FRHACK Cyber Security Conference
  FRHACK FRHACK
 

Home / Accueil
Conférence FRHACK

Call For Papers

Research

Sponsors

History

     
 

FRHACK

Conferences





Previously in FRHACK

  Day 01
Day 02 More 
Hour Speaker track #1 Speaker track #2 Speaker track #1 Speaker track #2 Training / Workshop
8:00 Registration   Registration  
9:00 Introduction
Jerome Athias
EN/FR
  Massive malicious activities (malware spreading, DDoS attacks)
-
Alexey Kachalin
EN
Building Hackerspaces Everywhere
-
Philippe Langlois
EN/FR
Trainings / Workshops
9:30 Fuzzing the brain : applied social and cognitive psychology
-
Bruno Kerouanton
EN/FR
OpenVAS - Open Vulnerability Scanning
-
Vlatko Kosturjak
EN
... ... Training / Workshop
10:00 Reverse engineering and cryptographic errors
-
Philippe Oechslin
EN/FR
HostileWRT - Abusing Embedded Hardware Platforms for Covert Operations
-
HostileWRT Team
FR/EN
New Algorithms for Attack Planning
-
Carlos Sarraute
EN
All browsers MITM keylogging on remote
-
p3lo
FR
Training / Workshop
11:00 Break Break Break Break Break
11:30 The Good, the Bad, and the Ugly of Crypto
-
David Hulton

EN
  Unified Communications Security
-
Abhijeet Hatekar
EN
SS7
-
Philippe Langlois
FR/EN
Training / Workshop
12:30 Lunch Lunch Lunch Lunch Lunch
14:00 -1 day talk announcement
-
Cesar Cerrudo
EN
Identification & Exploitation of Business Logic Flaws in Web Applications
-
Georgiadis Filippos
EN
Wireless Sensor Networking as an Asset and a Liability
-
Travis Goodspeed
EN
Auditing and securing PHP applications
-
Philippe Gamache
FR/EN
Training / Workshop
15:00 Automated malware analysis, forensic analysis, anti-virus technology
-
Mihai Chiriac
EN
Memory forensic and incident response for live virtual machine (VM)
-
Nguyen Anh Quynh
EN
Asterisk Resource Exhaustion DoS: Don’t let the fuzz get you!
-
Blake Cornell
EN
Mystification de la prise d'empreinte
(OS Fingerprinting Defeating)

-
Guillaume Prigent
FR/EN
Training / Workshop
16:00 Break Break Break Break Break
16:30 w3af
-
Andres Riancho
EN
Lockpicking
-
Alexandre Triffault
FR
Internet Marketing vs. Web Security:
Guide to Extreme Black Hat Online Profits!

-
Anselmus Ricky
EN
Flash Remote Hacking
-
Jon Rose
EN
Training / Workshop
17:30 Free Software in Ethics and in Practice
-
Richard Matthew Stallman
EN/FR
FREE LIVE STREAM
  TBA
-
Rodrigo Rubira Branco (BSDaemon)
EN
  Training / Workshop



Oops! I hacked it again
Fuzzing the brain : applied social and cognitive psychology
Historically, cunnings and stratagems have been applied to battle plans, social promotion and money making. Sun Tzu, Machiavelli and many others have popularized such uses, but discoveries of the twenthieth century in the field of social psychology, coupled with inovations designed to convince consumers of the interest to buy, allowed a better undersranding of the dynamics of persuasion. The behavior of the humain being is ultimately predictable when certain stimuli are applied, which enables people who have mastered those principles to win the game.

- Bruno Kerouanton (Switzerland)


Cryptographic reverse engineering
Reverse engineering and cryptographic errors
- Philippe Oechslin (Objectif Sécurité) (Switzerland)

Because any programmer can use a good crypto library to write crypto software it is often easier to crack a system by finding programming errors through reverse engineering rather than to cryptanalyse the algorithms used. We show this with three compelling examples:

- The MXI-stealth FIPS 140-3 level 2 certified key, were a poorly implemented "enterprise" feature allowed to extract unsalted hashes prior to authentication, before it got patched.

