Slide 1
Slide 1
Slide 1
Slide 1
Slide 1
Slide 1

PRESENTATION MATERIALS

PHOTOS / VIDEOS

Official conference photos and HD videos will be made available in the next 2-3 weeks. Please follow @hitbsecconf on Twitter for links or join our Facebook Group

Matthias Luft, Enno Rey, Pascal Turbing and Daniel Mende (ERNW GmbH)

PRESENTATION TITLE: Smashing VMDK Files for Fun and Profit

PRESENTATION ABSTRACT:

A number of cloud service providers allow customers to upload VMDK files.

In order to evaluate input validation mechanisms of cloud service providers, we will dissect the VMDK file format, provide analysis of support file systems, less-known ”features” of the specification as well as potential attack vectors. This information will be used to illustrate why the knowledge about virtualization file formats is crucial for cloud service providers and why the unvalidated upload might not be a good idea.

Participants will learn about potential attack vectors, feasible attacks against certain types of virtualization infrastructures, and similarities to other virtualization file formats.

ABOUT MATTHIAS LUFT

Matthias Luft is a seasoned auditor and pentester with vast experience in corporate environments. Over the years, he developed his own approach in evaluating and reviewing all kinds of applications, technologies, and securtiy concepts. He’s one of the first researchers who revealed major design flaws and vulnerabilities in the approach of Data Leakage Prevention. During the last years, he focused on the area of cloud security and presented both approaches for scalability and trust assessment of cloud service providers. He is a regular speaker at international security conferences and will happily share his knowledge with the audience.

ABOUT ENNO REY 

Enno Rey is a long time network geek who loves to explore network devices & protocols and to break flawed ones.

ABOUT PASCAL TURBING

Pascal Turbing is a long time network geek, pentester, and security researcher who loves to explore network devices & protocols and to break flawed ones.

ABOUT DANIEL MENDE 

Daniel Mende is a long time network geek who loves to explore network devices & protocols and to break flawed ones.

Okura Hotel Amsterdam
Ferdinand Bolstraat 333, 1072 LH Amsterdam,
The Netherlands

1-Day Intensive Training Sessions – 21st of May / 0900 – 1800

 

SPECIAL OPS 1  - WIRELESS SECURITY KUNGF00

SPECIAL OPS 2  – THE ART OF EXPLOITING SQL INJECTION FLAWS

SPECIAL OPS 3 – MOBILE APPLICATION HACKING – ATTACK & DEFENSE



2-Day Hands on Training Sessions – 22nd – 23rd of May / 0900 – 1800

TECH TRAINING 1  – HUNTING WEB ATTACKERS

TECH TRAINING 2  – ADVANCED LINUX EXPLOITATION METHODS

TECH TRAINING 3  - ADVANCED APPLICATION HACKING – ATTACKS, EXPLOITS & DEFENSE

 

 



3-Day Hands on Training Sessions – 21st, 22nd & 23rd of May / 0900 – 1800

TECH TRAINING 4  – THE EXPLOIT LABORATORY: ADVANCED EDITION




QUAD TRACK CONFERENCE – 24th & 25th of May / 0900 – 1800

Featuring keynotes by BRUCE SCHNEIER and ANDY ELLIS



EVENT ORGANIZER

LOCAL PARTNER

PLATINUM SPONSORS

GOLD SPONSORS

TITANIUM SPONSOR (POST CONFERENCE RECEPTION + SPEAKER RECEPTION)

SILVER SPONSOR

HACKWEEKDAY SPONSOR

ALCO_PWN SPONSOR (POST CONFERENCE RECEPTION)

HITB LAB / SIGINT SPONSOR

NETWORK SPONSORS AND UPLINK

ADDITIONAL SUPPORT BY

SUPPORTING MEDIA

FRIENDS OF HITB

Copyright © 2012 Hack In The Box | http://www.hackinthebox.org

<<
( / 10 )
>>