XCon2009 Schedule ================================================================= XCon2009 Schedule --------------------------------------------------------------------------------------------------------------- 2009-08-18 XCon2009 First Day --------------------------------------------------------------------------------------------------------------- Time Speaker Persentation --------------------------------------------------------------------------------------------------------------- 07:30 - 09:00 Registration & Get XCon2009 Data --------------------------------------------------------------------------------------------------------------- 09:00 - 09:10 Begining Speech --------------------------------------------------------------------------------------------------------------- 09:10 - 10:10 Xu Hao Attack the identification system based on the certificate --------------------------------------------------------------------------------------------------------------- 10:10 - 10:30 Rest & Coffee Break --------------------------------------------------------------------------------------------------------------- 10:30 - 11:30 Aseem Jakhar Fighting Spam with GoD --------------------------------------------------------------------------------------------------------------- 11:30 - 12:30 Nguyen Anh Quynh Detecting rootkits inside Virtual Machine --------------------------------------------------------------------------------------------------------------- 12:30 - 14:30 Rest & Lunch --------------------------------------------------------------------------------------------------------------- 14:30 - 15:30 Wang Tielei Integer Overflow Vulnerability In Binary System --------------------------------------------------------------------------------------------------------------- 15:30 - 16:00 Rest & Coffee Break --------------------------------------------------------------------------------------------------------------- 16:00 - 17:00 Eduardo Vela Our Favorite XSS Filters and How to Attack Them --------------------------------------------------------------------------------------------------------------- 17:00 - 18:00 Sun Bing Go Deep Into The Security of Firmware Update --------------------------------------------------------------------------------------------------------------- 2009-08-19 XCon2009Second Day --------------------------------------------------------------------------------------------------------------- Time Speaker Persentation --------------------------------------------------------------------------------------------------------------- 09:00 - 10:00 John Lambert Microsoft's Counter-Zero Day Strategy --------------------------------------------------------------------------------------------------------------- 10:00 - 10:30 Rest & Coffee Break --------------------------------------------------------------------------------------------------------------- 10:30 - 11:30 Kris Kaspersky New Generation Of Passive Non-Resident Win32/Linux RootKits --------------------------------------------------------------------------------------------------------------- 11:30 - 12:30 Chen Chen & Jeongwook Oh Fight against 1-day exploits: Diffing Binaries vs Anti-diffing --------------------------------------------------------------------------------------------------------------- 12:30 - 14:30 Rest & Lunch --------------------------------------------------------------------------------------------------------------- 14:30 - 15:30 Antiy Lab Rediscovery on the Attack of Equipment and Signal --------------------------------------------------------------------------------------------------------------- 15:30 - 16:00 Rest & Coffee Break --------------------------------------------------------------------------------------------------------------- 16:00 - 17:00 XCon2009 Panel Discussion --------------------------------------------------------------------------------------------------------------- 17:00 - 17:20 XCon2009 Lucky Draw --------------------------------------------------------------------------------------------------------------- 17:20 - 17:30 Closing Speech ================================================================= ================================================================= Speakers¡¯ Bio --------------------------------------------------------------------------------------------------------------- Xu Hao graduated from Information Security Institute of Shanghai Jiaotong University. Now works on developing information security products and researching advanced security technology. Four years ago began to focus on researching information security technologies, the main direction of research: Windows system kernel, Rootkit detection and attack, the virtualization technology, reverse engineering --------------------------------------------------------------------------------------------------------------- Presentations¡¯ Abstract --------------------------------------------------------------------------------------------------------------- The safety of the identification is very important to all of us, no mater the private one nor the country. Although the password authentication systems are very easy to use, there are still lots of shortcomings exist. PKI could take the place of the traditional password authentication systems. With the public key cryptosystem, PKI improves the safety class of system a lot. The presentation will discuss the theories of code, certificate and PKI. Then, analyze the Windows management to the local digital certificate, provide the ideas to steal the local certificate and discuss the actual examples. At last, focus on the related notions about the Intelligent Card, analyze it, provide some feasible methods to