- A version of the E-capsule Private Safe software, where the manipulation of two bytes allows to use any of the admin, public, private or even panic password to access all data.

- The DataBecker PrivateSafe software, where a checksum ruins all the efforts of the blowfish key setup algorithm


Browsers Man-in-the-Middle
All browsers MITM keylogging on remote
- p3lo (France)


Identification & Exploitation of Business Logic Flaws in Web Applications
- Georgiadis Filippos (Greece)

The talk will include an introduction into business logic and some theory on the identification and exploitation of business logic flaws for malicious purposes. Real life examples and scenarios (collected from my experience as penetration tester) will be presented. It will include a theoretical approach on the automation of the identification of business logic flaws and a presentation of BLe (A custom automated tool capable of detecting business logic flaws in web applications). Finally guidelines for safeguarding the applications against business logic flaws will be presented.


w3af

Open Source tools like Nikto, Wapiti, Pantera and others try to find vulnerabilities in web applications but lack many features and configuration options. Comercial products have the features, but also have high product costs and are almost impossible to customize.

w3af ( Web Application Attack and Audit Framework ) is an open source project that aims to automate the detection and explotation of all web application vulnerabilities. The project's main objective is to become an open platform where anyone can contribute with new techniques and code to identify and exploit vulnerabilities. w3af's core and plugins are fully written in Python and right now the project has more than 130 plugins and 60K lines of code!

My talk will introduce this tool to new users, while showing it's features and the new GUI which was created during the last OWASP SoC. During the talk, I'll perform a couple of demos of the main features and explain how the advanced exploitation features work.

- Andres Riancho (Argentine)
Andrés Riancho is an information security researcher and founder of Bonsai, where he is mainly involved in Penetration Testing and Vulnerability Research. In the research field, he discovered critical vulnerabilities in IPS appliances from 3com and ISS; and contributed with SAP research performed at his former employer.

His main focus has always been the Web Application Security field, in which he developed w3af a Web Application Attack and Audit Framework used extensively by penetration testers and security consultants. Andrés has spoken and hold trainings at many security conferences around the globe, like OWASP (Poland), CONFidence (Poland), OWASP World C0n (USA), CanSecWest (Canada), T2 (Finland) and ekoparty (Buenos Aires).

Andrés founded Bonsai in 2009 in order to further research into automated Web Application Vulnerability detection and exploitation.


Lockpicking
- Alexandre Triffault (France)




Wireless Sensor Networking as an Asset and a Liability
Travis Goodspeed

- Travis Goodspeed (USA)


Turning Fonera into an automatic Wi-Fi hacking machine
HostileWRT - Abusing Embedded Hardware Platforms for Covert Operations
- HostileWRT Team (France)

HostileWRT: Turn Your Friendly Wireless Access Point into an Autonomous, Curious, Standalone, Malicious & Really Annoying Device

Have you ever imagined what a recalcitrant access point would look like? Well… neither do we. So we're going to show you what REAL love is all about. HostileWRT tends to make love to your antennas thanks to the 802.11 protocol suite. Then, sharing the love is more than natural. No wonder then that HostileWRT, despite its very blackhat touch, is the most desirable item in one's sado-(techno)-masochist outfit.


Security by obscurity
Mystification de la prise d'empreinte (OS Fingerprinting Defeating)

IpMorph "OS fingerprinting defeating"
There is nowadays a wide range of TCP/IP stack identification tools that allow to easily recognize the operating system of foreseen targets. The object of this talk is to show that fingerprint concealment and spoofing are uniformly possible against different known fingerprinting tools. We present IpMorph, counter-recognition software implemented as a user-mode TCP/IP stack, ensuring session monitoring and on the fly packets re-writing. We detail its operation and use against tools like Nmap, Xprobe2, Ring2, SinFP and p0f, and we evaluate its efficiency thanks to a first technical implementation that already covers most of our objectives. The IpMorph software is distributed under the GPLv3 license. This independent project is based on our previous works, and mainly derives from a specific need in the “Hynesim“ network architecture simulation project (DGA-CELAR-SSI-AMI government contract, http ://www.hynesim.org).

