Schedule for 2008

Thursday Oct 16, 2008
08:30 Registration and Morning Coffee
09:00 Opening Words, Tomi Tuominen
09:15 Keynote: The Bitter Tale of Desktop Security: Our 35-year War
Ivan Krstić
10:15 Coffee
10:30 Keynote: The Bitter Tale of Desktop Security: Our 35-year War
Ivan Krstić
11:30 Lunch
12:30 SUN BURNS - Java Insecurities
Joakim Sandström
nSense
Evolution of Kernel-Mode Malware
Kimmo Kasslin
F-Secure
13:30 Break
13:45 SUN BURNS - Java Insecurities
Joakim Sandström
nSense
Evolution of Kernel-Mode Malware
Kimmo Kasslin
F-Secure
14:45 Coffee
15:00 A Day in the Life of a Hacker
Adam Laurie
17:00 Closing Words for the 1st day, Tomi Tuominen
17:15 Cocktails & Networking
19:00 Cocktails & Networking ends

Friday Oct 17, 2008
08:30 Morning Coffee
09:00 Opening Words, Tomi Tuominen
09:15 Technical Introduction to the Ecosystem and Motivation of Modern eCrime
Peter Kruse
CSIS
Investigating Mobile Phones for Malware and Spying Tools
Jarno Niemelä
F-Secure
10:15 Coffee
10:30 Technical Introduction to the Ecosystem and Motivation of Modern eCrime
Peter Kruse
CSIS
Investigating Mobile Phones for Malware and Spying Tools
Jarno Niemelä
F-Secure
11:30 Lunch
12:30 Sockstress - The Saga Continues...
Jack C. Louis, Robert Lee
Outpost24 AB
13:30 Break
13:45 Iceberg Incorporated - A Peek Under the Surface of the Criminal Enterprise
Juhani Eronen, Jani Kenttälä and Lari Huttunen
Now you see it, Now you dont - Obfuscation for fun and profit!
Nishad Herath
Novologica
14:45 Coffee
15:00 Encrypting the Internet - a Modest Proposal
TiAMO and olleB
Solving the T2'08 Challenge
Nishad Herath
Novologica
16:00 Closing Words, Tomi Tuominen
16:00 Conference Ends

Keynote: The Bitter Tale of Desktop Security: Our 35-year War

Ivan Krstić


It's 2008. About 75% of all corporate machines are infected with at least one piece of malicious code. We're seeing the emergence of weapons-grade botnets, designer trojans, smart mobile malware, and the graduation of the black hat community from what was once a ragtag army of rebels without a cause to a group of well-paid professionals engaging in research-quality work to rake in profits and evade detection. The entrenched players in the security industry have been predictably slow to respond. Now, seemingly bewildered by the new security landscape, they are increasingly finding salvation in restrictive new systems that threaten to transform your computer into little more than a glorified abacus -- while the security model they're still espousing is 35 years old.

There must be a better way: this session will turn to history and explain how we dug ourselves into the present predicament, and then look at Bitfrost, the One Laptop per Child security system, and a host of other promising approaches for lessons on how we might dig ourselves out.

Ivan Krstić is a software architect and researcher currently on leave from Harvard University. Until recently, he worked as director of security architecture at One Laptop per Child, an education non-profit that aimed to produce a $100 laptop for children in the developing world. Prior to that, Ivan served as director of research at the medical informatics laboratory of a European children's hospital, tackling infrastructure and security problems in wide-scale digital healthcare.

Ivan is deeply involved in open-source and free software, co-authored the best-selling Official Ubuntu Linux Book, and specializes in architecture and security of large distributed systems. He has consulted on both matters for some of the largest websites on the Internet. Described by Wired magazine as a "security guru", in 2007 the MIT Technology Review named him one of the world's top innovators under the age of 35 for his work on the OLPC security platform, Bitfrost. Recently, eWEEK declared him one of the top three most influential people in modern computer security, and one of the top 100 in all of IT.


SUN BURNS - Java Insecurities

Joakim Sandström @ nSense


Demonstration of common design flaws and insecurities in java and java applets. How java can go wrong, and exploitation of when it does. Included in the presentation:

  • Analysis of java runtime environments & frameworks - how they affect the security of applications.
  • How NOT TO use java
  • Exploitation tools & techniques
  • Sploiting.. someone's applet(s) =)

Joakim Sandström is the founder and Chief Technology Officer of nSense. A typical day at the office includes vulnerability assessments for the Nordic financial market and developing automated vulnerability assessment tools.


