Presentations & Events at Kiwicon 2k8

Once again, Kiwicon delivers world class security content, showcasing local talent and research.

[Contents] - top

Presentations

Events

[Keynote] - top
Title: You've Got Nothing: Freedom, Privacy and Hacktivism in the Age of Confusion
Presenter: Cartel [Schedule]
Origin: Auckland, New Zealand
Synopsis: The recent worldwide moves towardsincreased data mining and surveillance of otherwise innocent citizens is justified purely on the promise of preserving liberty and safety but, when viewed through the lens of history, are the chilling portents on the road to totalitarianism. There's no doubting this isnt the world we were sold by Beyond 2000.
In this talk the Cartel examines recent laws and proclamations and compares them to historically similar events and why it could be only the hackers that save our children from living in constant fear.
Bio: Cartel as he is today emerged as the end result of 13 years of time wasted on productised education and 5 years in corpwhore hell. The engrams didn't take and now he wants revenge. Cartel is the director of Thoughtcrime, an Auckland based non-profit dedicated to the proliferation of encryption technology that is just about to emerge from stealth mode.
 
[Presentations] - top
Title: Straight To Video: Bugging The Boardroom
Presenter: Oddy and Eon [Schedule]
Origin: The Tubes
Synopsis: Eon and Oddy present an informative hour of voyeuristic fun and fear, we discuss the rise of telepresence systems and the implications of the recent jump on the IP bandwagon. We show how all pretense at security has been relentlessly sacrificed to the gods of 'Interoperability' and 'Make It Go', exposing the soft chewy centre of the corporate WAN. Stack overflows, firewall bypass, and corporate board room evesdropping are but a small selection of the delights that await you in this all singing all dancing, carnival of corporate carnage.
Bio: Oddy erupted into the industry las year by way of ruining thanksgiving for Microsoft with his million-computer-owning WPAD brutalization technique. Since beginning hacking things for money he has busted international 0day, spied on important looking dudes, and stolen the fat ca$h, all in his first month.
Eon is a good corporate netizen and has always been. Presently making the fat cash as a constultant for NZ's largest security company, he still finds time to help old ladies out of trees and kittens across roads. Allegations of extortion and baby-eating are at best half truths.
 
Title: Attacking the Vista Heap
Presenter: Ben Hawkes [Schedule]
Origin: Wellington, New Zealand
Synopsis: This presentation explores the cutting edge of heap exploitation theory and practice on Windows Vista. The focus is on finding previously unknown attack vectors resulting from memory corruption on the heap. These include techniques for controlling execution flow by attacking only the heap implementation and not the application itself, and techniques for attacking the application in conjunction with the heap. Additionally, several design changes to further improve the security of the Vista heap will be suggested.
The heap is the userland component in charge of dynamic memory management. It is present and used to some extent in every Windows Vista process. Memory corruption on the heap (heap overflow) is common, seen in nearly every application and making up a large portion of reported vulnerabilities. With Windows Vista, Microsoft introduced several security features to the heap, effectively hardening it from classic heap overflow exploit techniques.
Bio: (Editor's note: At this stage Hawkes has not been sober long enough to provide a bio, however it is common knowledge here in New Zealand that his main non-technical hobby is dressing up as the Pink Panther)
 
Title: Why Biometrics is not a Panacea: A Comedy of Errors in Three Parts
Presenter: Peter Gutmann [Schedule]
Origin: Auckland, New Zealand
Synopsis: Before 9/11, biometrics were mostly a curiosity, employed for additional security in a few special-case access control situations alongside other, more traditional mechanisms. The biometrics market was small, and unlikely to grow much due to the small size of the rather limited niche in which biometrics were appropriate.
Then came 9/11, and every biometrics vendor packed their fingerprint readers and face-recognition scanners into the nearest carpet-bag and headed for Washington. This talk provides some technical background about the effectiveness of the technology that you'll never find in any vendor sales literature, and documents its less-than-stellar track record in the field. The RFID technology that it's frequently paired with (originally intended mostly for inventory tracking) also has numerous problems, and in particular its use in passports greatly decreases their security compared to the original non-RFID forms. These technologies have their uses, but probably not in the way that they're being pushed at the moment.
Bio: Peter Gutmann is a researcher in the Department of Computer Science at the University of Auckland, New Zealand, working on the design and analysis of cryptographic security architectures. He helped write the popular PGP encryption package, has authored a number of papers and RFC's on security and encryption including the X.509 Style Guide for certificates, and is the author of "Cryptographic Security Architecture: Design and Verification" (published by Springer-Verlag) and the open source cryptlib security toolkit. In his spare time he pokes holes in whatever security systems and mechanisms catch his attention and grumbles about PKIs and the (un-)usability of security applications.
 
