISA Hacking Defense Contest champion team. He also enjoyed the CTF of Defcon 16 as a member of Taekwon-V team.

gotofbi is a student of British Columbia Institute of Technology(BCIT). He's usually interested in win32 malware's custom packing to avoid from anti-virus. However, he starts to focus on his main interest towards embedded  operating system. He has been actively involved in one of largest modem hacking forum(sbhacker.net) and he is one of moderator as well.

This is something about for internet providers to hide from their customers like ARP Spoofing. They will show how to use internet anonymously and for nothing and will discuss other problems and solution. In addition, the attacking ways oriented from fundamental cable modem structure. will be discussed.


GilGil, "Something New, Unknown, and Critical about VoIP"

GilGil is a freelancer programmer and was a speaker of POC2006 and POC2007.


Grugq, "How the leopard hides his spots: OS X Anti-Forensic Techniques"

Grugq has been at the forefront of forensic research and VoIP security. He is also a writer of Phrack magazine. If you want to know more, ask Google.

This talk will retrace the core anti-forensic techniques and methologies, and show how they can be applied to deafeat forensic analysis of OS X systems. More importantly, this talk will examine how an anti-forensic attacker can move beyond the file system and where anti-forensic data hiding attacks will move in the future.

This talk will include attacks against the OS X file system(HFS+), as well as attacks beyond the file system. There will be 0-day OS X bugs as well as previously unreleased attacks against Microsoft file systems.

If you are a hacker, you'll discover a new world of data storage, and if you're a forensic investigator ... be prepared to never discover anything again.


Hasegawa, "Attacking with Character Encoding for Profit and Fun"

Yosuke Hasegawa is an engineer of NetAgent Co.,Ltd. and was born in 1975. He has received the Microsoft MVP award for Windows Security every year since 2005. He has investigated on the security issues that the character encoding such as Unicode causes. He has discovered a lot of vulnerabilities of various software applications including Internet Explorer and Mozilla Firefox so far, such as CVE-2008-4020, CVE-2008-0416, CVE-2008-1468, CVE-2007-2225, CVE-2007-2227 and so on.

In the world of web-based applications rapidly growing these days, text data in the form of HTML or XML is more widely used than ever. Character encoding here is so important a kind of meta-data for text data that neglecting it often results in serious security flaws.

Even apart from issues concerning web applications, various confusions happen during the transition from legacy encoding schemes such as EUC-JP or Shift_JIS to the latest one namely the Unicode. Such clutters at times could bring about security problems. In addition, tricks related to character encoding is not only an issue in data handling by software but also a human factor issue with its remarkable visual effect, hence providing a robust tool for attackers. This session will sort out security concerns related to character encoding and consider "how" to cope with "what" kind of attack.future.


ICBM(Zhao Wei), "FrontLine Report: Fighting Against Malware in China"

Zhao Wei  is the CEO and co-founder of KnownSec Inc, which is a Beijing-based anti-malware company mostly focused on stopping web malware in China. Prior to founding KnownSec, he was a security researcher at VenusTech and McAfee. He has been actively involved in computer security for nearly ten years, and he has found several vulnerabilities in Windows and Linux software. He has helped China Anti-Malware Alliance a lot in their fight against malware rampancy in China. His focus now is on the most common distribution of malware: vulnerable web browsers and malicious web sites. Because most of the world's malware comes from Chinese web sites, and founders of KnownSec are experts in Chinese security area, KnownSec is the best company to address this problem and make the internet safer for everyone.


Lukas Grunwald, "ePassport Reloaded, 2 Years After and Still Not Secure"

Lukas Grunwald is the CTO and Co-Founder of NeoCatena Networks Inc. NeoCatena provides RFID security solutions and services; their products minimize business risks inherent to RFID technology and offer solutions for industries such as retail, logistics, pharmaceutical, access control and government. pharmaceutical, access control and government. Mr. Grunwald draws on his 15 years of experience in the IT Security field, to specialize in the security of wireless/wired data and communication networks, forensic analysis, audits and active networking.  Mr. Grunwald is often featured in industry publications, such as Wired and RFID Journal. He also participates actively in conferences such as Hackers at Large, Hacking in Progress, Network World, Internet World, Linux World (USA/Europe), Linux Day Luxembourg, Linux Tag, CeBIT and Blackhat Briefings.

The talk will have a look for the new attempts to secure the ePassport, and shows how broken the actual concept still is. It will cover some additional international implementation tries and errors.


Mudsplatter, "Physical Hacking and Security Just for Fun"

Mudsplatter has has worked Network Technician Supervisor (Non-Commissioned Officer) of United States Air Force for 5 years. Now, he works for NSHC. He has technical skills especially in the network hardware, protocols, file transfer, network configurations, network security, and network design.

