ZaCon ii Speakers

We propose to present a talk on Google Gadget hacks. Our work is an extension of Robert Hansen and Tom Stracener’s work they presented at BlackHat ’08. We plan to show the following proof of concepts as well as discuss possible future Google gadget tools

• Google gadget as anonymous web browsing tool. (Use Google to brows on your behalf. Bypass corporate firewalls and hide IP while browsing.)
• Google gadget as man in the middle attack.
• Google gadget as DDoS (using Google’s servers).

Ivan Burke is a researcher at the CSIR (Defence *Peace,* Safety and Security). Currently he has many bosses which all expect him to complete their tasks. These task include Information Security software/exploits to systems modelling work. Currently Ivan is hiding from his bosses by moving to a new office and leaving his office phone, but unfortunately his whereabouts have been discovered by a new set of bosses. (And Ivan has a real super power and his alignment is True Neutral)

This talk’s aim is a technical talk, which explains the different approaches taken when assessing financial banking applications and the common insecurities found in today’s bank-ing platforms. This talk will go through the often unreported vulnerabilities present in most banking platforms today. Vulnerabilities the automated scanning tools don't detect and one's that are often never fixed.

Daniel Cuthbert is one of the Open Web Application Security Project Leaders and a Principle Security consultant for Corsaire Security. He has been researching, and involved, with web application security since the late 90’s and has worked on a wide range of projects to ensure that the development life cycle is secure and the overall application can withstand today’s hackers.

Java applications are fun, easy to reverse and frequently contain tons of really useful information or functionality just waiting to be repurposed - this all wrapped up in an increased sense of developer smugness...

In most cases however, reversing a complex Java application can be a difficult and time-consuming process - especially when one considers that large numbers of Java classes do not always decompile cleanly.

This talk will demonstrate some techniques to quickly obtain access to the functionality one really wants to tamper with. These quick-kills - such as obtaining access to the network streams - allow one to tamper with specific functionality within a Java application without having to fix the thousand-odd compilation errors normally present after decompilation.

The talk will also demonstrate some newer methods of attacking Java applications which were demonstrated by Stephen De Vries and Arshan Dabirsiaghi at BlackHat this year which have largely made this specific methodology obsolete.

As an aside, the talk will also include the ASCII-sheep abuse which has become a signature of my talks and demonstrations.

Ian de Villiers is an associate at SensePost.

Coming from a development background, his areas of expertise are in application and web application assessments.

Ian has spent considerable time researching application frameworks, and has published a number of advisories relating to portal platforms. He has also provided training on web application security at prestiguous events such as the BlackHat briefings in the USA and spoken at security conferences on this topic &ndash both locally and in Europe.

With DNSSEC finally taking off (ROOT zone being signed) there will be changes in the DNS landscape in the years to come. The presentation will focus on the technical side of DNSSEC, the implications of its implementation and the pitfalls it will bring to DNS.

Todor has been a *nix geek since he could crawl and is as curious as a cat. He finds joy in solving interesting problems within the ISP space and currently heads a team of sysadmins at MTN Business.

He can't fix your cellphone and doesn't know why it's broken, but he can over-engineer an IP network.

PowerShell (which now ships with Windows 7 / Windows Server 2008) is an extensible automation engine from Microsoft, with its own shell and associated scripting language. This talk will aim at convincing the audience that they need to add Powershell to their hacking toolkit. We will begin with a quick introduction to Powershell to ensure that everyone is able to keep up with the sections that follow. We will then examine some "classic" pen-testing tools (from portscanners to attack-tools), and will demonstrate how their functionality can be replicated natively with powershell. We will finally demonstrate Powershells utility on compromised hosts.. (This talk is full of live demos and examples.)

Jameel is a youngling learning the ways of the force and while he doesnt know why your internet isnt working, code cant compile or why your printer wont print, chances are he broke all of them. He is also a passionate coder and Information Security enthusiast who enjoys tinkering with everything that he can get his hands on.

