ZaCon iv: What you need to know

RSVP

Last minute RSVP's to rsvp @ zacon.org.za.

Venue:

D Lab Basement K 01
Auckland Park Kingsway Campus
University of Johannesburg

Note: This is NOT the same room as last year. We'll try to have signage from the main parking lots.

Sagi has put together this great video showing how to get to UJ, for those from outside town:

Here is a map of the campus:

Directions:

From M1 (N):

Take Empire Rd offramp
Turn right at the first robot
Continue straight until you reach a T junction
Turn left at the T junction
At the forth robot turn left to University Road
Turn right at the first circle
Continue straight at the second circle
Take the first right turn to Hampton Avenue
Take the first right turn to UJ's Entrance 3

From M1 (S):

Take Empire Rd offramp
Turn left at the first robot
Continue straight until you reach a T junction
Turn left at the T junction
At the forth robot turn left to University Road
Turn right at the first circle
Continue straight at the second circle
Take the first right turn to Hampton Avenue
Take the first right turn to UJ's Entrance 3

Inside the campus:

After crossing the boom, keep straight on the road which will curve to the right
At the T junction turn left
Continue straight for a few meters until you see a boom on your right
Drive through the boom and park
Walk towards the University's building
Do NOT cross the bridge, instead, go down the stairs (there will be two staircases both should be fine)
After climbing down the stairs (while facing the university in front of you), go the the leftmost building

In case you are still unsure how to get to the correct parking, ask the guard at the boom as you get into UJ where is D Parking

Social function, Friday, 26 October 2012

Social event @ Pidgeon House, Pirates Sports Club, 7pm
25 Braeside Street
Greenside
GPS Coordinates: 26° 08, 41.96 S, 28° 00, 54.57 E

Conference day, Saturday, 27 October 2012 (University of Johannesburg)

The selected speakers are:

