NEWS FROM THE LAB - Thursday, April 17, 2008

HITBSecConf2008 Dubai Posted by Jose @ 16:39 GMT

Greetings from Dubai!Hack In The Box Dubai 2008

The two-day HITB Security Conference just ended (today) and I've got lots of cool stuff for you.

Ero Carrera, Zynamics GmbH: Day one with "Malware — Behavior, Tools, Scripting and Advanced Analysis" presented a Python extension for Bochs, an open source CPU emulator that can be found at bochs.sourceforge.net. According to Ero, some malware such as Storm usually make a call to some ancient APIs. It uses the return values as part of its decryption routine, which cannot be reproduced by sand-boxing and therefore doesn't end up in the decryption part of the malware. Using a full emulator such as Bochs, can bypass most of the anti-vmware tricks.

Jim Geovedi: "Hijacking VSAT Connections" was an update on a previous HITB presentation called "Hacking a Bird in The Sky: Hijacking VSAT Connections". Jim presented ways to defeat detections from local government agencies and also added that this hijacking can also be done via MACs, not only IPs.

Dino Covotsos from Telspace Systems practically showed various method of exploiting Bluetooth technology with some freely available tools. Imagine an attacker that can read and send SMS and make some premium phone calls without your knowledge. He even mentioned F-Secure a few times in his presentation, "Hacking the Bluetooth Stack for Fun, Fame and Mayhem".

With Bruce Schneier, as keynote speaker on day one tackling the feeling of security and Jeremiah Grossman on day two with some nice yet scary statistics on website hacks; this has been a great two-day Security Conference here in Dubai.

Signing off,