[Dailydave] CyberSyScan 2013 - The Speakers!

Ben Nagy ben at iagu.net
Thu Jan 31 22:18:10 EST 2013

Ladieeeees aaaand Gentlemen!

Having sold out everything in which I believed and signed up to "death by one
hundred and forty codepoints", I take an unholy amount of pleasure in sitting
down comfortably, with a few decent Belgian beers in order to inform you, at
some considerable length, of the cyber-wonders in store at the upcoming
cybersecurity cyberconference, the one and only CyberSyScan CyberSingapore!

Cybers got you down? Worried that someone else is putting the 'APT' in your apt-
get? Think you're the only one reading your Inbox?

You need a SyScan!

- Ten world-class experts presenting cutting edge RESEARCH
- Rock solid lineitems for your outstanding TRAINING budget
- Cyber-earthshaking KEYNOTES
- A permanently OPEN CYBERBAR
- Professional LIGHTNING TALKS
- "Karaoke" LIGHTNING TALKS (point and laugh!)

First things first. The Keynote.

After skiving off for a few years, the one and only Dave "I REALLY LOVE ANTS"
Aitel is back with us in Singapore. To my mind, a lot of "thought leaders" in
"cyber" are actually just people who can mostly write in complete sentences and
know how to manage their press hookups. True thinkers, however, are the ones
with whom you initially disagree, sometimes violently, sometimes in an
overwhelming majority until suddenly, one day, you realise that they were right
all along. Despite his slightly creepy obsession with formicidae, Dave is one of
those thinkers, and if you don't get up early to make into the Keynote you are
definitely going to regret it.

I haven't actually got his title to hand, which means that, according to the
rules, I get to make it up. (It might be about something else entirely)

KEYNOTE: Dave Aitel - What's At Stake? - Everything Buffy The Vampire Slayer
Taught Me About Cyberwar

And now, without further ado, ( my scurrilous slander of ) - the illustrious
SPEAKERS of SyScan Singapore 2013!

Alex Ionescu ( @aionescu ) - Hotpatching the Hotpatcher: Stealth File-less DLL

There are people who know about Windows Internals. Then, there are slightly
scary people who just know TOO MUCH about Windows Internals. After that, there
are terrifying lunatics who know SO MUCH about Windows Internals that they write
a WHOLE KERNEL from scratch for a bizarre stunt-OS that is binary compatible
with Windows - presumably after a drunk bet got waaay out of hand. And then
there's Alex. This talk, however, looks like solid gold awesome for kernel post-
exploitation and is bound to have "certain people" drooling.

"Hop-a-Long" Halvar Flake ( @halvarflake ) - Checking the Boundaries of Static

Halvar needs no introduction... but I'm going to give him one just to be
irritating. A mathematician at heart, Halvar really wants nothing more in life
than for things to work just as they should, and for there to be cake
afterwards. However, having not revolutionised mathematics by the age of 20, he
wisely decided to turn his hand to revolutionising reverse engineering instead.
Since then, he has spent years eviscerating software, building tools that sucked
less than all the existing ones and relentlessly pointing out all of the areas
where our approaches just aren't working. I pine for a softer, kinder world
where formal methods solved everything, other people's software didn't suck so
damn much, and gentle giants like Halvar would be free to read poetry and eat
their cake in peace. :(

Georg Wicherski ( @ochsff ) - Taming the ROPe on Sandy Bridge

Georg works for CrowdStrike, who, I am told, "do not engage in any illegal
activities". So, now that their business model is completely clarified, this
will be some kind of awesomeness about using new Sandy Bridge processor features
to pick up ROP exploits with "almost no performance impact and without binary
modification". Sounds like fightin' talk to me! Oh, also, Georg is pretty

Pedro Vilaca ( @osxreverser ) - Revisiting Mac OS X Kernel Rootkits

@osxreverser may not be the hacker your Macbook needs right now, but he is
definitely the one it deserves. And not in a good way. There hasn't been all
that much sunlit work on OSX rootkits for a while, although it's safe to assume
that the scary guys are going at them hell for leather (because, let's face it,
who WOULDN'T want to own 80% of security conference speakers). Since Apple's
hardening seems, oddly, to be strongly correlated with techniques released at
cons, I think whichever side of the OSX Rootkit Fence you're on there's going to
be a lot to love about this talk.