A Day in the Life of a Hacker

Adam Laurie


Adam Laurie is a White Hat Hacker who spends his time travelling from country to country speaking and training at international conferences and providing consultancy to his clients around the world. But what does he do in his spare time? How does a hacker keep himself busy whilst wide awake in a foreign land, in the middle of the night and in the wrong time zone? What can he find of interest in random hotel rooms and business centres to keep him from going crazy? Is the ATM in the lobby secure? How about the hotel TV? The room safe? The door entry system? The mini bar?

So many toys, so little time...

Adam Laurie is a freelance security consultant working the in the field of electronic communications. He started in the computer industry in the late Seventies, working as a computer programmer on PDP-8 and other mini computers, and then on various Unix, Dos and CP/M based micro computers as they emerged in the Eighties.

He quickly became interested in the underlying network and data protocols, and moved his attention to those areas and away from programming, starting a data conversion company which rapidly grew to become Europe's largest specialist in that field (A.L. downloading Services). During this period, he successfully disproved the industry lie that music CDs could not be read by computers, and, with help from his brother Ben, wrote the world's first CD ripper, 'CDGRAB'. At this point, he and Ben became interested in the newly emerging concept of 'The Internet', and were involved in various early open source projects, the most well known of which is probably their own ”Apache-SSL” which went on to become the de-facto standard secure web server.

Since the late Nineties they have focused their attention on security, and have been the authors of various papers exposing flaws in Internet services and/or software, as well as pioneering the concept of re-using military data centres (housed in underground nuclear bunkers) as secure hosting facilities.

Adam has been a senior member of staff at DEFCON since 1997, and also acted as a member of staff during the early years of the Black Hat Briefings, and is a member of the Bluetooth SIG Security Experts Group and speaks regularly on the international conference circuit on matters concerning Bluetooth security.

He has also given presentations on forensics, magnetic stripe technology, InfraRed and RFID. He is the author and maintainer of the open source python RFID exploration library 'RFIDIOt', which can be found at http://rfidiot.org.


Evolution of Kernel-Mode Malware

Kimmo Kasslin @ F-Secure


A few years ago kernel malware were simple pieces of code whose purpose was to perform a specific task on behalf of the main malware component. They were most often used as rootkits to hide files, registry entries and network connections belonging to the main payload. They were not packed or obfuscated and their analysis was easy if the analyst was familiar with kernel-mode code and tools.

Since then things have changed. Full-Kernel malware have now entered the scene and this presentation will go through some of the most important developments that have had a big impact on the evolution of kernel malware.

Kimmo Kasslin is working for F-Secure Corporation as a Research Manager. He joined F-Secure in 2005 and was part of the team that created BlackLight, one of the worlds first anti-rootkit engines. Kimmo is a known researcher in the field of Windows rootkits and modern stealth malware.

He has made presentations in VB and AVAR conferences. His latest research interest has been in the emerging threat of kernel-mode malware.


Now you see it, Now you dont - Obfuscation for fun and profit!

Nishad Herath @ Novologica


Obfuscation has most definitely left the barn. It has left the murky waters of DRM and exploded into the general computer security world with a bang.

While the good guys are using obfuscation to keep prying eyes away from their code, bad guys are also resorting to ever more interesting methods of obfuscation at an alarming rate. The bad guys just cannot seem to get enough for the cybercrime gravy train.

In this presentation, we are going to explore some of the more interesting pockets of obfuscation as it stands today and also look at some of neat tricks which could help the good guys stay ahead in the game.

Nishad Herath has been playing reverse engineering for the better part of the last two decades. So much so that he is utterly and completely addicted to his passionate obsession. Over the years, he has been waltzing around in security, DRM and general reverse engineering circles mostly. In his adventures, he has worked closely with ISVs, private sector enterprise as well as government and law enforcement agencies.

These days, Nishad spends most of his time doing research on interesting areas of technology while assisting his clients in (hopefully) making the world a better place. When he is not doing that, he can be seen chipping away at his Tai Chi Chuan gongfu or entertaining his two little troublemakers as they get into all kinds of mischief.


