POC2009 - Power of Community

Home | Notice | Speakers | Schedule | Register | Training | Venue  | Events | PastCon | Contact


# Archieves of POC2009

 Sionics & kaientt

  7.7 DDoS: Unknown Secrets & Botnet Counter Attack



 Xu Hao

  Attacking Certificate-based Authentication System & Microsoft InfoCard



 Stefan Esser

  Shocking News in PHP Exploitation




  Analyzing VMware Operating System & Detecting Rootkit from Outside



 Tielei Wang

  Detecting Integer Overflow Vulerabilities in Binaries




  Vulnerability Discovery with Happy Reverse Engineering



 Moti Joseph

  Microsoft Patches Little Sister But Forgets Big Brother



 Raditya lryandi

  Hacking Satellite: New Universe to Discover



 Alexander Sotirov

  Bypasssing Memory Protection on Windows 7



 Sandro Gauci

  When the Internet & Telephony Mix: Security Flaws in VoIP Systems



  Analysis of Reverse Engineering Contest Files



  Topic That Can't Be Here, But Interesting...


* Videos are not available right now, but will be uploaded some day.


# Pictures of POC 2009 



# Speakers of POC 2009

* Alexander Sotirov, "Is Exploitation Over? Bypassing Memory Protections on Windows 7"

     Alexander Sotirov is an independent security researcher with more than ten years of experience with vulnerability       research, reverse engineering and advanced exploitation techniques. His most recent work includes exploiting MD5       collisions to create a rogue Certificate Authority, bypassing the exploitation mitigations on Windows Vista and       developing the Heap Feng Shui browser exploitation technique. His professional experience includes positions as a       security researcher at Determina and VMware. Currently he is working as an independent security consultant in New       York.


     He is a regular speaker at security conferences around the world, including CanSecWest, BlackHat and Recon.      Alexander is a program chair of the USENIX Workshop on Offensive Technologies and is one of the founders of the      Pwnie Awards.


    The difficulty in exploitation of memory corruption vulnerabilities has increased significantly with the introduction of     the exploitation mitigation features in modern operating systems. The combination of GS stack cookies, SEHOP, ASLR     and DEP in Windows 7 in theory prevents almost all cases of control flow modification in a vulnerable application.     Vulnerabilities on Linux and the iPhone are also much more difficult to exploit than they have been at any point in the     past.


     Is exploitation over? This presentation will discuss the challenges facing exploit developers on hardened systems

     today and will outline the most promising directions for future exploitation research. I will focus not on failure of      common software to opt-in into the protections, but on the future of exploitation assuming that all current      protections are universally applied.



* MJ0011, "Analyzing VMWare Operating System and Detect Rootkit from Outside"

       MJ0011 is working at 360safe as a kernal security researcher and windows driver engineer. His long time        experiences on windows kernel security , Rootkit / Anti-Rootkit,reverse engineering,kernel mode vulnerability        attack & defense, enables him to provide  more 200 million 360safe users with stable kernel-level safety protection        product. He uncovered many kernel secuirty vulnerabilites and faults in Windows operating systems including        Windows XP and Windows 7. At Xcon2008 he introduced Tophet, a Bootkit with multi high-level attacking methods.


       This presentation will present a mechanism to analyse VMWare's inner operating system from outside and        detect Rootkit in it. This method, which does not depend on any interface or backdoor provided by VMWare, can        stably hidden detect and clear Rootkit outside the operating system . What will also be introduced here includes the        method to read and write the physical memory of Vmware virtual machine at run time and how to achieve the        complete Rootkit detection function using this method such as detect and dump of the hidden kernel module, detect        and terminate hidden process,detect and clear inline hook and object hook. A Rootkit detecting tool, WMXARK,        based on the Vmware virtual machine's memory access library will be published for the first time. WMXARK will        implement the complete Anti-Rootkit function towards the inner operation system of VMWare virtual machine.


* Moti Joseph, "Microsoft Patches Little Sister But Forgets Big Brother"

       Moti Joseph has been involved in computer security since 2000. For the past 9 years, he has been working on        reverse engineering exploit code and developing security products . was a speaker in Blackhat USA 2007 &        ShakaCon Security Conferences and he is currently a Senior Security Researcher with Websense Security Labs.


         In this presentation, some past 0-day exploits and the easy way to hunt 0-days will be introduced. And the        speaker discuss how software vulnerabilities are found and something about 0-days.