In United States Air Force, he ensured stability and reliability of Classified and Non-Classified Networks in battlefield situations. And he maintained physical and logical network security by applying all National Security Agency (NSA) policies. He also leaded a team of networking technicians to ensure battle readiness for the Global Strike System in the Combined Air and space Operation Center(CAOC).

He will talk about physical hacking like dumpster diving, locking picking, pretexting, rogue networks, etc and their solutions. He will demonstrate how to do the physical hacking.


Kris Kaspersky, "Reversed Buffer Overflow - Cross Stack Overflow"

Kris Kaspersky.    Living and feeding in the shadows with only his own company, rotting into a solitary of hollow existence, Kris (who actually is a gray mouse, a.k.a. nezumi [japanese], a.k.a. souriz [french], a.k.a achbar/עכבר [Hebrew]) slept, until he had found out this way leads to nowhere. onliness seems like a good idea, until you realize you're going to spend it alone and a sort of death will happen. that in the end we are alone, and there is nothing but the cold, dark wasteland of eternity. just the endless procession of days, months... years. out of the cold, dark wasteland of eternity, kris only have himself. and his computers (six boxes). and telescopes (three). and the sky with thousands stars. the dark and clean sky of the far-far-far from civilization place hosts souriz's den (the lab). disassembling, debugging, reversing, kind of "this is not something I _do_ this is something I _am_". sort of "always seeks the answer, but only fins more questions".

Ever felt a great depression? "the pulse" film describes it: "…like a bullet from behind, something dark, something coming through me, so fast, just like an arrow and the last thing you ever want is for it to get to you. I don't know what it is, but it grabs ahold, it takes your will to live. everything that made you, you is gone. you don't want to talk, you don't want to move. you're a shell. it spreads all over your body, and your body dies right out from under you, and the next thing you know, you're just a pile of ash!" – this is exactly what I was feeling for years. but... suddenly something has happened. something has changed. kris is remaining in the shadows, but now it's different. this is why I've decided to appear on the conference.

Well, who I am? um, honestly, I don't know. had I self-identify it would be my job. no, not the reversing. this is just a hobby. I'm unemployed or self-employed or... whatever else. I used to refer myself as an independent consultant, writer, journalist, free-lancer, etc. I've published a lot of books and going to publish much more. I love to share my knowledge with people, this is why I'm writing books, lecture RE-courses for a free and do many other things

Currently, I'm working (remotely) for Endeavor Security, Inc (a major signature provider) where I've met the best RE-team and found almost unrestricted freedom, which is very rare in nowadays business world.

OK, unofficial part is over. time to be more ceremonial. Well, the style of writing has been turned to the formal channel, where Kris Kaspersky is 32 years old unmarried man, who has over 15 years of software engineering and reverse engineering experience. He has published more than 20 books about system programming and has been translated to English, Chinese, and Polish. He has published more than 300 articles for magazines print. Kris' most recent books are here.

For decades, hackers have been overflowing the stack only in one direction: from lower to higher addresses. Yesterday it worked and today it doesn't – modern compilers, OS, CPU has presented many protection techniques designed to prevent buffer overflow. They have mitigated it to a certain extent. Integer overflow is fighting for dear life, but the battle has almost ended. Too bad for hackers. The good news is that – the death is not the end, since everything has two ends. With regards to the stack it is the top and the bottom.

Have you ever tried to perform buffer overflow in reverse direction? Have you thought that consuming the heap might cause stack overflow? Have you heard about red and yellow guard pages (speaking in the DEC's terms)? Have you wondered how to bypass stack overflow protection to overwrite the stack of another thread or the neighboring heap block?

So, what's it all about? Well, it's about the land that nobody is aware of. It's about secure programming, stack overflow exception handling (nobody, I mean _nobody_ does it right), cross-stack attacks, recursive stack overflow and stuff. This is something really new – something you have not knew before.

This speech is based on my own researches with a little help of Iouri Kharon (the greatest and smartest person ever: co-author of IDA-Pro, creator UniLink linker and win32 emulator – Doswin32) and Chris Weber (Casaba Security). Partially the material has been published by "XAKEP" (a Russian magazine), but never been completely disclosed before.


kuza55, "Same Origin Policy Weakness"

kuza55 has been an active member of the web application security research community for the past several years, publishing several papers and presented his findings recently at the 24th Chaos Communications Congress and Bluehat v7. Alex is an Associate at SIFT where he gets paid to break things, and more importantly in his spare time as an independent security researcher, breaks things for the fun of it.

