HackInTheBoxMalaysia 2014 Oct. 15, 2014 to Oct. 16, 2014, kuala lampur,malaysia

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
TECH TRAINING 1: IOS EXPLOITATION TECHNIQUES Nikias \xe2\x80\x98@pimskeks\xe2\x80\x99 Bassen , Cyril Cattiaux Arm yourself with the essential skills and knowledge to become the next iOS jailbreaker! This ...
TECH TRAINING 2: PRACTICAL MALICIOUS DOCUMENT ANALYSIS Mahmud ab Rahman Targeting attack normally will leverage on malicious documents to attack the victim. The buzzword on ...
TECH TRAINING 3: PRACTICAL THREAT INTELLIGENCE Ty Miller Threat Intelligence is critical to the safety of organizations and most people still don’t understand ...
TECH TRAINING 4: UNDERSTANDING X86-64 ASSEMBLY FOR REVERSE ENGINEERING & EXPLOITS Xeno Kovah This class helps you bootstrap into the areas of reverse engineering, vulnerability exploitation, operating system ...
TECH TRAINING 5: APPLICATION SECURITY FOR HACKERS & DEVELOPERS Jared Demott There are four technical skills required by security researchers, software quality assurance and test engineers, ...
TECH TRAINING 6: LTE SECURITY AND INSECURITY Alexandre De Oliveira , Pierre-olivier Vauboin In this training We will dig into LTE eUTRAN and EPC protocols, standardized and proprietary ...
TECH TRAINING 7: SENSEPOST WIRELESS BOOTCAMP Daniel Cuthbert You may think wireless hacking is nothing new, and you may think it’s just not ...
KEYNOTE 1 – THE NEXT CRYPTO WARS, OR HOW WE NEVER LEARNED TO STOP REGULATING EXPORTS Marcia Hofmann , Nate Cardozo “The Net interprets censorship as damage and routes around it.” – John Gilmore, circa 1993 ...
EXPLOITING ECDSA FAILURES IN THE BITCOIN BLOCKCHAIN Filippo Valsorda Bitcoin transactions are basically public ECDSA signed statements. As others have painfully verified, ECDSA is ...
ARM WRESTLING A PRINTER: HOW TO MOD FIRMWARE Michael Jordon How secure is encrypted, embedded ARM firmware? This talk discovers how an encrypted firmware image ...
HITB LAB: IRMA – AN OPEN SOURCE INCIDENT RESPONSE & MALWARE ANALYSIS PLATFORM Alexandre Quint , Fernand Lone-sang IRMA (http://irma.quarkslab.com) is an open-source asynchronous system aiming at helping analyze suspicious files. We all ...
ABUSING JSONP WITH ROSETTA FLASH Michele Spagnuolo In this paper we will present Rosetta Flash, a tool for converting any SWF file ...
IT JUST (NET)WORKS: THE TRUTH ABOUT APPLE’S MULTIPEER CONNECTIVITY FRAMEWORK Alban Diquet With the release of iOS 7 and later OS X Yosemite, Apple has quietly introduced ...
HARDCORE PHOTOGRAPHY: HOW I HACKED MY DSLR Ross ‘shodan’ Bevington Own a DSLR camera? Then you own an extremely advanced embedded computer. Question is can ...
FUZZING AND PATCH ANALYSIS: SAGELY ADVICE Richard Johnson Last year, in “Taint Nobody Got Time for Crash Analysis”, we presented implementations of analyses ...
HITB LAB: MULTI-USER ENCRYPTED COMMUNICATION WITH NO TRUST IN THE SERVER David Dahl , Cam Pedersen How do you build an open source communications framework where you can trust your peers ...
SENTER SANDMAN: USING INTEL TXT TO ATTACK BIOSES Xeno Kovah , Corey Kallenberg , John Butterworth , Sam Cornwell At CanSecWest 2014 we presented the first prototype of Copernicus 2, a trustworthy BIOS capture ...
AUTOMATIC, SCALABLE EXTRACTION OF MALICIOUS BEHAVIOR FROM LARGE DATASETS Stefano Zanero When analyzing (malicious) software, hybrid static-dynamic program analysis techniques help analysts diving into large datasets ...
OPSEC FOR THE AGE OF EGOTISTICAL GIRAFFE The Grugq , Emmanuel Gadaix In the post-Snowden era OPSEC has become all the rage, but how does one apply ...
