DEFCON Philippines BeerTalk II(Manila) Full Track

Unconventional Privilege Escalation

Speaker: Tikbalang

Synopsis: Conventional privilege escalation deals with vulnerabilities and acquiring root level in the system. Is there a way of escalating privilege (unconventionally) without having the root level? Up to what extent can the escalations go? Is it really a threat to consider? Are people affected by this?

Penetration Testing, A Structured Approach: Conducting Penetration Tests in a business environment

Speaker: theStare

Synopsis: Recent developments concerning regulatory requirements, the current financial turmoil and rising security threats to organizations have opened the doors of business for various security service providers. Organizations are looking for service providers who understand their business and its associated risks, capable of assessing their current security posture, identify any gaps, and provide cost-effective recommendations that can reasonably address these gaps. They are searching for professionals who can perform these services in an organized manner, using a sound approach and a proven methodology. This talk deals with the details of managing penetration testing engagements, right from proposal preparation up to report delivery.

The Waledac Botnet

Speaker: Bullsh!t

Synopsis: Botnet technology and techniques are continuously evolving, and currently, the Waledac botnet is probably the most advanced botnet out there.

In this presentation, we will give a brief overview on botnet evolution, the technical aspects of Waledac, the botnet, what it does, and how the bot masters are raking in cash out of this.

Hackista 2009 (Øpen Hack Challenge)

Mechanics: The goal of this challenge is to obtain administrative level privileges on a windows 2000 server with no security patches by exploiting vulnerabilities in the RPC/LSASS Services on the target machine. The target machine IP address will be announced prior to the start of the challenge. Upon successful compromise, create a text file with your name on the target machine's desktop and notify any of the the goons for verification. The first one to compromise the machine after verification will be considered the winner and gets a change to do a demo on the methods he used. The first one to create their HANDLE.txt on the desktop of the compromised machine wins the game.

Tools: Any hacking tools are allowed, Metasploit, Nessus, Nmap etc..

Rules: No direct DoS on the server, anyone caught DoSing the server will automatically disqualify you from the game.

Price: The first one to create handle.txt will be getting black badge, black badge entitles you for lifetime access to the DEFCON Philippines event.

Who can join?: Anyone on the BeerTalk with valid booze tag will be able to join the Hackista Challenge, no goons will be joining the game.

Register now.


DEFCON Philippines BeerTalk II(Manila) Full Track

Unconventional Privilege Escalation

Speaker: Tikbalang

Synopsis: Conventional privilege escalation deals with vulnerabilities and acquiring root level in the system. Is there a way of escalating privilege (unconventionally) without having the root level? Up to what extent can the escalations go? Is it really a threat to consider? Are people affected by this?

Penetration Testing, A Structured Approach: Conducting Penetration Tests in a business environment

Speaker: theStare

Synopsis: Recent developments concerning regulatory requirements, the current financial turmoil and rising security threats to organizations have opened the doors of business for various security service providers. Organizations are looking for service providers who understand their business and its associated risks, capable of assessing their current security posture, identify any gaps, and provide cost-effective recommendations that can reasonably address these gaps. They are searching for professionals who can perform these services in an organized manner, using a sound approach and a proven methodology. This talk deals with the details of managing penetration testing engagements, right from proposal preparation up to report delivery.

The Waledac Botnet

Speaker: Bullsh!t

Synopsis: Botnet technology and techniques are continuously evolving, and currently, the Waledac botnet is probably the most advanced botnet out there.

In this presentation, we will give a brief overview on botnet evolution, the technical aspects of Waledac, the botnet, what it does, and how the bot masters are raking in cash out of this.

Hackista 2009 (Øpen Hack Challenge)

Mechanics: The goal of this challenge is to obtain administrative level privileges on a windows 2000 server with no security patches by exploiting vulnerabilities in the RPC/LSASS Services on the target machine. The target machine IP address will be announced prior to the start of the challenge. Upon successful compromise, create a text file with your name on the target machine's desktop and notify any of the the goons for verification. The first one to compromise the machine after verification will be considered the winner and gets a change to do a demo on the methods he used. The first one to create their HANDLE.txt on the desktop of the compromised machine wins the game.

Tools: Any hacking tools are allowed, Metasploit, Nessus, Nmap etc..

Rules: No direct DoS on the server, anyone caught DoSing the server will automatically disqualify you from the game.

Price: The first one to create handle.txt will be getting black badge, black badge entitles you for lifetime access to the DEFCON Philippines event.

Who can join?: Anyone on the BeerTalk with valid booze tag will be able to join the Hackista Challenge, no goons will be joining the game.

Register now.