Presentations, Workshops & Events at Kiwicon 2k7

The following speakers graced us with their presence at Kiwicon 2k7:

Beside the speakers name you may find their presentation, please keep in mind speakers are not required to post their presentations online and given the content of some of the slides have chosen to not share them here.

The material is by hackers for hackers so is possibly not safe for work.

You have been warned.

[Keynote]
[Presentations]
[Workshops]
[Lightning Talks]
[Keynote] - top
Title: Bugs in the Wetware: The Psychology of Computer Insecurity
Presenter: Peter Gutmann
Origin: Auckland, New Zealand
Synopsis: It's been common wisdom for some time that the average user has a rather poor grasp of computer security issues. No matter how much effort the computer community expends in trying to educate people, they'll still click on attachments, hand over personal details at phishing sites, and in general engage in behaviour while online that they'd never dream of in the real world.
While the standard response is to blame the user, the real culprit is the way the human mind works. Millennia of evolutionary conditioning and the environment in which computer users operate cause them to act, and react, in predictable ways to given stimuli and situations. This talk looks at the (often surprising) ways in which the human mind deals with computer security issues, and why apparent bugs in the wetware are something that not only can't be patched but are often critical to our functioning as humans.
Bio: Peter Gutmann is a researcher in the Department of Computer Science at the University of Auckland, New Zealand, working on the design and analysis of cryptographic security architectures. He helped write the popular PGP encryption package, has authored a number of papers and RFC's on security and encryption including the X.509 Style Guide for certificates, and is the author of "Cryptographic Security Architecture: Design and Verification" (published by Springer-Verlag) and the open source cryptlib security toolkit. In his spare time he pokes holes in whatever security systems and mechanisms catch his attention and grumbles about PKIs and the (un-)usability of security applications.
[Presentations] - top

Presentations will be lecture-theatre style events ranging between 45-60mins in duration.

Title: Here Be Dragons: Hacking Non-IP Networks
Presenter: hntr
Origin: Auckland, New Zealand
Files: [Presentation]
Synopsis: Everyone accepts the pervasive nature of the internet, and by extension, IP networks. Much work has been done on securing and hacking such networks and, while there are plenty of misunderstood issues in this field, many of the problems are well-known.
There are networks, however, which we utilise every day which are not IP. Most people are unaware of the existence of some of these networks and the technology which drives them, let alone the security problems inherent in their usage.
This talk will examine three seemingly disparate, yet related technologies from the point of their use in an IP age. We will examine x.25, SCADA, and SAN technologies and possible attacks against them. New days bring new technology and new attacks, yet we continue to use networks that have been around since before the age of the internet and they're prone to the same security vulnerabilities that they always were, and some new ones...
Bio: hntr has a degree in philosophy and has spent much time in basements lit solely by the glow of big kit. Prior to his present incarnation as corporate security guy, he's done the cluster computing thing, the government infrastructure thing, the small linux security company thing and the start-up in Japan thing. Presently working at Security-Assessment.com he finds thrills in busting big, expensive kit, pondering maliciousness with anonymous networks and finding new ways of getting into trouble.
 
Title: Busting your IDS / IPS
Presenter: Flagg
Origin: Sydney, Australia
Files: [Presentation]
Synopsis: When you consider the system as a whole, there are plenty of ways to bust an IDS / IPS. From the wire to the incident response team we will work through various limitations and examples of potential mischief.
Bio: Flagg is a Technical Security Consultant at Security-Assessment.com, specialising in Penetration Testing and Whiskey.
 
Title: Old School Is Good School: Busting Carrier Ethernet Networks
Presenter: Metlstorm
Origin: Auckland, New Zealand
Synopsis: Ethernet is ubiquitous, the winner of the Layer 2 techonolgy race. And everyone knows it's not designed for security; you get l2 access, you win. And yet, what's that in the wall of your server room? An ethernet connection from your telco - your internet connection, your WAN, your remote access cloud... delivered over ethernet. But don't worry your pretty little head, it's TELCO GRADE ethernet. It's TOOOOTALLY different. The sales rep told you the P in VPN stood for private, remember?
Metro ethernet carrier networks are the transit over which many of our most critical systems run. This presentation will cover the layer two attack techniques, with particular focus on how well they work in modern carrier metro-ethernet access networks. In New Zealand.
Bio: Metlstorm is a bogan unix-hippy hacker from Auckland. Raised in the brutal AKBBS scene in the early 90s, Metl has levelled up through ISP engineering, linux systems integration and corporate-sellout security consultancy. Presently he builds weaponized hacking tools for a US firm, drinks beer, and throws up the horns at the slightest provocation.
Armed with his unix beard and python interpreter, Metl has presented at Blackhat, Defcon and Ruxcon, where one of his presentations was derided as 'theatrical', and in the other he was punched out by an audience member after calling his sexuality into question.
 