- Guillaume Prigent (France)
Guillaume Prigent is an computer security research engineer, and has worked in the field of security simulation for the last 10 years. He began as a research engineer in 1999 at CERV, the European Centre for Virtual Reality in Brest, where he developed the concepts of hybrid simulation for the DGA/Celar. He now is the R&D CTO of his own company, Diateam, founded in 2002, where he works on the open source Hynesim project. He also gives talks and classes in many engineering schools (ENIB, ENSIETA, ESM Saint-Cyr, ...).


UC Security (Unified Communications Security)
Many enterprises are moving toward adopting Microsoft Office Communications Server as the centerpiece of their Unified Communications infrastructure.
Microsoft’s solution helps to streamline communications between people and organizations, bringing together e-mail, calendaring, voice mail, IM and presence, VoIP, audio, video, and Web conferencing.
However, IT managers deploying OCS must carefully evaluate their security architecture and ensure that they have adopted the proper configuration and policies to mitigate security risks common to unified communications.
This presentation will introduce the audience to a free, open source security tool, OCS Assessment Tool v2.0 (OAT). This tool helps IT managers and security practitioners evaluate the security architecture of their OCS deployments and ensure their mission critical communications and systems are protected.
This session will instruct the audience in how to test their environments and ensure that their OCS deployment is properly configured to properly address:
• Online Dictionary Attack
• Presence Stealing
• Contact List Stealing
• Single/Multi user Flood Mode
• Call Walk
• Call DoS
• Audio Spam

General topic of the speech: Voice over IP Security

- Abhijeet Hatekar (Sipera Systems) (India)
Abhijeet Hatekar is a working as a Vulnerability Research Engineer in Sipera VIPER (Voice over IP Exploit Research) Lab.
Abhijeet is a graduate from University of Pune, India and Author of tool VideoJak v1.0
(http://videojak.sf.net) and OAT v1.0 (http://voat.sf.net) VoIP assessment tools. His past stints include Symantec India Corporation Pune.

From Wikipedia
Unified communications (UC) is the integration of non real-time communication services such as unified messaging (integrated voicemail, e-mail, SMS and fax) with real-time communication services such as instant messaging (chat), presence information, IP telephony, video conferencing, call control and speech control. UC is not a single product, but a set of products that provides a consistent unified user interface and user experience across multiple devices and media types.[1]
UC also refers to a trend to offer Business process integration, i.e. to simplify and integrate all forms of communications in view to optimize business processes and reduce the response time, manage flows and eliminate device and media dependencies.
UC allows an individual to send a message on one medium and receive on another. It should be possible to easily transfer any activity or message to another medium. For example, one can receive a voice mail message and choose to access it through email or a cell phone. If the sender is online according to the presence information and currently accepts calls, the response can be sent immediately through text chat or video call. Otherwise, it may be sent as a non real-time message that can be accessed through a variety of media.


SS7
- Philippe Langlois (France)
Founder of P1 Security and Senior Security Researcher for Telecom Security Task Force. Philippe Langlois has proven expertise in network security. He founded and led technical teams in several security companies (Qualys, WaveSecurity, INTRINsec) as well as security research teams (Solsoft, TSTF). He founded Qualys and led the world-leading vulnerability assessment service. He founded a pioneering network security company Intrinsec in 1995 in France, as well as Worldnet, France's first public Internet service provider, in 1993. Philippe was also lead designer for Payline, one of the first e-commerce payment gateways. He has written and translated security books, including some of the earliest references in the field of computer security, and has been giving speeches on network security since 1995 (RSA, COMDEX, Interop, HITB Dubai, Hack.lu).

