Presentations, Workshops & Events at Kiwicon 2k7

While the CFP is still in progress, the following speakers and events have been accepted. This list will be updated as we get closer to Kiwicon. If you wish to submit a presentation, please do so early to maximise chances of acceptance.

[Keynote]
[Presentations]
[Workshops]
[Lightning Talks]
[Events]
[Keynote] - top
Title: Bugs in the Wetware: The Psychology of Computer Insecurity
Presenter: Peter Gutmann
Origin: Auckland, New Zealand
Synopsis: It's been common wisdom for some time that the average user has a rather poor grasp of computer security issues. No matter how much effort the computer community expends in trying to educate people, they'll still click on attachments, hand over personal details at phishing sites, and in general engage in behaviour while online that they'd never dream of in the real world.
While the standard response is to blame the user, the real culprit is the way the human mind works. Millennia of evolutionary conditioning and the environment in which computer users operate cause them to act, and react, in predictable ways to given stimuli and situations. This talk looks at the (often surprising) ways in which the human mind deals with computer security issues, and why apparent bugs in the wetware are something that not only can't be patched but are often critical to our functioning as humans.
Bio: Peter Gutmann is a researcher in the Department of Computer Science at the University of Auckland, New Zealand, working on the design and analysis of cryptographic security architectures. He helped write the popular PGP encryption package, has authored a number of papers and RFC's on security and encryption including the X.509 Style Guide for certificates, and is the author of "Cryptographic Security Architecture: Design and Verification" (published by Springer-Verlag) and the open source cryptlib security toolkit. In his spare time he pokes holes in whatever security systems and mechanisms catch his attention and grumbles about PKIs and the (un-)usability of security applications.
[Presentations] - top

Presentations will be lecture-theatre style events ranging between 45-60mins in duration.

Title: Here Be Dragons: Hacking Non-IP Networks
Presenter: hntr
Origin: Auckland, New Zealand
Synopsis: Everyone accepts the pervasive nature of the internet, and by extension, IP networks. Much work has been done on securing and hacking such networks and, while there are plenty of misunderstood issues in this field, many of the problems are well-known.
There are networks, however, which we utilise every day which are not IP. Most people are unaware of the existence of some of these networks and the technology which drives them, let alone the security problems inherent in their usage.
This talk will examine three seemingly disparate, yet related technologies from the point of their use in an IP age. We will examine x.25, SCADA, and SAN technologies and possible attacks against them. New days bring new technology and new attacks, yet we continue to use networks that have been around since before the age of the internet and they're prone to the same security vulnerabilities that they always were, and some new ones...
Bio: hntr has a degree in philosophy and has spent much time in basements lit solely by the glow of big kit. Prior to his present incarnation as corporate security guy, he's done the cluster computing thing, the government infrastructure thing, the small linux security company thing and the start-up in Japan thing. Presently working at Security-Assessment.com he finds thrills in busting big, expensive kit, pondering maliciousness with anonymous networks and finding new ways of getting into trouble.
 
Title: Busting your IDS / IPS
Presenter: Flagg
Origin: Sydney, Australia
Synopsis: When you consider the system as a whole, there are plenty of ways to bust an IDS / IPS. From the wire to the incident response team we will work through various limitations and examples of potential mischief.
Bio: Flagg is a Technical Security Consultant at Security-Assessment.com, specialising in Penetration Testing and Whiskey.
 
Title: Old School Is Good School: Busting Carrier Ethernet Networks
Presenter: Metlstorm
Origin: Auckland, New Zealand
Synopsis: Ethernet is ubiquitous, the winner of the Layer 2 techonolgy race. And everyone knows it's not designed for security; you get l2 access, you win. And yet, what's that in the wall of your server room? An ethernet connection from your telco - your internet connection, your WAN, your remote access cloud... delivered over ethernet. But don't worry your pretty little head, it's TELCO GRADE ethernet. It's TOOOOTALLY different. The sales rep told you the P in VPN stood for private, remember?
Metro ethernet carrier networks are the transit over which many of our most critical systems run. This presentation will cover the layer two attack techniques, with particular focus on how well they work in modern carrier metro-ethernet access networks. In New Zealand.
Bio: Metlstorm is a bogan unix-hippy hacker from Auckland. Raised in the brutal AKBBS scene in the early 90s, Metl has levelled up through ISP engineering, linux systems integration and corporate-sellout security consultancy. Presently he builds weaponized hacking tools for a US firm, drinks beer, and throws up the horns at the slightest provocation.
Armed with his unix beard and python interpreter, Metl has presented at Blackhat, Defcon and Ruxcon, where one of his presentations was derided as 'theatrical', and in the other he was punched out by an audience member after calling his sexuality into question.
 