RFIDIOts!!

Adam Laurie @ RFIDIOT dot ORG


This talk will present a roundup of attacks against RFID door entry systems, passports, human implants etc., including demonstrations and details of methods and tools used.

Adam Laurie is a freelance security consultant working the in the field of electronic communications. He started in the computer industry in the late Seventies, working as a computer programmer on PDP-8 and other mini computers, and then on various Unix, Dos and CP/M based micro computers as they emerged in the Eighties.

He quickly became interested in the underlying network and data protocols, and moved his attention to those areas and away from programming, starting a data conversion company which rapidly grew to become Europe's largest specialist in that field (A.L. downloading Services). During this period, he successfully disproved the industry lie that music CDs could not be read by computers, and, with help from his brother Ben, wrote the world's first CD ripper, 'CDGRAB'. At this point, he and Ben became interested in the newly emerging concept of 'The Internet', and were involved in various early open source projects, the most well known of which is probably their own ”Apache-SSL” which went on to become the de-facto standard secure web server.

Since the late Nineties they have focused their attention on security, and have been the authors of various papers exposing flaws in Internet services and/or software, as well as pioneering the concept of re-using military data centres (housed in underground nuclear bunkers) as secure hosting facilities.

Adam has been a senior member of staff at DEFCON since 1997, and also acted as a member of staff during the early years of the Black Hat Briefings, and is a member of the Bluetooth SIG Security Experts Group and speaks regularly on the international conference circuit on matters concerning Bluetooth security.

He has also given presentations on forensics, magnetic stripe technology, InfraRed and RFID. He is the author and maintainer of the open source python RFID exploration library 'RFIDIOt', which can be found at http://rfidiot.org.


Technical Introduction to the Ecosystem and Motivation of Modern eCrime

Peter Kruse @ CSIS


The presentation will be focusing on eCrime and Anti-phishing. You will be introduced to the latest tricks of the trade. Peter will also demonstrate how certain groups operate and how their tools are used to compromise home banking systems.

The talk will also cover drive-by attacks, exploits in Office documents and other file formats used to launch malcode. The malcode will often invite the infected system to join a Command and Control server and dropping collected data to a blinddrop.

This presentation will show exactly how eCrime works by looking at the tools used by the IT-criminals behind the attacks. The talk will also explain the ecosystem of the eCrime industry.

Peter Kruse is leading the CSIS Research & Intelligence unit who is specialized in crimeware, forensics, dropdata recovery and other anti eCrime related services.

He has previously worked with telco Telia-Sonera and antivirus vendor Norman before forming the IT-company CSIS Security Group in 2004. The company has become a market leader in Scandinavia providing eCrime and other security services to a broad range of some of the largest companies in the Nordics.


Iceberg Incorporated - A Peek Under the Surface of the Criminal Enterprise

Juhani Eronen, Jani Kenttälä and Lari Huttunen


This presentation is about criminal enterprise which already has taken over more of the online world that we would care to think, and a simple practical method on how we could tackle the problem. Currently, most efforts to thwart the criminals are limited to notice and takedown. We are fighting fires, reacting to the badness as we see it, when we should strive to get ahead in the game!

We want to reveal the iceberg through effective collaboration between software, people and organisations. Data is systematically gathered and correlated to a collaborative environment. This reduces overlapping work and enables analysis to be built up incrementally by various actors. Attributing the criminals based on contributed analysis is our last, best hope for retribution.

Juhani Eronen is an Information Security Analyst at CERT-FI, where his responsibilities include vulnerability co-ordination, automation of the handling of security incidents and information assurance. Formerly, he worked for OUSPG researching protocol vulnerabilities and dependencies of the critical information infrastructure, among other things. He is a postgraduate student at the Oulu University Secure Programming Group, OUSPG.

Jani Kenttälä is a CTO at Clarified Networks. A lot of Clarified's technical innovations are the love children of Jani Kenttälä. Jani is continually developing methods for managing the overwhelming complexity of modern networks. Jani's M. Sc. thesis on network-clarifying methods done in OUSPG's Frontier research project was awarded with numerous national awards and received the highest possible grade, Laudatur. A year ago, Jani discovered that these methods are now being used for black box malware analysis. That motivated him to study a little but further how he might be able to help malware analysts in their work.