attack it and proved its possibility by analyze the real examples. --------------------------------------------------------------------------------------------------------------- Speakers¡¯ Bio --------------------------------------------------------------------------------------------------------------- Aseem Jakhar£¬alias"@", is a security and open source evangelist. He has worked on many enterprise security products ranging from AntiVirus, AntiSpam to mail security and UTM appliances with design and development experience in complex systems and components like Bayesian filters, Rules based antispam engine, Packet reflectors, firewall, SSL proxy, SMTP servers/clients, Attachment filters to name a few. He had speaked on the following conferences: BlackHat Europe 2008, Clubhack 2008, Gnunify 2007,2009, Was also invited to speak at Inbox/Outbox 2008, but could not attend due to some personal reasons. --------------------------------------------------------------------------------------------------------------- Presentations¡¯ Abstract --------------------------------------------------------------------------------------------------------------- GoD is short for "Guarantee Of Delivery". The author will describe his initial research done on finding ways to build a trust relationship between the actual Sender and the recipient of an email. While there are many techniques out there on the Internet, none of them address this issue to the full extent. He will discuss and show why most AntiSpam techniques are not adequate in fighting spam and how spammers bypass them. While most of the anti-spam techniques focus on trying to block spams, they also suffer from false positives. The GoD model works in the opposite manner, where it focuses on email acceptance provided the email passes an authenticity test. There have been attempts done in the past for creating such a system/framework such as HashCash(end user) and Trusted Third Party whitelists. The GoD model combines two techniques to guarantee that the email is legitimate and not automated. --------------------------------------------------------------------------------------------------------------- Speakers¡¯ Bio --------------------------------------------------------------------------------------------------------------- Nguyen Anh Quynh is a researcher at The National Institute of Advanced Industrial Science and Technology (AIST), Japan. He interests includes computer security, networking, operating system, virtualization, trusted computing, digital forensic, and intrusion detection. He published a lot of academic papers in those fields, and frequently gets around the world to present his research results in various hacking conferences. Quynh obtained his PhD degree in computer science from Keio university, Japan. He is also a member of Vnsecurity, a pioneer security research group in Vietnam. --------------------------------------------------------------------------------------------------------------- Presentations¡¯ Abstract --------------------------------------------------------------------------------------------------------------- Recently, virtual machine (VM) has become widely-used, but still we do not have adequate protection for them. This talk discusses the advantages that virtual machine can bring to security from malware detection point-of-view, and presents a new rootkit detector named eKimono. While the whole architecture has been designed to be independent of hypevisor and guest OS, the topic focus on protecting Windows VM running on Xen in this talk. To spot rootkits inside a guest Windows, they run eKimono in Xen's Dom0 and let it scan the memory of the guest VM for suspicious things. The talk details all the layers, explains how they solve challenges in designing and implementing eKimono. The presentation dedicates a part to discuss different types of rootkits, and how eKimono can detect them. Finally, it will discuss the possibility of recovering the infected systems, and how that can be done with eKimono. --------------------------------------------------------------------------------------------------------------- Speakers¡¯ Bio --------------------------------------------------------------------------------------------------------------- Wang Tielei , PHD of Peking University institute of computer, is interested in web and information security, especially in the discovery of binary vulnerabilities and the analysis of malicious code. He had made a speech on NDSS¡¯09 about the technical of detecting integer overflow vulnerability in binary program. And he was the first one, came from China mainland and gave a speech at NDSS as the first author affiliation. --------------------------------------------------------------------------------------------------------------- Presentations¡¯ Abstract --------------------------------------------------------------------------------------------------------------- The presentation is about the research of detecting Integer Overflow Vulnerability In binary system. According to the system the author developed by them own, there were dozens of zero-day integer overflow vulnerabilities in several popular software packages had been detected. Some of them have been released via VUPEN and Secunia and been collected into CVE. --------------------------------------------------------------------------------------------------------------- Speakers¡¯ Bio --------------------------------------------------------------------------------------------------------------- During the day, Eduardo Vela has worked for a couple of the biggest internet companies as a security engineer. During the night, he has discovered (and reported... mostly) all types of vulnerabilities