This talk examines the growth and evolution of the Conficker Worm release on 21 November 2008, exploiting the MS08-067 Vulnerability in the Microsoft RPC/Dcom stack. Nearly two years after the initial mass infection there are still in excess of 7 million systems still infected. While the Conficker Working group has done much in trying to foster an understanding of the worm, and subsequent resultant botnet, there are still a myriad of unanswered questions. We present a detailed analysis done on the initial outbreak looking at the Geopolitical origins of the Scanning (and possible target pre-selection) and worm spread in the days leading up to and following the recognised launch date of Nov 21st. An overview is shown of the following two years of traffic looking at both geo-political and topological origins - where are the infected hosts living in the physical and digital realms. We conclude with a comparison of 5 years of SQL slammer data, showing the natural extension phase that this 2003 malware is in. When will the Conficker extinction start.

Data used for this analysis is is collected using two passive network telescopes, located at Rhodes University, augmented with a large dataset from CAIDA.org collected during November 2009.

Barry Irwin (bvi), cut his teath on IP before the net went commercial and vaxes still roamed the ether. He has been called a *nix greybeard ( despite the fact he still has no grey hairs). In a past life, he worked as a global firewall admin and network engineer, and currently herds cats^W^W erm grad students at Rhodes University in the wilds of the Eastern Cape where he heads up the Security and Networks Research Group. The last few years his gaze has been directed on topic and application of network telescopes. He is a zealous believer in the fact that packets dont lie people (and by extension applications) do, and goes about his days without owning a Mac. He prefers using operating systems that have Horns.

Data Leak or Data Loss Prevention (DLP) is a relatively new addition to the suite of security solutions. There is a lot of hype as well as skepticism about the value of DLP. This talk explores DLP; what it is; why it is one of the most exciting yet challenging security solutions; organizational, process and implementation issues; how DLP opens a can of worms and identifies other security issues; current problems with DLP; and possible future directions

Stephen has worked in the security field his entire career and can't imagine doing anything more fun. His security experience covers design, implementation, assessment, consulting, training and security management, which he has provided to local and international organizations. If he had a dog, he'd probably call him Cerberus.

Lies and half lies we tell ourselves in the infosec industry.

Haroon has lost too many games of squash (by far too great margins) to turn pro, and was thusly forced into information security. He heads up Thinkst, an applied research firm. He hacks whatever you bring him, be it applications, networks, locks and sometimes even hardware.

An amateur exploration of network-based (assuming no NAC) detection of backdoors in the enterprise LAN (like the war-dialing audits of yore, now with 3G modems):

• Speaker's background (why this pet problem?)
• Some thoughts about the threat model
• Techniques and their applicability to scenarios of varying likelihood
• A short demo of one approach
• Future work

Simeon is a scientist at heart, with professional experience in software development, network design and operations. He is currently technical manager for the SANReN project at the CSIR. He likes to tinker with, build and understand everything from embedded systems to business models.

The Simple Network Management Protocol, which is widely deployed on enterprise networks suffers from several well known shortcomings in terms of security. Even though version 3 of the protocol addresses these issues, versions 1 and 2c remain the de facto standard in the wild. SNMP security is especially paramount when enabled on Cisco appliances, as these are frequently configurable via SNMP.

The talk is going to outline what the particular weaknesses of SNMP are, how these tie in with weaknesses in Cisco IOS and finally how common SNMP and Cisco misconfigurations can be leveraged to obtain administrative access to appliances such as routers, switches and bridges.

This attack scenario is demonstrated using a newly developed framework, that largely automates SNMP based attacks against Cisco appliances.

The presentation will conclude with a brief discussion of the impact of this type of attack and what countermeasures can be employed to secure routing infrastructure against it.

George recently started working for SensePost where he breaks into things, having previously finished an honours degree from Rhodes University. In his spare time, George finds vulnerabilities in open source products and plays with his dog, but not in that way. George is also a zoologist and enjoys finding, identifying and breeding things that most people would spray with doom or hit with a broom.

