Green 3D Swirls

ZaCon V: What you need to know


Last minute RSVP's to rsvp @


D1 Lab K012
Kingsway Campus
University of Johannesburg
Auckland Park

Note: This is NOT the same room as last year. We'll try to have signage from the main parking lots.

Sagi has put together this great video showing how to get to UJ, for those from outside town:

Here is a map of the campus:


Public Transport (Gautrain/RejaVaya):

  • Gautrain to Park Station
  • Reja Vaya T3 to UJ Kingsway Campus

From M1 (N):

  • Take Empire Rd offramp
  • Turn right at the first robot
  • Continue straight until you reach a T junction
  • Turn left at the T junction
  • At the forth robot turn left to University Road
  • Turn right at the first circle
  • Continue straight at the second circle
  • Take the first right turn to Hampton Avenue
  • Take the first right turn to UJ's Entrance 3

From M1 (S):

  • Take Empire Rd offramp
  • Turn left at the first robot
  • Continue straight until you reach a T junction
  • Turn left at the T junction
  • At the forth robot turn left to University Road
  • Turn right at the first circle
  • Continue straight at the second circle
  • Take the first right turn to Hampton Avenue
  • Take the first right turn to UJ's Entrance 3

Inside the campus:

  • After crossing the boom, keep straight on the road which will curve to the right
  • At the T junction turn left
  • Continue straight for a few meters until you see a boom on your right
  • Drive through the boom and park
  • Walk towards the University's building
  • Do NOT cross the bridge, instead, go down the stairs (there will be two staircases both should be fine)
  • After climbing down the stairs (while facing the university in front of you), go the the leftmost building

In case you are still unsure how to get to the correct parking, ask the guard at the boom as you get into UJ where is D Parking

Conference day, Saturday, 16 November 2013 (University of Johannesburg)

The selected speakers are:

Start Time Speaker Topic
08:00Registration / Coffee to purchase
09:00Dominic "singe" WhiteWelcome to ZaCon VWe'll keep this short.
09:15Tinus Willemse & Mark CosijnVehicle CAN-fuModern automobiles consist of various inter-connected embedded computers, each responsible for a specific function, such as brakes, tire pressure monitoring, ignition system etc. The CAN protocol is the most popular architecture used to inter-connect these systems. We will discuss how the CAN protocol operates, how it is implemented, how you can analyse it and finally how to exploit it. All this will be done using cheap hardware, open-source software and the spine to try things on your own car that most would not!
09:45Jason "s0nic2k" MitchellMains Signalling Mains signalling. For many years, various municipalities have been using what is known in the trade as "ripple control" to perform demand side management. Very little is know about this system, how it achieves its end, and the protocol. In this presentation, I will blow the lid on these, sometimes annoying whistles on the mains (that can be heard on fluorescent light fittings and poorly designed guitar amps) that are used to turn your water heater off so that the municipalities are not charged excessively by Eskom for peak demand. We will look at how the signalling is achieved, how to demodulate it, how I specifically hacked the coding protocol known as DECABIT, and how I designed a receiver and accompanying software to decode the data and the surprising discoveries made that this system also controls street lighting and turning arrows on traffic lights and sometimes, to communicate with equipment in substations.
10:40Jeremy du BruynRAT-a-tat-tat: Taking the fight to RAT controllersThe use of Remote Access Trojans (RAT) can be argued to be on the rise. Due to the increasing maturity of the malicious software [1] and consequent improved reliability, greater access to such tools and not least, the level of access granted to an attacker on the target's computer. A number of high profile cyber espionage cases [1,2,3,4] have been found to employ the use of publicly available RAT software, in addition to custom malware components. Some excellent information has already been published on the use of RATs in espionage campaigns targeting entities ranging from state military organisations [1,2], to financial institutions, even to dissident groups such as the Tibetan Government in Exile [3,4]. RAT software has been utilised in order to maintain persistence on a targets network, extract sensitive information such as business documents, keystrokes, and financial information. The RAT software is in many cases also responsible for the further propagation of malware inside the target network. My research aims to update existing and/or develop new tools and techniques to aid in the analysis of RAT sample binaries, thereby allowing a greater number of interested parties access to information regarding such malware. This research will provide us with the enhanced ability for automatic analysis of potential malware samples. The intention is to be able to publish and distribute in near real-time relevant signatures, characteristics and other pertinent information for consumption by interested parties. Further goals of this research project, is to incorporate development of suitable means by which ISP's or other large public networks can detect the presence of RAT Command and Control (C2) server residing on their networks, so as to empower such organisations to take proactive steps in shutting down or dismantling the infrastructure upon which this malware relies. My proposed presentation will provide feedback on the success of the above stated goals as well as analysis of the information I anticipate to collect during the course of the research project. This will include typical RAT server configurations, communication channels and potentially insights into current espionage campaigns, the attackers behind these campaigns, their intended targets as well as their motives.
11:25Marcos ÁlvaresAutomating Detection of Obfuscated Obfuscation Routines Through Code EmulationAlong the time, developers of code protectors and malware writers have developed techniques aiming obfuscate compiled code. One of the most important steps during any analysis of any modern malware is identify obfuscation routines. Those routines can be used for the most diverse purposes such as: compose a part of polymorphism mechanisms or hide basic information about design behaviours. However, those routines are also often obfuscated making them harder to fingerprinting. This talk consists in presenting practical results about how to overcome such mechanisms by using code emulation.
12:05Adam SchoemanAmber: A Zero-Interaction Honeypot and Network Enforcer with Modular IntelligenceFor the greater part, security controls are based around the principle of Decision through Detection (DtD). The exception to this is a Honeypot, which analyses interactions between a third party and itself, while occupying a piece of unused information space. As honeypots are not located on productive information resources, any interaction with it can be assumed to be non-productive. This allows the honeypot to make decisions based simply on the presence of data, rather than on the behaviour of the data. But due to limited resources in human capital, honeypots’ uptake in the South African market has been underwhelming. Amber attempts to change this by offering a zero-interaction security system, which will use the honeypot approach of Decision through Presence (DtP) to generate a blacklist of third parties, which can be passed on to a network enforcer. Empirical testing has been done proving the usefulness of this alternative and low cost approach in defending networks. The functionality of the system was also extended by installing nodes in different geographical locations, and streaming their detections into the central Amber hive. This electronic document is a “live” template. The various components of your paper [title, text, heads, etc.] are already defined on the style sheet, as illustrated by the portions given in this document.
14:00Dimitri FousekisMarkov Chains & Other Statistical Password Attacks – What? How? Why?The presentation will provide the audience with an explanation of what Markov attacks are, how they work and the mathematical explanation (not in depth) behind such. It will then switch focus to using Markov and other statistical attacks for password cracking. The target audience is primarily intermediate for this talk, which focuses on the aspect of using statistical approaches to cracking passwords. In particular it will focus on Markov attacks, explaining what it is, how it came about and what it means for password cracking. Various live demos will be included to demonstrate the power of using this approach in password cracking. Additionally other available statistical methods for building wordlists will be presented. The aim is to have people leave, knowing what Markov is, and what those attacks mean for the passwords they choose themselves, and in their organisations. Additionally those interested in cracking passwords will be able to use tools to generate statistics and perform these types of attacks. Any new approaches to statistical password cracking will be included in the presentation as and when such research completes.
14:30Dave HartleyNative Bridges over Troubled WaterEverything costs something, and anything that appears to be free must be deceptive. A pessimistic view or a proverb to live by? In this talk MWR will present findings from research conducted against several popular/common mobile advertising networks with a focus on how the identified issues can be exploited cross platform (Windows Phone, Android, Blackberry and iOS) for nefarious purposes.
15:30Robert GabrielGSOC Data DiodeSeveral people have indicated an interest in this topic on the mailing list in the past. We at GSOC plan to release a paper after the talk detailing how to build a data diode with exact instructions and Raspberry Pi images. This will blow open the black box technology that commercial vendors are hiding and provide free and open low cost data diodes to the community.
16:15Roelof TemminghTo Infini-tea and beyondTBA
17:05Schalk HeunisLong tail of wifi antenna designCapturing and analysing wifi packets has led to a number of interesting applications, from distributed tracking and data interception framework (eg Snoopy) to retail stores track consumers' smartphones through Wi-Fi. For different WiFi packet capturing applications, different WiFi antenna design may be more appropriate, for example, we want to take a photo of the person carrying a particular wifi device. In order to achieve this, we need to know that the person is near by and in front of the camera, so a low gain very directional antenna would be suitable. The problem is that most commercial antenna that are directional, aims to provide very high gain and are not really suited. Another application might not care about narrow beam directionality, but needs a wider beam (or even multi-lobe) in order to track the movements of the device. Commercial antennas are designed according to what the majority of the market needs and not the long tail of interesting niche requirements. 3d printing is coming to its own in long tail designs, while traditional manufacturing is aimed at large volume, 3d printing technology aims at custom designs. The (DIY) design and manufacturing of custom radiation pattern wifi antenna using 3d printing technology will be presented. Using OpenSCAD, a number of custom wifi antenna was designed printed using a hobbyist desktop 3d printer. It was tested by constructing a simple rig using Arduino and a stepper motor to rotate and measure the receiving pattern of these antenna. Finally the antenna is hooked to a Raspberry PI with camera module to take photos and associate these with mac addresses as a proof of concept.
17:30DominicClosingChallenge winner will be announced here too
17:45*Pack upDon't feel shy to help out.
18:00Drinks @ Cat's Pyjamas