Featured talks at the upcoming Hack In The Box Security Conference
The 8th annual Hack In The Box Security Conference in Amsterdam will feature brand new 2 and 3-day hands-on technical trainings covering a wide variety of topics from Linux kernel exploitation techniques to advanced malware analysis and more.
Following on from these training sessions, there will be a 2-day multi-track format conference (quad track with 120-minute hands-on
labs), a technology exhibition, capture the flag competition, lock picking village, soldering area with Mitch Altman, a hardware hacking and wireless technology focused area with a segment on car hacking by the guys who run Defcon’s car hacking village.
If that’s not enough, there will also be an IoT hacking area with loads of hardware goodies including the USB Armory, 44Con’s HIDIOT and Michael Ossman’s HackRF.
Alongside the exhibition and main conference, there will be a ‘CommSec Track’ of 30 and 60-minute talks. These community talks and the exhibition area above are free and open to public.
Keynote speakers for the conference will be Saumil Shah, Founder of Net-Square, Window Snyder, a security industry veteran and Chief Security Officer at Fastly who previously spent five years at Apple working on security and privacy strategy and features for OS X and iOS. Natalie Silvanovich, a security researcher on Google Project Zero, will deliver the closing keynote.
Featured talks
Femtocell Hacking: From Zero to Zero Day – This presentation deals with Femtocells – small, low-power cellular base stations typically designed for use in a home or small businesses that are now being introduced to service LTE customers all over the world. It will cover methodologies to approach femtocell device auditing and ways to get the device firmware, how to analyze it and find vulnerabilities within them. We will also look at how we can MITM the device to expose SMS, voice, and call data packets sent and received through the exposed femtocell.
Hacking Customer Information Control System – This talk will present methods on pentesting mainframe applications, deploying shells and elevating privileges on the system, all starting with zero authentication. If you are interested in mainframes or merely curious to see a what a shell looks like on MVS, you’ll want to attend this session.
The Secret of ChakraCore: 10 Ways to Go Beyond the Edge – This presentation will first introduce special characteristics (mostly new characteristics compared to the old Internet Explorer JavaScript engine) of the ChakraCore engine where we can find exploitable vulnerabilities. With these exploitable vulnerabilities in hand, the next thing to do it to turn them into working exploits.
How We Found Over 100 RCE Vulnerabilities in Trend Micro Software – The talk will examine and showcase some previously unreleased vulnerabilities, novel attack scenarios, automated approaches to vulnerability discovery as well as some clever exploitation tricks. The presentation will include a montage of on-stage demonstration of the most interesting zero-days that were discovered across different products.