• The iPhone Jailbreak
  what - break out of sandbox
  why - 3rd party apps (Cyida app store), r00t access
  how - app download / jailbreakme.com (PDF exploit - loading font)
• iPhone and WiFi
  eWifi
  WiFiFoFum
• Packet Capturing
  tcp dump
  Pirni
  Pirni Pro
• Man In The Middle Attacks
  Pirni + bash
  Pirni-derv
• Penetration Testing
  Nmap
  Metasploit
  Social Engineering Toolkit
  Nikto
  aircrack-ng
  PenTBox
  THC-Hydra
• Other l33t stuff
  TV out
  VeeNC
  MyWi (tethering)
  faking your location

Ross Simpson comes from Cape Town and has been programming for 16 years. He has a keen interest in information security and all things tech related. Although currently providing PHP programming services to several clients in American, his company will soon be branching out into iPhone (and other iOS device) application development, as well as web applications auditing and security testing.

TBA

Roelof completed his electronic engineer degree in 1995 and has been involved in the security industry for some years now. He started SensePost with some friends in 2000, left SensePost in 2007 and has been running Paterva since then. He has spoke at numerous international conference including BlackHat, Defcon, Cansecwest, FIRST, Hack in the box and co-wrote some book with the rest of the Syngress crowd. He likes to think about and create new and innovative technology is and the driving force behind Maltego.

Since the term Web 2.0 has come into play, more and more people have started to build web applications focused on presenting users with a more interactive experience than the more simple Web1.0 Write/Read philosophy. This terminology has given birth to more complex web applications ranging from social networking to internet banking applications. This has also changed the way web sites are constructed and how information is presented to users - intentionally or by nefarious means.

This talk will focus on using a new technology called Selenium which is mainly used as a unit testing platform for web applications. Using this technology, it is possible to scrape various information out of web applications or automate various features of web applications.

In order to demonstrate the usefulness of Selenium, we focus on FaceBook. We will demonstrate how to use Selenium to automate browsing and, in so doing, extract information through scraping that normally would require custom scripts interacting at a low-level with the application. Selenium's application can also be applied across similar social networking environments such as MySpace and Twitter.

Jurgens currently finds himself as a junior analyst working for SensePost.

Having a general interest for networking, platform and web application security, along with enjoying any cool new innovative technology that makes his life a little easier.

Also Jurgens has been very honoured and lucky to have helped out with training at the BlackHat USA briefings 2010, where he was also one of the lucky winners of the first HackCup soccer tournaments.

TBA

Since the term Web 2.0 has come into play, more and more people have started to build web applications focused on presenting users with a more interactive experience than the more simple Web1.0 Write/Read philosophy. This terminology has given birth to more complex web applications ranging from social networking to internet banking applications. This has also changed the way web sites are constructed and how information is presented to users - intentionally or by nefarious means.

This talk will focus on using a new technology called Selenium which is mainly used as a unit testing platform for web applications. Using this technology, it is possible to scrape various information out of web applications or automate various features of web applications.

In order to demonstrate the usefulness of Selenium, we focus on FaceBook. We will demonstrate how to use Selenium to automate browsing and, in so doing, extract information through scraping that normally would require custom scripts interacting at a low-level with the application. Selenium's application can also be applied across similar social networking environments such as MySpace and Twitter.

So how do you build a community?... common interests.. communication... trust... contributions... OCD... all are important...

Ten years ago a small group of people created a gathering. The gathering grew through invitation and conferences into something a little bit bigger. With now over 190 people, a wiki with over 14 thousand edits and well enough shocking code to make the industry proud Ollie will discuss how it happened. The talk will discuss the beginnings, what worked, what didn't, some of the bumps along the way and the challenges it continues to face. The goal is to show it is possible even with small groups so great a community which feels generally fair and that appears to work combined with tips on things that tripped us up along the way.

Ollie W has worked in security for over a decade in roles from consultancy to research and most things in between. In his day job Ollie has for the last few years managed a team in Europe responsible security research & assessment for a company with a product named after a fruit.