[ mainpage :: register :: training :: conference :: hitb-labs :: the venue ]
[ capture the flag (CTF) :: wireless village :: lock picking village (LPV) :: open-hack ]
[ call for papers (CFP) :: conference agenda :: sponsors :: press/media :: forum ]
[ conference kit (PDF) :: past conferences :: contact us ]


HITBSecConf2008 - Malaysia (Day 1)

HITBSecConf2008 - Malaysia (Day 2)

Registration for HITBSecConf2009 - Dubai is also now open.

Paul Craig (Principal Security Consultant, Security-Assessment.com)

Filed under: Main Page — Administrator @ 12:50 pm

Presentation Title:Hacking Internet Kiosks
Presentation Abstract:

Internet Kiosk’s have become common place in today’s internet centric society. Public internet Kiosk’s can be found everywhere, from Airports, Train stations, Libraries and Hotels to corporate lobbies and street corners. Kiosk’s are used by thousands of users daily from all different walks of life, creed, and social status. Internet kiosk terminals often implement custom browser software which rely on proprietary security mechanisms and access controls. Kiosk’s are designed to limit the level of access a user has to the internet kiosk, and attempt to thwart malicious activity. Kiosk users are prohibited from accessing the Kiosk’s local file system, or the surrounding local network attached to the Kiosk.

This talk will cover Internet Kiosk software exploitation techniques, and demonstrate methods of compromising internet Kiosk terminals. An online service dubbed ‘iKAT’ will also be officially released to the public. iKAT (Interactive Kiosk Attack Tool) enables a user to access a suite of online resources, design to aid successful Kiosk exploitation. This presentation will demonstrate how iKAT can be used to compromise a Kiosk terminal in under five minutes! Walk up to a Kiosk, find iKAT, pop shell, it does not get much easier than that.

I promise you will never look at an Internet Kiosk the same way again.

About Paul

Paul Craig is a principal security consultant at Security-Assessment.com in Auckland New Zealand. Paul specializes in application penetration testing, security research and exploit development.In the past Paul has released multiple critical advisories from major project vendors, co-authored several best-selling books on security, and spoken at various security conferencesaround the globe (including Syscan, Kiwicon, VNSec, RuxCon). Paul is an avid hacker with a passion for shell and privilege escalation.

Event Organizer

Hack In The Box (M) Sdn. Bhd.

Supported & Endorsed By

Malaysian National Computer Confederation

Multimedia Development Corporation

Platinum Sponsors

Titanium Sponsor (Post Conference Reception)

Gold Sponsors

CTF Sponsor

CTF Prize Sponsor

Open-Hack Sponsor

Metro-e and Official Bandwidth Sponsor

Network Equipment Sponsor

Our Speakers are Supported By

Supporting Media:

Virus Bulletin

InfoSec News

InfoSec News

XAKEP (Russia)

Supporting Organizations

Professional Information Security Association - Hong Kong

Special Interest Group in Security & Information InteGrity Singapore