Title: Bugs == Leverage
Presenter: Bogan
Origin: Wellington, New Zealand
Files: [Presentation]
Synopsis: Your employer wants you to a deliver a whiz-bang solution for their latest business requirement, being a diligent security practitioner you analyse all the viable options on the market. After finding a number of vulnerabilities in the majority of the products, you choose the one that best fits your needs and find that those bugs can be utilised to get you a tidy discount....
Bio: With a penchant for black t-shirts, jeans and the lyrical styling of Pantera, bogan has been touching computers ever since he can remember
 
Title: Cracking A Fat: Breaking Thick Client Software
Presenter: Nick "Handles are for Wimps" von Dadelszen
Origin: Wellington, New Zealand
Files: [Presentation]
Synopsis: With so much discussion about AJAX and the dangers of client-side logic, many people tend to forget that standard thick client application form the cornerstone of many businesses. Once you get inside an organsiation, thick client applications are everywhere, and are not going away any time soon. This talk will discuss approaches to attacking these types of applications, with a focus on C# and Java. It will start with simpler circumvention techniques, and move through more complicated scenarios to demonstrate common attack methods. The aim of the attacks is not to own the client, since it is assumed you already have full control of this, but to utilise flaws in the client-server architecture to get to the important server-side data underneath.
Bio: Nick "thinks like a criminal" von Dadelszen is Wellington's answer to Kevin Mitnick, prowling the digital badlands, a vagabond, a renegade. Armed with his kungfu hacking technique, Nick brutally violates the plumpest of fat clients without mercy. Despite being a badass, he masquerades as a corporate security consultant, wooing banks and governments with his brylcreem smooth patter. Watch out boys, he might woo you too.
 
Title: CrackStation
Presenter: Tmasky
Origin: Wellington, New Zealand
Synopsis: tmasky will be discussing a new cryptographic algorithm implementation to gain substantial speed increases. The talk will be focused on using the Playstation 3's Cell Broadband Engine under Linux, so you can convince your employer to buy a PS3 for you too =)
Bio: tmasky is a gamer who badly stumbled into linux and security many years ago. He's broken a fair amount of stuff and loathes proprietary tech.
 
Title: Information Warfare and new perspectives for smaller nations
Presenter: Joshua
Origin: Wellington, New Zealand
Synopsis: Information is everywhere: newspaper, television, radio, Internet... If you own the information you can own the world. This talk will introduce basic concepts of Asymmetric Warfare (Law/Economic/Network warfare) but with more focus on Information Warfare. With the help of one real example (the Lebanese-Israel war) we will show how a small nation can win the information war over a more powerful country. The Internet will be our battefield and Blackat SEO (Search Engine Optimization) tricks also will be explained in order to manipulate what is perceived and interpreted by others (including mainstream media).
Bio: Joshua is a Belgian 007 living in New Zealand who has already infiltrated the biggest kiwi IT company and the kiwicon organization. Known under different handles, his current mission is to know the secret of Macs Gold which is the only last good beer that Belgium don't own. With the help of information warfare strategies he hopes corrupting at least one kiwi to obtain the san grail.
 
Title: A Bag Full of 0day
Presenter: Brett Moore
Origin: Auckland, New Zealand
Synopsis: Well, it'd hardly be 0day if we told you, would it?
Bio: World famous in New Zealand for his 'scanning entire .nz net range' stunt back in 2001, Brett has now become the security pin up boy for windows security researchers in New Zealand. He has presented at various conferences including Blackhat, Defcon, Ruxcon, and the invitation only Bluehat. Brett now heads up New Zealand's newest security startup, Insomnia Security specialising in vulnerability research and advanced exploitation techniques.
 
