the speakers







PAKCON 2005 / the speakers and presentations

  1. Secure Development Lifecycle -Jamil Valliani
  2. Beyond NX: An attackers guide to anti-exploitation technology for Windows - Ben Nagy
  3. Hackers Methodology & Incident Handling - Faiz Ahmad Shuja
  4. Identifying Cyber Crime - Pakistan's Response - Jawad Sarwana
  5. Bank Scams: Latest Threat to Pakistani Online Banking - Pakistan Honeynet Project
  6. X.25 Security - Emmanuel Gadaix
  7. Exploring the World of Threats in eBanking of Pakistan - Nizar Diamond Ali
  8. IDS Evasion - Attack and Detection - Sumit Siddharth
  9. Web Applications: Attack and Defense - Muhammad Ahmed Siddqui
  10. Computer Forensic 101 - Dewan Chowdhury
  11. 0day: Heap-based Format String Bug in Real-/Helix-players on *nix - c0ntex
  12. Malware: The Inside Story - Ahmad Elkhatib
  13. Metasploit Framework - The Exploitation Machine - Omar Khan and Jahanzaib Sarfaraz

top ^

Secure Development Lifecycle -Jamil Valliani

The Trustworthy Computing Security Development Lifecycle (or SDL) is a process that Microsoft has adopted for the development of software that needs to withstand malicious attack. The process encompasses the addition of a series of security-focused activities and deliverables to each of the phases of Microsoft's software development process. Before software subject to the SDL can be released, it must undergo a Final Security Review by a team independent from its development group. When compared to software that has not been subject to the SDL, software that has undergone the SDL has experienced a significantly reduced rate of external discovery of security vulnerabilities.


Jamil Valliani is a Security Program Manager in Microsoft's Secure Windows Initiative (SWI) team. In this role, he has played a key role in developing and rolling out the Security Development Lifecycle (SDL) across Microsoft. He has helped enforce the SDL throughout the company by implementing ship-stopping mechanisms for products that do not pass security review. Jamil worked at several companies in Silicon Valley before joining Microsoft. He holds a B.S. in Computer Science and Computer & Systems Engineering from Rensselaer Polytechnic Institute.

top ^

Beyond NX: An attackers guide to anti-exploitation technology for Windows - Ben Nagy
In an effort to complicate the exploitation of memory corruption vulnerabilities, Microsoft have introduced several new technologies in Windows XPSP2 and Windows 2003. Support for NX (No eXecute) memory is the most often discussed, but is also the least used because of the hardware support required. However, new technology has also been added to protect the stack, the heap, improve exception handling and to complicate exploitation by removing or randomizing some interesting pointers at fixed memory addresses.

Although groundbreaking research work exists in terms of attacking the individual technologies like Safe SEH, /GS stack protection, Heap Cookies and NX itself, it is very difficult to obtain a unified view of how the technologies work together against real world attacks. If you're comfortable with stacks and heaps and have a passing familiarity with x86 assembler and CPU architecture then join us as we attempt to clarify the operation of all the new protection features, alone and in combination, and then see what attacks remain viable.


Ben Nagy was born in Australia but has spent the last several years working with eEye Digital Security in Switzerland and Thailand. With a strong background in most areas of network security and several sets of pretty letters, he has been particularly interested in firewalls, crypto, and software vulnerability research. Ben loves rambling on about security and has presented at several conferences in Europe and Asia, as well as hosting eEye's monthly Vulnerability Expert Forum.

top ^

Hackers Methodology & Incident Handling - Faiz Ahmad Shuja
Sooner or later your organization is going to be attacked. Do you know what to do when incident happens? Most of the organizations have had attacks and some who did not know how to handle incidents properly were badly affected. Presentation will go through latest attacks, tools and techniques used by attackers to break into systems and most importantly how to detect, prevent, and respond to attacks. Speaker will guide you how to correctly handle an incident and how to design an effective incident response plan for your organization. Presentation will walk you through a six incident handling phases step by step.


