Below are the list of sponsors and supporting organizations that have come forth to make HITBSecConf2005 - Bahrain a success!

We are proud to announce the finalized list of Sponsors and Supporting Organizations for HITBSecConf2005 - Bahrain.

Microsoft Corporation
Argus Systems Group
Bahrain International Circuit
Gulf Air
Kingdom University Bahrain
Instec Digital Systems
Oracle Corporation
SIAG
Duroob Technology
Qatar Airways

HITBSecConf2005 - Bahrain is also supported by

Bellua Asia Pacific
X-Focus China
Bahrain Information Technology Society

We are proud to announce the latest speaker additions to HITBSecConf2005 - Bahrain.

KEYNOTE SPEAKERS:

Bruce Schneier - Founder and Chief Technical Officer, Counterpane Internet Security
Paul Mcnabb - General Manager and Director of Business Development, Argus Systems Group
Jorge Sebastiao - Chief Executive Officer, E-Security Gulf Group.

The following presenters have also announced their paper titles.

Meder Kydyraliev & Fyodor Yarochkin
Anthony Zboralski (Gaius)
Roberto Preatoni & Fabio Ghioni
Emmanuel Gadaix

In the next couple of days we will be announcing the updated training/workshop tracks that will be conducted on the 12th & 13th April 2005.

Presentation Title: The Latest on Digital Security
Presentation Details: TBA

About Bruce Schneier (Founder and Chief Technical Officer, Counterpane Internet Security):

Internationally-renowned security technologist and author Bruce Schneier is both a Founder and the Chief Technical Officer of Counterpane Internet Security, Inc. the world’s leading protector of networked information - the inventor of outsourced security monitoring and the foremost authority on effective mitigation of emerging IT threats.

Schneier is responsible for maintaining Counterpane’s technical lead in world-class information security technology and its practical and effective implementation. Schneier’s security experience makes him uniquely qualified to shape the direction of the company’s research endeavors, as well as to act as a spokesperson to the business community on security issues and solutions.

Schneier is the author of eight books, including his current best seller, Beyond Fear: Thinking Sensibly about Security in an Uncertain World, which tackles the problems of security from the small to the large: personal safety, crime, corporate security, national security. Secrets & Lies: Digital Security in a Networked World, which was published in October 2000, has sold 100,000 copies. One of his earlier books, Applied Cryptography, now in its second edition, is the seminal work in its field and has sold over 150,000 copies and has been translated into five languages. He writes the free email newsletter Crypto-Gram, which has over 100,000 readers. He has presented papers at many international conferences, and he is a frequent writer, contributing editor, and lecturer on the topics of cryptography, computer security, and privacy.

Schneier designed the popular Blowfish and Twofish encryption algorithms, the atter a finalist for the new Federal Advanced Encryption Standard (AES). Schneier served on the board of directors of the International Association for Cryptologic Research, and is an Advisory Board member for the Electronic Privacy Information Center.

Schneier holds an MS degree in computer science from American University and a BS degree in physics from the University of Rochester.

Presentation Title: The Challenges of OS Security
Presentation Details: TBA

About Paul Mcnabb (General Manager and Director of Business Development, Argus Systems Group):

Paul A. McNabb, General Manager and Director of Business Development, brings over 20 years experience with UNIX software development and administration to Argus. Mr. McNabb developed the architecture of the world’s first third-generation trusted operating system, including the design, development, and testing of many of Argus’ secure UNIX products. In addition, he supervised the unprecedented ITSEC certification of Argus security applications.

Mr. McNabb previously served as Manager of Trusted Products for Addamax Corporation from March 1988 through February 1993, where he was responsible for supporting the security evaluation of all trusted security products. From 1984-1985, he was employed as the Director of Research Facilities for the Computer Science Department at Purdue University. In this capacity, Mr. McNabb was responsible for managing the purchase and administration of all departmental hardware and software. He received a Master of Science degree in Computer Science from Purdue University in 1984.

Mr. McNabb is the deputy director of the University of Illinois Center for Advanced Research in Information Security (CARIS) and is also chairman of the ASP Industry Consortium (ASPIC) Best Practices Security Subcommittee.

Mr. McNabb has participated in defining security issues and economic solutions for architectures ranging from ASP and ISP hosting environments to government and defense information systems. He is a Certified Information Systems Security Professional (CISSP) and has over 20 years direct experience in Internet/ARPAnet development and security. He is a frequent lecturer before industry and academic groups and has been a speaker at more than 40 security conferences and symposia in North America, Europe, Asia and Australia.