Source: Wikipedia
Signaling System Number 7 (SS7) is a set of telephony signaling protocols which are used to set up most of the world's public switched telephone network telephone calls. The main purpose is to set up and tear down telephone calls. Other uses include number translation, prepaid billing mechanisms, short message service (SMS), and a variety of other mass market services.
It is usually abbreviated as Signaling System No. 7, Signaling System #7, or just SS7. In North America it is often referred to as CCSS7, an acronym for "Common Channel Signaling System 7". In some European countries, specifically the United Kingdom, it is sometimes called C7 (CCITT number 7) and is also known as number 7 and CCIS7. (ITU-T was formerly known as CCITT.)
There is only one international SS7 protocol defined by ITU-T in its Q.700-series recommendations.[1] There are however, many national variants of the SS7 protocols. Most national variants are based on two widely deployed national variants as standardized by ANSI and ETSI, which are in turn based on the international protocol defined by ITU-T. Each national variant has its own unique characteristics. Some national variants with rather striking characteristics are the China (PRC) and Japan (TTC) national variants.
The Internet Engineering Task Force (IETF) has also defined level 2, 3, and 4 protocols that are compatible with SS7 MTP2 (M2UA and M2PA) MTP3 (M3UA) and SCCP (SUA), but use an SCTP transport mechanism. This suite of protocols is called SIGTRAN.


Building Hackerspaces Everywhere

Hackerspace

- Philippe Langlois (France)
Founder of P1 Security and Senior Security Researcher for Telecom Security Task Force. Philippe Langlois has proven expertise in network security. He founded and led technical teams in several security companies (Qualys, WaveSecurity, INTRINsec) as well as security research teams (Solsoft, TSTF). He founded Qualys and led the world-leading vulnerability assessment service. He founded a pioneering network security company Intrinsec in 1995 in France, as well as Worldnet, France's first public Internet service provider, in 1993. Philippe was also lead designer for Payline, one of the first e-commerce payment gateways. He has written and translated security books, including some of the earliest references in the field of computer security, and has been giving speeches on network security since 1995 (RSA, COMDEX, Interop, HITB Dubai, Hack.lu).


Memory forensic and incident response for live virtual machine (VM)
Recently, memory analyzing has become a popular mechanism to perform incident response and forensic. However, traditional approach of memory forensic has some major drawbacks that cannot be solved in current systems. The first shortcoming is the inconsistency memory problem: memory cannot be consistenly acquired because system is still functioning in the process. Another issue is that existent rootkits can easily tamper with the acquired and analyzed steps. Last but not least, loading forensic tools into the memory will inevitably erase evidences in the memory.

This research presents "Outspect", a new tool set to perform memory forensic and incident response for live virtual machine (VM). By running Outspect outside of the inspected VM, we can solve the above-mentioned problems of traditional memory forensic. While Outspect and its architecture is designed to support all kind of guest OSes and hypervisors, in this presentation we focus on Windows guests running on Xen hypervisor.

The talk dedicates some time to discuss the advantages and challanges of our approach. The mechanism to inspect and extract important system objects from raw memory will also be examined. We will go into detail on our architecture, and prove that it is useful for many things other than just live memory forensic.

The presentation includes some live demos to demonstrate the effectiveness of Outspect. We will use Outspect to inspect and detect some popular kernel rootkits and userspace malware on Windows VM. The demo will also show that it is trivial to detect exploitation using sophisticated attack technique like Metaspoit with Meterpreter payload (which cannot be detected by any anti-virus at the moment).

- Nguyen Anh Quynh (Japan)

Nguyen Anh Quynh is a researcher at The National Institute of Advanced Industrial Science and Technology (AIST), Japan. His interests include Operating System, Virtualization, Trusted Computing, Intrusion Detection, Digital Forensic. He published various academic papers, and presented his research results in a lot of hacking conferences around the world. Quynh obtained his PhD degree in Computer Science in Keio University, Japan. He is also a member of Vnsecurity, a pioneer security research group in Vietnam.

General topic of the speech (eg.: network security, secure programming, computer forensics, etc.)


Black Hat SEO
Internet Marketing vs. Web Security: Guide to Extreme Black Hat Online Profits!

Along with the rapid growth of online business models, the use of web vulnerabilities to increase financial gain is wildfiring. It is important for every online business players to understand the importance of these attacks to protect their businesses from suffering loses. This isn’t just another presentation about the cross-site scripting or cross-site request forgery attacks. Instead, we will discuss the potential impact when the two are combined with clickjacking and other possible vulnerabilities to form new techniques attacking online businesses. Black hat marketers are starting to use these kind of techniques, creating new Black Hat SEO techniques to gain personal extreme profits for themselves. Taking advantage of the infamous clickjacking and several other vulnerabilities, the next level of Black Hat SEO will not involves robot or invalid clicks anymore, but instead transforming user clicks into some clicks that converts. This talk examines the possibilities of black hat approach to online money making. The resulting used, which deeply interact with web vulnerabilities, create additional chances for malicious users to gain extreme profits from doing unethical techniques. Experiments with mainly used web-browsers and web applications to create simulated hijacked online business models shows that Black Hat SEO techniques can be maximized through-out the use of web application/browser vulnerabilities.

