Articles about SyScan Singapore 2012

Ready to "0wned" these phones during Syscan'12 Singapore?

Lucky draw prize for Syscan'12 Singapore is here!

Official speakers list for SyScan'12 Singapore

Official speakers list for SyScan'12 Singapore is out at http://www.syscan.org/index.php/sg/speakers

iPhone Security Bug Lets Innocent-Looking Apps Go Bad

At the SysCan conference in Taiwan next week, Charlie Miller plans to present a method that exploits a flaw in Apple’s restrictions on code signing on iOS devices, the security measure that allows only Apple-approved commands to run in an iPhone or iPad’s memory.

http://www.forbes.com/sites/andygreenberg/2011/11/07/iphone-security-bug-lets-innocent-looking-apps-go-bad/

最後一屆SyScan'11 Taipei 前瞻資案技術年會 - 名額有限，儘快報名！

SyScan'11 Taipei, 今年最後一屆！

Sponsorship of SyScan'11 Taipei

The following companies have confirmed their sponsorship of SyScan'11 Taipei: Microsoft, Google & COSEINC

SyScan'11 Taipei Call For Paper

Call For Papers for SyScan'11 Taipei is released! If you have any interesting topics, submit your papers to us!
more information http://www.syscan.org/index.php/tw

大會議程與講師介紹

UDI SHAMIR

COSEINC

Udi Shamir is a Senior Researcher with the Advanced Malware Labs of COSEINC. His work in the company includes research into Rootkits, Operating Systems, Virtualization Security and Kernel Hacking.

A few of his projects includes:

• The BlueBox is watching Me, (Hacking the Linksys checksum)
• DirStat filesystem security event tracker, http://sf.net/projects/dirstat.
• EM (Enforcement Module) http://sf.net/projects/em-module.
• WMI (re-patch wmi version for linux).

Udi Shamir現於COSEINC惡意程式前瞻研究室 (the Advanced Malmare Labs)擔任資深研究員， 他的研究工作包含Rootkits、作業系統(Operating Systems)、虛擬化安全性(Virtualization Security)及Kernel 入侵。

由他負責的專案包括:

• The BlueBox is watching Me, (Hacking the Linksys checksum)
• DirStat filesystem security event tracker, http://sf.net/projects/dirstat.
• EM (Enforcement Module) http://sf.net/projects/em-module.
• WMI (re-patch wmi version for linux).
  

NANIKA

Nanika's major areas of expertise include vulnerability research, exploit techniques, malware detection and mobile security. Especially on Windows platform and malicious office document, he has discovered numerous Windows system and office vulnerabilities. He frequently presents his researches at security conferences in Taiwan, including Hacks in Taiwan 05/06/07/09, Syscan Taipei/Hong Kong 08. Nanika was a member of the Vulnerability Research Lab (VRL) of COSEINC and now he is currently pursuing a Master's degree in NTUST.

Nanika主要專注於弱點研究、攻擊技術、惡意軟體偵測及手機安全。他已多次發掘Windows系統及Office的漏洞，特別是在Windows平台及惡意office文件上，且多次參加台灣駭客年會(05、06、07及09年)與台北/香港前瞻資安技術年會(08年)。Nanika曾是COSEINC弱點研究實驗室(the Vulnerability Research Lab)的成員，目前於台灣科技大學攻讀碩士學位。

NGUYEN ANH QUYNH

Nguyen Anh Quynh is a security researcher with multiple interests: operating system, virtualization, trusted computing, digital forensic, intrusion detection, malware analysis and vulnerability. He published a lot of academic papers in those fields, and frequently gets around the world to present his research results in various hacking conferences. Quynh obtained his PhD degree in computer science from Keio University, Japan. He is also a member of VnSecurity, a pioneer security research group in Vietnam.

Nguyen Anh Quynh是一個擁有廣泛性趣的安全性研究員，其中包含作業系統(operating system)、 虛擬化(virtualization)、可信賴運算(trusted computing)、數位鑑識(digital forensic)、 入侵偵測系統(intrusion detection)、惡意軟體分析(malware analysis)及弱點偵測。曾在這些領域中發表大量的學術報告， 且經常於世界各地之駭客會議上演講他的研究結果。擁有日本應慶大學(Keio University)電腦科學博士學位的Quynh， 目前是越南最頂尖的安全研究團隊—VnSecurity的成員之一。

MOTI JOSEPH

Moti Joseph has been involved in computer security. In the last few years he has been working on reverse engineering exploit code and developing security products. Moti is a former speaker at

• (*)CONF2009, Poland,
• POC 2009, South Korea,
• ShakaCon 2009, USA,
• Black Hat 2007, USA

Moti Joseph長期投身於電腦安全性領域，在過去的幾年致力於逆向工程攻擊編碼與開發安全性商品。他曾於下列研討會中擔任講師:

• CONF 2009/ 波蘭
• POC 2009/ 南韓
• ShakaCon 2009/ 美國
• Black Hat 2007/ 美國

THE GRUGQ
COSEINC

The Grugq is a pioneering information security researcher with over a decade of professional experience. He has worked extensively with digital forensic analysis, binary reverse engineering, rootkits, Voice over IP, telecommunications and financial security. The Grugq’s professional career has included Fortune 100 companies, leading information security firms and innovative start-ups.