for Symantec, Oracle, Microsoft, Google, Mozilla, and some others (for fun, and learning purposes). Eduardo is currently living in China, but is originally hails from Mexico. He enjoys finding vulnerabilities abusing features, and stressing limits, design errors are the best. His passions include Web Application Security, but Networking hacking has attracted a lot of his attention recently. --------------------------------------------------------------------------------------------------------------- Presentations¡¯ Abstract --------------------------------------------------------------------------------------------------------------- Present several techniques that have been used, are being used, and could be used in the future to bypass, exploit and attack some of the most advanced XSS filters. These would include the new IE8 XSS Filters, browser addons (NoScript), server side IDSs (mod_security, PHP-IDS), and human log-review. We will present innovative techniques that expand the scope of what we think we know about XSS filters. We will give you some ideas on what to do to find your own based upon some real world examples, discoveries, techniques and attacks. --------------------------------------------------------------------------------------------------------------- Speakers¡¯ Bio --------------------------------------------------------------------------------------------------------------- Sun Bing is an excellent Chinese Information Security Researcher at an Anti-Virus Software company, and he has many years of experiences on Windows kernel and information security techniques research and development, especially with deeply delving into buffer overflow prevention, rootkits detection, firmware security and x86 virtualization, and has spoken at several security conferences, such as Xcon, Black Hat and CanSecWest etc. --------------------------------------------------------------------------------------------------------------- Presentations¡¯ Abstract --------------------------------------------------------------------------------------------------------------- As we all know nowadays many PC devices have their own firmware, such as the network adapter, video card, motherboard, micro embedded controller etc, and usually their firmware update processes are proprietary (vendor-specific) and not well-documented, however keeping them secret doesn¡¯t mean they have been secure enough and attack-proof. This presentation will uncover the mystery behind various firmware update processes (Dell CMOS token and RBU, the structure of Dell BIOS update image file, SPI BIOS read/write method, EC and AMT firmware reflashing), which are primarily based on Dell Latitude D630/E6400 etc, and discuss the relevant security issues. --------------------------------------------------------------------------------------------------------------- Speakers¡¯ Bio --------------------------------------------------------------------------------------------------------------- John Lambert, Partner Security Development Lead, Microsoft Corporation, has been at Microsoft nine years. He runs the Security Science team in the Microsoft Security Engineering Center (MSEC). This team develops more effective and scalable ways to find vulnerabilities, researches and applies innovative exploit mitigation techniques to Microsoft products, and analyzes exploit trends. Previously at Microsoft, John worked in the Windows Security group. --------------------------------------------------------------------------------------------------------------- Presentations¡¯ Abstract --------------------------------------------------------------------------------------------------------------- Zero day attacks represent one of the most difficult class of issues for both Microsoft customers and its response teams. This talk explains Microsoft's strategy for countering the threat from zero day vulnerabilities by increasing attacker costs and diminishing their returns. Topics discussed include the Security Development Lifecycle (SDL), digital counter-measures, and specific examples using Microsoft security bulletins. This talk also touches on how the attack community has responded to these actions and what that means for the industry and Microsoft customers. --------------------------------------------------------------------------------------------------------------- Speakers¡¯ Bio --------------------------------------------------------------------------------------------------------------- Kris Kaspersky is working as an independent consultant for Endeavor Security (now acquired by McAfee), Cryptograph Research (now acquired my Macrovision) and other companies world wide. He have published 20 books related to reversing in Russian and wrote more than 500 articles about hacking. 6 books were translated to English, Chinese, Korean, Polish and other language. --------------------------------------------------------------------------------------------------------------- Presentations¡¯ Abstract --------------------------------------------------------------------------------------------------------------- Non-resident passive Ring-3 Root-Kits affect Windows and Linux are coming inside to break you down, they hide exe/dll modules, using only well-documented win32 API, accordingly working _everywhere_ from 9x to Vista, they do not request administrator rights, every known AV fails to find the hidden modules or detect the root-kit, because there is just nothing to detect. Manual detector (hands-n-brain) fails as well! soft-ice, syser, any root-kit finders show us nothing! what the hell is this -- science or black magic? This is a new threat, spotlighting maladjustment of three major Windows engine ¨C file