Hack In The Box 2013 KUL

Recently we attended “Hack In The Box 2013” at the Hotel Intercontinental in Kuala Lumpur This conference has its roots in a small gathering of Malaysian security specialists back in 2002 and since then has also been held in the Netherlands, Dubai and Bahrain.
It was nicely crowded (~550 people) and more than 40 speakers from around the world shared their work on a nice variety of different topics.
We attended only the two-day conference part of the event, which also included a hands-on “HITB LABS” section, a “Capture The Flag”(CTF) battle …

and a “Lock Picking Village”, amongst other things.

Andy Ellis (CSO, Akamai) started the first conference day with his keynote speech, “Cognitive Injection”. He illustrated some interesting examples of how human perception can be tricked using the simplest techniques. The audience had to observe very carefully certain details of his “mini-demos” in order to spot unexpected events.

Due to all the observing, I noticed Andy’s “shoes”; something seemed different:

The secret was revealed when I approached him after his presentation to take a closer look. He was wearing some finger shoes, which looked very comfortable.

During the day, several very interesting presentations took place. I won’t go into too much detail here as the full content is available on the event website, but here some random picks:

Dr. Marco Balduzzi, Kyle Wihoit and Alessandro Pasta presented impressive research about Vessel Tracking Systems.

They showed how to manipulate data transferred by the Automatic Identification System (AIS) in order to create fictional vessels or alter positional data of real ones.

Wes Brown demonstrated an approach to “Visualization to Analyse Malware” with “FORTH”.

Slightly unrelated: During the idle time in between presentations, I noticed some Japanese characters on the monitor of a possible Pokemon fan in the audience.

The second day began with the keynote speech of Joe Sullivan (CSO, Facebook), sharing some recent examples of innovative security initiatives that leverage social engagement to improve security.

Stefano Zanero introduced “Phoenix”, a system to analyse domain names in order to discover and categorise automatically generated domains.

And another highlight for me was Hugo Teso discussing issues in the Aviation Security field. He seemed able to modify approximately everything related to the navigation of an airplane due to lack of proper security implementations in several different systems.

Finally, there was this lady

I don’t know who she is or what she does but I’m sure she’s good at it.

As already mentioned, the event was “nicely crowded”. And that is one of the points I like very much: We were able to attend any part of the three track program without queuing in endless lines long before begin.
The event staff was very kind and friendly, as always, and we had a great time during and after the official program. Thanks very much guys!


Hack In The Box 2013 KUL

Your email address will not be published. Required fields are marked *



Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Andariel evolves to target South Korea with ransomware

In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. After a deep analysis, we came to a conclusion: the Andariel group was behind these attacks.

Operation TunnelSnake

A newly discovered rootkit that we dub ‘Moriya’ is used by an unknown actor to deploy passive backdoors on public facing servers, facilitating the creation of a covert C&C communication channel through which they can be silently controlled. The victims are located in Africa, South and South-East Asia.

Subscribe to our weekly e-mails

The hottest research right in your inbox