* Raditya lryandi, "Hacking VSAT: Play around with Physical till Session Layer"

      Raditya Iryandi has been a technology junkie since he was a teenager. He loves dealing with telecommunication        systems such as satellite, Wi-Fi and modern phreaking. Recently he joined Bellua Asia Pacific as an information        security consultant. Prior to joining Bellua, he was Technical Director at C2PRO Consulting.


       Since mid 1950s, satellite communication systems have made enormous advances in capability and        performance. Internet access over satellite, digital content distribution, wide area network (WAN) connectivity,        video teleconferencing, distance learning, and telephony services sent over satellites have become integral to our        society. Unfortunately, security has not kept pace and the current satellite systems are vulnerable to a variety of        attacks.


* Sandro Gauci, "When the Internet and Telephony Mix: Security Flaws in VoIP Systems"

      Sandro Gauci is the owner and Founder of EnableSecurity where he performs R&D and security consultancy

       for mid-sized companies. Sandro has over 9 years experience in the security industry and is focused on analysis of        security challenges and providing solutions to such threats. His passion is vulnerability research and has previously        worked together with various vendors such as Microsoft and Sun to fix security holes. Sandro is the author of the        free VoIP security scanning suite SIPVicious, VOIPPACK for CANVA and VOIPSCANNER.com



       This presentation will describe security flaws in VoIP systems that are exposed on the Internet. Such issues can be        remotely exploited by attackers operating from the safety of their home. He will explore security vulnerabilities that        may seem to be valid features of the system. Apart from theoretical attacks, He will also look at how some of these        security holes are being abused by attackers for profit.



* Sionics & kaientt, "7.7 DDoS: Unknown Secrets & Botnet Counter Attack"

      Sionics is a security researcher of the global anti-virus company, Hauri. He is on the alternative military         service with the technical research personnel. His main concerns are reverse engineering and vulnerability         analysis. Now, he is doing research in the field of recent security threat analysis and proactive response.


        kaientt is a student of department of information security engineering of SoonChunHyang university and a         member of SSM(Samsung Software Membership). He was also a speaker of DISC2009 and ISEC2009.


       This presentation will give a brief description of 7.7 DDoS attack and a detailed analysis of attack codes which was        used in 7.7 DDoS attack. The different communication protocol types of three malicious codes and the features of        7.7 DDoS attack will be explained in details through the restoration of source codes. And the condition and total        process, and organic relationship of the malicious code operation will be explained. In addition, background history        of 7.7 DDos will be given.



* Stefan Esser, "Shocking News in PHP Exploitation"

       Stefan Esser is best known in the security community as the PHP security guy. Since he became a PHP core        developer in 2002 he devoted a lot of time to PHP and PHP application vulnerability research. However in his        early days he released lots of advisories about vulnerabilities in software like CVS, Samba, OpenBSD or Internet        Explorer. In 2003 he was the first to boot linux directly from the harddisk of an unmodified XBOX through a buffer        overflow in the XBOX font loader. In 2004 he founded the Hardened-PHP Project to develop  a more secure version of        PHP, known as Hardened-PHP, which evolved into the Suhosin PHP Security System in 2006. Since 2007 he works as        head of research and development for the german web application company SektionEins GmbH that he co-founded.        He was a speaker of POC2008 and Black Hat USA 2009.


      Remote code execution vulnerabilities in modern PHP applications have become more difficult to find and exploit due       to better education of developers and the wide adoption of Suhosin, web application firewalls and other PHP       environment hardening. E.g. the class of remote file inclusion vulnerabilities is practically dead in modern PHP       installations.


      This talk will demonstrate how a well known class of PHP application vulnerabilities that is widely believed to be

      a DoS vulnerability only, can result in arbitrary PHP code being executed. Furthermore it will be demonstrated how       attacks on PHP applications can be tunneled through web application firewalls like mod_security with ease,

      bypassing the whole rule engine. And last but not least we will take a look at the recently introduced protections       against interruption vulnerabilities in PHP and how it is still possible to perform post exploitation tricks as presented       at Syscan and Blackhat.


      Stefan Esser will show a PHP application 0-day, a mod_security bypass 0-day, and 0-day tricks to still perform       interruption vulnerabilities.


