SEC-T 2008

Virtually Secure
Oded Horovitz
Whether or not security alone will be a reason to virtualize applications, the growing trend of virtualization require us to understand to new capabilities for hypervisor based security monitoring.
In this presentation we will review the basic monitoring primitives an hypervisor can provide as building blocks to security agents. Following with a review of the use cases we identified as the most likely to be developed on this new technology.
The presentation will review the generic potential of hypervisor based security in a vendor neutral way, while live demos will be based on VMware VMsafe APIs.

Organized Online Crime
Mikko Hyppönen

• Who is the enemy?
• Where are they?
• How does the underground economy work?
• Why have we been unable to fix this?
• Why is it getting worse?

Challenges in modern IT-forensics
Bosse Norgren
Bosse will give examples of challenges and problems that Law Enforcement are encountering when forensically examining systems.
Examples: Live Forensics, encryption and the ever-increasing size of hard disks and other digital storage media.

Introduction to Sockstress - A TCP Socket Stress Testing Framework
Robert E. Lee and Jack C. Louis
This talk will showcase a framework for statelessly creating and maintaining TCP connections in an effort to manipulate the state table of a remote system. Specifically this talk will showcase new attacks that will render a remote system unavailable using a very low bandwidth attack stream.

Developing a Mac OS X kernel based rootkit
Torbjörn Pettersson
There are currently no publicly known kernel rootkits for the latest version of MacOS X (10.5). This talk will go into hands-on details on how to develop a kernel based rootkit for MacOS X. Features will include file hiding, process hiding, keyboard sniffing and anti-forensics.

SAP Penetration Testing & Defense In-Depth
Mariano Nuñez Di Croce
While there is plenty of publicly available information on how to assess and sec ure operating systems, databases, wireless devices and Web applications, the security of Enterprise applications is still taking baby steps .
If you are a professional pentester and are required to run an SAP security asse ssment, where would you start? nmap? Nessus? And after that? SAP systems are complex, running many applications and interfaces. Therefore, the as sessment of these systems requires specific techniques and tools.
In this talk you will learn how to start an SAP pentest, what and where to look for. You will look into the whole process, from the information discovery stage to the exploitation phase, live demos included! Moreover, you wi ll learn how to use sapyto, the first opensource SAP Pentesting framework, which will help you with your SAP security assessments.
On the other hand, if you are a security administrator you *MUST* know how to pr otect the systems storing and processing your critical business information, being aware of unsecure default configurations that will render you r systems vulnerable, as well as the current and future attacks that will try to exploit them.
The talk will detail the ways in which you can protect yourself against potentia l attackers, helping you to increase the security level of your SAP installation and protecting your business.

Websphere MQ Security Uncovered
Martyn Ruks
Last year the lid began to be lifted on the unglamorous world of Middleware security using Websphere MQ as an illustration. Unsurprisingly people didn't find the subject to be boring when they realised the impact that compromises of the software can have on critical business processes. Last year's presentations created additional interest in the subject and stimulated further research efforts.
This presentation will bring together information already in the public domain and new details about Websphere MQ security and the methods for subverting it.
You can expect to see a variety of attacks being performed including the misuse of both privileges and the MQ protocol. Other areas to be discussed will include the implications of exploit writing for MQ, defining testing methodologies and how to use the dradis framework to achieve this. With any luck the talk will also contain some findings from testing Websphere MQ Version 7 (this will be dependent on how secure the product is).

Subverting OpenVMS security
Christer Öberg, Claes Nyberg, James Tusini
The talk will focus on subverting the security of the OpenVMS operating system in a number of new and creative ways. There will be an initial brief introduction to the OS basics, security model and its core features. We will also talk about things we perceive as flaws in the security model and weaknesses in the security features provided by OpenVMS. There will also be a practical demonstration of the 0day vulnerabilities found, ranging from logical to memory corruption bugs, along with discussion on how these were found and exploited and obstacles encountered in the process.

Securing your web applications
Patrik Karlsson
Are the developers the only ones to blame for poor application security?
This talk will show what system administrators can do in order to reduce the impact of potential security vulnerabilities.
A number of common security vulnerabilities within web applications will be discussed and demonstrated. Then changes in configurations will be applied to application servers, databases and operating systems in order to show how these changes can reduce the impact of vulnerabilities present in the application.