- Anselmus Ricky (Indonesia)

Anselmus Ricky has worked in web application security for over 4 years and have done found several vulnerabilities on some huge companies such as Yahoo, Telkom Indonesia, Friendster, etc. He has presented at numerous local security conventions, authored some best-selling books and certified on some international security certifications such as CEH and CHFI. He is in every way passionate about the field of Information Security.


cyber warfare
New Algorithms for Attack Planning
We will present the advances of our research in automating multi-step attacks against computer networks. The problem of automating network attacks (in particular, penetration tests) has gained importance, since the work of the pentester requires a high level of expertise and is time- and resources-consuming. Moreover, automated attacks would allow to conduct a regular and systematic risk assessment of the target network.
More precisely, the problem that we consider is: given a set of goals (e.g. to obtain sensitive data such as credit card information from any machine in a given network), and an initial incomplete knowledge of the network, determine the best course of actions for an attacker in order to obtain the goals. The resulting plan of action is given as input to pentesting tools that include information gathering modules, exploits and agents that can be used as pivoting stones to launch other modules from the target machine. To clearly state (and subsequently solve) this planning problem, a model of real world attacks is needed. We will present a family of attack models, which can be instantiated by defining the Actions, Assets and Agents.
Previous works on this topic are based on the construction and analysis of Attack Graphs, whose utility has been well established and are a current subject of research. In general, the attack graphs proposed in the literature are constructed from a network defender point of view, who already knows everything about the target network. A good review of attack graphs proposals can be found in the survey of Lippmann and Ingols (MIT Lincoln Lab Report, 2005). In particular they show that most proposals lack scalability, and that the scenarios considered by the authors comprise less than 10 hosts and 20 vulnerabilities.
More importantly, previous models do not take into account numerical or probabilistic effects of the actions. To improve the realism of the model, we add several dimensions: the probability of success, the expected running time of each action, the noise produced by the actions (in terms of network traffic or registered events on IDS logs), and the traceability of the attack (dependent on the number of intermediate hops and topological factors). These values are conditional: they depend on the environment conditions.
Planning in the probabilistic setting is far more difficult than in the deterministic one, and it is the specific problem that we tackle in the second part of the presentation. We present fast algorithms designed for probabilistic planning of multi-step attacks, in order to minimize an attack parameter (e.g. the expected execution time). Our solution is suited for an interesting (and significant) part of the scenarios that need to be solved in a real world attack. The computational complexity of our solution is O(n log n), where n is the total number of actions in the graph. This means that planning can be solved in scenarios with, for example, 512 hosts distributed in different networks, and 840 exploits in the attacker's toolbox.
The proposed algorithms are presented gradually, starting with scenarios with one target and multiple exploits, and moving on to scenarios made of arbitrary attack trees. Proofs that the algorithms provide an optimal attack plan are sketched in each case. We conclude with some ideas for future work in this area.

General topic of the speech (eg.: network security, secure programming, computer forensics, etc.) Attack planning, attack graphs, automated penetration test.

- Carlos Sarraute (CORE Security) (Argentina)

