INSIGHTS | May 15, 2012

#HITB2012AMS: Security Bigwigs and Hacker Crème de la Crème Converge in Amsterdam Next Week

Hi guys! We’re less than a week away from #HITB2012AMSand we’re super excited to welcome you there!

HITBSecConf2012 – Amsterdam, our third annual outing in Europe will be at the prestigious Hotel Okura Amsterdam and this year marks our first ever week-long event with what we think is a simply awesome line-up of trainings, speakers, contests and hands-on showcase activities. There should be pretty much something to keep everyone happy!
The HITB crew is pretty excited and there’s very little else we talk about these days, so when IOActive invited us to write a blog post with complete free rein – we can’t help but name a couple of event highlights the crew are particularly looking forward to and we think you’ll be equally excited about. 
Here’s a little lot of what’s in store in less than T minus 7 days’ time:
Hands on Technical Training Sessions
May 21st – May 23rd: Training Day 1, 2 & 3 
As always, we kick things off with our hands-on training days. This year, trainings stretch across a three-day period and will feature all new 1-day-only courses covering a gamut of topics from wireless security, SQL injection attacks and mobile application hacking. This will be followed by several 2-day intensive hands-on classes featuring some of our popular trainers. Laurent Oudot will be Hunting Web Attackers alongside Jonathan Brossard who’ll be conducting a course on Advanced Linux Exploitation Methods. Next door Shreeraj Shah will be running his ever popular Advanced Application Hacking training. As usual, trainees come braced for intense headache filled days with these hands-on courses crammed to the brim with real-life cases plus new, next-gen attack and defense tools and methods.
Quad Track Conference – The Pièce de résistance
May 24th – May 25th: Conference Day 1 & 2
Big Ideas – Big Picture… 
It’s always hard selecting keynote speakers – especially at HITBSecConf, where our audience expects nothing but absolutely killer content filled with awesome! Andy Ellis, CSO of Akamai we feel will deliver a talk that fulfills that and will be kicking off Conference Day 1 with a keynote on Getting Ahead of the Security Poverty Line – sharing a behind-the-scenes look at Akamai’s in-house security program and how it has evolved over the years to protect over 105,000 servers in 78 countries.
On Day 2, a man who needs no introduction and who has the rare distinction of having delivered keynote at all the locations of HITBSecConf events held around the globe, Bruce Schneier, CISO of BT Counterpane will deliver the second keynote. Bruce’s talk on Trust, Security and Society will deliver a big picture look at how in any system of trust, there will always be abuses. Understanding how moral systems, reputational systems, institutional systems, and security systems work and fail in today’s society is essential in understanding the problems of our interconnected world.
An Apple a Day…
One of the indisputable highlights this year and perhaps the one item the HITB Crew is most looking forward to is the first ever appearance by the full four-member iOS Jailbreak Dream Team (@p0sixninja, @pod2g, @planetbeing and @pimskeks) plus world famous, iPhone Dev Team member @MuscleNerd.
They will be rocking Amsterdam with three talks (and maybe a new jailbreak?), two of which will primarily focus on the detailed inner workings behind the Corona (A4) and Absinthe (A5) jailbreaks. Apple fans and jailbreak enthusiasts will be well pleased to hear the team plans to cover pretty much everything a jailbreaker would want to know including:
iOS security basics
iOS format string attacks
iOS kernel heap overflows
iOS profile command injections
iOS application sandbox escape
How to bypass ASLR & DEP for all exploits listed above
In the third and separate talk, MuscleNerd will dive into the inner workings and most recent changes to the iPhone baseband comparing it against its earlier hardware and software incarnations. His presentation will cover everything baseband related – from baseband ROP to activation and baseband tickets: The mechanism Apple uses to authorize use with specific carriers and authenticates software updates to the baseband. He will also look at the current attack surfaces comparing iPhone4 vs iPhone4S hardware-based protection mechanisms. Tasty. 
I want my MTV…
And here’s another personal crew favourite – Adam Gowdiak. Is.
. The man who first brought Microsoft Windows to its knees in 2003 as part of the LSD Group and later became the world’s first to present a successful and widespread attack against the mobile Java platform is back at HITBSecConf! This time he will demonstrate the first ever successful attack against digital satellite settopbox equipment implementing the Conax Conditional Access System with advanced cryptographic pairing function. Yes, we’re talking major security flaws in digital satellite TV set-top-boxes and DVB chipsets used by many satellite TV providers worldwide.