Lari Huttunen holds an MA in Linguistics and Computer Science from the University of Helsinki. Prior to working for Codenomicon he was employed by the University of Helsinki, The Finnish Security Police SUPO and NBI Finland. While working for the police, he was active in different international efforts. For example, he has participated in the Interpol Working Party IWPITC-E and the International Botnet Task Force. He is a postgraduate student at the Oulu University Secure Programming Group, OUSPG.


Sockstress - The Saga Continues...

Jack C. Louis, Robert Lee @ Outpost24 AB


This talk will divulge new technical details about Outpost24s (Jack C. Louis) research into TCP state table manipulation vulnerabilities that affect availability.

Specifically this talk will showcase new attacks that will render a remote system unavailable using a very low bandwidth attack stream. Attacks against Windows, BSD, Linux, and embedded systems TCP/IP stack implementations will be discussed and demonstrated.

In-line devices that keep track of state for multiple systems (read firewalls) tend to feel the effects of the attack even more quickly.

Jack C. Louis is the VP of Research and Development for Outpost24. He has a background in core networking technologies, systems programming, and electronics. Jack is the creator of unicornscan -- a distributed port scanner, cruiser-- a web application fault injection framework and several other security testing tools. Jack has also been credited for discovering interesting vulnerabilities in widely installed applications.

Robert E. Lee is the Chief Security Officer for Outpost24, a leading provider of proactive network security solutions including fully automated network vulnerability scanning and vulnerability management tools. Outpost24s OUTSCAN is the most widely deployed On-Demand security solution in Europe, performing scans for over 1000 customers last year.


Investigating Mobile Phones for Malware and Spying Tools

Jarno Niemelä @ F-Secure


This presentation continues on the topic of mobile spying tools and malware that was given in T2 2007.

Mobile malware and spying tools are not yet nearly as serious threat to companies and home users as PC malware is. But they pose unique problem as very few people have experience on how to investigate a device that is suspected to be infected malware or spying tool.

This the talk focuses on practical details of how to investigate mobile devices, and how to locate and identify any unauthorized software running in the device. The talk contains several hands on demos on how to investigate various phones with tools that are freely available over the internet.

Jarno Niemelä joined F-Secure Corporation in year 2000 and currently serves as a Senior Anti-Virus researcher in the same position. He has followed the mobile malware and security field for over eight years and has seen the development of the threats from the first Palm OS trojan to current Symbian malware.


Encrypting the Internet - a Modest Proposal

TiAMO and olleB


On July 11th slashdot ran an article titled "The Pirate Bay's Plans To Encrypt the 'Net". Hear about the events that lead TiAMO to start the project, the rationale for bringing yet another network encryption protocol into the world and the gory technical details of the proposal that caused much debate on the Internets. Then join us in a discussion about privacy, government Internet surveillance and what we can and/or should do to prevent the regulation and corporatisation of the 'Net.

TiAMO is co -owner, -operator and -founder of thepiratebay.org and runs the ISP PRQ notorious for its history of protecting its customers websites from attempts at silencing politically controversial or otherwise uncomfortable material. He frequently shares his views on freedom of speech and copyright reform both on the TPB blog and in interviews.

olleB is a boring security consultant by day and shadowy figure associated with the Toolcrypt Group by night. He enjoys poking about where he doesn't belong and generally being a nuisance to anyone within earshot. Like all swedes he drinks cheap vodka till he falls asleep in places where sleeping is strictly forbidden.


Solving the T2'08 Challenge

Nishad Herath @ Novologica


Abstract will be published after the challenge has been solved - stay tuned :)

Nishad Herath has been playing reverse engineering for the better part of the last two decades. So much so that he is utterly and completely addicted to his passionate obsession. Over the years, he has been waltzing around in security, DRM and general reverse engineering circles mostly. In his adventures, he has worked closely with ISVs, private sector enterprise as well as government and law enforcement agencies.

These days, Nishad spends most of his time doing research on interesting areas of technology while assisting his clients in (hopefully) making the world a better place. When he is not doing that, he can be seen chipping away at his Tai Chi Chuan gongfu or entertaining his two little troublemakers as they get into all kinds of mischief.