3rd Hacks in Taiwan Conference

http://hitcon.org/hit2007

small logo

HIT2007 議程表

Day 1 – July 21,2007
08:30~09:30 報到
09:30~09:50 開幕/HIT 簡介 by Wayne
09:50~10:00 Wargame 競賽介紹
10:00~10:50 專題演講:Windows 2000 - Windows Vista Defense Exploit Evolutional by Nanika

* Stack Buffer Overflow Exploit Defense
** Safe CRT Library
** Basic Runtime Checks DEBUG /RTC
** Cookie /GS
** SEH /SAFESEH
** Stack Base Random Vista
** image base Random VS2005 SP1 /dynamicbase
** DEP NX /NXCOMPAT Vista
** Turn off DEP NtSetInformationProcess is not work in Vista

* Heap Buffer Overflow Exploit Defense
** Safelink
** HeapEnableTerminationOnCorruption
** Encode _BasepCurrentTopLevelFilter point
** Encode VEH point
** PEB Random
** heap base Random Vista
** image base Random VS2005 SP1 /dynamicbase
** DEP NX /NXCOMPAT Vista
** Turn off DEP NtSetInformationProcess is not work in Vista

10:50~11:00 Break
11:00~11:50

專題演講:Use of software agents in network security by Fyodor
The presentation will detail Meder's and Fyodor's experience of working on agent-based, distributed network framework. One use of such framework is for distributed web application hacking, as would be demonstrated during the presentation. Other applications of the framework would be discussed as well.
11:50~13:00 Lanch break
13:00~13:50 專題演講:SCP: A System Call Protector against Buffer Overflow Attacks by 邱秉誠(Dove)
目前現有許多保護緩衝區溢位攻擊的方式已經無法保護變形過後的緩衝區溢位 攻擊模式,使得惡意程式散佈速度增加,造成的威脅提高。因而本篇提出使用修改kernel 和libc方式來達到防止緩衝區溢位攻擊,在不必經由重新編譯使用者程式的前提下有效防止惡意程式碼的執行,並加入ASLR部份技巧讓整體系統更加安全。
13:50~14:30 Tea Time
14:30~15:20 專題演講:2007 Web Security: Taiwan Malicious Webpage and Spyware Hacking by birdman
由於近日惡意網頁的問題頻傳,造成了包括駭客使用惡意程式入侵、政府及企業的機密資料外洩等資安問題。為了對抗惡意網頁及伴隨而來的網路犯罪問題,今年艾克索夫實驗室研究團隊特別企劃了一個針對台灣區網站的大規模資安檢測與研究計畫。我們將針對現階段的惡意網站問題與惡意程式掛馬進行研究,並對於植入的技術與惡意程式做深入的技術分析,活生生的內容,讓您了解目前台灣區的各機關與公司網站被入侵現況。
15:20~15:40 Break
15:40~16:00 0day talk: ANN公告系統漏洞 -- cb520
16:00~16:50 專題演講:INFOMATION LEAKING 2.0 by XDite
 
16:50~17:00 花絮: Wargame 競賽狀況及提示
 

Day 2 – July 22,2007

08:30~09:00 報到
09:00~09:50 專題演講:沉默的軍隊:網軍 by 查理
09:50~10:00 Break
10:00~10:50 專題演講:以動態認證模組反制MMORPG機器人程式 by ChenKaiJung
"以動態認證模組反制MMORPG的機器人程式",是我過去兩年與中國大陸的專業MMORPG機器人(外掛)開發者對抗的經驗, 提出來與大家分享。
10:50~11:00 Break
11:00~11:50 專題演講:Implementation of Web Application Firewall by Outian
 
11:50~13:00 Lunch Break
13:00~13:50 專題演講:Anti Forensic Tools for Computer Assaults by grugq
 
13:50~14:10 Tea Break
14:10~15:00 New Vulnerabilities from next World Wide Web by Kudo
 
15:00~15:10 Break
15:10~15:30 0day talk: Joomla - Upload file mishandling vulnerability -- Outian
 
15:30~16:00 輕鬆談:電信通訊的自由與安全議題 -- Jserv
 
16:00~16:10 Break
16:10~17:00 SELinux by Thinker
17:00~17:20 Wargame 結果公佈頒獎、閉幕

CHROOT Group