Presentation Title: TBA
Presentation Details: TBA

About San: TBA

Presentation Title: TrustedBSD Security Policy Implementation through the MAC Framework
Presentation Details:

The TrustedBSD project is a non-profit effort for the development of FreeBSD’s security extensions. One of the more unique and definitely most powerful extensions is the MAC framework. By touring through the currently available ACL solutions, the benefits of MAC (and the benefits to come) will be made very clear. The TrustedBSD MAC framework permits extensions to be introduced at compile-time, boot-time or at run-time, and provides a number of services to support dynamically introduced policies, including policy-agnostic object labeling services and application interfaces. By tackling the design of the MAC framework through the analysis of the actual implementation, hackers will be introduced to the powerful MAC API that allows virtually infinite flexibility in security policy design, implementation and layering.

About Samy Al Bahra:

Samy Al Bahra has been involved with open-source for over four years, and contributes regularly as a TrustedBSD and arabeyes.org developer. An enthusiastic hobbyist at heart, Samy has contributed to a wide range of other open-source projects and serves as one of the representatives of the Saudi Computer Society’s Linux group (as a regular lecturer). Samy has also served as one of the technical reviewers for Addison Wesley’s “The Design and Implementation of the FreeBSD Operating System” and has several articles littered across the internet.

Presentation Title: Cyber Skirmishes
Presentation Details:

High-tech information warfare is fast becoming a reality. The term information warfare covers a wide range of activity, including corporate and military espionage and intelligence collection, psychological operations and perception management, attacks on communication systems, consumer fraud, and information piracy. In addition, the concept covers specifically computer-related issues: viruses, Trojan horses, and deliberate and targeted hacking efforts such as computer break-ins and denial-of-service attacks (where hackers flood an Internet server with traffic to overload and disable it). Cyber warfare is politically-motivated computer hacking that inflicts severe societal harm, and may also effect nation’s economy and defense. Cyber Warfare is so rapid that it may not give an opponent enough time to “surrender” before permanent and devastating damage is done. It has recently become of increasing importance to the military, the intelligence community, and the business world. Military planners are now imagining soldiers at computer terminals silently invading foreign networks to shut down radars disable electrical facilities and disrupt phone services.

# Introducing Cyber warfare
# Globalization of Cyber Warfare
# Outsourcing Warfare
# Cyber Targets
# Psychology of Modern Warfare
# Cyber Weapons
# Retaliation and Defense Tools

# Cyber battleground of Palestine and Israel
• Political and social effects caused by hacking incidents ( Real Examples)
• Targets
• Searching More Targets
• Famous Hacker Groups
• Volunteer Hackers
• Formation of Groups and their strategies
• Globalizing the war
• Tactics

# Cyber battleground of Iran and USA
• Political and social effects caused by hacking incidents ( Real Examples)
• Targets
• Searching More Targets
• Famous Hacker Groups
• Volunteer Hackers
• Formation of Groups and their strategies
• Globalizing the war
• Tactics

# Cyber battleground of China and USA
• Political and social effects caused by hacking incidents ( Real Examples)
• Targets
• Searching More Targets
• Famous Hacker Groups
• Volunteer Hackers
• Formation of Groups and their strategies
• Globalizing the war
• Tactics

# Cyber battleground of India and Pakistan
• Political and social effects caused by hacking incidents ( Real Examples)
• Targets
• Searching More Targets
• Famous Hacker Groups
• Volunteer Hackers
• Formation of Groups and their strategies
• Globalizing the war
• Tactics

# Capabilities of Al Qaeda
# Al Qaeda’s Interest In Cyber Warfare
# Al Qaeda’s Cryptography as Communication
# Cyber attacks during war of Terrorism
# Cyber attack on Al Qaeda by US
# Cyber Defense Strategies
# How hacking affect military operations?
# Influencing Foreign Policy
# How cyber attacks can spark a Real War?
# Cyber Propaganda and Terrorism
# ECHELON
# Revolution in Military affairs and C4I
# International Law
# Future of Cyber Warfare

About Zubair:

Zubair Khan is a freelance network security consultant. He has been researching mainly on DDoS Attacks and also on various other facets of network security for the past six years. He has given network security consultancy to top organizations of Pakistan. Recently he worked as a network security consultant for C4i of Pakistan. C4i is one of the directorates of Pakistan Army providing secure mode of communication for peacetime and war.

Zubair is founder of hacker’s conferences in Pakistan. His two major events Islamabad Hackers Training Camp 2004 and Islamabad Hackers Convention 2005 turned out to be a huge success. These events created a platform for security professionals in Pakistan. He has also conducted security trainings at various forums which includes government organizations. His research and work is recognized by Chairman of Pakistan Engineering Development Board and Chairman of Pakistan Engineering Council. His work and efforts to create network security awareness are greatly appreciated by high officials of country and also by media agencies.

