#HITB2012AMS: Security Bigwigs and Hacker Crème de la Crème Converge in Amsterdam Next Week

Hi guys! We’re less than a week away from #HITB2012AMSand we’re super excited to welcome you there!

The HITB crew is pretty excited and there’s very little else we talk about these days, so when IOActive invited us to write a blog post with complete free rein – we can’t help but name a couple of event highlights the crew are particularly looking forward to and we think you’ll be equally excited about. 

Here’s a little lot of what’s in store in less than T minus 7 days’ time:

As always, we kick things off with our hands-on training days. This year, trainings stretch across a three-day period and will feature all new 1-day-only courses covering a gamut of topics from wireless security, SQL injection attacks and mobile application hacking. This will be followed by several 2-day intensive hands-on classes featuring some of our popular trainers. Laurent Oudot will be Hunting Web Attackers alongside Jonathan Brossard who’ll be conducting a course on Advanced Linux Exploitation Methods. Next door Shreeraj Shah will be running his ever popular Advanced Application Hacking training. As usual, trainees come braced for intense headache filled days with these hands-on courses crammed to the brim with real-life cases plus new, next-gen attack and defense tools and methods.

It’s always hard selecting keynote speakers – especially at HITBSecConf, where our audience expects nothing but absolutely killer content filled with awesome! Andy Ellis, CSO of Akamai we feel will deliver a talk that fulfills that and will be kicking off Conference Day 1 with a keynote on Getting Ahead of the Security Poverty Line – sharing a behind-the-scenes look at Akamai’s in-house security program and how it has evolved over the years to protect over 105,000 servers in 78 countries.

On Day 2, a man who needs no introduction and who has the rare distinction of having delivered keynote at all the locations of HITBSecConf events held around the globe, Bruce Schneier, CISO of BT Counterpane will deliver the second keynote. Bruce’s talk on Trust, Security and Society will deliver a big picture look at how in any system of trust, there will always be abuses. Understanding how moral systems, reputational systems, institutional systems, and security systems work and fail in today’s society is essential in understanding the problems of our interconnected world.

One of the indisputable highlights this year and perhaps the one item the HITB Crew is most looking forward to is the first ever appearance by the full four-member iOS Jailbreak Dream Team (@p0sixninja, @pod2g, @planetbeing and @pimskeks) plus world famous, iPhone Dev Team member @MuscleNerd.

They will be rocking Amsterdam with three talks (and maybe a new jailbreak?), two of which will primarily focus on the detailed inner workings behind the Corona (A4) and Absinthe (A5) jailbreaks. Apple fans and jailbreak enthusiasts will be well pleased to hear the team plans to cover pretty much everything a jailbreaker would want to know including:

In the third and separate talk, MuscleNerd will dive into the inner workings and most recent changes to the iPhone baseband comparing it against its earlier hardware and software incarnations. His presentation will cover everything baseband related – from baseband ROP to activation and baseband tickets: The mechanism Apple uses to authorize use with specific carriers and authenticates software updates to the baseband. He will also look at the current attack surfaces comparing iPhone4 vs iPhone4S hardware-based protection mechanisms. Tasty. 

And here’s another personal crew favourite – Adam Gowdiak. Is.
Back. The man who first brought Microsoft Windows to its knees in 2003 as part of the LSD Group and later became the world’s first to present a successful and widespread attack against the mobile Java platform is back at HITBSecConf! This time he will demonstrate the first ever successful attack against digital satellite set–top–box equipment implementing the Conax Conditional Access System with advanced cryptographic pairing function. Yes, we’re talking major security flaws in digital satellite TV set-top-boxes and DVB chipsets used by many satellite TV providers worldwide.

Forming our third track in our quad-track line up, only a maximum of 75 attendees will get to experience these intensive, mini training sessions, so get to the doors early if you wanna join in. Audience interaction is expected so bring your laptops with you! What kind of brain mashing kungf00 can you expect?

Still hungry for more bytes? Grab your coffee, real world bites and head into the SIGINT sessions – our version of lightning talks which run for 30 minutes during coffee and lunch breaks. The SIGINT sessions this year are twice as long as usual as we want you to truly savour the appetising morsels we’ve lined up.

12:30 – 13:00 – Pastebinmon.pl & Leakedin.com – Xavier Mertens

13:00 – 13:30 – Third Party Software in Your Baseband – Ralf-Philipp Weinmann

15:30 – 16:00 – Hack To The Future – Marinus Kuivenhoven

12:30 – 13:00 – Integrating DMA Attacks in Metasploit – Rory Breuk & Albert Spruyt

13:00 – 13:30 – Close–Up of Three Technical Hackerspace Projects – Elger ‘stitch’ Jonker

After 2 days of conference awesomeness, Ms. Jaya Baloo, Verizon’s in–house lawful interception expert and our first-ever lady closing keynoter will wrap things up in a yet to be announced keynote.

If it isn’t already difficult enough to pick which talks to go to, we’ve got even more things lined up to keep you busy outside of the main conference tracks – With an expanded technology showcase area, our all new CommSec Village is going to be packed to the brim with more hacky-goodness than you can shake a Kinect at!

Last year, LEGO Mindstorm robots ruled the roost and this year, the HITB CommSec Challenge is bringing the world of motion capture into the tinkering hands of Benelux hackerspaces. Seven hackerspaces from Belgium and the Netherlands will work with Microsoft’s all new Kinect for Windows platform and battle head to head to translate their body movements into words at the highest rate of character output. Yep – expect to see lots of physical action here as the various participants battle it out for the grand prize of EUR1000.

The ever popular Lock Picking Village returns this years with crowd favourite TOOOL.nl at hand to showcase best and latest picking, shimming, bumping and safecracking techniques. Hands on as usual, come with deft fingers and your own locks to see how (in)secure that house or fiets lock of yours really is!

This year for the first time Sogeti is introducing Sogeti Social Engineering and CTF Challenge(#SSEC2012). This will be HITB’s first ever social engineering game so we’re pretty excited to say the least! Participants will be flexing their wit and wits against the top 100 Dutch companies via in-live-studio phone calls and conference attendees plus members of the public can check out the game in progress via the Listening Post. Blag for swag – and the best ‘wit-hacking’ engineer walks away with a swanky new iPad 3 sponsored by Sogeti!