October 6th - 9th, 2008    Private Training Workshops

October 10th, 2008 (schedule subject to change)

  8:00AM - 6:00PM         Registration and Check In

                                     /Vendor Area Open

10:00AM - 5:00PM       HackSec PacketWars(TM) Invitational

5:00PM - 8:00PM        Dinner Break

9:00PM - 10:00PM       Viral Art: Writing a Blender Virus (Tyler Durden)

10:00PM - 11:00PM     Targeted Attacks (Robert Hensing)

11:00PM - 12:00AM     Moved to Saturday

October 11th (schedule subject to change)

7:00AM - 8:30PM           Registration & Check In

8:30AM - 9:00AM           Opening Remarks (Angus Blitter)

9:00AM - 10:30AM         Embedded Systems Security (Enno & Sergey)

9:45AM - 10:30AM         Novel Botnet Construction (Simon & Daniel)

10:30AM - 10:45AM        Break

10:45AM - 12:00PM        Lawful Evil to Chaotic Good (Greg Conti)

12:00PM - 1:30PM          Lunch and Keynote (Chris “The Hoff” Hoff)

1:30PM - 2:00PM           Chips of Our Ancestors (Yamada TARO)

2:00PM - 3:00PM           Active Threat Intelligence (Eddie Schwartz)

3:00PM - 4:00PM           Microsoft’s Hyper-V Security (Enno Rey)

4:00PM - 4:15PM           Break

4:15PM - 5:30PM           Application Trustworthiness (Michael Thumann)

5:30PM - 6:00PM           Closing Remarks (Angus Blitter)

6:00PM - 7:00PM           Cocktail Reception

8:00PM - ???                  VIP Party At HAMMERJAX

                                         With A Special Appearance by Dual Core

October 12th                 Sleep In - Eat Breakfast - Go Home


Angus Blitter - Your host and resident media whore. Angus is the founder of Hack Sec Klahn, a like-minded group of technologists who believe diversity is good for the species.

Sergey Bratus - Sergey Bratus is a Research Assistant Professor at Institute for Security Technology Studies at Dartmouth College. His current research focus is on applications of data organization and other AI techniques to log and traffic analysis. His other interests include Linux kernel security (from kernel exploits, LKM rootkits and hardening patches to various security policy mechanisms) and wireless hacking. Before coming to Dartmouth, he worked on statistical learning methods for natural text processing and information extraction at BBN Technologies. He has a Ph.D. in Mathematics from Northeastern University.

Greg Conti is an Assistant Professor of Computer Science at West Point.

His research includes security data visualization, usable security, and

web-based information disclosure. He is the author of Security Data

Visualization (No Starch Press) and the forthcoming Googling Security

(Addison-Wesley). His work can be found at www.gregconti.com and


Robert “EL CONQUISTADOR” Hensing - Originally from Dayton (Kettering, Centerville, Oakwood), Robert Hensing, a 10 year veteran of Microsoft, is a Software Security Engineer on the Microsoft Secure Windows Initiative team, a role which he has been in for the last 4 years. Robert works closely with the Microsoft Security Response Center with a focus on identifying mitigations and workarounds for product vulnerabilities that can be documented in advisories and bulletins to help protect customers from attacks. Prior to working on the Secure Windows Initiative team, Robert was a senior member of the Customer Support Services Security team where he helped customers with incident response related investigations and spent most of his time engaged in hand to hand combat with miscreants who were always trying to steal our customers’ luck charms.

Chris Hoff - Is currently Unisys' Chief Security Architect. Hoff has over 15 years of experience in high-profile global roles in network and information security architecture, engineering, operations and management. Prior to Unisys, he served as Crossbeam Systems' chief security strategist, was the CISO for a $25 billion financial services company and was founder/CTO of a national security consultancy. He blogs a lot and talks even more.  Please don't hold that against him.  Hoff obviously also enjoys referencing himself in the third person.

Daniel Mende - Is a German security researcher specialized on network protocols and technologies. He’s well known for his Layer2 extensions of the SPIKE and Sulley fuzzing frameworks and has presented on protocol security at many occasions including CCC Easterhegg, IT Underground/Prague and ShmooCon. Usually he releases a new tool when giving a talk.

