ROOTCON 7

September 13-14, 2013 Parklane Hotel, Cebu City
Media direct downloads || Back to past events


Presentations

CyberCrime Act of 2012: Issues and Concerns by: Atty. Al Vitangcol III, C|HFI, C|EI
(PPSX)
The revolution in information technologies has changed society fundamentally. It has given rise to unprecedented economic and social changes. With it comes the emergence of new types of crimes.

These new types of crimes, based on new technologies, challenge existing legal concepts. The Convention on Cybercrime of the Council of Europe, known as the Budapest Convention, is the only binding international instrument on the issue of cybercrimes. Its main objective is to pursue a common criminal policy aimed at the protection of society against cybercrime, especially by adopting appropriate legislation and fostering international cooperation. It is a guideline for any country developing comprehensive national legislation against Cybercrime.

Republic Act No. 10175, known as the "Cybercrime Prevention Act of 2012", was signed into law by the President on September 12, 2012. It took effect on October 3, 2012.

The presentation will focus on the provisions of the law and its compliance vis-a-vis the requirements of the Budapest Convention. It will discuss the various offenses punishable under the law. More so, the presentation will likewise touch on the aftermath of the enactment of the law, including various pros and cons on its implementation. Finally, the law's current status shall be presented and suggestions on the way forward shall be made.

Diving to Recon-NG by: Primarch Victus
(PDF)
Recon-ng is a Web Reconnaissance framework written in Python which focuses on Reconnaissance, Discovery, and Reporting which are steps 1, 2 and 4 of the Web Application Penetration Testing Methodology. It is also a Metasploit like framework and that there are separate module branches within the module tree for each methodology step. In this topic we will cover the Recon-ng introduction, framework information and basic usage.

Getting to know SmartTV by: Joey Costoya
(PDF)
Smart TVs are the next evolutionary step of our beloved household appliance, transforming this living room mainstay into yet another Internet-connected computer, albeit with a much better screen. This transformation exposes to the TV to the same attack vectors that has plagued personal computers for years. This presentation will give an overview of the Smart TV technology and its corresponding ecosystems. It will also explore what's under the hood of a popular Smart TV brand, exposing some possible attack entry points.

JAVAlicious: Malicious Java in the wild by: Maersk Chastine Menrige
(PDF)
Java is recognized to be the most popular programming language in the world. It is a portable object-oriented programming language that could be used in any platform. Its syntax is easy and similar to the C programming language. The Java virtual machine (JVM), its code-executing component, enables it to run on any platform. However, JVM is a prime target for cybercriminals because if its flaws. In Q1 2013, several Java vulnerabilities have been disclosed, some of took a while to be patched. Java vulnerabilities are known entry points used by exploit kits, which run on Windows machines. Other malware that used Java vulnerabilities also run on platforms, such as the Flashback malware that spread on Mac operating systems.

In this presentation, we explore the Java programming language and its environment. In our exploration, we review the Java programs used by cybercriminals, and how these programs are used in exploiting the early vulnerabilities in Microsoft Virtual Machine's Java bytecode verifier. We also review the latest methods used in exploiting Java. The review and discussion includes a list of exploit packs known to use Java vulnerabilities in spreading malware. In addition, we demonstrate how to analyze a malicious Java applet from one exploit kit to show its capabilities. To conclude the presentation, we provide recommendations to prevent infections from Java malware.

Mobile Malware Evolution by: Jesmond Chang
(PDF)
It was in June 2004 when Kaspersky Lab first got hold of a sample virus designed for mobile phones.

A few years later and we've witnessed how the number of mobile threats exploded specifically targeting Android OS notably in the year 2012. It was also within that year when the most scandalous mobile espionage events transpired such as the detection of a mobile version of the spyware module FinSpy, developed by the British firm Gamma International as well as the disclosure of technical details of cyber intelligence operations dubbed Red October.

The latest development in mobile malware evolution is happening today where mobile threats have already gone international. What's next?

My Experiments with truth: a different route to bug hunting by: Devesh Bhatt
(PDF)
The Best way to improve the security of your systems is to hire hackers. Unfortunately, companies can't hire all best hackers, so the companies has chosen another best way to improve their system security, "Bug Bounty Program”

Google, Facebook, Mozilla, PayPal, Etsy and many other companies pay a good amount to hackers for responsible disclosure and recently it is being started as a service in the form of “bugcrowd” Security Researchers have submitted bugs ranging from configuration issues to SQL injections.

This topic is not about what is a “Bug Bounty” program, who all is paying what amount and the scope of testing. This paper is basically focused on the approach to finding simple and yet devastating vulnerabilities, earn hefty amounts and share space with the top researchers from around the globe.

Ouroboros by: Chris Boyd & Jovi Umawing
(PDF)
Preemptive strikes against attackers. Mobile Malware on the rise. Government spyware. Printer shenanigans. Cybersecurity lobbying. It sounds like a round-up of the top news stories of the last couple of months - in reality, it's a sample of news stories from 2005 to 2008, when Antispyware companies and security forums clashed over legal battles, death threats, pr spin, Botnet monetisation and more at the height of the old Adware industry's power and ambition.