Currently living in Thailand, the Grugq works as a senior security researcher for COSEINC. While not on engagements, the Grugq continues his research on security, forensics and beer.

Claims to fame:

• pioneered anti-forensics
• developed "userland exec"
• released voip attack software
• decade of experience in info sec
• long term liaison w/ digital underground
• described as "extremely handsome" [by his mom]
• 1992 sussex County 3-legged race, 2nd place

The Grugq has spoken at dozens of conferences over the last 7 years; provided expert training courses to .gov, .mil, police and businesses; domain expertise on forensics, voip, telecommunications and financial systems.

The Grugg是資訊安全研究的先驅，擁有超過十年的專業經驗，廣泛的工作於數位鑑識分析、二元逆向工程、 rootkits、VoIP、電信與金融安全等各領域。不但曾為多個全球一百大公司服務，也曾領導資訊安全公司與創新研發計畫。 現在居住於泰國的the Grugg為COSEINC的資深安全研究員，在沒有專案時The Grugg則繼續研究安全性、鑑識以及啤酒。

據說在以下領域知名:

• 逆向鑑識先驅
• 發展「Userland exec」
• 發佈VoIP攻擊軟體
• 幾十年的資安經驗
• 長期接觸digital underground
• 被(the Grugg的母親)形容成「不可思議的帥」
• 1992 薩西克斯郡兩人三腳比賽亞軍

七年來The Grugg在數十個會議受邀演講，且為政府單位、國家軍隊單位、警察單位及企業提供專業訓練課程；在鑑識、VoIP、電信通訊及金融系統擁有相當的專業知識與純熟技能。

ANTHONY BETTINI
McAfee Labs

Anthony Bettini is part of the McAfee Labs senior management team. His professional security experience comes from working for companies like McAfee, Foundstone, Guardent, Bindview, and independent contracting. He specializes in software security and vulnerability detection. Anthony has spoken publicly for NIST, the Computer Anti-Virus Research Organization (CARO) in Europe, RSA Europe 2009 in London, and most recently at the 22nd Annual FIRST Conference in Miami on locale-specific threats. Anthony has published new vulnerabilities found in Microsoft Windows, ISS Scanner, PGP, Symantec ESM, and other popular applications. In addition to contributing to a handful of security books, Anthony was also the technical editor for Hacking Exposed 5th edition.

Published books:

• Sole Technical Editor for Hacking Exposed 5th Edition
• Contributing author of Sockets, Shellcode, Porting, and Coding
• Contributing author of Buffer Overflow Attacks: Detect, Exploit, Prevent

Published papers:

• 2010 – Locale-specific Threats: The Internet Has Always Been Flat. McAfee Labs (pending, published soon, eta 0-2 months)
• 2010 – Social Networking Apps Pose Surprising Security Challenges. McAfee Labs (pending, published soon, eta 0-2 weeks)
• 2009 – PCI DSS: Better Than Nothing. McAfee Security Journal: Summer 2009 Ed.
• 2008 – Vulnerabilities in the Equities Markets. McAfee Security Journal: Fall 2008 Ed.
• 2004 – The Value of No False Positives. Foundstone Labs

Anthony Bettini 為McAfee研究室資深經理團隊的一員，他的資安專業經驗來自McAfee、Foundstone、 Guardent、Bindview及獨立個案的工作經驗，專精於軟體安全性與弱點偵測。曾為NIST、 the Computer Anti-Virus Research Organization (CARO) 歐洲、RSA Europe 2009倫敦、第22屆Annual FIRST Conference 邁阿密，演講有關區域性威脅之主題。

出版書籍:

• Hacking Exposed第五版唯一的技術編輯
• Sockets, Shellcode, Porting, and Coding 的參與作者
• Buffer Overflow Attacks: Detect, Exploit, Prevent的參與作者

研究報告:

• 2010年 -- 區域性威脅: 網路的世界一直都是平的/ McAfee Labs (即將出版)
• 2010年 — 網路社群應用程式為網路安全帶來的挑戰/ McAfee Labs (即將出版)
• 2009年 -- 信用卡產業資訊安全標準:有總比沒有好/ McAfee安全性期刊2009年夏季版
• 2008年 --資本市場裡的安全性漏洞/ McAfee安全性期刊2008年秋季版
• 2004年 -- The Value of No False Positives. Foundstone Labs

BEN NAGY
COSEINC

Ben Nagy is a senior security researcher with COSEINC, and recently moved from Kuala Lumpur to hack with a view of the mountains in Kathmandu. For over a year he has been exploring ways to improve fuzzing scalability, especially against complex, closed source targets like Windows and Office. Previously working on liver destruction with eEye in Geneva and Bangkok, he has written whitepapers on a number of subjects and presented at conferences in Europe, Asia and Australia. Ben is probably that guy over there drinking beer and talking about Ruby.