FORGING THE USB ARMORY Andrea Barisani Inverse Path recently introduced the USB armory project (http://inversepath.com/usb-armory), an open source hardware design, implementing ...
HITB LAB: YOU FORGOT YOUR WALLET! TRACING BITS OF COINS IN DISK AND MEMORY Cem Gurkok There has been a lot of buzz around Bitcoin, and the so-called “dark web” since ...
HOW A HELPFUL MAN-IN-THE-MIDDLE CAN HELP YOU EVADE MONITORING Ryan Lackey , Marc Rogers Sometimes, hiding the existence of a communication is as important as hiding the contents of ...
WATCHING THE WATCHER: EXTREME PRIVILEGE ESCALATION ON WINDOWS 8/UEFI SYSTEMS Xeno Kovah , Corey Kallenberg , John Butterworth , Sam Cornwell The UEFI specification has more tightly coupled the bonds of the operating system and the ...
KILL YR IDOLS Don Bailey HITB KUL has been a staple in the information security community for over ten strong ...
WHEN THE SAND IS LEAKING: HOW I FOUND FIVE IE SANDBOX ESCAPES IN TWO WEEKS Sunghun ‘trimo’ Kim All modern operating systems and applications have sandbox mechanisms to protect the systems from attackers. ...
KEYNOTE 2 – INTO THE DARK AGES OR ON TO THE RENAISSANCE Katie Moussouris The present day information security world is at a critical inflection point. Never before has ...
GIVING APPLEPAY THE FINGER: HACKING TOUCHID ON THE IPHONE 6 Marc Rogers Apple is about to launch ApplePay, yet yet the TouchID sensor on the iPhone 6 ...
IMAGE HOSTER DIVING: EXAMINING THE WEB’S DUMPSTER Paul s. ziegler We all remember dumpster diving – going through a company’s trash searching for personal information, ...
HITB LAB: IDENTIFYING THREATS IN RAW DATA EVENTS: A PRACTICAL APPROACH FOR ENTERPRISES (PART 1) Fyodor Yarochkin , Vladimir borisovich Kropotov , Vitaly Chetvertakov With proliferation of custom, targeted attacks it is essential for any CIRT team to be ...
BREAKING “SECURE” MOBILE APPLICATIONS Dominic Chell TL;DR : This talk examines the security of products in the mobile space that describe ...
BROWSER FUZZING IN 2014: WHERE TO THROW YOUR STONES Rosario Valotta Fuzzing techniques have proved to be very effective for discovering vulnerabilities in web browsers. Over ...
ALPC FUZZING TOOLKIT Ben Nagy Why should I care? ALPC is a replacement LPC subsystem on Windows since around Vista. ...
TACKYDROID: PENTESTING ANDROID IN STYLE Chris Liu , Matthew Lionetti Vulnerability assessment for mobiles applications are boring as hell – since when did we start ...
HITB LAB: IDENTIFYING THREATS IN RAW DATA EVENTS: A PRACTICAL APPROACH FOR ENTERPRISES (PART 2) Fyodor Yarochkin , Vladimir borisovich Kropotov , Vitaly Chetvertakov With proliferation of custom, targeted attacks it is essential for any CIRT team to be ...
WEAPONS OF MASS DISTRACTION: SOCK PUPPETRY FOR FUN & PROFIT Haroon Meer , Marco Slaviero , Azhar Desai There have been many discussions online about governments making use of sock puppets on social ...
A PYROTECHNIC COMPOSITION: FIREWORKS, EMBEDDED WIRELESS AND INSECURITY-BY-DESIGN Andrei Costin Fireworks are used around the world to salute popular events such as festivals, weddings, and ...
THE NSA PLAYSET: BLUETOOTH SMART ATTACK TOOLS Mike Ryan TL;DR: I will demonstrate wirelessly injecting keystrokes into multiple major and widely used operating systems ...
CLOSING KEYNOTE – HACKING AS PRACTICE FOR TRANSPLANETARY LIFE IN THE 21ST CENTURY: HOW HACKERS FRAME THE PICTURES IN WHICH OTHERS LIVE Richard Thieme “In my end is my beginning,” said T. S. Eliot in The Four Quartets, and ...