Presentation Title: Malicious Code Analysis
Presentation Details: This presentation will introduce the audience to the types of malicious code out there today, and how they go about doing what they do by analyzing them behaviourally, and also by reverse engineering the code. We will also examine the various propagation vectors, and what to expect to see in the future. Finally, a discussion of how anti-virus solutions are reactive and how to pro actively protect the network from malicious code by performing trend analysis.

Why is this dicussion important?

Anti-virus companies are reactive. As new viruses emerge and begin infecting customers, these companies then acquire the code, analyze it , and push out a signature to protect their customers. This approach is going to become obsolete with the way things are going. Security professionals will have to become proactive and understand the workings of malicious code, and then be able to protect their networks from the inside.

About Ahmad Elkhatib:

Ahmad Elkhatib is a currently an information security consultant with InnoKAT, a company specializing in security professional services, where he helps top enterprises in the region by designing and implementing their security strategies. Previous to InnoKAT, Ahmad worked at iDEFENSE where he was a Vulnerability Research Engineer with iDEFENSE Labs. He then later moved to the Malicious Code Team as a Malicious Code Analyst. In that role Ahmad analyzed, assessed and reported on cyber threats to iDEFENSE’s Fortune 100 customers. Ahmad also worked with British Telecom’s BTExact as a Wireless Network Security Engineer. He also was an IT consultant for the Computer Aided Engineering Network (CAEN) at the University of Michigan - Ann Arbor. Ahmad holds a degree in Computer Engineering from the University of Michigan - Ann Arbor and is a certified BS ISO 17799 Lead Auditor. Ahmad is also a member of the Information Systems Security Association - Northern Virginia chapter and has participated and presented at various security conferences and academic institutions.

Presentation Title: Whispers On The Wire - Network Based Covert Channels, Exploitation and Detection
Presentation Details:

The presentation aims to acquaint the listener with the intriguing theme of network based covert channels and describes how these copse data communication and hiding techniques can be, and are being actively exploited over various communication networks. It gives the reader a detail insight on the background, methods, tools, detection techniques and future implications associated with them. This presentation will provide the latest insight in to this rapidly evolving field.

About Pukhraj:

Pukhraj Singh is an information security researcher and a technology evangelist. He is currently employed at the Indian R&D base of a Silicon Valley headquartered security start-up. He is a part of the team working on a patent pending, avant-garde device which will prevent intrusions in an novel way. He had a short stint of working with Network Intelligence India, a leading security solutions provider in Asia-Pac region where he worked on varied information security domains like penetration testing, incidence response and vulnerability assessment. Having an innate interest in making people more aware about security and its importance in present scenario, he has spoken in many national conferences and technology meets and written in some leading security resource websites (SecurityFocus.com) and newspapers.

Presentation Title: Unix Kernel Auditing
Presentation Details:

This paper will deal with finding security flaws in unix kernels. Today kernel related security bugs are more important then ever, This is because the average administrator is paying attention to security these days. He/she will usually narrow down everything that can be ran as another user (network daemons, cron scripts, suid and sgid binairies, webapplications, …).

These are in most cases all programs that run in userspace and are usually fairly easy to narrow down. Things are not that easy when it comes to kernels. Most people see kernels as as blackboxes and will stay away from them except for some compile configurations. This is where the problem lies. besides the fact that it is very hard to minimize your kernel they are also a perfect target for attack. Unlike some network applications and suid/sgid binaries kernels have a lot (+1000) of inputs that a user initially controls. Given that no sofware is flawless, and the most unix kernels have more then 1000 inputs it’s safe to say that all unix kernels have severe security bugs that have yet to be discovered.

This paper will describe some common steps into looking for specific security flaws and will try to stipulate where to look for them.

About Ilja:

Ilja van Sprundel is a employee of Suresec Ltd. and has a passion for somewhat offensive computer security. Among other things he has previously implemented a secure credit card transaction solution. Ilja also attended the RWTH-Aachen summerschool of applied I.T security where he learned a great deal about offensive and defensive security mechanisms. He is also the winner of the 21c3 stacksmashing contest and a member of the Netric security research group.

Presentation Title: Wireless Prevention and Protection
Presentation Details: TBA

About Dr. Khaled Negm:

Khaled E. A. Negm, Ph.D., MIEEE, ISSA, ISACA, CISA, FMICTP. MECT*/NATO, USENIX. Dr. Negm is a member of the Information Systems Security Association (ISSA)-USA and Information Systems Audit and Control Association (ISACA)-USA. He is the Associate Chairman for the Security Standards Committee and Secretary for the Scientific Committee of the ISSA for the Middle East and Asia. He is also a member of the Technical Committee of Security Standards of the IEEE and the USENIX group.