Faiz, founder of the Pakistan Honeynet Project, is a Sr. Information Security Consultant at Cyber Internet Services (Pvt.) Ltd, Pakistan's largest ISP. CYBERNET also offers various security services ranging from vulnerability assessment to managed security services. He has extensive security experience and has been involved in information security management, intrusion detection/prevention systems, firewalls, honeynets, vulnerability assessments, penetration testing, forensics analysis and incident handling and reporting for the last four years. He has spoken at various conferences and organizations, including NSA, DoD, and IEEEP. He is also an active member of Honeynet Project Research Alliance. Faiz holds a Bachelors degree in Computer Science from the University of Karachi and SANS GSEC and GCIH Certifications.

top ^

Identifying Cyber Crime - Pakistan's Response - Jawad Sarwana
The majority of Developing countries have introduced new laws to prosecute cyber crime in the internet age. In the year 2003, the Government of Pakistan also circulated a draft Cyber Crimes Bill which has gone through several amendments but has yet to be finalized. What is cyber crime? Can we adopt existing law to meet the new challenges of the Internet? Are we in need of new laws in a rapidly changing environment? What protection is currently available to the average computer user against an incident of cyber crime in Pakistan? During this session the speaker will highlight Pakistan's response or lack thereof to prosecuting cyber crime ranging from reviewing the new legislation to identifying the issues and challenges for effective law enforcement of the Internet and computer related crimes.


Jawad Sarwana, is an Advocate of the High Court of Sindh and Senior Associate with Abraham & Sarwana.  He earned his BA Degree from Southwestern University, Georgetown, Texas and his LLB (Honors) Degree from the University of Buckingham.  Jawad has been practicing law since 1997 and has advised several International Clients in the Banking and IT Sector on Electronic Commerce and Cyber Crime Laws of Pakistan.  He has also assisted in the preparation of the Pakistan Chapter on Electronic Commerce in the Digest of Commercial Laws of the World published by Oceana Publications, Inc.

top ^

Bank Scams: Latest Threat to Pakistani Online Banking - Pakistan Honeynet Project

There have been lots of researches done by Honeynet Project and Research Alliance about credit card frauds, botnets, and phishing. You will find that most of them have covered technical details about how these attacks are executed and what are the motives behind such attacks. Also, some will cover details about who are involved in these attacks, what is motivation, how attackers operate and communicate but all of them are based on western countries attackers. To date, almost all of the attacks and trends Honeynet Project has published have been primarily based on data colleted in North America and Europe. There still hasn’t been any publication about the black hack community in eastern countries. This presentation will cover details about how black hat community operates in Pakistan and is based on the research done by Pakistan Honeynet Project. It will be based on the motives and tactics of Pakistani black hat community.

There have been lots of phishing attacks being continuously launched by attackers in Pakistan. They have been scanning for vulnerable systems to launch phishing attacks. Since online banking is growing in Pakistan, it is the next target for attackers to run such scams and frauds. Recently, Pakistan Honeynet Project has identified a group of attackers who run organized local bank scams, exchange stolen bank accounts and credit cards. Presentation will cover details about who were involved in these attacks, what was the motivation behind it, how group operated and communicated.


Pakistan Honeynet Project is a non-profit, all-volunteer organization dedicated to Honeynet research. Their goal is to learn and raise awareness about the motives and tactics of the Black Hat community targeting Pakistan's networks. They aim to share and dissipate knowledge about the various tools and hacker practices in use on the Internet today. In this way, they can serve the federal government, the private sector, state and local governments and higher education establishments countrywide.

The project is based on principles and guidelines given by the Honeynet Research Project, and it is a part of the Honeynet Research Project’s Alliance.

top ^

X.25 Security - Emmanuel Gadaix

Everybody knows about the Internet and how to hack it. But who remembers about X.25?

This global packet-switching network has been implemented by telcos decades ago, and is still in use today. Unlike the Internet, it is not crowded by script kiddies and wannabe hackers. Banks, telecom companies, governments and even military still use it actively today. Many hackers of the "pre-web" generation have learned their trade exploring X.25 networks.