system, virtual memory manager and object manager. Linux boxes are not affected. well, they're affected, but for them there is a solution. a cure. but not for Windows system and we're all waiting for a patch, fixing the problem. --------------------------------------------------------------------------------------------------------------- Speakers¡¯ Bio --------------------------------------------------------------------------------------------------------------- Chen Chen works on Venus Tech. Jeongwook Oh works on eEye's flagship product called "Blink". He develops traffic analysis module that filters attacker's traffic. The analysis engine identifies protocol integrity violations by protocol parsing and lowers the chances of false positives and false negatives compared to traditional signature based IPS engines. He's also interested in blocking ActiveX related attacks.He runs Korean security mailing list called Bugtruck(not bugtraq). --------------------------------------------------------------------------------------------------------------- Presentations¡¯ Abstract --------------------------------------------------------------------------------------------------------------- It became crucial to make 1-day exploits more difficult and time-consuming so that the vendors can earn more time for the consumers to apply patches. Even though using severe code obfuscation is not an option for Microsoft's products, they can still follow some strategies and techniques to defeat the binary diffing processes without forsaking stability and usability. The presentation is going to show the methods and tactics to make binary differs life harder. And will show the in-house tool that obfuscates the binaries in a way that especially binary differs confused. This process is called anti-binary diffing. --------------------------------------------------------------------------------------------------------------- Speakers¡¯ Bio --------------------------------------------------------------------------------------------------------------- Antiy Lab (www.antiy.com) --------------------------------------------------------------------------------------------------------------- Presentations¡¯ Abstract --------------------------------------------------------------------------------------------------------------- Last year, viruses have appeared on the American forces¡¯ printers in Iraq. Following that prospect, the engineers of Antiy Labs dedicate a topic about the safe search of hardware again --------------------------------------------------------------------------------------------------------------- ================================================================= http://sla.ckers.org/forum/read.php?13,29490,29490#msg-29490 Thu, 20 Jun 2013 06:05:30 -0500 Phorum 5.2.15a http://sla.ckers.org/forum/read.php?13,29490,29490#msg-29490 XCon2009 Schedule http://sla.ckers.org/forum/read.php?13,29490,29490#msg-29490 XCon2009 Schedule
---------------------------------------------------------------------------------------------------------------
2009-08-18 XCon2009 First Day
---------------------------------------------------------------------------------------------------------------
Time Speaker Persentation
---------------------------------------------------------------------------------------------------------------
07:30 - 09:00 Registration & Get XCon2009 Data
---------------------------------------------------------------------------------------------------------------
09:00 - 09:10 Begining Speech
---------------------------------------------------------------------------------------------------------------
09:10 - 10:10 Xu Hao Attack the identification system based on the certificate
---------------------------------------------------------------------------------------------------------------
10:10 - 10:30 Rest & Coffee Break
---------------------------------------------------------------------------------------------------------------
10:30 - 11:30 Aseem Jakhar Fighting Spam with GoD
---------------------------------------------------------------------------------------------------------------
11:30 - 12:30 Nguyen Anh Quynh Detecting rootkits inside Virtual Machine
---------------------------------------------------------------------------------------------------------------
12:30 - 14:30 Rest & Lunch
---------------------------------------------------------------------------------------------------------------
14:30 - 15:30 Wang Tielei Integer Overflow Vulnerability In Binary System
---------------------------------------------------------------------------------------------------------------
15:30 - 16:00 Rest & Coffee Break
---------------------------------------------------------------------------------------------------------------
16:00 - 17:00 Eduardo Vela Our Favorite XSS Filters and How to Attack Them
---------------------------------------------------------------------------------------------------------------
17:00 - 18:00 Sun Bing Go Deep Into The Security of Firmware Update
---------------------------------------------------------------------------------------------------------------
2009-08-19 XCon2009Second Day
---------------------------------------------------------------------------------------------------------------
Time Speaker Persentation
---------------------------------------------------------------------------------------------------------------
09:00 - 10:00 John Lambert Microsoft's Counter-Zero Day Strategy
---------------------------------------------------------------------------------------------------------------
10:00 - 10:30 Rest & Coffee Break
---------------------------------------------------------------------------------------------------------------