Rebecca Quinn - is a Senior Engineer on the Customer Engineering team at NetWitness where she resolves many tough issues out at customer sites. She has prior experience in forensics, Intrusion detection systems, vulnerability management and data trending at Lehman Brothers. She enjoys pitting her wits against the wealth of information available today and finding new solutions to problems.  With her knowledge of data and trends, she has put together metrics to make sense of large quantities of information. She is a certified CISSP and in her free time enjoys shadow bolting Horde.

Enno Rey - Loves playing around with network protocols and devices since the early 90s. Prior to founding a specialized team of security researchers (aka building his own company) in 2001 he worked as a sysadmin and network operator. He has vast experience in designing, operating, troubleshooting and securing large networks and regularly contributes to the security community as a writer of whitepapers and articles, conference speaker or just as a pentester and protocol scientist.

Simon Rich - Works as a security researcher for Germany based ERNW GmbH. Fiddling around with hardware and low level protocol stuff makes the majority of his days. He has contributed to finding several protocol flaws in the past and is known for innovative approaches to (depending who's the customer) implementing or breaking the security of technologies.  

Michael Thumann - Is Chief Security Officer and head of the ERNW "Research" and "Pen-Test" teams. He has published security advisories regarding topics like 'Cracking IKE Preshared Keys' and Buffer Overflows in Web Servers/VPN Software/VoIP Software. Michael enjoys sharing his self-written security tools (e.g. 'tomas—a Cisco Password Cracker',  ikeprobe—IKE PSK Vulnerability Scanner' or 'dnsdigger—a dns information gathering tool') and his experience with the community. Besides numerous articles and papers he wrote the first (and only) german Pen-Test Book that has become a recommended reading at german universities. In addition to his daily pentesting tasks he is a regular conference-speaker and has also contributed exploit code to the Metasploit Framework. With more than 10 years of experience in computer security Michaels' main interest is to uncover vulnerabilities and security design flaws from the network to the application level.

Yamada TARO - No BIO*

*"His paper suddenly appeared on my desk when I heard a rustling sound behind me. It contained instructions to add it to the presentation

list upon pain of death. I decided to comply." - Angus Blitter



Viral Art: The Art of Writing a Blender Virus (Tyler Durden): This talk details the creation of a 3D virus.  Much like the ones you see in the movies this virus is a real 3D virus but instead of relying on OpenGL or DirectX libraries it spreads through the art files themselves.  This demo show how a virus of this nature can be written for the popular 3D open source drawing application called Blender.  A copy of the virus source code will be released at the end of the presentation.

Targeted Attacks (Robert Hensing) ]In 2006, 2007 and 2008 malicious Microsoft Office documents have been involved in limited targeted attacks against specific Microsoft customers. In this presentation we will examine a real-world Microsoft Office document that exploited a former 0-day vulnerability (patched in March 2008) in order to install a backdoor on the vulnerable system and exfiltrate data.  In this presentation a malicious Excel document will be opened in a virtual machine running a less than fully patched version of Office 2003 on Windows XP and on Windows Vista in their default configurations. The privileges that are required for this attack to succeed will be discussed along with various mitigation strategies (such as the Microsoft Office Isolated Conversion Environment) that could be employed to reduce the damage potential that could result from opening malicious Office documents.

Novel Botnet Construction: Botnets are widely regarded as the most imminent threat to the internet's +infrastructure security. While a bot's lifecycle has mostly stayed the same +(initial infection, C+C contact, download of payloads/instructions, performance +of malicious actions) for some time now, the communication structures are +currently undergoing a shift in direction of P2P methods. In this talk we will +cover some novelty ways in mobilizing well-known and not-so-well-known +protocols within botnets. Amongst others we will show how to perform quite +efficient DoS attacks without prior OS exploitation and how to abuse some +servers run by Microsoft itself for downright untraceable C2 communication and +payload distribution. Additionally some code for an intelligent agent's "phone +home" without direct IP based communication channel will be discussed and +released.

Embedded Systems Security (Enno & Sergey)

“No Abstract For You!!!” - It’s Enno and Sergey, come on. It will be great. Don’t miss it.