The presentation will focus on X.25 security issues, positioned in nowadays’ context and problems. The main intention is to bring personal and professional know-how, background and X.25 penetration testing experiences to the auditorium, with real-life case studies.

• Why are we talking about X.25 in year 2005 ?
• Introduction to X.25
• Access and Addressing
• Attack points
• Historical problems
• Internet VS X.25: key differences
• X.25 common targets
• Attackers’ profiling
• Today: some numbers to get the idea of the problem
• Getting help: where, how ?
• Conclusions
• Bibliography


Emmanuel was born in Western Europe and has been living in Asia for almost 15 years. He runs the Telecom Security Task Force, a loose organization of information security misfits that specializes in telecom security. Current and former interests include VoIP hacking, SS7 insecurity, X.25 and blueboxing. Emmanuel is also actively involved in alternative energy projects across Asia and Europe.

top ^

Exploring the World of Threats in eBanking of Pakistan - Nizar Diamond Ali
Banking is in its booming stage in Pakistan, especially the years 2003 to 2005 have seen new banks coming up, lots of branches, ATM and online banking and much more. Since banking is one of the most important sector in any country, with reference to governance, extending finances for the businesses and more importantly, reaching out to the customers (the layman), its imperative to have a sound and secure banking system in place.

This study aims at highlighting and exposing those areas of prevalent banking which can lead to a number of frauds in different scenarios. The frauds can directly or indirectly lead to losses to a consumer and bank. In case of consumer, the losses could be both in monetary terms and in terms of goodwill. And in the case of bank, it is financial loss.


Nizar Diamond Ali is currently working as Manager Quality Assurance at PIBAS Pakistan (Pvt.) Ltd – one of the leading core and online banking solution provider in Pakistan with a growing international clientele. His experience of SQA also includes the time spent at CDC – Central Depository Company of Pakistan, working on NCSS – National Clearing and Settlement System.

Having over 200 articles published in national and international print / electronic media, he is currently associated with Dawn group of newspapers writing regular columns for Sci-Tech World and Spider Internet Magazine focusing mainly on issues pertaining to security. His interest in network security started with his independent study ‘Vulnerability analysis of Pakistani networks’ as part of MS course work. He has continued his collaboration with experts in IT industry to identify loopholes in banking practices in Pakistan, particularly in the arena of e-banking.

He has done his BS from University of Karachi, MS from SZABIST and is a certified Lead Auditor, by virtue of which he also holds the cap of QMR – Quality Management Representative at his current job.

top ^

IDS Evasion - Attack and Detection - Sumit Siddharth
Attacks for evading intrusion detection systems (IDS) have been seen for quite some time now. Different approaches have been documented for eluding Network IDS which include Evasion, Insertion and Denial of Service (DoS) attacks. The paper describes one approach for evading NIDS and also looks at various factors which make IDS evasion attacks very difficult to detect. It also looks at the various parameters available with NIDS, which are often overlooked and which could result in an evasion attack and also about the parameters which, if included with NIDS, may help in preventing/detecting the attack and also aid in using correlation techniques.

Sumit Siddharth is a security analyst with NII Consulting. NII (www.nii.co.in) is one of the leading information security consulting companies in India. His areas of interest include intrusion analysis, forensics, and penetration testing. Sumit is a graduate from India's most prestigious engineering college - IIT Kanpur.

top ^

Web Applications: Attacks and Defense - Muhammad Ahmed Siddiqui
Web applications are growing rapidly on the Internet. Most of the Business Applications are now being delivered over HTTP/HTTPS. Since vendors are becoming more skilled at writing secure code, developing and distributing patches to counter traditional forms of attack (e.g. buffer overflows), attackers are now targeting web applications to a great extent. Today more than 70% of attacks are launched against application level. Your network is protected by various security devices but still your web application is vulnerable to serious attacks. Presentation will go through various techniques used by attackers to exploit your web applications and how you can protect from such attacks. Also, witness some of the high profile Pakistani websites vulnerable to such attacks.


