Saturday, September 08, 2007

HITB SEC CONF 2007: The WriteUp

As usual me and mel have conducted the training for HITB this year, everything goes pretty well and organized as we are well prepared and attendees are given the VMware image with HeX and network data(pcap) loaded. Hopefully all the guys who attended our training have good time. The first and second days of the event are just the 7 tracks security trainings and HITB Cinema. I was glad to meet Jose Nazario again and have little conversation with him, SK was there too unfortunately I can't attend to the knowledge session sharing that invited by him due to heavy load of works. After the training is over, the Capture The Flags(CTF) Crews getting together and we started to launch our master plan - the gangbang.

Mel, rd, xwings, takizo, adli, y0muds and me got together and setup the CTF, and we only be able to set everything up in the midnight due to the whatever event in the Hilton hotel.

The third and fourth day of HITB event can be considered the meat of it. Unfortunately we have our CTF game delayed and started by the time of 1430, most of us were not able to attend any interesting talks in the conference though we would like to because we have to monitor the game. On the other hand, we have LockPicking Village and Zone-H Hacking Challenges ongoing. The lock picking stuffs were fun and I have learned how to open the police hand cuff by using the toolkits from TOOOL. Anyway I have sneaked into Rafael Marty's talk about the Insider Threats Visualization. Basically it is all about logs visualization but doing it effectively. If you are interested about graphing stuffs, check out the site maintained by him.

In the fourth day, I only be able to catch up with Luiz and Fx talks regarding Network Protocol Fuzzing and Hacking modern applications. For me Luiz talk is kinda brief but he did mention that Network Protocol Fuzzing has nothing to do with Vulnerability Assessment as the VA uses known vulnerabilities to probe but the Fuzzer usually discovers unknown or 0 days attack, I have checked out the MUsecurity box that brought by him which is pretty cool. Fx has talked about the vulnerabilities that can be found in the modern application with their stupid design flows. And I'm pretty amazed where he can actually design the new logo for ciscock. He also mentioned that attacking is cheap but detection is very expensive which I found it damn right.

Other than that, I have met our good friends from HC2C(Rodrigo and Domingo), US Army Strong guys and I hope they are having good time in Malaysia. After all, the event is over with the CTF and Zone-H prize given ceremony as well as the interesting auction. I bet we can threat Zone-H founder for something else with his unrevealed pictures we have taken ;P

Nothing to mention about the party, except that all the stupid CTF crews as well as the HITB founder been thrown into the swimming pool.

Kudos to all the HITB Members, VLNTs and Speakers who have made this Conference successful.

Cheers (;])

No comments: