2nd Hacks in Taiwan Conference


small logo

HIT2006 議程表

Day 1 – July 15,2006
08:50~09:20 報到
09:20~09:40 開幕致詞、Wargame 競賽介紹
09:40~10:10 keynote:What's Next for the InfoSec Industry? - Yen-Ming Chen

The information security industry is one of the most dynamic industries. It is a constantly changing industry with interactions among actors including government, organization, private sector, general public and criminals, thus forming a “Security Ecosystem”. The goal of this presentation is to look at the “Security Ecosystem” from the perspective of innovation. We will first analyze the current situation of the ecosystem and point out a few potential directions for “what's next” in this ecosystem.

10:10~10:20 休息
10:20~11:00 專題演講 1:XML-based Protocol Fuzzer for OpenSAML implementation - Yen-Ming Chen

SAML (Security Assertion Markup Language) is a standard for the formation and exchange of authentication, attribute, and authorization data as XML. OpenSAML is a set of open-source libraries in Java and C++ which can be used to build, transport, and parse SAML messages. The presentation is aimed to present methodology and prototypes on fuzzing OpenSAML implementations with buffer overrun and potentially other known attacks. The long term work is to develop a XML-based protocol fuzzer as like PROTOS for ABNF defined protocols.

11:00~11:10 休息

專題演講 2:VoIPhreaking: How to make free phone calls and influence people - grugq (英文演講)
12:00~13:00 中餐
13:00~13:30 專題演講 3:Introduction to Windows Host IPS - Nouk
隨著Shellcode, Rootkit, 的成熟,
原本較為冷闢的主機端入侵防禦系統開始熱門起來, 一家家自稱有anti-Zeroday 功能的軟體也開始出現. 本場次將簡單介紹相關技術在這幾年的發展. 歡迎大家會後討論.
13:30~13:40 休息
13:40~14:10 0day live-demo
14:10~14:30 下午茶時間
14:30~15:10 專題演講 4:Upload & Download~ I own your WEB - CharmiLin
15:10~15:20 休息
15:20~16:10 專題演講 5:Thinking XSS(cross site scripting) - BlackFarmer
跨站式網頁攻擊 XSS (cross site scripting) 的介紹,
- 尋找弱點
- 跨站攻擊的思路及實做, 社交工程的利用
- 如何接收 cookie, 到網站 session hijacking、冒用身分
- 接下來的後續
- 某大 blog 商攻擊範例
16:10~16:20 休息
16:20~17:30 專題演講 6:Securing Web Applications using Automated Static Analysis - Wayne (Yao-Wen) Huang

Day 2 – July 16,2006

08:30~09:00 報到
09:00~09:50 專題演講 7:Use of AI algorithms in designing of Web Application Security Testing framework - Fyodor
09:50~10:00 休息
10:00~10:50 專題演講 8:Spyware Detection:Automated Behavior Analysis Approach - Birdman
10:50~11:00 休息
11:00~12:00 專題演講 9:Obfuscate File Signature Verification With Dynamic
Patching - UNARY
12:00~13:00 午餐時間
13:00~13:30 專題演講 10:USB Disk Security - Nouk
一堆堆標榜自己是安全的隨身碟, 甚至告訴大家自己是AES 加密的.
真的安全嗎? ccc~~我們到時走著瞧.
13:30~13:40 休息
13:40~14:30 專題演講 11:Virus Evolution - zha0
1. Virus history
2. Virus Type/Virus naming
3. Infecting Classification
4. x86 Assembly + Addressing & OS Basic Concept
5. Trick & Technique
 Advanced Code Evolution Techniques
6. OS Implement ( DOS, Win, Linux )
 File Format
14:30~15:00 下午茶時間
15:00~15:50 專題演講 11:Exploit Modify Tips & 0day - Nanika
1. 取得惡意樣本後, 研究如何觸發應用程式弱點,並從中尋找利用的方式
2. 分享一些 0day 弱點的心得
 Excel 0day
 Office SmartTag 整數溢位
 Explorer overflow DoS
15:50~16:00 休息
16:00~16:50 專題演講 12:Spyware Forensic With Reversing and Static Analysis
- PK
16:50~17:30 Wargame 結果公布及頒獎、各關卡解說