* Tielei Wang, "Detecting Integer Overflow Vulnerabilities in Binaries"

       Wang Tielei , PHD of Peking University institute of computer, is interested in web and information security,        especially in the discovery of binary vulnerabilities and the analysis of malicious code. He had made a speech

      on NDSS’09 about the technical of detecting integer overflow vulnerability in binary program. And he was the        first one, came from China mainland and gave a speech at NDSS as the first author affiliation.


       The presentation is about the research of detecting integer overflow vulnerability in binary system.

       According to the system the author developed by them own, there were dozens of zero-day integer         overflow vulnerabilities in several popular software packages had been detected. Some of them have been        released via VUPEN and Secunia and been collected into CVE.



* Tora, "Vunerability Discovery with Happy Reverse Engineering"

      Tora is a reverse engineer and computer forensic analyst currently working in Spain, but probably he's better         known as the captain of the Sexy Pandas. He's been doing RCE since the late 90's and in the last few years he's

        been working on RCE-helper tools and analysis automation.


      There are several methods to analyze binaries and look for security vulnerabilities. We can fuzz protocols or         file formats, we can diff security patches or we can reverse engineer the binaries. In this talk we will focus on the         third option, and how we can improve our bug finding speed and analysis even when working with big and complex         binaries.



* Xu Hao, "Attacking Certificate-based Authentication System & Microsoft InfoCard"

      Xu Hao graduated from Information Security Department of Shanghai Jiaotong University. Now he works on        developing information security products and researching advanced security technology. He began to focus on        researching information security technologies five years ago, the main direction of research: Windows kernel,        Rootkit and malware, hardware virtualization technology, reverse engineering, smart card & PKI. And he has        spoken at XCon2008, XCon2009.


      Authentication system is widely used to control user access authority. Individuals, companies, governments need

     the authentication system to protect sensitive information. Username and password authentication system is easy to

     implement, but there are many disadvantages of such system. By comparison, certificate-based authentication      system and Microsoft CardSpace is thought to be much safer.


      This paper will firstly introduce some basic knowledge about cryptography, certificate, PKI. And then analyzes       local certificate management of Windows, proposes methods to steal certificate and talks about some real cases.       After that, the paper talks about Microsoft CardSpace feature and gives the way to steal personal information card       stored in CardSpace. At the end, the paper describes the concepts of smart card and the components of a smart card       product. The paper also raises the possible way to attack smart card and discusses online bank case.


* linz, alonglog, binoopang, "Analysis of Reverse Engineering Contest Files"


* UK, "Topic That Can't Be Here, But Interesting..."

      This topic will be presented on the last day of POC2009. POC think it's better not to disclose it now.



# Reverse Engineering Contest - Hackers' Dream



   * The contest will start at 08, October, 2009 00:00:00 GMT

   * You can download the files which you must analyze here.

   * You must send me your reporter by 13, October, 2009 24:00:00 GMT

   * Your reporter must be written in English or Korean.

   * The more detailed your reporter is, the higher points you can get.

   * The result will be announced in this page on 16, October, 2009.

      The prize will be given to the top three (teams).

   The winner(s) can be a speaker(s) of POC2009.

       If the winner is a foreigner, POC will give air tickets for him to come to Seoul.

      And he can enjoy all the privileges of speaker.

   * If you have any question, mail me, please.     



- Result


516 unique IPs from the world participated in the contest. AhnLab & POC picked out two teams that submitted complete reports and satisfied the standard POC. The two highest rank teams are as follows:


#1. linz, alonglog, binoopang(IS119 team of Chonnam National University)

#2. JZ, Maple






One of these teams will present it's analysis in POC2009. The team will have all the privileges of POC2009 speaker. And the 5 members of these teams will be invited to POC2009 as guests regardless

of the rank.


The report of champion team will be included in POC2009 CD.


Thank you, all participants. May you be a next champion!



* You can download the files here.



# POC2009에 참가한 학생(스탭 포함)을 위한 참가 확인증

스탭 확인증(미래형), 스탭 확인증(과거형)   / 참가 확인증(미래형), 참가 확인증(과거형)


# Sponsors of POC2009

Please contact "pocadm at gmail.com" if your corporation is interested in the sponsorship of POC. We will post the banner of your corporation in the web site of POC forever. And we will give you a chance for you and your company to show your possibility and  to advertise your products. Your sponsorship will be quite helpful to upgrade the image of your corporation.


# Supporting Friends






Copyright(c) 2006 ~ 2009 Powerofcommunity All rights reserved.