[ mainpage :: register :: conference :: training :: the venue ]
[ capture the flag (CTF) :: hitb cinema :: lock picking village :: zone-h/hitb hacking challenge :: bzflag ]
[ call for papers (CFP) :: conference agenda :: sponsors :: press/media :: forum ]
[ conference kit (PDF) :: past conferences :: contact us ]

Conference Materials: http://conference.hitb.org/hitbsecconf2007kl/materials/

Official Photos: http://photos.hitb.org

Post Conference Coverage

Filed under: Main Page — Administrator @ 10:33 am

Post Conference Coverage - Mainstream Media

WabiSabi Labi aims to be more than an eBay for zero-days - Washington Post

Hackers reveal day-to-day dangers - BBC

Marketplace for vulnerabilities - The Star (Malaysia)

2007年HITBSecConf圓滿舉辦 - SC Cyberworld

Banking trojans set to pose bigger threat - The Star (Malaysia)

‘Stupid’ Holes Reported in Oracle 11g - PC World

Why bug hunt should be for sale - ZDNet (Asia)

Oracle 11g найдены серьезные уязвимости - OSP (Russian)

Đội Sao Vàng vô địch cuộc thi Game tấn công và phòng thủ tại Malaysia - Vietbao (Vietnam)

Researchers: Cyberattacks outstripping defences - ZDNet (UK)

Hack in the Box:甲骨文出现愚蠢漏洞 - 3800hk

Post Conference Coverage - Blogs / Online

Hack In The Box 2007 - Malaysia - Raffael Marty

A good presentation by FX - EM_386

Hack In The Box Malaysia 2007 - Francois Ropert

Exploiting HITB 2007 KL CTF Daemon 01 - VNSECURITY

HITB 2007 - CTF Daemon 03 writeup - WabiSabiLabi

Exploiting HITB 2007 KL CTF Daemon 05 - VNSECURITY

Exploiting HITB 2007 KL CTF Daemon 07 - VNSECURITY

Hack In The Box 2007 - Day 1 - Literatecode

Hack In The Box 2007 - Day 2 - Literatecode

HITB 2007 CTF report - LongBlog

WSLabi @ HITB Malaysia 2007 - WSLabi Blog

Impressions from HackInTheBox 2007 Malaysia - Alexander Kornbrust about Oracle Security (Red Database Blog)

HITBSecConf2007 in Malaysia - F-Secure Weblog

HITB2007! - Billy Rios

HITBSecConf2007 Over - Niresh

Hitb 2007 KL 3-6 September : Ret Null - y0nd13

HITB SecConf 2007 - MALAYSIA Day1 - Tessy (Japan)

HITB SecConf 2007 - MALAYSIA Day2 - Tessy (Japan)

HITB SecConf 2007 - MALAYSIA 資料公開 - Tessy (Japan)

Hack in the box Seminar on Telecom Fraud - Skype-Watch

WabiSabiLabi - blueshifters (US Army)

Web Hacking Challenge - blueshifters (US Army)

day 1 at hackers’ fest - sansurfer

day 2 at hackers’ fest | facilitating interviews - sansurfer

day 3 at hackers’ fest - sansurfer

day 4 (FINAL) at hackers’ fest - sansurfer

HITBSecConf 2007 - MALAYSIA - NTDLL.com (Arabic)

HITB Aftermath: Why you don’t know you are having virus in your pocket? - geek00l

Brief breakthrough of HITB lmao - dism0106

HITB 2007 log report - y3d1ps

Đội Sao Vàng vô địch cuộc thi Game tấn công và phòng thủ tại Malaysia - cdav7 (Vietnam)

HITBSecConf2007 Capture the Flag Game Considered Fun - security.org.my

HITBSecConf2007 Kuala Lumpur Capture the Flag is over! - Longblog (Vietnam)

HITB SEC CONF 2007: The WriteUp - geek00l

HITBSecConf2007 Considered 1337 - Malaysia Honeynet Project

Hecker Zeal?? - zealich

hitbsecconf2007 is over - spoonfork


If you’ve written a blog post or spotted an article that we’ve missed, please send an email to dhillon -at- hackinthebox.org
For the list of pre conference media coverage, please click here

Conference Materials and Photos

Filed under: Main Page — Administrator @ 12:42 am

The presentations materials from the dual-track security conference is now available for download. We’ll also be placing the materials on Packetstorm in the coming weeks. In addition, the photos from the setup, training days, conference days and the post conference party have also been uploaded so do check them out!