Title: Your Kiosk, My Kiosk
Presenter: Delf
Origin: Auckland, New Zealand
Synopsis: Internet Kiosks. We have all seen them in Airports, Lobbies and Army/Navy recruiting stations. Computers designed to run a browser inside a 'protected shell'. Often plugged directly into a company LAN. Just machines running Windows XP...
The only thing stopping 'Casual Hacker Paul' from compromising your box and getting access to the LAN is the Kiosk software. A $50-$100 "Shareware" product, who's owning company outsourced all development to Mumbai, India.
This presentation will focus on new methods of Internet Kiosk exploitation. Additionally architecture and design flaws in the "Software Internet Kiosk" product as a whole.
... and various 0-day in different kiosk applications, just for good measure.
Bio: Delf is a hacker from Auckland who was raised on the mean streets of Papakura, South Auckland. Delf currently works at Security-Assessment.com as an application penetration tester. It is strongly recommended to buy Delf a beer if you wish to hear more.
 
Title: How Secret Is SECRET?
Presenter: Narcosis
Origin: Wellington, New Zealand
Synopsis: Obviously there is a lot that cannot be talked about when it comes to the Government Communications Security Bureau (GCSB), and the GCSB is not one of those organisations that you readily associate with presenting at public conferences.
However where possible this talk will cover what GCSB and the Centre for Critical Infrastructure Protection (CCIP) do, what their remit and functions are and some of their current initiatives. This talk will also inform you why information becomes classified and what the criteria is for classifying information at each of the various levels: CONFIDENTIAL, SECRET and TOP SECRET.
Bio: Very little is known about this individual, he is known to sift around the fringes of con's all over the place, however his bio is classified and locked away in a dark safe somewhere, forever lost...That is unless someone can attempt to prise details out of him with beer.
 
Title: Scanberry: Advanced Attacks via a Trojaned Blackberry
Presenter: Graeme Neilson
Origin: Wellington, New Zealand
Files: [Presentation]
Synopsis: Building on the Blackjacking tools presented at DefCon, Graeme will present some advanced tools for attacking internal networks via Blackberrys. For example how to use TicTacTrojan on a Blackberry to port scan an internal network from the comfort of your external host.
Bio: A Scotsman living in NZ Graeme has spent his life drinking whisky, wearing skirts and eating animal intestines. He is a Security Consultant at Aura Software Security.
 
Title: Out of the Loop: Plausible Deniablity in the Age of Mandatory Key Disclosure
Presenter: cartel
Origin: Unknown
Files: [Presentation]
Synopsis: As law enforcement agencies worldwide are gaining new powers to force disclosure of encryption keys, plausable deniability becomes more difficult for J.Random Hacker to maintain. The Cartel investigates this disturbing trend and demonstrates the use of layered containers and virtual machines as a means to maintain compliance with the law while avoiding self incrimination.
Bio: The Cartel has been breaking and rebuilding things since gaining self awareness in 1985. While not maintaining his alter ego as a partially functional member of society, the Cartel enjoys mind expansion through information acquisition, writing Python code, and tying knots.
 
Title: Hypervisor Malware (The Flying Spaghetti Hypervisor)
Presenter: thoth
Origin: Australia
Files: [Presentation]
Synopsis: Blue Pill and Vitriol have been the focus of alarmist media with claims of 100% undetectability (which is one reason why they're so damn cool) and other such hype. My talk will be on my own 'hyperjacking' rootkit (the Flying Spaghetti Hypervisor) designed for the Linux kernel. I will focus on the internals of these types of rootkits, how to protect against them and how easy it is to write a very basic malicious hypervisor due to the new virtualisation extensions from Intel and AMD, with the focus on Intel's VMX.
Bio: Thoth enjoys poking holes in other peoples software. Thoth also finds it strange talking about himself in 3rd person.
 