Ben Nagy是COSEINC的資深安全研究員，最近搬離吉隆坡到加德滿都享受美麗的山景，過去的一年他致力於fuzzing的可擴充性， 尤其是對抗那些複雜且封閉的資料來源目標如， Windows和Office等。以前不惜爆肝在日內瓦和曼谷為eEye工作， 曾撰寫好幾個主題的白皮書並巡迴演講於歐洲、亞洲與澳洲。Ben可能就是那個正在大喝啤酒邊談論Ruby的人。

CRISTOFARO MUNE

Cristofaro Mune is an independent security researcher currently focusing, mainly, on Mobile and Embedded security.

In the past he has been Security Research Lead for Mobile Security Lab, discovering, with his team, vulnerabilities in mobile devices, applications and services. In his experience there are also security assessments of IT networks, devices and services for major companies.

His main interests are exploitation of embedded architectures, reverse engineering and loves everything that is "food for (security) thought"

His works have been presented at important security conferences:

• "Hijacking Mobile Data Connections" - BlackHat Europe 2009 (Co-Author & Presenter)
• "Hijacking Mobile Data Connections 2.0: Automated and Improved" - DeepSec 2009 (Co-Author)
• "(Too Much) Access Points - Exploitation Roundup" - CONFidence 2010 (Author & Presenter)

Cristofaro Mune是一個獨立安全研究員，現在主要專注於手機及嵌入性安全防禦，在此之前他是手機安全研究室的安全研究主任， 與他的團隊發現許多手機設備、應用程式及服務的弱點，也曾為幾個主要的公司做IT網路、設備及服務的安全性評估。

主要的興趣為嵌入式結構攻擊、逆向工程以及任何可以幫助(安全性)思考的食物。

在安全性會議發表過的研究結果:

• 手機資料劫持連線 (共同執筆與講者)/ 歐洲BlackHat 2009
• 手機資料劫持連線2.0:自動化與進展 (共同執筆)/ DeepSec 2009
• 無線基地台-典型的攻擊手法(現場DEMO)/ CONFidence 2010 (作者及講者)

ANDREI COSTIN

Author of MFCUK

• MiFare Classic Universal toolKit

Day-time programmer (after-8pm type of hobbyist hacker)

Generally interested in:

• Programming/hacking: RFID, GSM, biometrics, embedded
• Almost everything which:
  • Is connected to networks/communications lines
  • Have smart-cards (contact and contactless)
  • Have crypto involved somewhere down the line
  • Is or should be secure

為MFCUK(MiFare Classic Universal toolkit)之作者。

白天是一個程式編寫工程師，晚上八點後則是業餘駭客。

一般來說他的興趣有:

• 程式開發/駭客入侵: RFID、GSM、生物識別及嵌入性程式。

任何有下列特點的東西

• 可以連接至網路
• 有智慧型卡片(接觸式與非接觸式)
• 至少要與密碼相關
• 很安全或是應該很安全

STEFAN ESSER
SektionEins GmbH

Stefan Esser is best known in the security community as the PHP security guy. Since he became a PHP core developer in 2002 he devoted a lot of time to PHP and PHP application vulnerability research. However in his early days he released lots of advisories about vulnerabilities in software like CVS, Samba, OpenBSD or Internet Explorer. In 2003 he was the first to boot linux directly from the harddisk of an unmodified XBOX through a buffer overflow in the XBOX font loader. In 2004 he founded the Hardened-PHP Project to develop a more secure version of PHP, known as Hardened-PHP, which evolved into the Suhosin PHP Security System in 2006. Since 2007 he works as head of research and development for the german web application company SektionEins GmbH that he co-founded.

Stefan Esser在資安全可稱PHP安全第一人。自從在2002年成為PHP核心開發人員之一， 便奉獻很多時間於PHP及PHP程式弱點研究。在早期他提供了許多弱點方面的建議給一些軟體，像是CVS、 Samba、OpenBSD或是Internet Explorer。在2003年他是第一個直接從未改機的XBOX透過XBOX內的字型裝卸工具的緩衝區溢位使用Linux。2004年他開始了硬化PHP專案， 發展更具安全性的PHP，即所謂的強化PHP，到了2006年這個專案便發展成the Suhosin PHP Security System。從2007年起他於一家德國網路程式公司—SektionEins GmbH擔任研發部門首席， 同時也是此公司的共同創辦人之一。

TORA

Jose Duart (Tora) is a reverse engineer with more than ten years of experience in the field. In the past, he's been also working as a computer forensics analyst, doing static analysis of disk images and executables, and also giving trainings to Spanish law enforcement about topics like anti-forensics or malware unpacking. Tora has been accepted as speaker in conferences like Power Of Community and CodeGate in South Korea, or ReCon in Canada. Recently he joined Zynamics to work in unpacking automation and binary auditing.

Jose Duart (Tora)在逆向工程領域裡有超過10年的經驗，過去他也曾擔任電腦鑑識分析員，負 責靜態分析硬碟影像與執行，和授予西班牙執法單位反鑑識或是惡意軟體解封包等相關訓練課程。 也曾於Power of Community and CodeGate南韓、ReCon加拿大等會議參與演講。目前在Zynamics做自動解封包及二元稽核等工作。

ELSON LAI
Websense China