Ahmed is a third year student at Sir Syed University of Engineering & Technology and member of Pakistan Honeynet Project. He has extensive programming experience in C, VB, ASP, ASP.net, HTML and JavaScript. He has also worked for various software houses. He has been involved in the field of network security for quite some time now and has a keen interest in network security and honeynet technologies.

top ^

Computer Forensic 101 - Dewan Chowdhury
What is Computer Forensic?

The way a hard drive functions

If I delete something is it really deleted?

How and where to acquire missing data?

Is it possible to do counter-forensic?


Dewan Chowdhury is a Snr. Security Analyst for DNC CORP. Dewan started his early career in network security in the world of SOC (Security Operation Center) and CERT (Computer Emergency Response Team) for some of the biggest Telecommunication and ISP companies in the world. His knowledge in intrusion detection let him to track down attackers worldwide for many law enforcement agencies. His interest in computer forensic led him to world of CCI (Cyber Crime Investigation) where helped many international law enforcement agencies prosecute criminals.

top ^

0day: Heap-based Format String Bug in Real-/Helix-players on *nix - c0ntex

When an attacker can abuse a format bug, usually she can perform a 4 byte write anything anywhere attack. However there are situation where the attacker can not reach her supplied input directly, such as when the user input is placed on the heap or is just not reachable by old school %x popping.

Also, restrictions may be such that it is only possible to perform one write, meaning the size of the address has to be limited, and not a full four bytes. Being the case, she is forced to come up with other tricks to gain code execution, and these are what will be discussed and shown during this talk, where I will show how RealPlayer was forced to execute arbitrary code to gain remote access to a vulnerable system.


c0ntex was born in Scotland, now lives in London and has a passion for security, where his hobby focuses on specialising in various forms of penetration test methodologies and exploit development research.

c0ntex runs http://www.open-security.org where he sometimes releases public advisories and proof-of-concept code for bugs he finds in software, as well as authoring some technical papers on exploitation methods.

Interest focuses primarily on software exploitation techniques, reverse engineering, infrastructure auditing & hardening.

top ^

Malware: The Inside Story - Ahmad Elkhatib

This presentation will be introducing the audience to the types of malicious code out there today, and how they go about doing what they do by analyzing them behaviorally, and also reverse engineering the code. It will also examine the various propagation vectors, and what to expect to see in the future. Finally, a discussion of how Anti-virus solutions are reactive and how to pro actively protect the network from malicious code, by anticipating and looking at trends.

Why is this discussion important ?

Anti-virus companies are reactive, a virus comes out and is infecting customers, they then acquire it , analyze it , and push out a signature to protect customers from it. This approach is going to become obsolete with the way things are going. Security professionals will have to become proactive and understand the workings of malicious code, and then be able to protect their networks from the depth. A better understanding of malicious code, will make a person better equipped to protect against them.


Ahmad Elkhatib is a currently a security consultant with Pointsec, a company specializing in mobile device security and encryption. Previous to that Ahmad was an Information Security Consultant at InnoKAT where he helped top enterprises in the region by designing and implementing their security strategies. Ahmad also worked at iDEFENSE where he started as a Vulnerability Research Engineer with iDEFENSE Labs. He later worked as a Malicious Code Analyst as part of the Malicious Code Team. In this role, Elkhatib analyzes, assesses and reports on cyber threats to iDEFENSE's Fortune 100 customers.Prior to that Ahmad worked with British Telecom's BTExact as a wireless Network Security Engineer. He also was a consultant for the Computer Aided Engineering Network (CAEN) at the University of Michigan - Ann Arbor.

Ahmad holds a degree in Computer Engineering from the University of Michigan - Ann Arbor. He is a member of the Information Systems Security Association - Northern Virginia chapter and has presented at various security conferences including HackInTheBox and MEITSEC.

top ^

Metasploit Framework - The Exploitation Machine - Omar Khan and Jahanzaib Sarafarz
coming soon


coming soon


Copyright @ PAKCON 2003-2005