Title: Better than the regular script kiddie: w3af
Presenter: Mark Keegan
Origin: Wellington, New Zealand
Synopsis: The w3af framework project is the up-and-coming MetaSploit of Web application security. It's flexible design allows new attack vectors to be easily written and includes many features which are only available in the grossly expensive commercial tools. Mark's presentation will discuss why we need webapp scanners and demo the w3af framework and how to automate the Discovery, Audit and Attack of web applications.
Bio: Mark used to build software but found he was better at destroying it. He now spends is work life looking good in a suit for Aura Software Security, and specialises in web application security testing.
 
Title: What Pwned All Datas?
Presenter: Oddy
Origin: New Zealand
Files: [Presentation]
Synopsis: Web Proxy Auto Discovery is an interestingly still-active-after-all-these-years design misfeature courtesy of Microsoft. It is of particular relevance to those of us who 'live' anywhere except the .com domain, as Microsoft fixed it for .com a long time ago, but due to it's DNS-(ab)using nature it is still a problem for everyone else. This talk will explain the mechanism and it's ramifications in some detail, and collect and present statistics of interest. Oddy will also be explaining all the ways in which networks can be configured in order to make wpad leakage a non-problem.
Bio: Oddy has recently emerged from a number of years deep within the bowels of embedded platform hackery (REAL embedded platforms, not winCE). While slowly recovering from the brutal insanity that is embedded assemblers and toolsets, he is dragging his web/x86/etc knowledge kicking and screaming into the naughties, and has become a rabid Python fanboy in the process.
Oddy likes packets, messing with protocols, making stuff talk to stuff it's not meant to, and registering "interesting" domain names.
[Workshops] - top

Workshops will be hands-on classroom-style practical sessions, with a duration of up to 2 hours. Please bring your own equipment (laptops, network & power cables).

Title: Wifi Insecurity: A busting WEP/WPA workshop
Presenter: Detonate
Origin: Auckland, New Zealand
Synopsis: A hands on (bring your own laptop) workshop showing you how to sniff, snarf, inject, crack and bruteforce your way onto a wireless network. You should bring a laptop with a PCMCIA slot or internal wireless device, ideally running a Linux already configured for wireless-badness. If you have a Windows machine, you might like to try a live-cd Linux that you can run without installing; the security-oriented Backtrack CD is a good choice, download it from www.remote-exploit.org. There will be a limited supply of good wireless cards and LiveCDs provided for you to borrow, should you not have kit of your own. If you're already an accomplished wireless hacker, bring along your toys, packet captures and war-driving pics, swap stories and chat about the latest neat techniques.
Bio: Detonate (aka detopeach) is an ex-Wireless ISP network monkey. When not breaking into wireless networks, Det enjoys relaxing walks on the beach, poker, and hanging out with his bestest buddy tkn.
 
Title: The Ten Cent Laptop: Using a Coin to Defeat Laptop Locks
Presenter: Atom Smasher
Origin: New Zealand
Synopsis: We've all seen how to defeat a keyed laptop lock with a roll of toilet paper. In response, many have "upgraded" to combination locks to keep our laptops physically secure. Bad news... I'll show you how to defeat the combination locks with a coin, without damaging the laptop or the lock, in way less than a minute. For no extra charge, I'll also explain why this is a *MUCH* bigger security risk than it seems at first. Please bring a combination laptop lock, if you have one.
Bio: After being unsuccessfully sued in US Federal Court for *alleged* trademark infringement and presenting at HOPE 5 (NYC) and phreaknic-8 (TN, US), Atom has successfully escaped from a once great republic and landed in NZ, where he is currently employed doing honest work for corporate types. Atom has been published in 2600 and LinuxSecurity.com.
[Lightning Talks] - top

Lightning talks are quickfire, 10-15 minute presentations for small topics and tool releases.

Title: SSH-Jack Redux: And Jack0rs For All...
Presenter: Metlstorm
Origin: Auckland, New Zealand
Files: [Presentation] [SSH-Jack]
Synopsis: Two years ago, Metlstorm presented his runtime SSH hijacker at Defcon; "it's a feature!" he cried. Well, with the release of OpenSSH4, this is finally true. Metl reflects briefly on the feature turned security flaw turned feature, it's utility and future. If you use SSH to secure your networks (which you should) then it pays to be familiar with it's nooks and crannies, huh?
Bio: Metlstorm is a bogan unix-hippy hacker from Auckland. Raised in the brutal AKBBS scene in the early 90s, Metl has levelled up through ISP engineering, linux systems integration and corporate-sellout security consultancy. Presently he builds weaponized hacking tools for a US firm, drinks beer, and throws up the horns at the slightest provocation.
Armed with his unix beard and python interpreter, Metl has presented at Blackhat, Defcon and Ruxcon, where one of his presentations was derided as 'theatrical', and in the other he was punched out by an audience member after calling his sexuality into question.
 