10:30 - 11:30 Kris Kaspersky New Generation Of Passive Non-Resident Win32/Linux RootKits
---------------------------------------------------------------------------------------------------------------
11:30 - 12:30 Chen Chen & Jeongwook Oh Fight against 1-day exploits: Diffing Binaries vs Anti-diffing
---------------------------------------------------------------------------------------------------------------
12:30 - 14:30 Rest & Lunch
---------------------------------------------------------------------------------------------------------------
14:30 - 15:30 Antiy Lab Rediscovery on the Attack of Equipment and Signal
---------------------------------------------------------------------------------------------------------------
15:30 - 16:00 Rest & Coffee Break
---------------------------------------------------------------------------------------------------------------
16:00 - 17:00 XCon2009 Panel Discussion
---------------------------------------------------------------------------------------------------------------
17:00 - 17:20 XCon2009 Lucky Draw
---------------------------------------------------------------------------------------------------------------
17:20 - 17:30 Closing Speech
=================================================================

=================================================================

Speakers¡¯ Bio
---------------------------------------------------------------------------------------------------------------
Xu Hao graduated from Information Security Institute of Shanghai Jiaotong University. Now works on
developing information security products and researching advanced security technology. Four years ago began
to focus on researching information security technologies, the main direction of research: Windows system
kernel, Rootkit detection and attack, the virtualization technology, reverse engineering
---------------------------------------------------------------------------------------------------------------
Presentations¡¯ Abstract
---------------------------------------------------------------------------------------------------------------
The safety of the identification is very important to all of us, no mater the private one nor the country. Although
the password authentication systems are very easy to use, there are still lots of shortcomings exist. PKI could
take the place of the traditional password authentication systems. With the public key cryptosystem, PKI
improves the safety class of system a lot. The presentation will discuss the theories of code, certificate and PKI.
Then, analyze the Windows management to the local digital certificate, provide the ideas to steal the local
certificate and discuss the actual examples. At last, focus on the related notions about the Intelligent Card,
analyze it, provide some feasible methods to attack it and proved its possibility by analyze the real examples.

---------------------------------------------------------------------------------------------------------------
Speakers¡¯ Bio
---------------------------------------------------------------------------------------------------------------
Aseem Jakhar£¬alias"@", is a security and open source evangelist. He has worked on many enterprise security
products ranging from AntiVirus, AntiSpam to mail security and UTM appliances with design and development
experience in complex systems and components like Bayesian filters, Rules based antispam engine, Packet
reflectors, firewall, SSL proxy, SMTP servers/clients, Attachment filters to name a few. He had speaked on the
following conferences: BlackHat Europe 2008, Clubhack 2008, Gnunify 2007,2009, Was also invited to speak
at Inbox/Outbox 2008, but could not attend due to some personal reasons.
---------------------------------------------------------------------------------------------------------------
Presentations¡¯ Abstract
---------------------------------------------------------------------------------------------------------------
GoD is short for "Guarantee Of Delivery". The author will describe his initial research done on finding ways to
build a trust relationship between the actual Sender and the recipient of an email. While there are many
techniques out there on the Internet, none of them address this issue to the full extent. He will discuss and show
why most AntiSpam techniques are not adequate in fighting spam and how spammers bypass them. While most
of the anti-spam techniques focus on trying to block spams, they also suffer from false positives. The GoD
model works in the opposite manner, where it focuses on email acceptance provided the email passes an
authenticity test. There have been attempts done in the past for creating such a system/framework such as
HashCash(end user) and Trusted Third Party whitelists. The GoD model combines two techniques to
guarantee that the email is legitimate and not automated.

---------------------------------------------------------------------------------------------------------------
Speakers¡¯ Bio
---------------------------------------------------------------------------------------------------------------
Nguyen Anh Quynh is a researcher at The National Institute of Advanced Industrial Science and Technology
(AIST), Japan. He interests includes computer security, networking, operating system, virtualization, trusted
computing, digital forensic, and intrusion detection. He published a lot of academic papers in those fields, and
frequently gets around the world to present his research results in various hacking conferences. Quynh obtained
his PhD degree in computer science from Keio university, Japan. He is also a member of Vnsecurity, a pioneer
security research group in Vietnam.