Chaotic Evil or Lawful Good:  The Threat of Googling (Greg Conti)

Every time we use the web, we disclosure tremendous amounts of

information to ISPs, Internet backbone providers, and online companies;

information that will be shared and data mined, but rarely discarded. Email addresses,phone numbers, aggregated search queries, cookies, IP addresses - any unique feature of our behavior provides a mechanism to link, profile, and identify users, groups, and companies. From these revelations all aspects of our daily lives emerge, including our activities, locations, and social networks. Making matters worse, ubiquitous advertising networks, dominant online companies, complicit network providers, and popular web analytic services possess the ability to track, and in some cases, eavesdrop on and modify our online communications.

The AOL dataset debacle and subsequent public outrage illustrated one

facet of the problem - Search. This talk covers all aspects of the problem,

including end user computers, network providers, online companies, and

advertising networks. It also includes countermeasures to help

protect your personal and organizational privacy. It is important to note

that the research presented is the inverse of Google Hacking, which strives to retrieve sensitive information from the databases of search engines. This talk instead focuses on what information online companies can pull from you, as well as what network providers can see and modify. The long-term implications of web-based information disclosure are profound. Interaction by interaction we are ceding power to ISPs and online companies, disclosures which may one day alter the course of elections, remove world leaders from power, or cause the outspoken citizen to disappear from the web.

Virtualization:  Floor Wax, Dessert Topping and the End Of Network Security As We Know It?

(With an appearance by the Four Horsemen Of the Virtualization Security Apocalypse) [Chris Hoff]  - Despite shiny new stickers on the boxes of our favorite security vendors' products that advertise "virtualization ready!" or the hordes of new startups emerging from stealth decrying the second coming of security, there exists the gritty failed reality of attempting to replicate complex network and security topologies in virtualized environments. This talk will clearly demonstrate that unless we radically rethink our approach, the virtualization security apocalypse is nigh and will focus on virtualizing security; from virtualization-enabled chipsets to the hypervisor to the VM's, we'll explore the real issues that exist today as well as those that are coming that aren't being discussed or planned for.

Chips of Our Ancestors (Yamada TARO) - Inside of your computer are chips which your enemies may use against you.  Because of dishonorable rights management technology, the hardware merchants try very hard to keep you from learning their secrets.  It has come to our attention that anti-theft products use these techniques to escape detection.  Investigation has revealed that you can use these techniques on many common laptop and server models -- even if they have been powered off.  One attack holds the possibility of physically damaging certain laptop models.

Active Threat Intelligence (Rebecca Quinn)- Social networking and virtual world sites such as Facebook, MySpace, Ning, fmyi, Second Life, There and others represent a new generation of threats to your organization, and create fertile grounds for attackers.  The end-users of these sites typically will access the sites from both work and home, and will interact with the sites under a general assumption trust of either the site itself, or the online community each individual has established on the site.  This inherent personal trust relationship between an individual in your organization and a site of type can create all kinds of problems for your organization, such as numerous client-side, browser-based attacks, and palpable footholds for malware.  Additionally, flaws in the online sites themselves can lead to problems associated with the exposure of personal information that can be used for spear phishing, blackmail, and other social engineering and blended attacks. The session will describe how to attenuate your internal threat intelligence model to provide maximum visibility into these attacks, and how to leverage this active threat intelligence to perform real-time network investigations and incident response to effectively track down and kill threat agents.

Microsoft's Hyper-V Security (Enno Rey) - It is expected that Microsoft's Hyper-V will rapidly gain ground in the ever emerging virtualization market. Still, the crucial question remains: how trustworthy is this piece as for isolation of guests and protection of the hypervisor itself and management interfaces. This talk tries to give a first answer. I will present the design and architectural components of Hyper-V, explain configuration tweaks and pitfalls and discuss hardening steps & tools. Furthermore the results of in-deep security testing of Hyper-V will be published. Some fuzzing demo against various pieces of Hyper-V is included and I will provide a detailed comparison of the security features and potential weaknesses of Hyper-V and VMware ESX.

Application Trustworthiness (Michael Thumann) - This talk covers the different test methodologies to decide if an application can be used securely in a business environment. From blackbox testing, fuzzing, source code review to reverse engineering all the different approaches are explained, that are used by ERNW do conduct these kind of tests in real life. Finally the metric used in the assessments will be presented to give an idea how the results and findings can be used to answer the Question "can we trust this application?" in a comprehensible way.