Virus Bulletin 2008 Slides -
http://www.virusbtn.com/conference/vb2008/slides/index
ToorCon X Presentations -
http://security4all.blogspot.com/2008/11/toorcon-x-presentations-online-plus.html
OWASP 2008 Videos -
http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference
HITB Slides -
http://conference.hitb.org/hitbsecconf2008kl/materials/
So the last lab session I attended during HITB was Ching Tim Meng’s presentation on malware detection and removal with antivirus.
In his presentation, he purports that malware requires the stability of the system to survive, and defines malware as a “software designed to infiltrate or damage a system without the owner’s informed consent”. He goes on to list types of malware, including trojan horses, viruses, worms, logic bombs, etc.
I feel that he made one big mistake in that assumption. Let’s take for example -
I’m sure everyone remembers this little dialog box here. The Blaster Worm certainly did not require the stability of the system to survive. In fact, making the system unstable and unusable (after a minute) (without typing shutdown -a) was its primary and only goal.
Witty Worm
Not too far back in 2004, Witty was discovered. And yes, it does destroy the system as well. In fact, it would corrupt the system so much to the extent that at one point, the worm itself would cease to exist.
I’m sure there are more of these malware out there that aren’t as well known, but they do, somehow or another, infect and corrupt your system, one way or another.
However, while his methods of removing malware are not always foolproof and his assumption isn’t exactly accurate either, I would say that his effort was commendable and his method was easy enough for most to understand.
I would like to say that I enjoyed Day 1 more than I enjoyed Day 2. However, today sported rather interesting activities as well.
But first, some photos with / of TOOOL USA
Deviant, Babak, yours truly
Eric was busy
It was perhaps the lab session which I had enjoyed the most.
Moving on to today’s activities - King Tuna and Q conducted the lab session for wireless and RFID.
Lab session conducted by Q and King Tuna
It took some time on Windows to find the general placement of the access point. Luckily, they had a VMPlayer installer as well as a BackTrack3 image that I could use. Cracking WEP wasn’t supposed to be hard, but due to an oversight in the channel number, I monitored the wrong channel and there wasn’t enough time to complete the crack.
Ching Tim Meng conducted the malware-removal lab. It was a pretty basic session that consisted mostly of general malware techniques and malware removal procedures. Perhaps a better option would have been “Decompilers and Beyond” by Ilfak Guilfanov and pdp’s “Client-side Security”. I would definitely like to catch videos of their presentations once they are published (around December?).
Currently, I’m waiting to go to the airport to catch the 2215 flight to reach Singapore by 2310. Definitely a better option than the 6-hour coach ride. Yay for Tiger Airways.
HITB 2008 is the first actual security conference that I have physically attended, although I have been watching videos and slides of various conferences, especially blackhat/defcon. There were a couple of interesting booths, namely CtF, Open Hack, Wireless Village and Lock Picking Village (LPV).
HITB Booth
CtF in progress
So HITB Day 1 commenced, with an introduction to Click-Jacking by Jeremiah Grossman as the first keynote address.
Jeremiah's Keynote Speech
Before I go into the details of his keynote speech, I need to iterate, and reiterate, that the emcee’s distasteful slang, accent and speech is, in no way, a representation of how people from Singapore / Malaysia speak. Perhaps the organizers realized that as well as we never heard that speaking style again, after two of his narrations.
Jeremiah shared a couple of interesting PoCs for Click-Jacking, including but not limited to - tapping of webcams and microphones through Flash Player, allowing of access to the local machine (again, through Flash Player), etc.
See the"Always allow" radio button? Imagine "Allow site to remember login credentials?" before that. Think Click-Jacking, think pwnt.
It was an interesting keynote address with interesting examples.
Marcus Ranum’s speech, on the contrary, was slightly boring in comparison. It was mainly theory and definitions, which didn’t interest me much.
There were two highlights of the event today (in my opinion).
1. Hacking Internet Kiosks by Paul Craig
Paul put together an interesting presentation on how to “hack” Internet kiosks - getting a shell, getting the taskbar to show, getting files downloaded / uploaded with notepad, bypassing kiosks blacklists, etc. He compiled an entire list of possible attacks in a simple AIO application - http://ikat.ha.cked.net/ - it even comes in a portable version! The presentation was attended by many and I’m sure everyone enjoyed it. Both the presenter and the content were deliciously juicy.
2. Lock-Picking Lab by TOOOLS
At Track III, which, IMHO, is the best track to be in because of its hands-on experience that you will get there (which you cannot get from just watching videos), TOOOLS gave our lock picks and sample locks for us to try picking and introduced a couple of techniques. Overall, this lab was well-received and many loved it.
Tomorrow, I’ll mainly attend the lab sessions. I’m sure I’ll learn a lot from them.
So I haven’t been posting lately, but hey, I was busy. Now that the busy period’s over, I’ve finally got time to get down to Kuala Lumpur, Malaysia, with Chalit to attend the HackInTheBox Conference 2008.Tomorrow’s the start of the conference, but since it starts at 9, we decided to check in a day earlier to prevent the mad rush that we would have otherwise need to go through tomorrow.
I was hoping to get to meet Petko and discuss about HoH and stuff over lunch, but it’s too bad he couldn’t make it. Congratulations, pdp! I’m sure your kid’ll be pretty. 
So, we booked Impiana Hotel, a lower-class hotel compared to Crowne Plaza Mutiara, where the conference is supposed to be carried out. Unlike most other hotels I inquired, this hotel does not have in-room WiFi access. It sports a single ethernet access point, which is supposed to provide a “high speed broadband connection”, but I guess that’s not exactly true, given that I’m downloading files from RapidShare at a mere 30kbps. It’s lucky that I inquired about the Internet access before booking, though. I came prepared. 
I’m all geared up for HITB tomorrow. Are you?