Carlos Sarraute has studied Mathematics in the University of Buenos Aires and is currently a PhD candidate in Computer Engineering at ITBA (Instituto Tecnologico de Buenos Aires). He works since 2000 in CoreLabs, the research lab of Core Security. His areas of research are security vulnerabilities, attack planning and modeling, security events visualization, cryptanalysis, protocol design flaws (geometric attack to MySQL authentication, SSH timing analysis) and the use of Artificial Intelligence techniques for information gathering. He has given talks and courses about information security and cryptography in several universities in Argentina, and has spoken in the security conferences: PacSec, EUSecWest, SSTIC, HITB (Kuala Lumpur).
Some publications and presentations: "Simulating Cyber-Attacks for Fun and Profit", with Fernando Miranda et al. In SIMUTools'09 (International Conference on Simulation Tools and Techniques), Rome, Italy, March 2-6, 2009,
"Binary cryptography and differential cryptanalysis". In Jornadas de Criptografía y Códigos Autocorrectores, Universidad Nacional de Mar del Plata, November 20-24, 2006.
"Outrepasser les limites des techniques classiques de Prise d'Empreintes grace aux Réseaux de Neurones", with Javier Burroni. In SSTIC (Symposium sur la Sécurité des Technologies de l'Information et des Communications), Rennes, France, May 31-June 2, 2006.
"Foundations and Applications for Secure Triggers", with Ariel Futoransky et al. In ACM Transactions on Information and System Security (TISSEC), Volume 9, Issue 1 (February 2006), pp. 94--112. ISSN: 1094-9224.
"Analyzing OS fingerprints using Neural Networks and Statistical Machinery", with Javier Burroni. In EUSecWest, London, February 20/21, 2006.
"Advanced Software Protection Now", with Diego Bendersky et al. In CoreLabs Technical Report (2003).
For more information see:
http://corelabs.coresecurity.com/index.php?action=view&type=researcher&name=Carlos_Sarraute


Asterisk Resource Exhaustion DoS: Don’t let the fuzz get you!
While fuzzing Asterisk’s IAX protocol it was discovered that it was riddled with resource exhaustion DoS vulnerabilities. How did an IETF document get migrated into a perl fuzzer to produce over 12 0days? How could criminals profit from these bugs? How can these bugs be weaponized by rouge governments? Why aren’t these bug getting fixed? This and more will be discussed with PoC demonstrations. A script to monitor and alert administrators if an Asterisk PBX is being targeted by these bugs will be released.

- Blake Cornell (USA)

Blake Cornell has been an IT innovator and developer with over 12 years experience in software and security. He has consulted Fortune 500 companies and various law enforcement agencies with hopes of utilizing technology to ease real world issues. He currently has vested interests in a few companies providing network and application security as well as VoIP telephony. His latest endeavor, Remote Origin, Inc. is proud to offer the first to market software telephone utilizing centralized administration mechanisms with Asterisk. His personal project, Security Scraper, is currently harvesting over 500 computer security related records daily which he uses to track trends within the security industry. He is a proud member and supporter of InfraGard, a partnership between the Federal Bureau of Investigation and the private sector, and OWASP, the premier application security consortium.
He has spoken at or is scheduled to speak at Briarcliffe College (Bethpage, NY), Astricon (Pheonix, AZ), The Last Hope (New York, NY) and ICCS 2009 (New York, NY).
He has been mentioned or quoted from organizations such as CNet News, Communications News, Security Focus, Fierce VoIP, NIST NVD, Security Vulns, Cabling Installation & Maintenance Magazine.

Topics: VoIP, weaponizing 0day’s, cyber crime, Fuzzing, Secure Coding


malwares, virus and DoS attacks
Massive malicious activities (malware spreading, DDoS attacks)
Massive malicious activities (malware spreading, DDoS attacks) and attacks on infrastructure in large-scale networks: how they could be analyzed via simulation. I'll present examples of approaches to malware and network security systems models, that I'm working on with my students at MSU.

- Alexey Kachalin (Russia)

Graduated from Moscow State University in 2004, M.Sc in Computer Science and Calculation Math, Ph.D-in-waiting. Areas of expertise:
Network and malware outbreaks simulation
Simulation and modeling for security systems design and performance analysis
Data mining algorithms in attack and virus detection
Presently employed at Computer Systems Laboratory at CMC faculty of Moscow State University as research and development projects manager. Alexei co-leads Network Security seminar for CMC students, provides advisory and critics for security-related research efforts.

