Aditya K Sood Aditya K Sood
关于 Aditya K Sood
Founder, SecNiche Security ( Website: )
  • Independent Security Researcher having experience of more than 5 years. Love to work on Reverse Engineering , Incore protocol analysis , Web application insecurities , penetration testing.
  • Initiated Cutting Edge Research for Web Application Security. A Project to anlyze vulnerability vectors in web application. The research is featured at FIRST as Global Security news. Website:
  • Running my own research labs i.e. Mlabs:Digital Intelligence. The lab holds my Research work. Website:
  • Release number of advisories related to GOOGLE , AOL , MSN ,Verisign , Microsoft ,JWIG ,ORKUT etc. for inheriting SQL injections, redirection vulnerabilities, application security flaws etc.
  • Discover the Google Metacharcater Spamdexing Bug and Yahoo Search Engine Phishing Vulnerability.
  • Holding a BE in computers and MS in Cyber Law and Information from Indian Institute of Information Technology (IIIT-A).
  • Author for the number of security related articles published and released at the packetstormsecurity portal, Info Sec writers, Open RCE , Linux security, XSSED, MLabs , knowledge cave , Secniche etc .
  • Information Security Writer for Hakin9, Linux+, Information Security Magazines.etc.
  • Projects you can find at SecNiche
  • For Latest Happenings:
    His blog :
    Social Networking project with Whitedust ,
议题名称 :
Exploiting 4J Jargon - JSON, BISON - JUMP - JNLP - JWIG Traversing Through Java Based Web Technologies
The talk strictly adheres to the attack base that favors the exploitation of web based Java technology. The core revolves around the web exploitation. The point of talk is to understand the hidden artifacts of these technologies that dismantle that functioning of web. The deep aspect of serialization attacks and other security paradigm will be discussed. The exploitation realm of JSON-Bison will be stripped off with definite techniques. The JNLP, JWIG and JUMP will be traversed through featured techniques. The work is an outcome of my analysis and in depth research. These defined issues can be exploited in any sense. it requires detail talk. The web 2.0 has become the attack base for surmounting attacks. These technologies serve the base. So a generic work is required to look into the mal functional aspects of these technologies.
  • standards-based presentation using XHTML and CSS;
  • dynamic display and interaction using the Document Object Model;
  • data interchange and manipulation using XML and XSLT;
  • asynchronous data retrieval using XMLHttpRequest;
  • JavaScript binding everything together.

Damian Hasse
关于 Damian Hasse
Damian Hasse, Lead Security Software Engineer at Microsoft, leads a team of security researchers that investigate vulnerabilities and security threats as part of the Microsoft Security Response Center (MSRC). The team works on every MSRC case to help improve the guidance and protection we provide to customers through our security updates and bulletins by discovering additional attack vectors, new exploitation techniques and adapting quickly to stay ahead of the ever evolving security ecosystem. This team also provides forward looking security guidance to product teams within Microsoft, impacting products before and after release.
议题名称 :
School of hard knocks things you can learn from working with MSRC
Several MSRC cases will be explained, revealing code flaws, describing attack vectors, understanding what the security engineering arm of MSRC, SWI React, did to validate the fixes and more importantly how Microsoft continues to refine the security engineering process to prevent this kinds of problems in future releases.

关于 Linxer
议题名称 :
目前,越来越多的病毒和木马出于加密或免杀的目的,对自身进行加壳处理,这给目前主流的反病毒检测技术:特征码匹配,带来很多挑战。本议题讨论基于虚拟机技术的脱壳方法,从X86 CPU仿真,PE Loader和Windows系统特性仿真方面对反病毒引擎中的虚拟机脱壳技术进行分析。

Luis Miras
关于 Luis Miras
Luis Miras is the lead vulnerability researcher at Intrusion Inc. He has done work for leading consulting firms and recently has done work for Chumby. His interests include vulnerability research, binary analysis, and hardware/software reversing. In the past he has worked in digital design, and embedded programming.
议题名称 :
Other Wireless: New ways to get Pwned
There are many other wireless devices besides Wifi and Bluetooth. This talk examines the security of some of these devices, including wireless keyboards, mice, and presenters. Many of these devices are designed to be as cost effective as possible. These cost reductions directly impact their security. Examples of chip level sniffing will be shown as well as chip level injection attacks allowing an attacker to control the target system. The hardware used in these devices will be examined along with an attacker toolkit consisting of low cost hardware and software.

