Topic 1 - Putting The Network Through the Test “Live”

Presenter: Sean Arries
In this presentation, Sean will take you through the steps of penetration test. What are the methodologies used and how? He will talk about case studies and how this type of testing is a requirement for your business in the 21st century. Sean will also present current strategies that attackers are using to compromise data in your network, File format attacks, Web Application attacks, Backdooring (attacker re-entry) and Sniffing strategies (defeating password cracking). The scope of this presentation will include everything about ‘putting your network through the test.’

Topic 2 - Stratagem 1 "Deceiving the Heavens to Cross the Seas”

Presenter: Jayson E. Street
As the network perimeter hardens and the controls on the desktop tightens. Hackers are going back to the basics and getting through the firewall by going through the front door. They are bypassing the IPS and IDS simply by bypassing the receptionist.

We look at this topic with a different viewpoint. We look at the history of social engineering from Amenhotep 3 to Sinon of Greece as well as how the culture of the country you're in dictates the strategy to use. All this shown in an offbeat way showing how 1st century strategies can still be used to beak into 21st century networks.

Topic 3 - How I Can Take Down Your Network with Ease “Live”

Presenter: Wayne Burke
Wayne Burke will demonstrate some of the most devastating attacks widely used by Hackers to by-pass your wired and wireless networks. By using EC-Councils Ethical Hacker assessment methodology, where the focus is on the “Threats” and “Countermeasures” called "Taking Down Your Network".

The presentation begins with a display of typical Wi-Fi attacks like:
• Jasager Modified Wireless Hardware: Sniffing
• Cracking WiFi Encryption keys
• Sniffing Gmail cookies
• Intercepting Secure Login Sessions to websites

Topic 4 - Web Application Hacking – The Untold “Live”

Presenter: Joseph McCray
Joe will show how a malicious website, laced with javascript malware, can steal passwords for other websites stored in Firefox’s password manager using nothing but garden variety Cross-Site Scripting. Did you know about javascript’s ability to mine out HTML form auto-complete data in Internet Explorer 6 and 7 (about one-third of the Web), which could be used to reveal a users first name, last name, aliases, email addresses, physical address, etc? How about forcing Web browsers to evict all of their cookies -- thereby automatically logging users out of all their current sessions, delete tracking cookies, and so on? Joe will show these all well-documented but not so publicized techniques employed by hackers.

Topic 5 - Cut The Crab, and Let Me Show You Why They Hack

Presenter: Haja Mohideen
Haja will showcase how cybercrime has evolved and how complex and sophisticated the criminal network can be. Learn and understand how cyber criminal gangs are making money, and explore the various methods and tools employed by these syndicates. See how these gangs build million dollar conglomerates.

Topic 6 - Pen Testing A Virtualization System “Live”

Presenter: TBC
Virtualization systems are nowadays ubiquitus in enterprises of any size. Penetration testers and security auditors, however, often overlook virtualization infrastructures, simply looking at the virtual machines without any direct analysis of the underlying solution, not to mention those analyses simply marking virtual environments as "not-compliant".

A different, new approach is required to assess such systems, defining new targets and new ways to get there. This talk will outline procedures and approaches, complete with tools and demos, to execute a penetration test or a design review on virtualization environments. Security experts eager to know more about these systems and sysops willing to protect their own fortress will find this talk interesting

Topic 7 - How Can Botnets Make One A Millionaire?

Presenter: Gunter Ollman
Starting a life of Internet crime is easy; in fact you’ve probably already doing it as far as the RIAA is concerned. Now that you’ve chosen to embark upon a new career, how are you going to get dirty, filthy, stinking rich? How do you become a millionaire? The tool of choice has got to be botnets. Building them is just the start. How do you monetize the tens or hundreds of thousands of machines under your control? Should you harvest confidential and personal information from the victims, or would it be more prudent to become a specialist service provider to other botnet operators? Which models work best, and how can you become a six-million-dollar man within a year?

Night Hack Live

Exclusively FREE for Hacker Halted Asia Pacific 2010 participants only!
Meet the top hackers and experience the coolest ethical hacking demonstration in town!

