Some news about the upcoming edition of the “Hack in The Box” security conference. This third edition (already!) will be held at a new venue: The hotel Okura in the center of Amsterdam. Apart of trainings, the conference itself will be organized during two days (May 24th – 25th) and propose a quad-tracks schedule. You can already have a look here (warning, this is still a draft version). Two great keynote speakers were already announced: Andy Ellis, Chief Security Officer of Akamai on day 1. Bruce Schneier (do we need to present him again?) on day 2. Based on the current agenda, here is my wishlist:
- Turning Android inside-out (forensics)
- One flew over the cuckoos nest (automatic malware analysis)
- Whistling over the wire (Twitter & URL shorteners security)
- Security threads in the world of digital satellite television (set-top-boxes security)
- PostScript – danger ahead
- Automatically searching for vulnerabilities (taint analysis)
- Bypassing the Android permission model (mobile security)
- Attacking XML processing
- Smashing VMDK files for fun and profit (virtualization)
The CFT contest is also back but in a new format called “Bank0verflow“.  Based on both attack and defense modules, it will see teams of three provided with a set of custom vulnerable services and web applications. Teams need to exploit their rivals’ machines to retrieve pre configured flags to score offensive points and obtain defensive points by keeping their own vulnerable services running. Another new “event in the event“: The Hackaton will be organized for the first time in Amsterdam. The principle is simple: put hackers in a room and let them write some code during 12 hours. The topic of this edition is the implementation of a proof of concept to problems related to browsers and their extensions. First price will be: 1337 EUR in cash!
A few words about the talks, the proposed topics are not only focusing on classic computers but also other electronic devices that we use daily. Adam Gowdiak will present his researches about  security flaws in digital satellite TV set-top-boxes and DVB chipsets used by many satellite TV providers worldwide. The hackers (aka “iOS Jailbreak Dream Teamâ€) who released the jailbreak of Apple’s popular iPhone 4S and iPad 2 devices will also be there to present their research.
Finally, SIGINT sessions (15-30 minutes max) will be organized during coffee & lunch breaks to let other people to present their project or researches. During one of those sessions, I’ll present my tool pastemon and the associated blog leakedin.com. This will be my (very small) contribution to this event.
I’ll attend the conference and write a wrap-up. Feel free to ping me if you want to meet…