A big thank you to our sponsors, speakers, crew (both .MY and .NL!) and volunteers for all their help in putting together our 8th annual show! All conference materials can be downloaded from:

http://conference.hackinthebox.org/hitbsecconf2010kul/materials/

Official conference photos are available at:
http://photos.hackinthebox.org/

Keynote videos are available via our Youtube channel at:
http://www.youtube.com/hitbsecconf

Post Conference Coverage (Mainstream Media)

The Malaysian Insider: Hackers still strong despite soft economy
http://www.themalaysianinsider.com/business/article/hackers-still-strong-despite-soft-economy/

CNet.ru: Конференция «Хакеры в ловушке» прошла в Малайзии
http://pr.cnews.ru/pr_body.shtml?cid=10808&pr=2010/10/15/83955

Diario TI: Explican lecciones aprendidas del botnet Mariposa
http://www.diarioti.com/gate/n.php?id=27857

Kansas City Star: PandaLabs Threat Researchers to Present at Hack in the Box Security Conference
http://www.kansascity.com/2010/10/11/2297863/pandalabs-threat-researchers-to.html

Pressbox: Hardware Keylogger per Software erkennba
http://www.pressebox.de/pressemeldungen/cirosec-gmbh/boxid/381326

IT Sec City: cirosec-Berater Fabian Mihailowitsch stellte erstmals seine Forschungsergebnisse vor
http://www.itseccity.de/content/markt/nachrichten/101021_mar_nac_cirosec.html

Post Conference Coverage (Blogs)

F-Secure Weblog: Hack In The Box 2010 Malaysia Panel Discussion
http://www.f-secure.com/weblog/archives/00002050.html

Paul Ducklin’s Blog: Hack in the Box – DNS expert swings a punch
http://www.sophos.com/blogs/duck/g/2010/10/13/hitb-dns-expert-swings-punch/

PandaLabs Blog: Greetings from Hack in The Box Malaysia
http://pandalabs.pandasecurity.com/greetings-from-hack-in-the-box-malaysia/

Paul Ducklin’s Blog: Hack in the Box attack – presenter threatened with arrows
http://www.sophos.com/blogs/duck/g/2010/10/14/hitb-attack/

Paul Ducklin’s Blog: Privacy threats to dominate security landscape in 2011?
http://www.sophos.com/blogs/duck/g/2010/10/15/privacy-threats-2011/

ACROS Security: How Visual Studio Makes Your Applications Vulnerable to Binary Planting
http://blog.acrossecurity.com/2010/10/how-visual-studio-makes-your.html

TEHTRI Security: Hack In The Box SecConf, Kuala Lumpur, Malaysia 2010
http://blog.tehtri-security.com/2010/10/hack-in-box-secconf-kuala-lumpur.html

Can’t join us for our first ever keynote panel at #HITB2010KUL? WATCH IT ONLINE at http://video.hackinthebox.org/! Follow @hitbsecconf on Twitter to send your questions to the panel.

Future of Mobile Malware & Cloud Computing

Available rooms at the Crowne Plaza are fast running out – If you are unable to get a reservation, we have arranged for a special discount rate at the Prince Hotel & Residences (located behind Crowne Plaza) exclusively for HITB2010 conference attendees. The rates below include a shuttle transfer to the conference venue as well.

Deluxe room
RM 270/280++ per room / per day

1 Bedroom Apartment – (can accommodate a maximum 4 pax):
RM360++ // RM390++ per apartment / per day

For further details and to make reservations:

PRINCE HOTEL & RESIDENCE KUALA LUMPUR
No 4, Jalan Conlay, 50450 Kuala Lumpur, Malaysia
http://www.princehotelkl.com.my
Location Map

Tel: 603 2170 8682 (DID)
Fax: 603 2170 8808 (DID)
Email: audry.kho@princehotelkl.com.my

The draft agenda is now online – http://conference.hackinthebox.org/hitbsecconf2010kul/agenda.pdf

In addition, the following additional speakers have been added to the conference line up:

1.) Cedric Halbronn (Sogeti / ESEC)
2.) Claudio Criscione (Principal Consultant, Secure Network S.r.l.)
3.) Don Bailey (Security Consultant, iSEC Partners)
4.) Jonathan Brossard (CEO, Toucan Systems)
5.) Laurent Oudot (Founder, TEHTRI-Security)
6.) Long Le (VNSECURITY)
7.) Mary Yeoh (Intel Corp)
8.) Mitja Kolsek (CTO, ACROS Security)
9.) Paul Sebastian Ziegler (Independent Network Security Researcher)
10.) Saumil Shah (Founder, Net-Square)

For the full speaker listing, please click here. A reminder once again that online registration closes on the 10th of October and you are strongly encouraged to register early or face the very high possibility of not having a seat.

Conference Speakers (alphabetical order)

1.) Alexander Polyakov (CTO, Digital Security Company)
2.) Dennis Brown (Research Engineer, Tenable Network Security)
3.) Fabian Mihailowitsch (IT Security Consultant, cirosec GmbH)
4.) Jean-Baptise Bedrune (Sogeti / ESEC)
5.) Luis Corrons (Director of Research, PandaLabs)
6.) Marco Slaviero (Associate, SensePost)
7.) Meder Kydyraliev (Google Security Team)
8.) Paul Thierault (Security Consultant, stratsec)
9.) Shreeraj Shah (Founder, BlueInfy)
10.) The Grugq (Senior Security Researcher, COSEINC)

The next round of speaker updates will be made on the week of 1st September along with the draft conference agenda

Just incase you missed the announcements on our Twitter stream, we’re adding on a couple of new features to this year’s conference that we’re really excited about:

Capture The Flag Weapons of Mass Destruction 2.0

Capture the Flag Weapons of Mass Destruction 2.0 will for the VERY FIRST TIME feature a collaborative effort between the HITB CTF Crew, Whitewolf Security and The Hex Factor. The basic principle of CTF-WMD is similar to past CTF competitions held at Hack in The Box – attack and defend. Teams of 3 will have a set of daemons / services running on their machines and they need to exploit rival teams’ daemons to get their flags. Submit the flag to obtain offensive points. Keep your daemons up and running to obtain defensive points.