Snare ( @snare ) - "... I mean, F*CK, it's got FPGAs in it, right?"
(I'd assume this title is subject to change...)

PANTHEIST", which I feel, were I to understand more than half of those words,
sums it up perfectly. DMA (Direct Memory Access) on IO ports (eg Firewire etc)
is horribly scary, especially when done wrong. "Certain vendors" need to have
their bad habits kicked out of them, and in this instance, snare is wearing the
boots ( if not the pants ). If imagining the ultimate evil-maid passkey is
enough to make your firmware go limp, you should probably be at this talk. Also,
any speaker that forgets their display adapter for the projector will be forced
to use one provided by @snare. DON'T LOOK AT ME LIKE THAT, I DON'T MAKE THE

Stefan Esser ( @i0n1c ) - Mountain Lion / iOS Vulnerability Garage Sale

What praise can I heap upon Stefan that hasn't already been bestowed by his
adoring Twitter followers? Scumbag, moran [sic], asshat, troll... but the whole
truly is more than the sum of its parts. Stefan has been a fixture at SyScan
Singapore for years, and I've had the brain-melting pleasure of watching him
break stuff since his PHP days. On none of those occasions has he failed to
deliver the awesome. We shall dance around as he showers us in 0day and we shall
have an 0day Sparkle Party.

j00ru ( @j00ru ) and Gynvael Coldwind ( @gynvael ) - TBA

So, I'm starting out with some Windows kernel fuzzing at the moment, and I
recently presented a small monograph on the subject at the legendary Ruxcon. I
noticed that both Tarjei and Alex Ionescu were in the audience, and was
basically terrified. I said something to break the ice like "the only thing that
could make this worse would be if, like, j00ru were here ;)"... except he was
and he came up and introduced himself afterwards and that is how I met j00ru. :(
Anyway... the three things that should alert you to the fact that this will be
an amazing talk are - 1. Gynvael Coldwind. 2. j00ru. 3. That we can't announce
even the TITLE until some people patch some stuff.

Nguyen Anh Quynh - OptiCode: machine code deobfuscation for malware analysts

I have a new rule: "never argue with a PhD who codes in grandpa slippers". That
rule may or may not have anything to do with Quynh. This presentation confirms
what everyone has always known - that LLVM and theorem provers are basically
magic, and if you attack any problem, no matter how difficult, with enough of
them then you just win. That's my understanding anyway. OK, it may be a little
rough around the edges, but I'm pretty sure that's the essential thrust of it.
In this instance, Quynh will demonstrate how to magically deobfuscate machine
code, commonly found in malware, but also in lots of other places where people
don't feel reverse engineers should look. And, for his next trick, he pulls out
a fully working tool, not just a hand-wavy paper. Flawless Victory.

Mario Heiderich ( .mario / @0x6D6172696F ) - The innerHTML Apocalypse - How mXSS
attacks change everything we believed we knew so far

Everyone loves a good Apocalypse, and none more than the SyScan selection
committee. Although I find it, personally, very difficult to credit, I am
assured by scientists that web-based attacks, including XSS, are used in real
life to actually cause damage in a non-ironic way. Pff. Scientists. Anyway, so
"apparently" being able to bypass all current "XSS" filters and do whatever
"XSS" does to lots of super important websites is "bad". Me, I'm still betting
this semantic web idea isn't going to catch on.

Barnaby Cornelius Aberfwyth Jack ( @barnaby_jack ) - TB, eh bro?

Back in his wilder days, I would occasionally cross drinking swords with Barns.
Any and all further embarrassing stories are fully embargoed under either the
"Happens In Vegas Stays In Vegas Act" or under the terms of a Mutually Assured
Destruction treaty to which I am signatory. Barns wrote the first exploit I ever
compiled ( jill.c ). Barns got into the USA on a type "O" visa ( usually for
foreign Olympians ). Barns made an ATM spit out cash. Barns hacked Chuck Norris'
coffee maker. And, more recently, Barns has been scaring the living FDAs out of
medical device manufacturers. This is going to be epic. Lut's git grimy, eh?

Aaand done! If you made it this far, I should like to remind you about the part,
WAY up the top, where I mentioned that there is an OPEN BAR at SyScan. Also
amazing food, convivial company, the chance to lie about outdrinking me like
@nicowaisman, assorted revelry and an open bar. You should come.

Get a cyber up ya.



More information about the Dailydave mailing list