Luo xiapu (Daniel)
关于 Luo xiapu (Daniel)
罗夏朴是香港理工大学的在读博士生, 系统分析员。他的研究包括有线和无线网络的安全,测量,管理和性能评价。他的研究成果发表在主要的国际安全会议上,如NDSS, ESORICS, IEEE/IFIP DSN, IFIP SEC 等。
议题名称 :
本议题介绍了两种新的网络隐藏通道,Cloak 和 WebShare。Cloak是一类基于时间的隐藏通道(timing channel)。它将信息嵌入到TCP报文和连接的组合关系之中。相比现有的基于时间的隐藏通道,Cloak有许多突出的特性:高带宽,可靠传输,多变种以适应不同的环境。WebShare是一类基于存储的隐藏通道(storage channel)。它利用网络上大量存在的计数器作为临时存储体,从而减弱了现有的网络隐藏通道的位置限制。本议题还将回顾现有的网络隐藏通道常用的方法。

Nguyen Anh Quynh
关于 Nguyen Anh Quynh
Nguyen Anh Quynh is a postdoctoral researcher at National Institute of Advanced Industrial Science and Technology (AIST), Japan . His research interests include computer security, networking, data forensic, virtualization, Trusted Computing and Operating System. His papers have been published in various academic conferences, such as ACM, IEEE, LNCS, Usenix among others. Quynh is a contributor of numerous open source projects (notably are Xen Virtual Machine and Linux kernel). He loves to get involved with the industry, and he gave talks at hacking conferences such as EusecWest, HackInTheBox, Quynh obtained PhD degree of computer science in Keio University , Japan. He is also a member of VNSECURITY, a pioneer information security research group in Vietnam.
议题名称 :
Xenprobes, A Lightweight User-space Probing Framework for Xen Virtual Machine
This presentation focuses on Xenprobes, a lightweight framework to probe the guest kernels of Xen Virtual Machine. Xenprobes is useful for various purposes such as as monitoring real-time status of production systems, analyzing performance bottlenecks, logging specific events or tracing problems of Xen-based guest kernel. Compared to other kernel probe solutions, Xenprobes introduces some unique advantages. To name a few: First, our framework puts the the breakpoint handlers in user-space, so it is significantly easier to develop and debug. Second, Xenprobes allows to probe multiple guests at the same time. Last but not least, Xenprobes supports all kind of Operating Systems supported by Xen.

Rodrigo Rubira Branco
关于 Rodrigo Rubira Branco
Rodrigo Rubira Branco (BSDaemon) is a Software Engineer at IBM, member of the Advanced Linux Response Team (ALRT), part of the IBM Linux Technology Center (IBM/LTC) Brazil also working in the IBM Toolchain (Debugging) Team for PowerPC Architecture. He is the maintainer of the StMichael/StJude projects (, the developer of the SCMorphism ( and has talks at the most important security-related events in Brazil (H2HC, SSI, CNASI). Rodrigo is also a member of the Rise Research (
Domingo Montanaro
关于 Domingo Montanaro
  • Montanaro is an Information Security Specialist and Computer Forensics Expert, has been working with High Technology crime investigation for private companies including the financial market and also for law enforcement agencies as a Forensics Connoisseur.
  • Expertise in Data Recovery, Incident Handling, Response and Tracking, Evidence Collection, Forensics (and Anti-Forensics) methodology and tools Research and Development and Information Leakage issues.
  • Organizer of H2HC - Hackers 2 Hackers Conference (Latin America most important Hacking conference) .
  • Invited professor of some universities for lessoning 关于 Computer Forensics, author of several articles/papers and Speaker in security related conferences as HackInTheBox Dubai 2007, VNSecon 2007, H2HC and SSI/ITA. Certifications: GCFA, MCSO