More Labs / More Signal Intelligence 
Forming our third track in our quad-track line up, only a maximum of 75 attendees will get to experience these intensive, mini training sessions, so get to the doors early if you wanna join in. Audience interaction is expected so bring your laptops with you! What kind of brain mashing kungf00 can you expect?
Hacking Using Dynamic Binary Instrumentation by Intel’s Gal Diskin promises an insight into extracting metadata and other hidden goodies from public documents using FOCA 3 and bad nasty things one can do with malformed portable executable (PE) files and Didier Stevens, Security Consultant, Contraste Europe NV will be talking about the reverse of the kind of shellcode we all know and love – White Hat Shellcode: Not for Exploits.
Still hungry for more bytes? Grab your coffee, real world bites and head into the SIGINT sessions – our version of lightning talks which run for 30 minutes during coffee and lunch breaks. The SIGINT sessions this year are twice as long as usual as we want you to truly savour the appetising morsels we’ve lined up.
24TH MAY 2012
12:30 – 13:00 – & – Xavier Mertens
13:00 – 13:30 – Third Party Software in Your Baseband – Ralf-Philipp Weinmann
15:30 – 16:00 – Hack To The Future – Marinus Kuivenhoven
25TH MAY 2012
12:30 – 13:00 – Integrating DMA Attacks in Metasploit – Rory Breuk & Albert Spruyt
13:00 – 13:30 – CloseUp of Three Technical Hackerspace Projects – Elger ‘stitch’ Jonker
Lawfully intercepting your packets…
After 2 days of conference awesomeness, Ms. Jaya Baloo, Verizons inhouse lawful interception expert and our first-ever lady closing keynoter will wrap things up in a yet to be announced keynote.
We’re not done yet …
If it isn’t already difficult enough to pick which talks to go to, we’ve got even more things lined up to keep you busy outside of the main conference tracks – With an expanded technology showcase area, our all new CommSec Village is going to be packed to the brim with more hacky-goodness than you can shake a Kinect at!
CommSec Village 
Last year, LEGO Mindstorm robots ruled the roost and this year, the HITB CommSec Challenge is bringing the world of motion capture into the tinkering hands of Benelux hackerspaces. Seven hackerspaces from Belgium and the Netherlands will work with Microsofts all new Kinect for Windows platform and battle head to head to translate their body movements into words at the highest rate of character output. Yep – expect to see lots of physical action here as the various participants battle it out for the grand prize of EUR1000.
HackWEEKDAY: Turbo Edition will see code junkies and working over a 12 hour period on this year’s theme of ‘Browsers and Extensions’ – Sponsored again by Mozilla and organized by the Crew, participating developers stand a chance to walk away with a prize of EUR1337 for the best coder! 
Capture The Flag – Bank0verflow
Capture The Flag: Bank0verflow will see eleven teams – 5 home grown teams from The Netherlands: Mediamonks and four Vubar teams battle it out against French team C.o.P. Also, for the first time two Russian teams will be joining the battleground including the much ‘feared’ winners of #CODEGATE2012’s Capture The Flag – Leetchicken
Lock Picking Village by
The ever popular Lock Picking Village returns this years with crowd favourite at hand to showcase best and latest picking, shimming, bumping and safecracking techniques. Hands on as usual, come with deft fingers and your own locks to see how (in)secure that house or fiets lock of yours really is!
Sogeti Social Engineering Challenge
This year for the first time Sogeti is introducing Sogeti Social Engineering and CTF Challenge(#SSEC2012). This will be HITB’s first ever social engineering game so we’re pretty excited to say the least! Participants will be flexing their wit and wits against the top 100 Dutch companies via in-live-studio phone calls and conference attendees plus members of the public can check out the game in progress via the Listening Post. Blag for swag – and the best ‘wit-hacking’ engineer walks away with a swanky new iPad 3 sponsored by Sogeti!
Hackers On The Far Side of the Moon with Microsoft and IOActive 
It would not be a proper HITBSecConf if there was no killer party to cap things off. This year we plan to blast off to the dark side of the moon with IOActive’s Keith Myers providing the choons!
Sponsored as always by Microsoft, conference hackers, heroes, dudes and dudettes will make their way to the Wyndham Apollo Hotel for three solid hours of food, music and of course, copious amounts of alcohol thanks to additional alco_pwn support by the kind folks at IOActive! o/ 
IOActive’s DJ Keith Myers will be delivering the ear pounding dance floor madness with a warm up set  by Roy Verschuren of Elevator Passion – all this at the only spot in Amsterdam where the city’s five famous grachts meet!
Bring. On. The. Madness.
See you next week!
– The HITB Crew