Was so much time spent firefighting the Adware industry that many of our current security concerns were allowed to develop and grow largely unaddressed? What factors could have encouraged this security groundhog day? Why did the Adware industry's passing encourage a form of "security fatigue" on Infosec blogs? Why did so many security researchers burn out? What might have happened if the old guard of Adware vendors hadn't gone bust or been sued into oblivion? What legacy have the ghosts of those long dead and acquired technologies left behind?

Package Tampering: Injecting jack in the box. by: Jolly Mongrel
(PDF)
Often overlooked for being too common (ubiquitous), boring and dispensable (unsexy), little have we thought that product packages are potential vectors of attack. For a progressive security mind, it can be considered as one of the weakest links in the product supply chain.

Examples of targets are (but, of course, not limited to) personal letters and/or memos, communication equipment, and computer software and/or hardware among others. In bypassing the packages, access to the aforementioned items can lead to gathering of vital information or “trojaning” the software and installation of alien hardware components or replacement thereof in the communication and computer equipment to conduct snooping, remote admin, or other parasitic activities.

This topic aims;

1.) to introduce a new subject on physical security for RootCon
2.) to provide a general view on tampering, giving special attention to package tampering for this presentation
3.) to set the stage for more tampering topics in the future.

Social Network Analysis as Internet Security Tool by: Wilson Chua
(PDF)
Security devices (firewalls, IDS, IPS) produces a huge amount of data by posting each security incident/event into a Syslog database. This (big) data enables the system administrators to identify the source of the largest attacks, and the most frequently victimized/targeted server.

However, due to massive number of records generated by Syslogs, a quicker and more timely analysis is needed. Social Network analysis is presented here as an optimal way to quickly analyze and create actionable insights from this huge amount of data - by converting (big) data into graphics format.

Stealth by Legitimacy by: Jeffrey Bernardino
(PDF)
Nowadays, its commonplace for cybercriminals to create complicated malware. But as part and parcel of any trade, cybercriminals update themselves by continuously uncovering new techniques to improve malware stealth. Misuse of legitimate services is one of probably hundreds of ways to cover cybercrime tracks. Trend Micro has discovered this with BKDR_VERNOT malware. In this presentation, Trend Micro discusses malicious routines of a particular BKDR_VERNOT malware. We also dive deep into the advantages and disadvantages of using legitimate services by malware - how BKDR_VERNOT used legitimate Evernote C&C, and how this technique will influence future attacks.

The VOHO Campaign - an in-depth look by: Christopher Elisan
(PDF)
In July of 2012, we discovered an emerging malicious code and content campaign spreading at a rapid rate within very specific geographic theaters. These clusters were confined to ten geographic areas and involved thousand of hosts. To the untrained eye, this looks like a common “drive-by” attack mechanism but additional analysis and research show it to be otherwise. This presentation sheds light in the new attack, which we termed “Watering Hole.” The talk will cover the deployment method used to spread the malware and the malware’s behavior once it reaches the target system.

Unpackers in a World of Signature-less Malware Detection by: Frederic Villa
(PDF)
Malware authors use packers to keep their software undetectable without changing the code. Malware from other families also use these packers to exploit the limitation of AV software until AV companies started creating unpackers.

Unpackers are created in order to expand their detection coverage. Once an unpacker is created, packing the malware seems to have become a futile task.

As the antimalware industry move towards signature-less detection, one may think that packers will cease serving its purpose. In this talk, we'll discuss how unpackers can still play an important role in malware analysis and the various tools that make unpackers easier to use.

Speakers

Atty. Al Vitangcol III, C|HFI, C|EI
Atty. Al. S. Vitangcol III is a practicing lawyer, a registered engineer, a contracts review expert, an academic scholar, an Information Technology (IT) specialist, and an automated elections guru.

He finished his undergraduate degree at the University of the Philippines in Diliman, Quezon City and his Master of Science in Computer Science degree at the De La Salle University. He is the only lawyer in the Philippines with a formal education in IT and a solid IT working experience behind him. Currently, he is the Philippines' first (and only lawyer) EC-Council certified Computer Hacking Forensic Investigator (CHFI). He was nominated to the 2007 Ramon Ozaeta Most Outstanding Lawyer Award, which is annually sponsored by the Philippine Bar Association (PBA).

He is the author of three books: 1) Computers for Lawyers, 2) technoLAWgy:A Lawyer's Guide to Information Technology in the Practice of Law, and 3) Legal Research in Practice.

He is currently the managing lawyer of AVALaw. He is a former law professor at the Lyceum of the Philippines - College of Law and a former lecturer at the Ateneo de Manila University – Graduate School of Business. He is a member of various local organizations and the Australian-based International Employment Relations Association (IERA).

Atty. Vitangcol is a sought after speaker at Mandatory Continuing Legal Education (MCLE) seminars and other training fora. He lectures on such diverse subjects as Law and Technology, Electronic Legal Research, E-Commerce, Automated Elections, Computer Forensics, and IT Security.