The Same Origin Policy is the most talked about security policy which relates to web applications, it is the constraint within browsers that ideally stops active content from different origins arbitrarily communicating with each other. This policy has given rise to the class of bugs known as Cross-Site Scripting (XSS) vulnerabilities, though a more accurate term is usually JavaScript injection, where the ability to force an application to echo crafted data gives an attacker the ability to execute JavaScript within the context of the vulnerable origin.

This talk takes the view that the biggest weakness with the Same Origin Policy is that it must be implemented by every component of the browser independently, and if any component implements it differently to other components then the security posture of the browser is altered. As such this talk will examine how the 'Same Origin Policy' is implemented in different circumstances, especially in active content, and where the Same Origin Policy is not really enforced at all.


Stefan Esser, "Vulnerability Discovery in Closed Source/Encrypted PHP Application"

Stefan Esser is an independent Security Consultant, that is well known in the security community  for his advisories about popular Open Source Software packages like Linux, NetBSD, Samba, Cyrus IMAPD, Gaim, Ethereal, CVS, Subversion, MySQL and PHP. He is also known as the first who completely broke the DRM of the Microsoft XBOX with software only exploits. Visit the web site.


Shade, "The Analysis of the Contest Binaries"

The winner  will show his(her) analysis about malware, spyware, new kind of web script, traffic packet file, and a binary for common reverse engineering analysis. You can see and learn the winner's skill of reverse engineering.


Xpl017Elz, "New Local & Remote Exploit to Get Over Exec-shield Protection 2"

 

 


# POC2008  Conference Schedule

First Day (Nov 13)

08:00 ~09:00

  Registration

09:30 ~10:30

  Stefan Esser, "Vulnerability Discovery in Closed Source/Encrypted PHP Application"

11:00 ~12:00

  GilGil, "Somthing New, Unknown, and Critical about VoIP Hacking"

12:00 ~13:00

  Lunch

13:00 ~14:10

  Mudsplatter, "Physical Hacking and Security Just for Fun"

14:20 ~15:30

  Hasegawa, "Attacking with Character Encoding for Profit and Fun"

15:40 ~16:50

  Ero Carrera, "Analysis and Visualization of Common Packers"

17:00 ~18:10

  Grugq, "How the Leopard Hides His Spots: OS X Anti-Forensics Techniques"

 

Second Day (Nov 14)

09:10 ~10:10

  Dual5651 & gotofbi, "Hacking the Cable Modem"

10:20 ~11:10

  Xpl017Elz, "New Local & Remote Exploit to Get Over Exec-shield Protection"

11:20 ~12:30

  ICBM, "FrontLine Report: Fighting Against Malware in China"

12:30 ~13:30

  Lunch

14:00 ~15:10

  Lukas Grunwald, "ePassport Reloaded, 2 Years After and Still Not Secure"

15:30 ~16:40

  Kuza55, "Same Origin Policy Weaknees"

16:50 ~18:00

  Shades, "Analysis of the Contest Files"

18:00 ~18:30

  Closing Ceremony

19:00 ~21:00

Dinner Party for speakers, guests, participants, and staffs

*Kris kaspersky was going to present, but he got pneumonia. So he canceled before 2 days before POC2008. POC is sorry about that. However, he gave his presentation file before. Thank you, Kris.

 


# Result of Reverse Engineering Contest - Hackers' Dream

1095 unique IPs participated in the contest. They are from 19 countries.

The three highest rank teams are as follows:

 

#1. PHin3h45, Externalist, Graylynx

#2. eew & de(Dobong Information Industry School, Sunrin Internet School)

#3. shades(Samsung SDS)

 

Congratulation!

 

One of these teams will present it's analysis in POC2008. The team will have all the privileges(round tickets, speaking fee, etc) of POC2008 speaker. The members of these teams will be invited to POC2008 regardless of presentation. The champion will receive "Dream Bag" from AhnLab. The members of higher rank teams will also have a chance to get a job if they want to.

 

POC expects much more teams will participate in "Hackers' Dream" contest next year. If you are sure to be the champion of "Hackers' Dream" next year, prepare your visa(if you need).

 

The report of champion team will be included in POC2008 CD.

 

Thank you, all participants. May you be a next champion!

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* You can download the files here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


# POC2008에 참가한 학생(스탭 포함)을 위한 참가 확인증

스탭 확인증(미래형), 스탭 확인증(과거형)   /   참가 확인증(미래형), 참가 확인증(과거형)

 


# Sponsors of POC2008

Please contact "pocadm at gmail.com" if your corporation is interested in the sponsorship of POC2008. We will post the banner of your corporation in the web site of POC forever. And we will give you a chance for you and your company to show your possibility and  to advertise your products. Your sponsorship will be quite helpful to upgrade the image of your corporation.


 

# Supporting Friends

                                 


 

 

 

 


Copyright(c) 2006 ~ 2009 Powerofcommunity All rights reserved.