Materials: http://conference.hitb.org/hitbsecconf2007kl/materials/
Photos: http://photos.hitb.org


Filed under: Main Page — Administrator @ 7:56 pm

The conference agenda and speaker line up for HITBSecConf2007 - Malaysia has been finalized. Below are the list of confirmed presentations:

Day 1 Keynote - 5th September 2007

  • Honeynet Project: Latest Research - Lance Spitzner (Founder, Honeynet Project)
  • Online Crime and Crime Online - Mikko Hypponen (Chief Research Officer, F-Secure Corp)
  • Day 2 Keynote - 6th September 2007

  • The Rise and Fall of Information Security in the Western World - Mark ‘Phiber Optik’ Abene (Former Member of LOD / MOD)
  • The Evolution of Hacking - Emmanuel Goldstein (Founder, 2600)
  • Conference Day 1 - 5th September 2007

  • Injecting RDS-TMC Traffic Information Signals - How to Freak Out Your Sat Nav System - Andrea Barisani (Chief Security Engineer, Inverse Path Ltd) and Daniele Bianco (Hardware Hacker, Inverse Path Ltd)
  • State of Security - Andrew Cushman (Senior Director, Microsoft Security Response and Community, Microsoft Corp)
  • Attacking Cisco Network Admission Control – NAC@ACK - Michael Thumann (Chief Security Officer, ERNW GmbH) and Dror-John Roecher (Senior Security Consultant, ERNW GmbH)
  • Hacking SCADA – How to 0wn Critical National Infrastructure - Raoul Chiesa (Board of Directors member @Mediaservice.net, ISECOM Group and TSTF) and Alessio L.R. Pennasilico aka Mayhem (Security Evangelist, Alba S.T. s.r.l.)
  • Exploiting the Intranet With a Webpage - Is JavaScript the New Shellcode? - Martin Johns (University of Hamburg, Faculty of Informatics)
  • WabiSabiLabi - The Exploit Marketplace - Roberto Preatoni (Director of Strategy, WabiSabiLabi & Founder, Zone-H Defacement Mirror)
  • Meta Anti Forensics: The HASH Hacking Harness - The Grugq (Independent Network Security Specialist)
  • Advanced Web Application and Database Threat Analysis with MatriXay - Frank Yuan Fan (Founder and Chief Technology Officer, DBAPPSecurity)
  • Physical Security: Past, Present and Future - Deviant Olam, Eric Michaud & Q (Members of TOOL USA)
  • 360° Anomaly Based Intrusion Detection - Dr. Stefano Zanero (Politecnico di Milano T.U.
  • High Security Locks - Illusion or Reality? - Marc Weber Tobias (Investigative Attorney and Security Specialist)
  • Insider Threat Visualization - Raffael Marty (Manager, Strategic Application Solutions @ ArcSight Inc.)
  • Conference Day 2 - 6th September 2007

  • Hacking the Bluetooth Stack for Fun, Fame and Profit - Dino Covotsos (Managing Director, Telespace Systems)
  • Tools and Strategies for Securing a Large Development Project - Window Snyder (Chief Security Something or Other, Mozilla Corporation)
  • Hacking Biometric Systems - Starbug (Independent Security Researcher)
  • Protocol Fuzzing - Luiz Eduardo (Senior Systems & Security Engineer, Mu Security)
  • Hacking Hardened and Secured Oracle Servers - Alexander Kornbrust (Founder, Red Database Security GmbH)
  • Enterprise Hacking: Who Needs Exploit Codes? - Fetri Miftach (Principal Consultant, PT Bellua Asia Pacific) and Jim Geovedi (Security Consultant, PT Bellua Asia Pacific)
  • Slipping Past The Firewall - Billy K. Rios (Senior Researcher, VeriSign) and Nathan McFeters (Senior Security Advisor, Ernst & Young Advanced Security Center)
  • An End-to-End Analysis of Securing Networked CCTV Systems - Sarb Sembhi (Chief Technology Officer, Securityw0rk5)
  • Attack Surface of Modern Applications - Felix ‘fx’ Lindner (Founder, Recurity Labs GmbH)
  • Googling for Malware and Bugs - Dr. Jose Nazario (Senior Security Engineer, Arbor Networks)
  • The Computer Forensics Challenge and Anti-Forensics Techniques - Domingo Montanaro (Information Security Specialist and Computer Forensics Expert) and Rodrigo Rubira Branco (IBM, Brazil)
  • Hacking Ajax and Web Services – Next Generation Web Attacks on the Rise - Shreeraj Shah (Director, BlueInfy)

  • Conference Updates

    Filed under: Main Page — Administrator @ 7:41 pm

    Mark ‘Phiber Optik’ Abene has announced the details for his keynote, “The Rise and Fall of Information Security in the Western World” on Day 2. In addition, the Conference Agenda has been updated and the following speakers have been added to our line up:

  • Nathan McFeters (Senior Security Advisor, Ernst & Young Advanced Security Center) will be presenting with Billy K. Rios (Senior Researcher, Verisign) on Slipping Past the Firewall in which Billy and Nathan will demonstrate some new techniques used by attackers to establish a “staging point” on your internal network to conduct NON-HTTP based client side attacks.
  • Alessio L.R. Pennasilico aka Mayhem (Security Evangelist, Alba S.T. s.r.l.) has spent the last couple of months working with Raoul Chiesa (Board of Directors Member @Mediaservice.net, ISECOM Group & TSTF) on pen testing various SCADA implementations. In their presentation Hacking SCADA and how to 0wn critical national infrastructure, Raoul and Mayhem have promised to share some insightful demos ;)

    The final round of updates and announcements is scheduled for next week. If you have not registered for your seat yet, there are still a couple of days to do so or you could also register on-site however, rates increase after 31st August.

  • HITB Exclusive - WABISABILABI - The Exploit Marketplace Project

    Filed under: Main Page — Administrator @ 10:40 am

    We are excited to announce an exclusive talk on the new exploit marketplace project, WabiSabiLabi. Presented by their Strategic Director, Mr Roberto Preatoni, attendees will be the first in Asia to hear directly from the guys behind the project on the purpose of it’s set up, the project’s direction and to address the controversies surrounding it.

    Presentation Title: WABISABILABI: The Exploit Marketplace Project
    Presentation Details:

    Three days after its launch, the Wabisabilabi project attracted the world’s attention. For the good and for the bad, the press covered the project in all its aspects, generating and endless round of comment threads on specialized forums. The project got the attention of the financial press, hitting the Economist and Forbes. The speech will let you hear directly from WABISABILABI’s Strategy Director the project philosophy, business model and milestones as well as the challenges the project has to overcome in the future.

    - history of the research in the security field
    - WABISABILABI: a name, a philosophy
    - current status of the security market: exploiting the security researcher’s work for free
    - the black security market: a myth? A reality?
    - the traditional security vendor business model VS Wabisabilabi’s one
    - is it ethical? Major criticisms do have ground?
    - legal aspects of a security marketplace: the results of one year of legal investigations
    - the economical models: auction, dutch auction, exclusive sale
    - the big dilemma: to disclose or not to disclose?

    For further details please click here. Do note that prices for the dual track conference increases after 31st August

    Discounted Hotel Room Rates

    Filed under: Main Page — Administrator @ 11:29 am

    Below are the discounted room rates for attendees of HITBSecConf2007 - Malaysia. Attendees have the choice of staying at either Le Merdien or Hilton KL Sentral - both hotels are located in the same building. Attendees are requested to quote “HITB2007″ when making your reservation and those wishing to stay at Le Meridien will need to fill in this form.

    Hilton KL per day room rate:

    RM435++ for Hilton Innovation Room without breakfast
    RM515++ for Hilton Grand Room without breakfast
    RM700++ for Hilton Innovation Suite without breakfast
    Breakfast at RM59++ per person

    Le Meridien per day room rate:

    RM385++ for Deluxe Room Single occupancy with breakfast
    RM460++ for Deluxe Room Double occupancy with breakfast
    RM415++ for Premier Room single occupancy with breakfast
    RM515++ for Premier Room double occupancy with breakfast

    Draft Agenda, CTF Updates & Conference Kit

    Filed under: Main Page — Administrator @ 10:35 pm

    The draft agenda for HITBSecConf2007 - Malaysia is now online! The final listing of speakers will be announced in the first week of August. In total there will be over 30 hours of deep knowledge network security presentations and we have extended the timing of the event to accommodate for this. In addition, the details for the Capture The Flag competition have also been announced and version 1.0 of the conference kit is also available. The kit includes everything you’d need to know about the event and what we have planned. You can download the conference kit here.

    CFP is closed

    Filed under: Main Page — Administrator @ 12:22 pm

    The Call for Papers for HITBSecConf2007 - Malaysia has ended. Thank you to everyone who took the time to put together a submission. The team will be making the final selection of speakers by the end of this week and we will announce the final listing and release a draft of the conference agenda on Wednesday, 9th of May. We have received over 30 submissions for the event with several super interesting papers… Needless to say it looks like it’s going to be a really terrific event and you definitely don’t want to miss this :)

    Registration is open

    Filed under: Main Page — Administrator @ 2:05 pm

    Registration for HITBSecConf2007 - Malaysia is now open! We have moved our conference to the bigger and better Hilton KL Sentral; Kuala Lumpur’s newest 5-star hotel centrally located in the heart of Kuala Lumpur and a mere 28 minutes from the airport via the KLIA Express.

