I attended Hack In The Box conference 3 days ago for 2 days and it was awesome! Is there any job in the world that basically the company just hire us to attend all sorts of conference or seminar or talks or whatever you call, and all we need to do is to write a report about what we have learnt. Cool isn't it? (keep dreaming)
HITB is the premier network security event in Asia and the Middle East. The main aim of the conference is to enable the dissemination, discussion and sharing of deep knowledge network security information.
The conference fee is quite expensive though, RM499! Thank goodness my company sponsored me and John, the key person who perform penetration test in my company. I arrived at Crowne Plaza Mutiara just on time, the traffic in KL was terribly congested. The interior of Crowne hotel is actually way more grand than its exterior.
The organizer made me wear this tag and secured it with a piece of metal so the tag can't be removed unless you cut it. Which means I was forced to wear this stupid thing to eat, to shit, to sleep, to date, to swim, to fight, to whatever you can imagine, for a good 2 days. What a brilliant idea!
These teams were beating their brains out to exploit rival teams’ daemons to get their flags. The game is called Capture The Flag War - CTF.
Teams of 3 will have a set of daemons / services running on their machines and they need to exploit rival teams’ daemons to get their flags. Submit the flag to obtain offensive points. Keep your daemons up and running to obtain defensive points.
In CTF-WMD, each team will manage a country and each country will start with the same number of population (also known as HP or HitPoints). Teams will need to launch warheads at rival countries or disable their warheads or utilities in order to gain offensive points. For defensive points, all the team needs to do is keep their utilities up.
Heard that Korean's team won. If you are good in hacking and network security, you might want to consider participating in this competition next year (it's held every year), it's a very high chance that you would be spotted by renowned companies and hire you if you won.
There were 4 main speakers of the conference of all have been a hacker for a few decades.
Keynote 1: Joe Grand aka Kingpin (President, Grand Idea Studio)
Keynote 2: Rop Gonggrijp (Hacker and Activist)
Keynote 3: Ed Skoudis (Co-Founder, InGuardians)
Keynote 4: Julian Assange (Founder of WikiLeaks.org) Joe Grand, hardware hacker/expertise, showed us how he cracked the smart card so he has unlimited value of the card to pay for the parking. But John told me the device that is used to analyze the smart card chip costs more than 100k (he didn't say in which currency) -_-". I'm not sure how true it is though. Gonna google a bit.
Julian Assange, founder of WikiLeaks, told us he has been hacking since
age 7! He was convicted of attacks on the US intelligence and publishing a magazine which inspired crimes against the Commonwealth. Genius are all weird. If you want to know more about him, google is your best friend.
I tried to wiki him but surprisingly he isn't in the wikipedia. How could someone like
XiaXue who blogs about nothing but her rantings and pinky stuffs is found in Wikipedia whereas a WikiLeaks founder who has been hacking since age 7, is not interesting enough to be in Wikipedia.
Another interesting booth,
Lock Picking Village, shows you how to hand pick the locks.
Visit here ->
http://conference.hackinthebox.org/hitbsecconf2009kl/?page_id=358The two members from the Open Organization of Lockpickers (TOOOL) were demonstrating to the audience how to use simple tools to unlock the lock.
The lockpick tools that they sell are expensive though, a simple tool in a size of a credit card costs RM100! I was tempted to buy one but I couldn't think of any reason that I need one except to show off. There was a man who wasn't hesitate at all to buy a set of toolkits which costs
USD400!! hmm... might be a professional thief.
These 2 Russians are funny. They are one of the developers of nmap. (my source is so not accurate :-p Thanks LD)
The 2 speakers, Fyodor, co-author of X-Probe and The Grugq, who has spent several years researching anti-forensic techniques and also the author of Hash, showed us all sort of funny 'illegal' tradings on the internet in Russia.
Can you imagine there are actually people who
sell ICQ number? Before that I can't even imagine there are people who are still using ICQ. Anyone of you still remember your ICQ number? Is your ICQ number 6 digits or 8 digits? Mine is 7 digits, you can try to add me if you want, my ICQ number is 6051605 :-p... no joke, I still remember it!
Ok, the whole idea about selling ICQ number is that people prefer 6 digits ICQ number than 8 digits ICQ number, just to show off, I guess. The ICQ number that they sell are those lucky numbers like 116688, 996688 (why sound so like Chinese). Russians are simply brilliant.
Another funny trading in Russia is that people
sell proxy online. For those who are not familiar with proxy, a Proxy site is a web page which allows you to browse your favorite web sites -- even though your access to those web sites might be blocked by a content filter. So if you find that your bloody company blocks your favorite websites, use the web proxy sites to get around the block. By the way, you can actually get free proxy online if you google it, not necessary have to purchase it.
The most classic one is that there are people who offer the service to
TAKE DOWN TWITTER.COM. So if you want to take down twitter.com (for don't know what bloody reason) for 1 day, all you need is to pay
USD 80 to the hacker who offers the service.
There are many more funny tradings in Russia but I don't think you can google it unless you understand Russian language. According to the speakers, those hackers who offer these services are not really a mafia, those are just young dudes who are still studying and wanted to make some money in a funny way.
Cyberworld is just another interesting world which will eventually dominate the world.
More info about HITB:
http://conference.hackinthebox.org/hitbsecconf2009kl/p.s. Not many photos as my cellphone camera sucks, can't even zoom.
+copy.jpg)
+copy.jpg)
+copy.jpg)