Title: The Success of a Mistake: Kiwicon2k7
Presenter: Dumb (Pipes) and Dumber (Bogan)
Origin: Wellington, New Zealand
Synopsis: The primary organisers of Kiwicon 2k7 reflect on their hangover throbbing heads, their empty wallets, and their newly engorged confidential files at intelligence agencies around the world. Whatever could have led to such madness? From the horse's mouth, they lay down their atrocious breath.
Bio: Pipes and Bogan put the fire under the coal that set the choo-choo train that is Kiwicon off down the tracks towards the inevitable train wreck. If only the con was as good as their extended metaphors.
 
Title: Dark Elevator Tool Release
Presenter: Sham
Origin: Zurich, Switzerland
Synopsis: This will be the official release and demo of an automated Windows privesc bug finder and exploiter, which has been one of sham's labours of love since a fateful night on Waiheke island with a bottle of Merlot. The tool uses multiple methods for finding and exploiting permission issues and other lesser known privesc vulnerabilities. Great for pwning your local citrix deployment, kiosk or other "secure" windows boxen.
Bio: Sham has been hacking his way around corporate New Zealand for the past decade but has recently left .nz to take up a job working for a small, relatively unknown search engine company. Sham is known for drunken pseudo philosophical rants, anti-forensic technique, rootkits, VoIP hacking, incident wrangling, and general Windows mayhem. Sham is OS, language, editor and alcohol agnostic but gravitates towards FreeBSD, python, vim and beer.
 
Title: Advances in anti-forensic: in-memory distributed hidden storage
Presenter: Joshua
Origin: Wellington, New Zealand
Synopsis: During this short talk we will present a new way to hide a file in-memory under Unix (nothing is written on disk). With the help of a proof-of-concept (DHIS - Distributed Hidden Storage) we will show that once hidden it's almost impossible to reconstitute the whole file for a forensic expert. We will also show how to prevent such technique.
Bio: Joshua is a Belgian 007 living in New Zealand who has already infiltrated the biggest kiwi IT company and the kiwicon organization. Known under different handles, his current mission is to know the secret of Macs Gold which is the only last good beer that Belgium don't own. With the help of information warfare strategies he hopes corrupting at least one kiwi to obtain the san grail.
 
Title: One Fat Fuck vs Foucault: Game theoretic approaches to gaming social networks
Presenter: alhazred
Origin: Christchurch, New Zealand
Files: [Presentation]
Synopsis: Have you always dreamed of becoming the most popular (or hated) boy in the global village? With only the barest minimum of code, a modicum of balls, and a tiny sliver of good luck you too can become notorious on your choice of social network. Measures, countermeasures and workarounds.
Bio: Hailing from the primordial forests of Little River in New Zealand's lesser known South Island, alhazred felt the lure of Auckland's bright lights and running water. Swiftly climbing the corporate ladder thanks to his work as an embedded software developer, he now has the time, motivation and money to pursue his dreams in Next Generation Trolling.
 
Title: Attacking the Frameworks: Crumbling Centralised Wireless Management
Presenter: Neal "y011" Wise
Origin: Melbourne, Australia
Synopsis: Managing large wireless solutions using centralised provisioning / management / monitoring / access strategies *seems* like a good idea. So what happens to your wireless network when when your structured design and management goes boom? Live 802.11-y tinkering and stuff. Expect demonstrations to go wrong/right with audience participation (hi metl)
Bio: Neal is an ex-pat who's made Australia home. In the way distant past he earned an arts degree but forewent further lit studies in favour of night shift VMS operations (on VAX in that era). It went on from there. He's been SYSTEM, root, SUPERVISOR, a bit of QSECOFR and, reluctantly, administrator. Neal is co-founder of Assurance.com.au and of spy.net ( \m/` hail `\m/ - year 13!)