    We’re expecting over 800 attendees to join us from around the world for this year’s Malaysian leg and we promise they will not be disappointed! HITBSecConf2007 - Malaysia will be the largest network security event in Asia with 4 keynote speakers and over 40 of the world’s leading researchers and security experts under one roof. Some of the highlights:

    7 Tracks of Hands-On Technical Trainings

    Day 1 Keynote Speakers: Lance Spitzner and Mikko Hypponen
    Day 2 Keynote Speakers: Mark ‘Phiber Optik’ Abene and Emmanuel Goldstein

    HITB Cinema: As part of our yearly charity initiative, we are organizing screenings of Freedom Downtime and Urchin. Freedom Downtime, directed and produced by Emmanuel Goldstein is the story of computer hacker Kevin Mitnick, imprisoned without bail for nearly five years while Urchin is an independent production written and directed by John Harlacher and stars Mark Abene as ‘The Inside Man’ and Emmanuel Goldstein as ‘The Outside Man’. Shot illegally in the subways, sewers, and streets of New York City “Urchin” is a prime example of guerrilla cinema made possible by new technology. This will be the first time in Asia Pacific that these movies are being shown to the public and all proceeds from these screenings will go to the Malaysian National Cancer Council - MAKNA.

    Capture The Flag: With cash prizes worth USD6,000 this years’ Capture The Flag game has already received confirmation of participation from Padocon from Korea (last year’s champions), NDMTeam from Bulgaria, Army Strong comprising members of the US Army and Zone-H from Italy.

    Zone-H/HITB Hacking Challenge: Zone-H in colaboration with the Hack in The Box crew will organize a 6-level web-based hackgame in which individual participants will be challenged to try to beat the hackgame in the shortest possible time. Based on the original game developed by Zone-H in 2005, there will be no need to bring your own exploits or your own laptop.

    Lock Picking Village (LPV): Deviant Olam, Eric Michaud and Q who are members from the The Open Organization of Lockpickers (TOOOL USA) will be running a Lock Picking Village at the conference in which attendees will be invited to try their hands at bumping and other physical security bypass methods! If you think your home locks are secure, you’re more than welcome to bring them along and see for yourself how easily they can be bypassed.

    BZFlag Competition: Organized by members of the US Army, attendees to HITBSecConf2007 will be able to blow off some steam in a BZFlag arena. BZFlag is an online multiplayer cross-platform open source 3D tank battle!

    Call for Papers now open

    Filed under: Main Page — Administrator @ 11:32 am

    The CFP for HITBSecConf2007 - Malaysia is now open. HITBSecConf - Malaysia is the premier network security event for the region and the largest gathering of hackers in Asia. Our 2007 event is expected to attract over 700 attendees from around the world and will see 4 keynote speakers in addition to 40 deep-knowledge technical researchers presenting over two-days.

    Being a deep-knowledge technical conference, talks that are more technical or that discuss new and never before seen attack methods are of more interest than a subject that has been covered several times before. Summaries not exceeding 250 words should be submitted (in plain text format) to cfp -at- hackinthebox.org for review and possible inclusion in the programme.

    Submissions are due no later than 1st May 2007. For further details, please take a look at the CFP page.

    Next Page »

    Event Organizer

    Hack In The Box (M) Sdn. Bhd.

    Supported & Endorsed By

    Malaysian Communications and Multimedia Commission (MCMC)

    Malaysian Administrative Modernisation & Management Planning Unit

    Platinum Sponsors

    Microsoft Corporation

    Gold Sponsors


    Official Airline Partner

    Internet Bandwidth Sponsor

    Global Transit

    CTF Sponsor

    Scan Associates

    CTF Prize Sponsor

    Scan Associates

    Sponsor for Zone-H/HITB Hacking Challenge


    HITB Cinema Sponsor

    Avenuz Sdn. Bhd.

    Official Creation Station

    The Womb.com

    Our Speakers are Supported By

    F-Secure Corporation

    Arbor Networks


    Bellua Asia Pacific

    ERNW GmbH

    Mozilla Corporation

    Mu Security

    Supporting Media:

    Virus Bulletin

    Virus Bulletin (VB)

    InfoSec News

    (ISN) InfoSec News

    InfoSec News

    XAKEP (Russia)

    Insecure Magazine

    PHRACK Magazine

    Hakin9 Magazine

    Supporting Organizations

    Chaos Computer Club

    ISECOM - Insititue for Security and Open Methodologies


    IT Underground

    X-Focus China

    Zone-H Defacement Mirror

    Xatrix Security

    Special Interest Group in Security & Information InteGrity Singapore