He is currently Associate Professor in Etisalat College of Engineering, UAE. For the last 16 years Dr. Negm has been involved in carrying out responsibilities for the Network Security Architecture, including the design, implementation, and administration of firewalls, Web servers, proxy servers, SecureID and other network security components for several Governmental Departments, Security Agencies, Banks and Educational Institutes. He has also provided training and consulting in the areas of security solutions and security audits involving corporate security policies, designing and implementing the corporate firewall solutions, and providing secure access for remote systems.

Dr. Negm is a Senior Member of the IEEE and Member of the Applied Computational Society. His current interest lies in IPSEC, Wireless Security, IT Forensics and the AAA Wireless Problems. Dr. Negm is listed in Who’s Who in Information Technology and Networks Systems Security and Nominated to be the Professional of the Year 2004 (of IT Security) by the International Association of Networking Professionals-USA.

Presentation Title: TBA
Presentation Details: TBA

About Javed: TBA

Presentation Title: Toward Architectural Challenges of Secured Mobile Devices
Presentation Details:

Security is critical to a wide range of current and future wireless data applications and services. In this research proposal I would like to highlight the challenges posed by the need for security during system architecture design for wireless handsets, and provide an overview of emerging techniques to address them. My talk-objective evidently supports that directions.

There are several challenges unique to wireless devices and their environment, which will be addressed in my speech. I envision that, in addition to new security protocols optimized for the wireless environment, new system architectures and system design methodologies will be required to address many of these challenges, including the wireless security processing gap . I would like to mention the ways to discover & minimize those security gaps. Security considerations will become an integral part of system design for wireless handsets, rather than being addressed as an afterthought.

About Manzur:

Manzur Ashraf is a lecturer in the department of computer science & engineering, BRAC University, Dhaka.

We are proud to announce the immediate availability of the Hack In The Box Security Conference 2004 videos [Pack-1 and Pack-2]. Held at The Westin Kuala Lumpur in Malaysia from October 4th till the 7th, HITBSecConf2004 saw some of the biggest names in the network security industry down to present their latest research and findings. HITBSecConf2004 was also the first time we had two keynote speakers namely Theo de Raadt, creator and project leader for OpenBSD and OpenSSH and John T. Draper infamously known as Captain Crunch. Other speakers who presented include the grugq, Shreeraj Shah, Fyodor Yarochkin, Emmanuel Gadaix, Adam Gowdiak, Jose Nazario, Meder Kydyraliev and several others.

We have broken the video files into two separate packages. These files have been encoded using the DIVX codec and we are distributing them via Bit Torrent.

HITBSecConf2004-Pack-1 contains:

Keynote Speaker 1 - Theo de Raadt
Exploit Mitigation Techniques

Adam Gowdiak
Java 2 Micro Edition (J2ME) Security Vulnerabilities

Fyodor Yarochkin & Meder Kydyraliev
Security Tools Integration Framework (STIF)

Gareth Davies (NSS MSC)
Advanced Information Gathering aka Google Hacking

The Grugq
The Art of Defiling: Defeating Forensic Analysis on Unix File Systems

Jose Nazario
Packet Mastering

Suresh Ramasamy (TimeDotCom)
Cryptography Demystified

Teo Sze Siong
Stealth Virus Design Thru Breeding Concept (Non Polymorphic)

HITBSecConf2004-Pack-2 contains:

Keynote Speaker 2 - John T. Draper (Captain Crunch)
Security Threats from Spamming

Emmanuel Gadaix (TSTF)
Phreaking in the 21st Century

Jorge Sebastiao (ES-Gulf)

Toh Swee Hoe (MCMC)
Information Network Security Issues in the Communications and Multimedia Industry

SK Chong (Scan Associates)
Windows Local Kernel Exploitation

Roberto Preatoni (Zone-H) and Fabio Ghioni
Asymmetric Warfare and Interception Revealed

Shreeraj Shah (Net-Square)
Web Services - Attacks and Defense Strategies, Methods and Tools

Sukdev Singh (ISS)
Protecting Your Business From Phishing & Internet Attacks

HITBSecConf2004 Panel Discussion

Our Call for Papers (CFP) for HITBSecConf2005 - Bahrain is now closed. Thank you to all of you who submitted. We will be contacting all of you via e-mail on whether your papers have been accepted or not. Thank you once again.