Lock Picking Village by TOOOL.nl featuring Barry Wels and Han Fey

Set up and run by Barry Wels and Han Fey – the ORIGINAL FOUNDERS OF The Open Organization of Lockpickers (TOOOL Netherlands), attendees to this year’s event will get a chance to try their hand at picking, shimming, bumping, safecracking, and other physical security attacks. It has always been customary for TOOOL-sponsored physical security sessions to offer some degree of audience interaction and hands-on training. Sometimes this has taken the form of publicly-submitted locks being given on the spot security analysis, other times members of the general public with no lock-picking experience have been invited to attempt a bypass in order to demonstrate its ease.

HITB Hard-Hack Village by HackerspaceKL & Random Data (Utrecht, The Netherlands)

In the HITB Hard-Hack Village you will be able to play-around with electronics. Set up and run by the folks from Hackerspace Kuala Lumpur and Randomdata (Utrecht/Netherlands), the Hard Hack Village will help you to setup your own electronics and demonstrate how easy things work. One of the main electronic components which will be used is the Arduino micro-controller platform. Arduino is an open-source electronics prototyping platform based on flexible, easy-to-use hardware and software. It’s intended for artists, designers, hobbyists, and anyone interested in creating interactive objects or environments.

HITB SIGINT (Signals Intelligence / Signal Interrupt)

A brand new introduction for 2010, the HITB SIGINT (Signal Intelligence/Interrupt) sessions are designed to provide a quick 15 minute overview for material and research that’s up and coming – stuff that isn’t quite ready for the mainstream tracks of the conference but deserve a mention nonetheless. This session is also open to all final year students who want to present their projects to industry experts and prove their worth before they graduate.


Lastly, if you haven’t seen it, the electronic conference flyer is now available for download. We had a really exceptional number of early bird registrations this year and if you’re thinking of attending the conference, we strongly suggest you REGISTER NOW or face the prospect of getting turned back at the door. See you guys in October!

- The HITB Team

The early bird registration for HITB2010 Malaysia is now closed – There was an overwhelming number of sign ups this year during the early bird period and we thank all of you who registered early! From the looks of it, seats for this years event WILL BE VERY LIMITED, so if you haven’t already signed up you might want to do so before they’re all sold out!

On a related the note, the Call for Papers for the conference has also closed and we received some really nice submissions. The shortlisting of speakers will begin this week and the first batch of speaker announcements will be made on the week of 16th August…


Welcome to the official homepage of HITBSecConf2010 – Malaysia. The main aim of the HITBSecConf conference series is to create a truly technical and deep knowledge event in order to allow you to learn first hand on the security threats you face in todays super connected world. The HITBSecConf platform is used to enable the dissemination, discussion and sharing of critical network security information.

Presented by respected members of both the mainstream network security arena as well as the underground or black hat community, our events routinely highlight new and ground-breaking attack and defense methods that have not been seen or discussed in public before. HITBSecConf2010 – Malaysia will be our 8th conference ‘at home’ and is expected to attract over 1000 delegates from around the globe! Come and learn from some of the leading experts in the network security arena.

HITBSecConf2010 – Malaysia will incorporate our new QUAD TRACK FORMAT introduced at HITBSecConf2010 – Amsterdam and will also feature an all new Capture The Flag Weapons of Mass Destruction game! We believe HITBSecConf is an ideal platform for leading network security vendors to not only meet with some of the leading network security specialists but to also showcase their own technology and solutions with the public as well.


Venue: Crowne Plaza Mutiara Kuala Lumpur,
Jalan Sultan Ismail,
Kuala Lumpur, Malaysia

HITBSecTraining

4th & 5th October 2010

HITB TRAINING 1 – The Exploit Lab 5.0
Trainer: Saumil Shah (Founder, Net-Square) & SK Chong (Security Consultant, SCAN Associates Bhd.)
Seats Left: 25

6th & 7th October 2010

HITB TRAINING 2 – Advanced Exploit Lab
Trainer: Saumil Shah (Founder, Net-Square) & SK Chong (Security Consultant, SCAN Associates Bhd.)
Seats Left: 25

11th & 12th October 2010

TECH TRAINING 1 – Web 2.0 Hacking – Advanced Attacks and Defense (Ajax, RIA and SOA)
Trainer: Shreeraj Shah (Founder, BlueInfy)
Seats Left: 25

TECH TRAINING 2 – SAP Security In-Depth
Trainer: Mariano Nuñez Di Croce (Director of Research and Development, ONAPSIS)
Seats Left: 25

TECH TRAINING 3 – Hunting Web Attackers
Trainer: Laurent Oudot (Founder, TEHTRI Security)
Seats Left: 25

TECH TRAINING 4 – Malcode & Threat Analysis
Trainer: Dr. Jose Nazario (Arbor Networks)
Seats Left: 25


13th and 14th October 2010
Time: 0900 – 1800

HITBSecConf – QUAD TRACK CONFERENCE
Capture The Flag Weapons of Mass Destruction 2.0
Lock Picking Village by TOOOL USA
HITB Labs
HITB Lightning Talks
Recruitment Drive by HITB Jobs
Industry Exhibition & Technology Showcase