General topic of speech: network security, malicious activity analysis and predictions (malware spreading, DDoS)


OpenVAS - Open Vulnerability Scanning
OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner. The core component is a server with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications. OpenVAS is capable of performing local and remote security checks and currently checks can be written in NASL and OVAL. In time of this writting, OpenVAS is beyond 10k vulnerability checks implemented. OpenVAS products are Free Software under GNU GPL and a fork of (GPL) Nessus.
Current state of OpenVAS will be discussed together with unique features added to OpenVAS after the fork. Special attention will be given how users can benefit from these bright new features (OVAL support, tools integrated, OTP protocol, etc). Also, it will be an open invitation for hackers to come and help in making OpenVAS better product.

- Vlatko Kosturjak (Croatia)

Vlatko Kosturjak is security consultant delivering his services across Europe, Middle East and Africa (EMEA). He contributes to OpenVAS, Nessus, nmap and snort (to name a few). He spoke at various regional conferences in Europe on Croatian and English language. Vlatko is president of Croatian GNU/Linux Users Group called HULK.


Automated malware analysis, forensic analysis, anti-virus technology
In 1993, various researchers started mentioning "the glut problem", a problem best described by the large quantities of new viruses that started flooding anti-virus laboratories. At that time there were 3000 known viruses and pessimistic estimates ranged from 4500 to 5000 total viruses in 1995.
Welcome to 2009.
Nowadays most AV programs have passed the 3 million mark and more than 5000 new viruses appear _daily_. AV software is getting bigger and bigger and it's getting harder every day to deliver signature updates to the customers.
To address this problem, AV vendors have developed "cloud scanning", a technique that keeps at least parts of the signatures on dedicated servers. In our implementation, the client also uses compromise detection and forensic analysis techniques to gather information.
A lot of information.
This presentation will describe the types of information we gather and the specific techniques used to retrieve it from the possibly-compromised hosts. We will also describe the server component and the methods used to process and use the information for tasks ranging from sample prioritization to full automatic blacklisting.

- Mihai Chiriac (Romania)
Position: Head of Research & Development, BitDefender
Mihai manages the BitDefender Research team, designing and overseeing the development of new technologies, ranging from dynamic binary translation to intrusion prevention, compromise detection and forensic analysis. He has more than ten years experience in analyzing malware and designing detection technologies.
In recent years, Mihai worked as a consultant for an UK start-up company specialized in Intrusion Prevention. He has written a number of papers that were published in national and international publications. Recently, he was invited to speak at the Virus Bulletin Conference (Ottawa, 2008 and Geneva, 2009) and Hack.Lu Conference (Luxembourg, 2008).
He is passionate about aviation and he's currently studying to get his Private Pilot License.


Marcomedia Flash websites hacking
Flash Remote Hacking
I've been very active in researching vulnerabilities in flash remoting and have implemented a tool which I plan to release which performs a number of attacks against flash rpc servers. This work builds off my coworkers presentation given at blackhat vegas last year.
General topic of the speech (eg.: network security, secure programming, computer forensics, flash application pentesting, etc.)

- Jon Rose (Trustwave) (USA)
Security Consultant
Trustwave - SpiderLabs

Jon has close to a decade of experience performing network and application security assessments, including network penetration testing, blackbox application testing, and code reviews across a wide range of programming languages and technologies. Jon has also led IT policy, standards, and guideline projects, as well as providing IT security remediation support for commercial and government clients. His security expertise also includes building enterprise security programs, providing guidance in an enterprise security architect role, and building security into organizations existing software development lifecycle.


PHP security guidelines
Auditing and securing PHP applications
PHP Code Audit
In this laboratory, we will carry out a safety audit on the code of a web application. The technical objective is to provide a report and treat all phases of investigative work: source analysis, identifying vulnerabilities (XSS, injections, disclosure, etc.), recommendations for strengthening, and prioritization of tasks.

- Philippe Gamache (Québec, Canada)
Philippe Gamache

Philippe contributes to PHP since 1999: promotion, participation at local user groups, organizing conferences, speaking at conference and writing technical articles.
Philippe is editor and Webmaster of the French technical portal www.phportail.net.
He is the co-author of a PHP security book called "Sécurité PHP 5 et MySQL 5". He is on the board of OWASP Montreal Chapter's.
He is the president of Parler Haut, Interagir Librement a company that does Security Audit and Penetration Testing for PHP web applications. He also does PHP Security and Audit training.


