DEFCON Philippines BeerTalk II(Manila) Full Track

Unconventional Privilege Escalation

Speaker: Tikbalang

Synopsis: Conventional privilege escalation deals with vulnerabilities and acquiring root level in the system. Is there a way of escalating privilege (unconventionally) without having the root level? Up to what extent can the escalations go? Is it really a threat to consider? Are people affected by this?

Penetration Testing, A Structured Approach: Conducting Penetration Tests in a business environment

Speaker: theStare

Synopsis: Recent developments concerning regulatory requirements, the current financial turmoil and rising security threats to organizations have opened the doors of business for various security service providers. Organizations are looking for service providers who understand their business and its associated risks, capable of assessing their current security posture, identify any gaps, and provide cost-effective recommendations that can reasonably address these gaps. They are searching for professionals who can perform these services in an organized manner, using a sound approach and a proven methodology. This talk deals with the details of managing penetration testing engagements, right from proposal preparation up to report delivery.

The Waledac Botnet

Speaker: Bullsh!t

Synopsis: Botnet technology and techniques are continuously evolving, and currently, the Waledac botnet is probably the most advanced botnet out there.

In this presentation, we will give a brief overview on botnet evolution, the technical aspects of Waledac, the botnet, what it does, and how the bot masters are raking in cash out of this.

Hackista 2009 (Øpen Hack Challenge)

Mechanics: The goal of this challenge is to obtain administrative level privileges on a windows 2000 server with no security patches by exploiting vulnerabilities in the RPC/LSASS Services on the target machine. The target machine IP address will be announced prior to the start of the challenge. Upon successful compromise, create a text file with your name on the target machine's desktop and notify any of the the goons for verification. The first one to compromise the machine after verification will be considered the winner and gets a change to do a demo on the methods he used. The first one to create their HANDLE.txt on the desktop of the compromised machine wins the game.

Tools: Any hacking tools are allowed, Metasploit, Nessus, Nmap etc..

Rules: No direct DoS on the server, anyone caught DoSing the server will automatically disqualify you from the game.

Price: The first one to create handle.txt will be getting black badge, black badge entitles you for lifetime access to the DEFCON Philippines event.

Who can join?: Anyone on the BeerTalk with valid booze tag will be able to join the Hackista Challenge, no goons will be joining the game.

Register now.

DEFCON Philippines BeerTalk II(Manila) Full Track

Unconventional Privilege Escalation

Speaker: Tikbalang

Synopsis: Conventional privilege escalation deals with vulnerabilities and acquiring root level in the system. Is there a way of escalating privilege (unconventionally) without having the root level? Up to what extent can the escalations go? Is it really a threat to consider? Are people affected by this?

Penetration Testing, A Structured Approach: Conducting Penetration Tests in a business environment

Speaker: theStare

Synopsis: Recent developments concerning regulatory requirements, the current financial turmoil and rising security threats to organizations have opened the doors of business for various security service providers. Organizations are looking for service providers who understand their business and its associated risks, capable of assessing their current security posture, identify any gaps, and provide cost-effective recommendations that can reasonably address these gaps. They are searching for professionals who can perform these services in an organized manner, using a sound approach and a proven methodology. This talk deals with the details of managing penetration testing engagements, right from proposal preparation up to report delivery.

The Waledac Botnet

Speaker: Bullsh!t

Synopsis: Botnet technology and techniques are continuously evolving, and currently, the Waledac botnet is probably the most advanced botnet out there.

In this presentation, we will give a brief overview on botnet evolution, the technical aspects of Waledac, the botnet, what it does, and how the bot masters are raking in cash out of this.

Hackista 2009 (Øpen Hack Challenge)

Mechanics: The goal of this challenge is to obtain administrative level privileges on a windows 2000 server with no security patches by exploiting vulnerabilities in the RPC/LSASS Services on the target machine. The target machine IP address will be announced prior to the start of the challenge. Upon successful compromise, create a text file with your name on the target machine's desktop and notify any of the the goons for verification. The first one to compromise the machine after verification will be considered the winner and gets a change to do a demo on the methods he used. The first one to create their HANDLE.txt on the desktop of the compromised machine wins the game.

Tools: Any hacking tools are allowed, Metasploit, Nessus, Nmap etc..

Rules: No direct DoS on the server, anyone caught DoSing the server will automatically disqualify you from the game.

Price: The first one to create handle.txt will be getting black badge, black badge entitles you for lifetime access to the DEFCON Philippines event.

Who can join?: Anyone on the BeerTalk with valid booze tag will be able to join the Hackista Challenge, no goons will be joining the game.

Register now.


DefconPH.org

is a registered Defcon Groups International as DC6332. Defcon is the worlds largest hacking convention in the world. Same as Defcon, DefconPH.org is aiming to come up with the same convention here in the Philippines, since we are a registered international group of Defcon we will be having the same pattern as Defcon. During the CON we will be having the events as well like TCP/IP Drinking, Lock Picking, Spot The Feds etc.

The group is pretty much very new it all started February 2008. The main site of the group went down for a couple of months due to some Hosting issue, we plan to postponed the CON this December and move them to a more convenient time hopefully next year. We are inviting all people who are in the IT industry to support the exposure of IT Security related topics in the Philippines. Lets continue to support the IT Security Arena

For the mean time lets all interact on the user FORUM, in this way we can share our knowledge, ideas as to how the CON you want it to be.

Blog


DefconPH.org

is a registered Defcon Groups International as DC6332. Defcon is the worlds largest hacking convention in the world. Same as Defcon, DefconPH.org is aiming to come up with the same convention here in the Philippines, since we are a registered international group of Defcon we will be having the same pattern as Defcon. During the CON we will be having the events as well like TCP/IP Drinking, Lock Picking, Spot The Feds etc.

The group is pretty much very new it all started February 2008. The main site of the group went down for a couple of months due to some Hosting issue, we plan to postponed the CON this December and move them to a more convenient time hopefully next year. We are inviting all people who are in the IT industry to support the exposure of IT Security related topics in the Philippines. Lets continue to support the IT Security Arena

For the mean time lets all interact on the user FORUM, in this way we can share our knowledge, ideas as to how the CON you want it to be.

Blog

DefconPH.org

is a registered Defcon Groups International as DC6332. Defcon is the worlds largest hacking convention in the world. Same as Defcon, DefconPH.org is aiming to come up with the same convention here in the Philippines, since we are a registered international group of Defcon we will be having the same pattern as Defcon. During the CON we will be having the events as well like TCP/IP Drinking, Lock Picking, Spot The Feds etc.

The group is pretty much very new it all started February 2008. The main site of the group went down for a couple of months due to some Hosting issue, we plan to postponed the CON this December and move them to a more convenient time hopefully next year. We are inviting all people who are in the IT industry to support the exposure of IT Security related topics in the Philippines. Lets continue to support the IT Security Arena

For the mean time lets all interact on the user FORUM, in this way we can share our knowledge, ideas as to how the CON you want it to be.

Blog