The International Malware Conference, MALCON 2011

The International Malware Conference, MALCON 2011

 

About The Event

MALCON is an annual information security conference focusing exclusively on malware. It aims in bringing together Malware and Information Security Researchers from across the globe to share key research insights into building and containment of the next generation malwares. visit www.malcon.org for REGISTRATION / More information!

Paper one : Advanced Malware for Apple Products 

Abstract:

The objective of this paper is to present a proof-of-concept of an advanced malware for Apple products such iPhone, iPad and iPod. Some of the features we will try to demonstrate:

  • Control devices by SMS
  • Invisible Malware
  • VNC Server to view remote screen
  • Record and listen to all calls remotely
  • Upload / Download user Data
  • Access all mails and texts

Speaker: Atul Alex, a professional security researcher, has authored numerous exploits (published in milw0rm, exploit-db, packet storm security and many others) and written custom tools for hacking and forensic investigation. A member of the prestigious National Security Database, Atul works closely on law enforcement cyber investigations and is an expert in Reverse Engineering and Malware Analysis.

 

Paper Two: How to make your home bot-net!

You always wondered how cyber criminals made ​ ​ their criminal operations? You’ve always dreamed about scaring the biggest websites in the world? You have always wanted to commit the perfect crime? You still don’t understand how a 14 year old child, active member of wikileaks, can shut off a website such as MasterCard’s? The answer, however, is unbelievably simple – all you need to do is create your own network of botnets. The author of this article is ready to show you how to create and administer just such a network of botnets. Navigating between the dream of the perfect crime and an academic discussion on the art of creating an automated network of zombie computers, the author wants to demystify what a botnet is and show you that the relative ease of creating these networks helps to explain why there are more and more of them all over the world. The author will demonstrate that the difficulty of creating such a project has more to do with the desire to do so than with technical competencies!

Speaker: DAVID Baptiste is with the Operational Cryptology and Virology Lab at ESIEA in France. He is also engineer student in Computer science, electronics and Robotics. His research interests are computer security, computer virology, programming and mathematics. He has been awarded at the PWN2KILL challenge during the iAWACS 2010 hacking conference.

 

Paper Three: Exploit the Exploit kits

Exploit kits are being used by cyber criminals to carry out targeted attacks against the victims by exploiting the browser vulnerabilities or the vulnerabilities in the accompanied plugins like Adobe PDF, Flash, Java etc. Most of the botnets like Zeus take a ride over the exploit packs to get injected into the victim’s computer. Eleonore, Crime Pack, Black Hole exploit packs have been lately in the news for infecting few sensitive government departments. Exploits packs can be bought from their authors who are available over the ICQ/Jabber and the money can be transferred as e-currency. These packs are sold as licensed software bound to a particular IP address or domain name and the source code otherwise is obfuscated which is hard to be decompiled. While researching over the exploit kits, speaker arrived at a unique and unknown mechanism to bypass the restriction of IP address of domain name on an exploit kit without burning the mid-night oil in reversing or decompiling the pack. This talk is completely oriented towards the exploit kits starting from fundamentals and working of the exploit kits, followed by the economics involved. Speaker will demonstrate the live infections using these packs to make the audience aware about its significant impact. Presentation will also talk about the mechanism using which researchers can bypass the IP or domain based restriction embedded into the exploit kits. After this talk, running a stolen or publically available exploit pack would be a matter of seconds. Boom!!!

Speaker: Dhruv Soi, with over decade of experience in information security domain, is founder at Torrid Networks and Chief Mentor at Hacker Distinct Objects and has carried out 1000s of security assessments and executed many security research projects. He is also Chair at OWASP India with his mission to spread information security awareness across the industry, government and academia.

He is expert at application security, penetration testing, malware reversing, researching on the cybercrime wares including exploit kits, botnets, crypters etc. His favorite programming language is Python

Paper Four: MalCon 2011 Challenge ! Code a malware utilizing XBOX Kinect

MalCon Challege demonstration:

  • Must work on Windows 7
  • Must take pictures silently from XBOX Kinect
  • Must be able to post the pictures on a specified Facebook / Social website without knowledge of victim

Speaker: Shantanu Gawde, 15 years of age, studying in Class X at SKKES school, Mulund is the world’s youngest MCAD (Microsoft Certified Application Developer), SCJP (Sun Certified Java Programmer),OCP (Oracle Certified Professional) and H3x Ethical Hacker. He is an associate researcher with Orchidseven Infosec and ISAC (Information Security and Analysis Center).

 

 

More papers to be updated soon!!!

MALCON WORKSHOP - TWISTED PENETRATION TESTING

Overview:

Twisted Penetration testing is exactly what it reads. A fresh and twisted approach towards penetration testing from Malcon, it can help get results the unconventional way in regular network and system audits, vulnerability assessment and penetration testing.

Who should attend:

If your profile involves taking care of Information security for an organization at ANY level, you will take away invaluable lessons in approaches towards finding and mitigating gaps, loopholes and security vulnerabilities in your network and systems that may get missed out by regular technical assessment approaches.

Duration:

Full day training (8 hours)

The Art of Hacking

  • Our philosophy of hacking.
  • The right Mindset for a Penetration-Test.
  • More Brain, Less Tools.
  • The Power of Scripting.
  • Web-Application Basics.

The Recon

  • Mapping the Network.
  • Gathering miscellaneous network Info.
  • Basic Foot-Printing.
  • The Art of Googling.
  • Web-App Recon.
  • Effective Web-Application Analysis.
  • What to look for & where.

Planning

  • Thinking Out-of-the-Box.
  • Making the Attack-Layout.
  • Selecting suitable targets.
  • Deciding the Approach.
  • Importance of Lab-testing.
  • Plan-B.
  • Deciding the Exit-Strategy.

The Attack.

  • The Wisdom of when to use what.
  • Using custom tools for the job.
  • Tweaking the existing tools.
  • Web-Application Attacks : In-Depth.
  • Post exploitation Kung-Fu.
  • What next?

A Case Study

 

Invite friends

Contact Us

Page Views : 1768

Venue Map