Hack into Apache
Rodrigo Carvalho Costa

This presentation aims to show the inner workings and internal structures of Apache web server, as well as its terminologies with the goal to debug possible security issues. This lecture will show practical demonstrations, mainly involving specially crafted modules for debugging.

Rodrigo Carvalho Costa is an undergraduate student of Computer Engineering at UFPE. With a technical-oriented profile, he had worked with a wide range of technologies. Currently he holds a position as security analyst in a major information security company in Brazil. He is an expert in development and implementation of network appliances and penetration testing.

Exploiting VoIP networks
Tiago Ferreira

With the objective of cost reduction, better management and voice quality, VoIP is now widely used in vast majority of corporate enviroment and organizations, or rather, more and more companies are using the technology on their production enviroment disregarding its security implications, imposing a challenge for these companies and new potential risks to data security.

This presentation aims to show known vulnerabilities within voice over IP enviroments plus exploitation techniques and tools to compromise confidentiality, integrity and availability of information. As proof of concept we will utilize a Cisco equipment and the open-source system Asterisk.

This presentation also has the goal to estimulate security research in VoIP.

Tiago Ferreira is a security analyst currently working in an information security company located in Recife, Brazil. His field of study is vulnerability exploitation in networks, pen-test, VoIP security and web application security. In the past he had worked with Cisco security (firewall, IDS, routers, VPNs..) and infrastructure of Voice over IP (VoIP).

The wayback machine: Old school hacking
Julio Cesar Fort

Due to the explosive growth of the Internet in the last decade, our lives depend more and more on technology. Subsequent efforts to improve reliability and security in computer systems force hackers to develop more sophisticated techniques that aim to bypass new security mechanisms. Protection techniques might be rendered useless very quickly and exploitation concepts and vulnerability classes may rise and fall every day.

Although these methodological changes in computer intrusion and attack techniques are indeed significant, many attacking vectors and concepts seemed to persist through the years, even decades after their initial appearance. The purpose of this presentation is to study the actual effectiveness of forgotten hacking techniques like war dialing and X.25 hacking nowadays and how they can be a threat to a computational infrastructure.

In order to evaluate the dangers associated to this menace correctly, it was decided to perform a long series of scans in a real-world environment. Responsible disclosure of the methods used and of the results after thousands of telephonic pulses will show that old-school hacking is still not only simple but amazingly effective.

In this lecture, the audience will be alerted about the risks behind seemingly forgotten hacking techniques, such as social engineering, dumpster diving, password cracking/guessing, wardialing, and X.25 hacking. Old (and not so old) reports of successful attacks based on the first three methods are brought back to remembrance, and results from new experiments with the other two techniques are revealed. The experiments were conducted in Brazil and targeted at brazilian networks but there is no reason, however, to believe that similar (or even more alarming) results could not be achieved in many other places around the world.

Julio Cesar Fort is an undergraduate student of Computer Engineering at Federal University of Pernambuco, Brazil. Julio has been reading about hacking and computer security since 1995 and has interest mainly in scene culture and history but also UNIX-based systems, vulnerability development and any technique to defeat your security and get your system down on its knees.

In the past he has worked as security engineer trainee in a brazilian market-leading computer security company and is currently editor-in-chief of The Bug! Magazine, a free, electronic hacker-oriented magazine in Brazil. He has previously spoken at the H2HC security conference in Brazil and also was a lightning speaker at the 23rd Chaos Communication Congress, in Germany and Ekoparty 3, in Argentina.

He spends most of his time now struggling to keep on university, working on personal projects not related with computers and having beers with his friends at punk rock gigs.

Increasing the reliability of exploits for non-trivial remote vulnerabilities
Holden Williamson

This talk will present various known and unknown techniques for increasing the reliability of exploits for non-trivial remote vulnerabilities such as heap overflows, memory corruptions and blind format string bugs. The talk will cover various techniques and strategies for increasing reliability as well as going over several examples and case studies of real vulnerabilities and exploits.

Holden Williamson is a former hacker, internet revolutionary and current executive psychopharmacologist and fugitive from the high tech crime unit at New Scotland Yard. During his time hacking stuff he developed or helped develop various techniques for reliably exploiting remote vulnerabilities and would like to share a few of them before he disappears for good.

Development of High-level Language viruses under Windows
Breno Dario and Ulisses Rocha

The development of High-level Language viruses has incredibly grown in past years.
HLL-viruses are now an important part in virus scene. Nowadays zines are publishing even more viruses written in VB, PHP, C, C#, Perl, Python and even Java, but this fact doesn't mean that Assembly viruses are obsolete: they still being the best choice.

Our presentation focuses on the development of codes with viral behaviors, implemented in high-level languages under Windows. We will demonstrate some techniques used by other virus writers as well as techniques created by ourselves.

Breno Dario is an undergraduate computer science student at the Universidade Catolica de Pernambuco and an independent security researcher at home (and public places).
He is currently working on software development in Recife and focus his researches on malware development, spending his free time on computer virology.

Ulisses Rocha, 21, is a computer science student at Universidade Catolica de Pernambuco and his main interest in this field is computer security.
His current studies include security vulnerabilities and computer virology. He is currently working in a information security company and as hobby he loves to write malicious pieces of code as proof of concept.

An Introduction to the "Plain New" Telephony Systems
Andre Guedes

Telephony systems have been changing significantly for the past years. With the rising of VoIP technologies in the telecommunication scenario it is possible to find fragments of VoIP communication in the Public Switched Telephony Network.

The brazilian telephony system was always obscure, but these new VoIP links may change it a little bit. These new links, its implications and its security issues are going to be introduced on this presentation.

Andre Guedes is an undergraduate Computer Science student at Federal University of Pernambuco and an independent security researcher at home. He has been researching about software/network exploitation techniques, wireless security and VoIP.