Title: Bugs == Leverage
Presenter: Bogan
Origin: Wellington, New Zealand
Synopsis: Your employer wants you to a deliver a whiz-bang solution for their latest business requirement, being a diligent security practitioner you analyse all the viable options on the market. After finding a number of vulnerabilities in the majority of the products, you choose the one that best fits your needs and find that those bugs can be utilised to get you a tidy discount....
Bio: With a penchant for black t-shirts, jeans and the lyrical styling of Pantera, bogan has been touching computers ever since he can remember
 
Title: Cracking A Fat: Breaking Thick Client Software
Presenter: Nick "Handles are for Wimps" von Dadelszen
Origin: Wellington, New Zealand
Synopsis: With so much discussion about AJAX and the dangers of client-side logic, many people tend to forget that standard thick client application form the cornerstone of many businesses. Once you get inside an organsiation, thick client applications are everywhere, and are not going away any time soon. This talk will discuss approaches to attacking these types of applications, with a focus on C# and Java. It will start with simpler circumvention techniques, and move through more complicated scenarios to demonstrate common attack methods. The aim of the attacks is not to own the client, since it is assumed you already have full control of this, but to utilise flaws in the client-server architecture to get to the important server-side data underneath.
Bio: Nick "thinks like a criminal" von Dadelszen is Wellington's answer to Kevin Mitnick, prowling the digital badlands, a vagabond, a renegade. Armed with his kungfu hacking technique, Nick brutally violates the plumpest of fat clients without mercy. Despite being a badass, he masquerades as a corporate security consultant, wooing banks and governments with his brylcreem smooth patter. Watch out boys, he might woo you too.
 
Title: CrackStation
Presenter: Tmasky
Origin: Wellington, New Zealand
Synopsis: Sony built a mini-supercomputer-total-entertainment-system thing that can also play games. The talk will go over his tale of wrangling the horsepower of the system and (if tma pulls himself away from Quake long enough) he'll have some cool shit to demo.
Bio: tmasky is a gamer who badly stumbled into linux and security many years ago. He's broken a fair amount of stuff and loathes proprietary tech.
 
Title: Information Warfare and new perspectives for smaller nations
Presenter: Joshua
Origin: Wellington, New Zealand
Synopsis: Information is everywhere: newspaper, television, radio, Internet... If you own the information you can own the world. This talk will introduce basic concepts of Asymmetric Warfare (Law/Economic/Network warfare) but with more focus on Information Warfare. With the help of one real example (the Lebanese-Israel war) we will show how a small nation can win the information war over a more powerful country. The Internet will be our battefield and Blackat SEO (Search Engine Optimization) tricks also will be explained in order to manipulate what is perceived and interpreted by others (including mainstream media).
Bio: Joshua is a Belgian 007 living in New Zealand who has already infiltrated the biggest kiwi IT company and the kiwicon organization. Known under different handles, his current mission is to know the secret of Macs Gold which is the only last good beer that Belgium don't own. With the help of information warfare strategies he hopes corrupting at least one kiwi to obtain the san grail.
 
Title: A Bag Full of 0day
Presenter: Brett Moore
Origin: Auckland, New Zealand
Synopsis: Well, it'd hardly be 0day if we told you, would it?
Bio: World famous in New Zealand for his 'scanning entire .nz net range' stunt back in 2001, Brett has now become the security pin up boy for windows security researchers in New Zealand. He has presented (and drunk) at various conferences including Blackhat, Defcon, Ruxcon, and the invitation only Bluehat. Brett now heads up New Zealand's newest security startup, Insomnia Security specialising in vulnerability research and advanced exploitation techniques.
 
Title: Your Kiosk, My Kiosk
Presenter: Delf
Origin: Auckland, New Zealand
Synopsis: Internet Kiosks. We have all seen them in Airports, Lobbies and Army/Navy recruiting stations. Computers designed to run a browser inside a 'protected shell'. Often plugged directly into a company LAN. Just machines running Windows XP...
The only thing stopping 'Casual Hacker Paul' from compromising your box and getting access to the LAN is the Kiosk software. A $50-$100 "Shareware" product, who's owning company outsourced all development to Mumbai, India.
This presentation will focus on new methods of Internet Kiosk exploitation. Additionally architecture and design flaws in the "Software Internet Kiosk" product as a whole.
... and various 0-day in different kiosk applications, just for good measure.
Bio: Delf is a hacker from Auckland who was raised on the mean streets of Papakura, South Auckland. Delf currently works at Security-Assessment.com as an application penetration tester. It is strongly recommended to buy Delf a beer if you wish to hear more.
[Workshops] - top

Workshops will be hands-on classroom-style practical sessions, with a duration of up to 2 hours. Please bring your own equipment (laptops, network & power cables).

Title: Wifi Insecurity: A busting WEP/WPA workshop
Presenter: Detonate
Origin: Auckland, New Zealand
Synopsis: A hands on (bring your own laptop) workshop showing you how to sniff, snarf, inject, crack and bruteforce your way onto a wireless network.
Bio: Detonate (aka detopeach) is an ex-Wireless ISP network monkey. When not breaking into wireless networks, Det enjoys relaxing walks on the beach, poker, and hanging out with his bestest buddy tkn.
[Lightning Talks] - top

Lightning talks are quickfire, 10-15 minute presentations for small topics and tool releases.