Invited speakers
Richard Matthew Stallman

The FRHACK Team (TFT) is proud to announce that Mister Richard Matthew Stallman (RMS)was invited for a talk at FRHACK 01.
Richard Matthew Stallman (born March 16, 1953), often abbreviated "rms", is an American software freedom activist, hacker (programmer), and software developer. In September 1983, he launched the GNU Project to create a free Unix-like operating system, and has been the project's lead architect and organizer. With the launch of the GNU Project, he started the free software movement and, in October 1985, set up the Free Software Foundation.
Stallman pioneered the concept of copyleft and is the main author of several copyleft licenses including the GNU General Public License, the most widely used free software license. Since the mid-1990s, Stallman has spent most of his time advocating for free software, as well as campaigning against both software patents and what he sees as excessive extension of copyright laws. Stallman has also developed a number of pieces of widely used software, including the original Emacs, the GNU Compiler Collection, and the GNU Debugger. He co-founded the League for Programming Freedom in 1989. [Wikipedia]


h1kari

The FRHACK Team (TFT) is proud to announce that Mister David Hulton (h1kari) will have a talk at FRHACK 01.
David Hulton has been in the security field for the past 5 years and currently specializes in 802.11b Wireless Security development specifically to exploit its various inherent design weaknesses. He is the main developer of the bsd-airtools project, a complete 802.11b penetration testing and auditing toolset, that implements all of the current methods of detecting access points as well as breaking wep on them and doing basic protocol analysis and injection. David is also the founder of Nightfall Security Solutions, LLC and one of the founding members of Dachb0den Research Labs, a non-profit southern california based security research think-tank. He's also currently the chairman of ToorCon Computer Security Conference and has helped start many of the security and unix oriented meetings in San Diego, CA.
David Hulton is one of the founding members of Pico Computing, Inc., a manufacturer of compact embedded FPGA computers and dedicated to developing revolutionary open source applications for FPGA systems.

The Good, the Bad, and the Ugly of Crypto
What crypto is strong these days? What is really feasible for an attacker and what isn't? What's faster for breaking crypto? CPUs? GPUs? FPGAs? The Good, the Bad, and the Ugly of Crypto will take you on an adventure through a handful of crypto examples including DES, MD5, SHA-1, and some proprietary algorithms used for RFIDs and VoIP systems to give you a better understanding of how to answer these questions and a few scenarios of what happens when crypto designs go horribly wrong.


Cesar

The FRHACK Team (TFT) is proud to announce that Mister Cesar Cerrudo (Argeniss) will have a talk at FRHACK 01.
Cesar is a security researcher and consultant specialized in application security. Regarded as a leading application security researcher, Cesar is credited with discovering and helping fix dozens of vulnerabilities in applications including Microsoft SQL Server, Oracle database server, IBM DB2, Microsoft BizTalk Server, Microsoft Commerce Server, Microsoft Windows, Yahoo! Messenger, etc. Cesar has authored several white papers on database, application security, attacks and exploitation techniques and he has been invited to present at a variety of companies and conferences including Microsoft, Black Hat, Bellua, CanSecWest, EuSecWest and WebSec. Cesar collaborates and he is regulary quoted on online publications such as eWeek, ComputerWorld, etc.


BSDaemon

The FRHACK Team (TFT) is proud to announce that Mister Rodrigo Rubira Branco (BSDaemon) will have a talk at FRHACK 01.
Rodrigo is a Senior Vulnerability Researcher at the Vulnerability Research Lab (VRL) of COSEINC. Previous to that, he worked as a Security Expert for Check Point and as a software Engineer at IBM, member of the Advanced Linux Response Team (ALRT), part of the IBM Linux Technology Center (IBM/LTC). He is the maintainer of many open-source projects and has talks at the most important security-related conferences in the world. Rodrigo is also a member of the RISE Security (www.risesecurity.org).


x

Jerome Athias will open FRHACK 01 with an introduction.
Jerome is a french IT security researcher. He's active in many computer security mailing-lists and forums. He also contributes to various security related projects (ie: the Metasploit Framework, freerainbowtables.com).
Jerome is actually VP Engineering of NETpeas, and COREvidence.






  IT security conference International IT security conference