Sean Arries is the leader of Terremark’s Threat Intelligence Team, an offensive intelligence division of Secure Information Services Group. The Team provides clients around the world with rapid incident response, forensics, and other critical security services including evaluating security posture through vulnerability assessments and penetration testing. With 12 years of experience in the securities/technology field, He has led, as well as been a part of numerous consulting projects in the areas of system, network, and web-based vulnerability assessment, security audits, computer forensics, and secure computing design. He has also been instrumental in locating and responsibly disclosing numerous harmful zero-day vulnerabilities.

Jayson E. Street is an author and INFOSEC professional with a passion for Information Security. His consultation with the FBI and Secret Service on attempted network breaches resulted in the capture and successful prosecution of the criminals involved. In 2007 he consulted with the Secret Service on the WI-FI security posture at the White House. He has also spoken at conferences from Belgium to Brazil and at several other colleges and organizations on a variety of Information Security subjects. Forbes and Scientific American interviewed him regarding his research on the issue of cyber-warfare as it relates to China and their preparedness for an online war. On a humorous note he was chosen as one of Time's persons of the year for 2006.

Wayne Burke, Founder and CSO of Sequrit is a captain of a global operating group of penetration testers and security experts. Wayne and his group have delivered assignments and customized training for Law Enforcement, Police, various Military Units, NSA, FBI, EPA and similar government bodies from South America, Africa, Philippines, Singapore, Malaysia and numerous Gulf locations to name a few from around the world. Wayne completed his national service in Law Enforcement, which served as a platform to build his extensive expertise in the security realm. In EMEA, Americas and Asia he works for numerous government agencies, corporate institutes and the military. Wayne’s experience in IT Security spans across Penetration Testing aka Ethical Hacking, Digital Forensics and Wireless Technologies. He has also undertaken assignments for world renowned corporations including Yahoo, Xerox, AT&T and Texas Instruments to name but a few. He is imminently qualified in his field in that he holds a string of professional qualifications in Networking to name a few (MCT, MCSE, Cisco, Network+) and IT Security (CEH, ECSA /LPT, CHFI, MCSE+Security, CIW Security Analyst, Security+) besides a bachelor’s degree in science. He is also part of the Expert Team of Master EC Council Certified Instructors.

Joseph McCray has 10 years of experience in the security industry with a diverse background that includes network and web application penetration testing, incident response, and forensics in both the DoD community and the private sector. Joe is also a frequent presenter at security conferences such as Def Con, ToorCon, BruCON, TechnoSecurity, TechnoForensics, and currently works as a security consultant/trainer both national and internationally with a focus on high security environments.

Haja Mohideen is the Co-Founder and currently the Technical Director of EC-Council. He manages the certifications and training programs for EC-Council. Mr Mohideen is well-known as the creator of popular certification programs such as the CEH, CHFI, ECSA/LPT and ECSP. With more than 17 years of experience specializing in the development, support and project management of PC software and hardware in distributed computing environment, he has trained various Fortune 500 companies as well as US government agencies.

Gunter Ollmann serves as Vice President of Research at Damballa and is responsible for evolving threat research and development. Ollmann has over 20 years of experience within the information technology industry and is a known veteran in the security space. Prior to joining Damballa, Ollmann held several strategic positions at IBM Internet Security Systems (IBM ISS) with the most recent being the Chief Security Strategist. In this role he was responsible for predicting the evolution of future threats and helping guide IBM's overall security research and protection strategy, as well as being the key IBM spokesperson on evolving threats and mitigation techniques. He also held the role of Director of X-Force as well as the former head of X-Force security assessment services for EMEA while at ISS (which was acquired by IBM in 2006). Prior to joining ISS, Ollmann was the professional services director of Next Generation Security Software (NGS), a vulnerability research and attack-based consulting firm. Ollmann has been a contributor to multiple leading international IT and security focused magazines and journals, and has authored, developed and delivered a number of highly technical courses on Web application security. He is a well-known industry speaker worldwide and is often invited to present at various international security conferences. Ollmann is also highly regarded in the press as an expert source on security threats and is a frequently quoted by the international media.