---------------------------------------------------------------------------------------------------------------
Presentations¡¯ Abstract
---------------------------------------------------------------------------------------------------------------
Recently, virtual machine (VM) has become widely-used, but still we do not have adequate protection for them.
This talk discusses the advantages that virtual machine can bring to security from malware detection
point-of-view, and presents a new rootkit detector named eKimono. While the whole architecture has been
designed to be independent of hypevisor and guest OS, the topic focus on protecting Windows VM running on
Xen in this talk. To spot rootkits inside a guest Windows, they run eKimono in Xen's Dom0 and let it scan the
memory of the guest VM for suspicious things. The talk details all the layers, explains how they solve challenges
in designing and implementing eKimono. The presentation dedicates a part to discuss different types of rootkits,
and how eKimono can detect them. Finally, it will discuss the possibility of recovering the infected systems,
and how that can be done with eKimono.

---------------------------------------------------------------------------------------------------------------
Speakers¡¯ Bio
---------------------------------------------------------------------------------------------------------------
Wang Tielei , PHD of Peking University institute of computer, is interested in web and information security,
especially in the discovery of binary vulnerabilities and the analysis of malicious code. He had made a speech
on NDSS¡¯09 about the technical of detecting integer overflow vulnerability in binary program. And he was the
first one, came from China mainland and gave a speech at NDSS as the first author affiliation.
---------------------------------------------------------------------------------------------------------------
Presentations¡¯ Abstract
---------------------------------------------------------------------------------------------------------------
The presentation is about the research of detecting Integer Overflow Vulnerability In binary system. According
to the system the author developed by them own, there were dozens of zero-day integer overflow vulnerabilities
in several popular software packages had been detected. Some of them have been released via VUPEN and
Secunia and been collected into CVE.

---------------------------------------------------------------------------------------------------------------
Speakers¡¯ Bio
---------------------------------------------------------------------------------------------------------------
During the day, Eduardo Vela has worked for a couple of the biggest internet companies as a security engineer.
During the night, he has discovered (and reported... mostly) all types of vulnerabilities for Symantec, Oracle,
Microsoft, Google, Mozilla, and some others (for fun, and learning purposes). Eduardo is currently living in
China, but is originally hails from Mexico. He enjoys finding vulnerabilities abusing features, and stressing limits,
design errors are the best. His passions include Web Application Security, but Networking hacking has attracted
a lot of his attention recently.
---------------------------------------------------------------------------------------------------------------
Presentations¡¯ Abstract
---------------------------------------------------------------------------------------------------------------
Present several techniques that have been used, are being used, and could be used in the future to bypass,
exploit and attack some of the most advanced XSS filters. These would include the new IE8 XSS Filters,
browser addons (NoScript), server side IDSs (mod_security, PHP-IDS), and human log-review. We will
present innovative techniques that expand the scope of what we think we know about XSS filters. We will
give you some ideas on what to do to find your own based upon some real world examples, discoveries,
techniques and attacks.

---------------------------------------------------------------------------------------------------------------
Speakers¡¯ Bio
---------------------------------------------------------------------------------------------------------------
Sun Bing is an excellent Chinese Information Security Researcher at an Anti-Virus Software company, and he
has many years of experiences on Windows kernel and information security techniques research and
development, especially with deeply delving into buffer overflow prevention, rootkits detection, firmware
security and x86 virtualization, and has spoken at several security conferences, such as Xcon, Black Hat and
CanSecWest etc.
---------------------------------------------------------------------------------------------------------------
Presentations¡¯ Abstract
---------------------------------------------------------------------------------------------------------------
As we all know nowadays many PC devices have their own firmware, such as the network adapter, video card,
motherboard, micro embedded controller etc, and usually their firmware update processes are proprietary
(vendor-specific) and not well-documented, however keeping them secret doesn¡¯t mean they have been secure
enough and attack-proof. This presentation will uncover the mystery behind various firmware update processes
(Dell CMOS token and RBU, the structure of Dell BIOS update image file, SPI BIOS read/write method, EC
and AMT firmware reflashing), which are primarily based on Dell Latitude D630/E6400 etc, and discuss the
relevant security issues.

