HIT2007 議程表 |
Day 1 – July 21,2007 |
08:30~09:30 |
報到 |
09:30~09:50 |
開幕/HIT 簡介 by Wayne |
09:50~10:00 |
Wargame 競賽介紹 |
10:00~10:50 |
專題演講:Windows 2000 - Windows Vista Defense Exploit Evolutional by Nanika |
* Stack Buffer Overflow Exploit Defense
** Safe CRT Library
** Basic Runtime Checks DEBUG /RTC
** Cookie /GS
** SEH /SAFESEH
** Stack Base Random Vista
** image base Random VS2005 SP1 /dynamicbase
** DEP NX /NXCOMPAT Vista
** Turn off DEP NtSetInformationProcess is not work in Vista
* Heap Buffer Overflow Exploit Defense
** Safelink
** HeapEnableTerminationOnCorruption
** Encode _BasepCurrentTopLevelFilter point
** Encode VEH point
** PEB Random
** heap base Random Vista
** image base Random VS2005 SP1 /dynamicbase
** DEP NX /NXCOMPAT Vista
** Turn off DEP NtSetInformationProcess is not work in Vista |
10:50~11:00 |
Break |
11:00~11:50
|
專題演講:Use of software agents in network security by Fyodor |
The presentation will detail Meder's and Fyodor's experience of
working on agent-based, distributed network framework. One use of such
framework is for distributed web application hacking, as would be
demonstrated during the presentation. Other applications of the
framework would be discussed as well. |
11:50~13:00 |
Lanch break |
13:00~13:50 |
專題演講:SCP: A System Call Protector against Buffer Overflow Attacks by 邱秉誠(Dove) |
目前現有許多保護緩衝區溢位攻擊的方式已經無法保護變形過後的緩衝區溢位
攻擊模式,使得惡意程式散佈速度增加,造成的威脅提高。因而本篇提出使用修改kernel
和libc方式來達到防止緩衝區溢位攻擊,在不必經由重新編譯使用者程式的前提下有效防止惡意程式碼的執行,並加入ASLR部份技巧讓整體系統更加安全。 |
13:50~14:30 |
Tea Time |
14:30~15:20 |
專題演講:2007 Web Security: Taiwan Malicious Webpage and Spyware Hacking by birdman |
由於近日惡意網頁的問題頻傳,造成了包括駭客使用惡意程式入侵、政府及企業的機密資料外洩等資安問題。為了對抗惡意網頁及伴隨而來的網路犯罪問題,今年艾克索夫實驗室研究團隊特別企劃了一個針對台灣區網站的大規模資安檢測與研究計畫。我們將針對現階段的惡意網站問題與惡意程式掛馬進行研究,並對於植入的技術與惡意程式做深入的技術分析,活生生的內容,讓您了解目前台灣區的各機關與公司網站被入侵現況。 |
15:20~15:40 |
Break |
15:40~16:00 |
0day talk: ANN公告系統漏洞 -- cb520 |
16:00~16:50 |
專題演講:INFOMATION LEAKING 2.0 by XDite |
|
16:50~17:00 |
花絮: Wargame 競賽狀況及提示 |
|
Day 2 – July 22,2007
|
08:30~09:00 |
報到 |
09:00~09:50 |
專題演講:沉默的軍隊:網軍 by 查理 |
09:50~10:00 |
Break |
10:00~10:50 |
專題演講:以動態認證模組反制MMORPG機器人程式 by ChenKaiJung |
"以動態認證模組反制MMORPG的機器人程式",是我過去兩年與中國大陸的專業MMORPG機器人(外掛)開發者對抗的經驗, 提出來與大家分享。 |
10:50~11:00 |
Break |
11:00~11:50 |
專題演講:Implementation of Web Application Firewall by Outian |
|
11:50~13:00 |
Lunch Break |
13:00~13:50 |
專題演講:Anti Forensic Tools for Computer Assaults by grugq |
|
13:50~14:10 |
Tea Break |
14:10~15:00 |
New Vulnerabilities from next World Wide Web by Kudo |
|
15:00~15:10 |
Break |
15:10~15:30 |
0day talk: Joomla - Upload file mishandling vulnerability -- Outian |
|
15:30~16:00 |
輕鬆談:電信通訊的自由與安全議題 -- Jserv |
|
16:00~16:10 |
Break |
16:10~17:00 |
SELinux by Thinker |
17:00~17:20 |
Wargame 結果公佈頒獎、閉幕 |