Christopher Boyd
Christopher Boyd is a Senior Threat Researcher for ThreatTrack Security, former Director of Research for FaceTime Security Labs and a multiple recipient of the Microsoft MVP award for Consumer Security. He has given talks across the globe including RootCon, RSA, InfoSec Europe and SecTor, and has been thanked by Google for his contributions to responsible disclosure.


Christopher Elisan
Christopher Elisan is the author of “Malware, Rootkits and Botnets: A Beginner’s Guide.” Elisan is a seasoned reverse engineer and malware researcher. He is currently the Prinicipal Malware Scientist at RSA. Elisan is one of the pioneers of Trend Micro’s TrendLabs where he held multiple technical and managerial positions. After Trend, he led and established F-Secure’s Asia R&D where he spearheaded multiple security research projects. He then joined Damballa where he specialized in malware research, analysis and reversing. He frequently speaks at various security conferences across the US and Canada and provides expert opinion about malware, botnets and advance persistent threats for leading industry and mainstream publications.


Devesh Bhatt
Devesh is an application security researcher and consultant currently working with Adobe systems, Bangalore, India. He has managed and executed multiple projects involving Application/network penetration tests,vulnerability assessments and design reviews.He has written content on mobile application security for leading global online magazines. He is also listed in the Security Hall of Fame of Google and Ebay. He is basically an Engineering graduate with Majors in Electronics and Telecommunications.His interest includes playing guitar and security research.Currently he is working on a framework for securing mobile application particularly android and IOS. He has also designed a methodology for securing the applications in cloud (SaaS).


Frederic Vila
Frederic Vila is a Malware Researcher for ThreatTrack Security. He’s been in the antimalware industry with over 8 years of reverse engineering experience where he specializes in creating generic unpackers and detections.


Jeffrey Bernardino
Jeffrey Bernardino is a member TrendLabs Threat Research Team. A Computer Science graduate, Jeff has been with Trend Micro for eight years. He started as an antivirus engineer, with focus on creating signature for malware, analyzing its behavior and providing clean up. Currently, he heads the Analysis Team, which is responsible for posting relevant malware and other threat information in the Trend Micro Threat Encyclopedia.


Jesmond Chang
Jesmond Chang is currently the Corporate Communications Manager for South East Asia of leading secure content and threat management solutions developer Kaspersky Lab.

His stint at Kaspersky Lab has been helping further develop his interest in internet security and he is able to share the importance of the security industry to the public not just in the South East Asian region but in other countries as well.

Jesmond is a frequent resource person in several IT security events in Malaysia, in the SEA region and internationally.


Joey Costoya
Joey Costoya currently works as a Security Researcher in Trend Micro, a leading provider of security solutions. He has over 9 years of experience in information security. He has done analysis on a lot of malware, from the ancient DOS viruses to the web and targeted attacks. He's currently busy developing various tools and technologies to discover new threats from the huge amount of data fast.


Jovi Umawing
Jovi Umawing is Communications and Research Analyst at ThreatTrack Security. With 10 years in the antivirus industry under her belt, this accomplished threat researcher helps educate enterprises and consumers alike about the latest online threats. She has written for online security publications, is an advocate for online child safety and is a regular contributor to the ThreatTrack Security Labs Blog.


Jolly Mongrel

Jollymongrel is an avid fan of beautiful women, animals, plants, knowledge and etc. He believes that the most important thing in life is to celebrate it (while you are still an air-breathing creature roaming on Mother Earth's rolling breast) with fervor, humor and without hesitation. He is also a firm believer of the Girl Scout Oath: "On my honor, I will try: To serve God and my Country, To help people at all times, and To live by the Girl Scout Law.


Maersk Chastine Menrige
Maersk Chastine Menrige is working in Trend Micro Inc as Network Threat Researcher. She has over 6 years of experience in antivirus industry. She previously works as Technical Leader that handles escalations from other AV engineers such as malware analysis and detection creation for complicated malware. Her current task now is to perform a day to day analysis of network threats affecting customer and create appropriate countermeasures.


Primarch Victus
primarch victus got his handle from the game Mass Effect 3 which is one of his favorite games. He is a web developer, security researcher, PlayStation addict and one of the contributors of the Recon-ng Framework. He is also credited for the ‘PHP IRC Bot pbot eval() Remote Code Execution’ Metasploit module.


Wilson Chua
a Microsoft MVP (Hall of Famer) in the Philppines for windows media. I believe strongly in collaboration and that is why i joined linkedin.

Specialties: PMP certified Project Manager, ITIL, MCSE+I, MCDBA, Cisco CCNA, CCDA, Wireless LAN Engineer, Ethical Hacker, Security+, BPO, Contact Center, Microsoft MVP, WebCEO, Google Adword Individual

Contests

Receives the Black Badge entitled them for free entrance for next years conference.
WiFi Warrior - No winner this year (/sad panda :-|)
The Secrecy (Red Test) - reached Level 8 (Richard Stagg and David Walker)
Hacker Jeopardy - (To Be Updated)

Pics

ROOTCON 7 Pics

⇑ Back to top