---------------------------------------------------------------------------------------------------------------
Speakers¡¯ Bio
---------------------------------------------------------------------------------------------------------------
John Lambert, Partner Security Development Lead, Microsoft Corporation, has been at Microsoft nine years.
He runs the Security Science team in the Microsoft Security Engineering Center (MSEC). This team develops
more effective and scalable ways to find vulnerabilities, researches and applies innovative exploit mitigation
techniques to Microsoft products, and analyzes exploit trends. Previously at Microsoft, John worked in the
Windows Security group.
---------------------------------------------------------------------------------------------------------------
Presentations¡¯ Abstract
---------------------------------------------------------------------------------------------------------------
Zero day attacks represent one of the most difficult class of issues for both Microsoft customers and its
response teams. This talk explains Microsoft's strategy for countering the threat from zero day vulnerabilities
by increasing attacker costs and diminishing their returns. Topics discussed include the Security Development
Lifecycle (SDL), digital counter-measures, and specific examples using Microsoft security bulletins. This talk
also touches on how the attack community has responded to these actions and what that means for the industry
and Microsoft customers.

---------------------------------------------------------------------------------------------------------------
Speakers¡¯ Bio
---------------------------------------------------------------------------------------------------------------
Kris Kaspersky is working as an independent consultant for Endeavor Security (now acquired by McAfee),
Cryptograph Research (now acquired my Macrovision) and other companies world wide. He have published
20 books related to reversing in Russian and wrote more than 500 articles about hacking. 6 books were
translated to English, Chinese, Korean, Polish and other language.
---------------------------------------------------------------------------------------------------------------
Presentations¡¯ Abstract
---------------------------------------------------------------------------------------------------------------
Non-resident passive Ring-3 Root-Kits affect Windows and Linux are coming inside to break you down,
they hide exe/dll modules, using only well-documented win32 API, accordingly working _everywhere_ from
9x to Vista, they do not request administrator rights, every known AV fails to find the hidden modules or detect
the root-kit, because there is just nothing to detect. Manual detector (hands-n-brain) fails as well! soft-ice,
syser, any root-kit finders show us nothing! what the hell is this -- science or black magic? This is a new threat,
spotlighting maladjustment of three major Windows engine ¨C file system, virtual memory manager and object
manager. Linux boxes are not affected. well, they're affected, but for them there is a solution. a cure. but not for
Windows system and we're all waiting for a patch, fixing the problem.
---------------------------------------------------------------------------------------------------------------
Speakers¡¯ Bio
---------------------------------------------------------------------------------------------------------------
Chen Chen works on Venus Tech.
Jeongwook Oh works on eEye's flagship product called "Blink". He develops traffic analysis module that filters
attacker's traffic. The analysis engine identifies protocol integrity violations by protocol parsing and lowers the
chances of false positives and false negatives compared to traditional signature based IPS engines. He's also
interested in blocking ActiveX related attacks.He runs Korean security mailing list called Bugtruck(not bugtraq).
---------------------------------------------------------------------------------------------------------------
Presentations¡¯ Abstract
---------------------------------------------------------------------------------------------------------------
It became crucial to make 1-day exploits more difficult and time-consuming so that the vendors can earn more
time for the consumers to apply patches. Even though using severe code obfuscation is not an option for
Microsoft's products, they can still follow some strategies and techniques to defeat the binary diffing processes
without forsaking stability and usability. The presentation is going to show the methods and tactics to make
binary differs life harder. And will show the in-house tool that obfuscates the binaries in a way that especially
binary differs confused. This process is called anti-binary diffing.

---------------------------------------------------------------------------------------------------------------
Speakers¡¯ Bio
---------------------------------------------------------------------------------------------------------------
Antiy Lab (www.antiy.com)
---------------------------------------------------------------------------------------------------------------
Presentations¡¯ Abstract
---------------------------------------------------------------------------------------------------------------
Last year, viruses have appeared on the American forces¡¯ printers in Iraq. Following that prospect, the
engineers of Antiy Labs dedicate a topic about the safe search of hardware again

---------------------------------------------------------------------------------------------------------------
=================================================================]]> xcon2009 News and Links Fri, 24 Jul 2009 02:43:36 -0500