Title: SSH-Jack Redux: And Jack0rs For All...
Presenter: Metlstorm
Origin: Auckland, New Zealand
Synopsis: Two years ago, Metlstorm presented his runtime SSH hijacker at Defcon; "it's a feature!" he cried. Well, with the release of OpenSSH4, this is finally true. Metl reflects briefly on the feature turned security flaw turned feature, it's utility and future. If you use SSH to secure your networks (which you should) then it pays to be familiar with it's nooks and crannies, huh?
Bio: Metlstorm is a bogan unix-hippy hacker from Auckland. Raised in the brutal AKBBS scene in the early 90s, Metl has levelled up through ISP engineering, linux systems integration and corporate-sellout security consultancy. Presently he builds weaponized hacking tools for a US firm, drinks beer, and throws up the horns at the slightest provocation.
Armed with his unix beard and python interpreter, Metl has presented at Blackhat, Defcon and Ruxcon, where one of his presentations was derided as 'theatrical', and in the other he was punched out by an audience member after calling his sexuality into question.
 
Title: The Success of a Mistake: Kiwicon2k7
Presenter: Dumb (Pipes) and Dumber (Bogan)
Origin: Wellington, New Zealand
Synopsis: The primary organisers of Kiwicon 2k7 reflect on their hangover throbbing heads, their empty wallets, and their newly engorged confidential files at intelligence agencies around the world. Whatever could have led to such madness? From the horse's mouth, they lay down their atrocious breath.
Bio: Pipes and Bogan put the fire under the coal that set the choo-choo train that is Kiwicon off down the tracks towards the inevitable train wreck. If only the con was as good as their extended metaphors.
 
Title: Free Windows Privesc
Presenter: Sham
Origin: Zurich, Switzerland
Synopsis: This will be the official release of an automated Windows privilege escalation bug finder and exploiter. The tool uses multiple methods for finding and exploiting poor service, file and registry permissions and other lesser known privesc vulnerabilities to gain access from a standard user to SYSTEM or Administrator.
Bio: Sham has been hacking his way around corporate New Zealand for the past 8 years and has recently taken up a job working for a small, relatively unknown search engine company. Sham is known for drunken pseudo philosophical rants, anti-forensic technique, rootkits, VoIP hacking, incident wrangling, and general Windows mayhem. Sham is OS agnostic, and proves this by running freeBSD, Vista and Ubuntu, he uses vi but admits that if he were smarter he would probably use emacs, writes mostly python but has been hacking perl, C and VB for more hours than he wishes to think about.
 
Title: Advances in anti-forensic: in-memory distributed hidden storage
Presenter: Joshua
Origin: Wellington, New Zealand
Synopsis: During this short talk we will present a new way to hide a file in-memory under Unix (nothing is written on disk). With the help of a proof-of-concept (DHIS - Distributed Hidden Storage) we will show that once hidden it's almost impossible to reconstitute the whole file for a forensic expert. We will also show how to prevent such technique.
Bio: Joshua is a Belgian 007 living in New Zealand who has already infiltrated the biggest kiwi IT company and the kiwicon organization. Known under different handles, his current mission is to know the secret of Macs Gold which is the only last good beer that Belgium don't own. With the help of information warfare strategies he hopes corrupting at least one kiwi to obtain the san grail.
[Events] - top

What's a circus without sideshow freaks? Or a hacker con without a few side-shenanigans...

Title: The Kiwcon 2k7 Haxor Quiz
Presenter: Dungeonmasters Joshua and Metlstorm
Location: Saturday night at a bar near Kiwicon, details TBA
Synopsis: Think you've got clue? Know your pointer from your heap? Come along and pit your mad, elite skillz against the other Kiwicon badasses. Using a custom, ajaxy-web-based quiz engine, DMs Joshua and Metlstorm will run The Kiwicon 2k7 Haxor Quiz which you can participate in as a team or an individual. Bring your wireless equipped laptop, your brain and your favorite web haxxing toolkit - you can win by skill, or maybe you can hack the quiz engine. Either way's fine with us :)
The Kiwickon 2k7 Haxor Quiz is sponsored by Security-Assessment.com, who have generously offered a bartab to help grease your brains. Beers will be awarded for meritorious conduct in the quiz, so get your thinking caps and beer jackets on. There will also be prizes beyond the sweet sweet amber nectar... whatever will they be?
Note that because this event is being held at a licensed bar, and may at your choice involve BEER, it is restricted to Kiwicon attendees who are of a legal drinking age, and who can satisfy the bar staff of this fact. If you look like a 10 year old girl, best to bring ID that asserts otherwise.
Places in the quiz will be limited, so you will need to register your desire to participate. Exact details about how to register will be posted closer to the Con.