议题名称 :
This presentation intend to cover specifically the most necessary and more undocumented area of the computer security: attacks to the core of the systems (Kernel-level attacks�which can defeat the existing security models). As all we know, security systems generally runs with the kernel privilegies (like pax, lids, selinux and more others) and can be bypassed if the kernel itself has been compromised.
Attempts to protect the kernel mode (like canary protection into the kernel mode, introduced by Windows 2003 and pax-randkstack/noexec protections) exist, but are restrict in protecting the exploitation, not preventing the exploitation consequences. St. Michael is an open-source project, that covers Solaris and Linux (in the future, I plan to port it to NetBSD systems too) and try to offer a security integrity checks into that systems (it will check filesystem, kernel structures and MBR of the system against any attempt to change or any changes, and have the capability to recover the system or take it down).
During the presentation, many test-attacks will be used to explain how the StMichael actually works to defeat/detect attacks. Also, a sample will be showed, using StMichael and many others kernel security related tools (special focus into PAX).
Also, Anti-Forensics techniques will be discussed using hardware interrupts and other methodologies that certainly will almost defeat any kind of forensics analisys

Sun Bing
关于 Sun Bing
孙冰是一位非常优秀的信息安全研究人员,曾经在瑞星西门子等非常著名的公司工作。拥有7年以上的Windows 核心和安全技术(反病毒,防火墙,IPS等)的研究开发经验,特别深入的钻研于防止缓冲区溢出,rootkit检查和X86虚拟机技术。他曾经参与瑞星反病毒软件开发,在XFocus网站发表过“反病毒引擎设计”文章,负责设计和开发过桌面级安全产品LinkTrust IntraSec,曾在XCon2006、POC2006、EuSecWest2007和BlackHat EU 2007发表过演讲。
议题名称 :
本议题将揭示一种全新的,利用英特尔ICHx(I/O Controller Hub)系列南桥芯片支持的所谓“顶块交换”(Top-Block Swap)模式进行BIOS启动劫持的方法。ICHx的“顶块交换”模式可以使固件集中器(Firmware Hub, FWH)中的顶端块(即BIOS启动块,Boot Block)与其它位置的区块进行交换,这样能够确保启动块即使在掉电情况下的安全升级,但由于目前很多BIOS代码编写上的疏忽,未在启动完成并将控制权交移操作系统前将该交换功能锁定,如此就使得一个原本的安全措施反而变成了一个严重的安全漏洞,其后运行的恶意程序能够非常容易地利用该交换功能对受害主机实施拒绝服务式攻击(DOS Attacks)导致其无法正常引导开机,或者直接注入一段客户化代码至交换区块使其在下一次启动后先于系统BIOS获得执行权进而控制整个系统。本文将详细讨论BIOS存储器芯片内存地址译码图、英特尔ICHx“顶块交换”模式的工作原理、可能的漏洞利用方法以及相应的防范措施。
本议题要求观众具有相当的x86汇编语言和C语言编程能力,并深入理解PC机体系结构及基本部件,例如主板芯片组(南北桥)、BIOS、CMOS等。此外最好对x86处理器体系架构(保护模式、系统管理模式等)、Windows操作系统内核、及一些重要的硬件规范(PCI总线、ACPI、PnP BIOS、EFI等)也有一定的了解。

关于 张翼
张翼,xyzreg,安全技术研究人员,现就读于江苏大学信息安全系。 主要研究方向就是Windows系统内核、高级恶意软件技术、漏洞挖掘、网络信息对抗、安全软件研发。
议题名称 :
  • Windows系统机制
  • 恶意软件技术
  • 安全软件工作原理
  • 主动防御现状

Yarochkin Fyodor
关于 Yarochkin Fyodor
议题名称 :

Xia Chao is a master of the ShangHai JiaoTong University, his main research direction is Vulnerability Discovery in Lab of Cryptography & Information Security . 夏超是上海交通大学的研究生,他在上海交通大学密码与信息安全实验室主要的研究方向就是漏洞挖掘。
议题名称 :

Eric Lien
关于 Eric Lien
CEH认证专家,工作于台湾D-SWAT小组(Draytek Security Warning and Anti-attack Team),擅长程序设计,网络安全和计算机取证。现在致力于研究反病毒和内容安全管理
议题名称 :
  • 熟悉TCP/IP协议
  • 熟悉Ethereal/Wireshark/Sniffer工具
  • XCon组委会与华永兴安科(北京)学技术有限公司版权所有
  • ©2003-2006 XCon Organizing Committee & HuaYongXingAn Science Technology Co., Ltd. All rights Reserved.