Title: Storm in a teacup
Presenter: Narcosis [Schedule]
Origin: Wellington, New Zealand
Synopsis: In March this year New Zealand participated in the largest global cyber security exercise to date. You may have seen or heard about this in the media. This talk will cover what actually happened, how was it run, what was learnt, the scenarios that were played and where to next.
Bio: Very little is known about this individual apart from his handle. He is known to sift around the fringes of cons all over the place, however the rest of his bio is classified and locked away in a dark safe somewhere, forever lost... That is unless someone can attempt to prise details out of him with beer (Tequila does not work as was discovered last Kiwicon).
 
Title: Mapping Drive-by-Downloads with Client Honeypots
Presenter: PK (and CS, DS, VD, RS, IW) [Schedule]
Origin: Wellington, New Zealand
Synopsis: VUW, School of Mathematics Statistics and Computer Science has developed some open course technologies for detecting drive-by-downloads. These are Capture-HPC and the Microsoft XP behavioural analysis tool Capture-BAT, hosted on the Honeynet Alliance https://projects.honeynet.org/capture-hpc and honeyc a low interaction client honeypot system https://projects.honeynet.org/honeyc/. We are developing these tools further and have used these tools for over a year to detect malicious web content delivered as drive-by-downloads and are performing a number of studies which will be outlined.
Bio: PK and IW are senior lecturers at VUW in the DSRG, CS, DS, VD are P/G students and RS was a research assistant.
 
Title: Walking Through Walls Ninja Style - The Art of Non-Destructive Entry
Presenter: Philip Whitmore & Sander Reerink [Schedule]
Origin: New Zealand, Netherlands
Synopsis: Faced with the increasing challenge presented by modern locks and physical access control mechanisms, how do you get into that room you REALLY need access to? Simple; you just walk through the wall ninja style. Philip and Sander will provide a practical insight into the ease in which traditional locks and access control mechanisms can be bypassed. Their real-world look at physical security will explore a variety of topics from opening safes and decoding punch-code combination locks, to bump keys and cloning RFID access cards.
Bio: Despite usually being seen in suits, Philip and Sander are every day normal people, and work within PricewaterhouseCoopers' Security & Technology team. What started out of the need to get through the front doors of their houses after drinking too much and loosing their keys, now sees them assessing the physical security of organisations through testing the security for real. Ever wanted to break into a bank and not get caught?
 
Title: Phree as in Phonecall
Presenter: KRuSHeR [Schedule]
Origin: Auckland, New Zealand
Synopsis: This talk is the culmination of many years of whispering sweet nothings to phones and as such will focus on the interesting things which can be found on the remote end of phone lines (PaBX's, Voice Mail Systems, IVR's).
There will be a discussion of the latest techniques and tools and we will cover examples of what to look for when auditing and hacking phone systems. We'll delve into what can be found hidden in phat corporate number blocks, and touch on topics such as remote evesdropping and pin security. There will be demonstration of what can be gained by harnessing the awesome power of VoIP.
Bio: KRuSHeR is a callous-thumbed phreak from the darkest depths of Antichristchurch, moved to the big city, and armed with the proverbial Real Haircut and Real Job. J-K Rusher has worked for a wide variety of companies in security and telecommunications roles including a stint in Japan which has left him with brutal cravings for karaoke and robots. He is also involved in a research project into predictable PINs (http://pinpop.com) with fellow kiwi security researcher Andrew Horton.
 
Title: Hacking Citrix In 2008
Presenter: Brett Moore [Schedule]
Origin: Auckland, New Zealand
Synopsis: Citrix. The point and click GUI thing that is often seen but not heard. Often used as an alternative to RDP as it offers flexible and secure configuration options. Typically though a deployment is extremely weak and a compromise is guaranteed. This talk will cover off some standard deployment scenarios, explain a bunch of citrixy stuff, and provide information and tricks that can be very useful when wanting to use one of these to take over
the world.
Bio: Brett Moore has been evading arrest for the last 10 years through the use of a cunning concealment plan that involves using corporate security firms as a front for his nefarious plans to take over the world. Currently he heads up Insomnia Security where he spends most of his time writing tools, papers, advisories and increasing the number of cockroaches on the Internet.
 