Start Time	Speaker	Topic	Abstract
08:00	Registration / Coffee to purchase
09:00	Marco Slaviero	Welcome and housekeeping	We'll keep this short.
09:15	Tyrone Erasmus	Pentesting with Mercury	Mercury is an Android penetration testing framework launched at Blackhat Europe 2012 - http://labs.mwrinfosecurity.com/tools/2012/03/16/mercury/. It allows penetration testers to find vulnerabilities and write proof-of-concept exploits that can be shared with the community. In this presentation, exploitation of various Android devices and applications will be shown using automated Mercury modules. A brief overview of finding your own vulnerabilities and writing Mercury modules will be shown as well. No questions will be answered on how to ""secure your Android device"", as this will cause an ""Invalid Expression"" error to be raised by Tyrone.
10:00	Glenn Wilkinson	Terrorism, tracking, privacy and human interactions	Background:: There have been recent initiatives from numerous governments to legalize the monitoring of citizens' Internet based communications (web sites visited, emails, social media) under the guise of anti-terrorism. Several private organizations have developed technologies claiming to facilitate the analysis of collected data with the goal of identifying undesirable activities. Whether such technologies are used to identify such activities, or rather to profile all citizens, is open to debate. Budgets, technical resources, and PhD level staff are plentiful in this sphere. Our project:: The above inspired the goal of our project: with the limited time and resources of a few technical minds could we create our own distributed data interception and tracking framework.
10:45	Tea
11:00	Simeon Miteff	Alternatives to stateful packet filtering in R&E networking	The presentation examines the suitability of stateful packet filters as a security measure in university and research lab networks: First a brief examination of the issues: Network security requirements of research users and science projects Scalability of stateful packet filtering in multi-10Gbps contexts Examples of the CAPEX cost to deploy 10Gbps-capable hardware firewalls Then, some alternative approaches are investigated: A brief review of dissenting voices of the past (eg: "Three Myths of Firewalls"") Alternative approaches being taken in the present, such as: Stateless packet filtering (ACL filters on university border routers, ESNet's Science DMZ concept) Scalable intrusion prevention (BRO IDS cluster at University of Utah) Hybrid stateful/stateless systems (trusted flow bypass - eg Cisco TFA) Finally some analysis of the above alternative approaches is presented including their benefits over expensive box dropping, and the new risks they expose.
11:30	Manuel Corregedor	Anti-malware Technique Evaluator (ATE) - Pwning AVs	The talk will consist of a live demonstration of some of the functionality of two rootkits that we have implemented which can collectively disable anti-malware software on a computer, log keys pressed, hide files and lastly force a bug check and disable the OS recoverability options in order to prevent the OS from booting. The two rootkits implemented form part of an evaluation framework named ATE (Anti-malware Technique Evaluator) that can be used to evaluate current anti-malware techniques. The rootkits themselves were demonstrated at last year's ZaCon and such will not be the focus of the presentation. The focus of the presentation will be to discuss the results attained from evaluating 9 commercial anti-malware products, namely: Avira Free Antivirus, avast! Internet Security 6, ESET Smart Security 5, AVG Anti-Virus Free Edition 2012, McAfee AntiVirus Plus, Microsoft Security Essentials, Ad-Aware Free Internet Security, Kaspersky Anti-Virus 2012 and Norton AntiVirus 2012.
12:00	Ross Simpson	Hacking Games (or "why client side logic is bad")	A fast-paced run through of how to hack different games, on different OS'es/platforms, in different ways, and ultimately what the implications are for "real" applications that rely on client-side security.
12:30	Joshua	HTML5 exploits or "Cutting the edge on web development"	Identifying the [significantly larger] attack surfaceNew XSS vectors in HTML5Cross Origin Resource SharingCross Document MessagingXMLHttpRequest Level 2Offline cache & other client-side storagesWeb SQLWeb socketsClickjacking with HTML5Mobile html5 application vulnerabilitiesWatching & listening to users via html5 media capture & geolocation featuresJavascript worms & social engineering on twitter bootstrap.
13:00	Lunch
14:00	Andrew MacPherson	88MPH: Digital tricks to bypass Physical security	Enhancements in digital security have come a phenomenally long way from the days of the 'wild west' of the web where anyone with skill seemed to be able to easily take any server. Today servers are much more protected and systems are in place to track, log and alert administrators of even possible attempts. With that being said physical security has moved at almost a snails pace (at least with regards to implementation) with people still relying on locks, magnetic stripes and passive RFID. Additionally it is also accepted that should someone have physical access to your server they can easily compromise it either by making copies of data, installing malicious software or taking the physical device with them. This talk will look at some old and new hardware that make bypassing physical hardware much easier, including the following Listening to two way communications with $20 Hardware (RTLSDR): What good are your security guards if anyone can 'hear' where they are without them knowing? I will demonstrate listening to 2 way radio's and other interesting signals with HDSDR/SDR# Lockpicking (briefly)Padlocks and door locks are still used as the primary means of securing access, but how easy are they really to get through without detection? Magnetic stripes: Magnetic stripes are often used on access cards to unlock doors depending on access levels. I will demonstrate how magnetic stripes work as well as how to replay, clone and spoof your own, from bank cards to door swipes. RFID TagsFor companies that have 'upgraded' from magnetic stripe technology a lot have moved to RFID badges to do the same, yet they often suffer from the same symptons as above. I will demonstrate copying tags as well as cloning to gain access including passive RFID and something more complex such as the Mifare range of RFID cards. The idea with this talk is to make people aware that while having the digital security firmly in place is very important they should also consider the physical security they currently have.
14:55	Jacques Louw	Offensive Software Defined Radio	RF used to be the domain of specialised engineers, requiring obscenely large ammounts of funds for equipment and development. Thanks to modern, super fast processors it is possible to emulate this equipment at home using technology called software defined radio. This also gives hackers the chance to look at completely proprietary wireless protocols, in other words, things that are not wifi, zigbee etc. This talk will be about the basics of SDR, looking at hacking custom wireless protocols using the USRP and GnuRadio stack. Starting with reverse engineering proprietary wireless protocols, discovering RF modulation used and other technologies such as channel hopping. Moving on to rapidly decoding signals using custom demodulators. Real world demos of wireless utility meters, gate remotes and commercial aircraft telemetry will be shown.
15:55	Tea
16:15	Schalk Heunis	Information from DSC Keybus	DSC alarm panels are used in many homes and offices and part of the communication is over a four wire bus called the keybus. The communication sent between the keypad and the alarm, to arm and disarm, but also status messages in the system regarding triggering of zones is transmitted over this bus. Using open hardware (Arduino), the wire protocol is discovered and exploited and integrated into a simple home automation system. The specific integration to be demonstrated, shows how to turn on lights in a home when a zone is triggered and logging in real-time which zone is triggered to a web based system for replay and analysis. The presentation will cover the basics of the protocol, the discovery process and the integration that was done. As part of future work, it is possible to record keybus communication without physical connections, which open some possibility for surveillance and behaviour discovery.
16:55	Tom Van den Bon	USB Reverse Engineering, Just as much fun as RS-232 RE	RS-232 was the communication used between a computer and external devices. It was a fun and easy hobby to reverse engineer and figure out the protocols used. Even more fun to create your application to talk to the hardware using the protocol you reverse engineered. Unfortunately times have change and any new computers or devices are produced without the RS-232 port, using usb instead. With the new usb protocols and hardware, come a new set of tools for the reverse engineer. In my talk I will be talking about some of the tools you need, hardware and software. I will also give a basic usb reverse engineering example.
17:40	Close and challenge prize draw