Title: Black SEO Exposed
Presenter: Roberto Suggi Liverani [Schedule]
Origin: Auckland, New Zealand
Synopsis: Black Search Engine Optimisation (SEO), often referred as negative SEO, is a term that covers sabotage techniques aiming to reduce a web site's ranking in search engine results. Black SEO techniques are typically used in business and socio-political contexts, such as information warfare.
The presentation will focus on the use of these techniques to discredit a web site by making it vanish from the major search engine result pages. The discussion will also cover how to exploit common web application vulnerabilities such as Cross Site Scripting, SQL injection and other popular exploitation methods to leverage black SEO attacks. Examples will be included to demonstrate each method of exploitation, and how the vulnerabilities can be used to impact revenues and the reputation of business and political targets.
Black SEO attacks represent a unique class of threats and from a security perspective, any threat which can incur a potential loss should be considered a risk. So far, some of these techniques have only existed as a discussion topic in the SEO industry. Consequently, the intent of my presentation is to bring this complex topic to light to the security community.
Bio: Roberto Suggi Liverani is an Italian living in the beautiful Aotearoa. With his Valentino Rossi replica bike, he enjoys speeding through the kiwi countryside. At work, he loves breaking any type of web application. He is the founder of the OWASP NZ chapter and works for Security-Assessment.com. While in Italy, he got a political science degree and he has been involved in web development/design and SEO. As exchange of favor, he also took care of some "particular" SEO campaigns against^W for certain companies.
 
Title: Mobile Phone Network Security
Presenter: Jacob Winther [Schedule]
Origin: Auckland, New Zealand
Synopsis: Ever wonder whats stops your friends listening to your mobile phone calls, or why you can't clone your partner's SIM card anymore? This presentation will show how the key security mechanisms in mobile networks work. We'll look at SIM cards, authentication, encryption, differences between 2G and 3G, and finally some current attacks.
Bio: Jacob is trying to find the hardest way to make an easy living, but is never quite sure who he works for. As long as there is some snow and a G in the tech, he seems to be happy.
 
Title: Bluetrax
Presenter: Karl 'OR 1=1' Chaffey aka Splitter [Schedule]
Origin: Auckland, New Zealand
Synopsis: We still like to believe in an archaic concept called privacy, however in recent times this has become somewhat an illusion. Our lives are now audited - from surveillance cameras on every street corner to reward cards that track our purchases and ISPs/telcos who record our internet activity and record our conversations.
We continue to be outraged when privacy leaks occur but yet everyday literally millions of us walk around with a tracking device in our pocket. In this talk I present findings from a number of Bluetooth tracking stations which are located around Auckland and have been running for many months, picking up over 5000 new unique Bluetooth devices per week. Topics include tracking individuals (I mean you!), social trends over time, fingerprinting devices and an analysis of common attack techniques on susceptible Bluetooth devices.
Please contact me on admin at bluetrax.org.nz if you have a premise overlooking a busy area in NZ and are willing to run a tracking station and share a couple of megs of data for uploads per day.
Bio: In his day job Splitter attempts to protect your bank accounts and other financial data from the others that attend cons, but by night, he spends far too much time haxing things to make them work just the way he wants, planning the purchase of consumer electronic goods and drinking beer.
 
Title: Tracking NZ Based Malware Distributors
Presenter: Nick von Dadelszen [Schedule]
Origin: Wellington, New Zealand
Synopsis: Compromised websites are now one of the largest distributors of malware on the Internet, with drive-by downloads being common. Website compromises and malicious JavaScript injections have become automated and recently massive SQL injection worms have swept the Internet. This talk provides the results of an effort to evaluate the number of New Zealand websites being infected in this way, and how long on average it takes to clean up a compromise. We will also analyse a range of JavaScript tricks used in recent compromises, and provide details of tools used to identify compromised sites.
Bio: After managing security teams for several NZ companies, Nick has recently co-founded Lateral Security, specialising in penetration testing and security consulting.
 
Title: Annoying controller-based 802.11 wireless solutions
Presenter: Neal Wise [Schedule]
Origin: Melbourne, Australia
Synopsis: Managing large wireless solutions using nifty centralised schtuff *seems* like a good idea. So what happens to your wireless network when when your pretty design and management goes boom? Live 802.11-y tinkering. Expect demonstrations to go wrong/right with audience participation (hi metl)
Bio: In the distant past Neal earned an arts degree, dropped out of grad school to play with VMS and never wandered back. Since then he's been SYSTEM, root, SUPERVISOR, a bit of QSECOFR and, reluctantly, administrator. Neal runs assurance.com.au, co-ops the spy.net b'width co-op and rocks the -vvv.
 
Title: The Paul Craig Omnibus Experience: The Moth Trojan & Who Got Pwnd?
Presenter: Paul Craig [Schedule]
Origin: Auckland, New Zealand
Synopsis: Not content with one talk, Paul presents two, for an omnibus, collectors edition evening of All Paul, All The Time:
The Moth Trojan
I have created a new type of Windows trojan/rootkit which cannot be detected by modern AV.
No virtualization, no funky tricks, just pure ninja stealth technique. Dubbed "The Moth Trojan" this trojan has never been seen in public before and has been kept top secret.
Until now...
As a Kiwicon exclusive I will disclose the secrets of the Moth trojan and demo the trojan's full capability. You have to see it to truly believe it. Full source code will be released along with a detailed explanation of how the trojan functions. Witness the Moth take flight...

Who Got Pwned?

Lets say you managed to find a way to steal recorded key logs from a large international botnet. What do you think you would find? Instant messenger conversations? Bank accounts? Social networking conversations? Could any governmental agencies be part of the botnet? Would you find space shuttle launch codes? Secret Swiss bank accounts? Proof of alien existence?
14 months ago I began stealing keylogs from an international ring of botnets. Over 3gig of recorded information was captured, from three unique botnets. Stealing from hackers is not hard, find out what I stole, how I did it, and who got pwned?
Bio: Bio not supplied, because he's too busy haxx0ring like Jim Duggan.
 
Title: Waste Not, Want Not
Presenter: vt [Schedule]
Origin: Auckland, New Zealand
Synopsis: Several months of traffic analysis has given an insight to what noise there is on the Internet. Scanning the boxen back and doing something constructive with what you find isn't hard - and you can plug results into metasploit/w3af/ $tool_of_choice to strap the metaphorical railgun to your network telescope.
Unsolicited Internet traffic is as much a tool as it is a menace, depending on your inclination. Low hanging fruit gets thrown at you all day (and all night) long. This talk is about juicing it for all it's worth and throwing it back. With some key ingredients one can make some great fruit cocktails.
Bio: vt largely spends his time researching, playing video games and drinking whisky. These things are not mutually exclusive.
 
Title: Race2Zero Roundup
Presenter: Bogan [Schedule]
Origin: Wellington, New Zealand
Synopsis: Triumphantly returned from rubbing the AV industry's nose in its own foetid mess at Defcon, Kiwicon's own Bogan recaps the Race2Zero.
Bio: Born with a pork spare rib in his hand, Bogan heads up the Mincing Division of Wellington's Institute of Minced Meats. He loves the sausage.
 
Title: The Art Of War - Blitzkrieg
Presenter: (long)Pipes [Schedule]
Origin: Wellington, New Zealand
Synopsis: Penetration testing often focuses on targeting specific systems and services. This talk is not about penetration testing. Limited by scope, targeted hacking often requires tactical exploitation in order to achieve a result. This talk is not about tactical exploitation.
If the internet was a theatre of war, then an ideal military offensive would be the blitzkrieg. This talk is about pulling an internet blitzkrieg. A blitzkrieg is the identification of targets, followed by a significant bombardment (the scan) chased quickly by the employment of motorized mobile forces (mass exploitation) attacking with speed and surprise to prevent an enemy from implementing a coherent defense.
We will discuss how to identify targets, scan them for vulnerabilities and exploit those vulnerabilities not only on mass but with speed.
Bio: Like a ninja poised to strike, Pipes waits for a cup of tea and a bio.
 
[Events] - top
Title: Lockpicking for Beginners Workshop
Presenter: D-Roc [Schedule]
Origin: Wellington, New Zealand
Synopsis: D-Roc introduces lockpicking, with demos, hands on, and give-aways!
Bio: Unix geek, been picking for about 1 year, been coding since age 11, voided warranties on almost every eletronic device I own.
 
Title: Tokemon: Gotta Catch 'em All
Presenter: Antic0de & Metlstorm [Schedule]
Origin: Nuclear Hardened Brewery Bunker, Undisclosed Location
Synopsis: 'c0de and metl's free for all hacking game, where you hack stuff for tokens... and tokens mean beer!
Bio: You might remember them from such previous events as Kiwicon, Ruxcon, Defcon, Blackhat, Bluehat, Syscan...
 
Title: Panel Discussion
Presenter: Risky Business [Schedule]
Origin: Australia
Synopsis: Pat Gray of the Risky Business infosec podcast hosts a panel discussion, and live taping for RB.
Bio: Media pimp daddy and Kiwicon fanboy Pat kicks back in his champagne-fuelled, first-class lounge jet-settin' life, getting rich off the back of the infosec peons foolish enough to spend their time banging bits. His mansion is filled with revolving beds, revolving records and revolving women. If you want to get famous in this industry, you need to spend some time on his casting couch, if you hear what we're sayin'.
 
Title: pgp Key Signing Party!
Presenter: Atom Smasher [Schedule]
Origin: Wellington, New Zealand
Synopsis: Following up on last years key-signing party, let's do it again! PRE-REGISTRATION IS STRONGLY ENCOURAGED! Taking advantage of the "Efficient Group Key Signing Method", send your key information (gpg --fingerprint {keyid}) to atom-keysigning at smasher.org no later than 24 SEP. http://sion.quickie.net/keysigning.txt http://www.linuxsecurity.com/content/view/121645/171/
Bio: After being unsuccessfully sued in US Federal Court for *alleged* trademark infringement Atom has successfully escaped from a once great republic and landed in NZ, where he is currently employed doing honest work for corporate types. Atom has presented at HOPE (NYC), phreaknic (TN), and Kiwicon (WLG); and been published in 2600 and LinuxSecurity.com.