Day 2 started with “Draw Me A Trojan” by Yuval Polevoy / RSA. Polevoy spoked about advanced multilayered trojan. Trojan uses several techniques for hiding itself from the AV-software. Overall very informative presentation of modern malware.
Next was “Finding Flame” by Constin G. Raiu (twitter: @craiu). Raiu presented connections between Flame, Stuxnet, Gauss and Duqu malware. Estimation of total development costs of Flame is between $10-$50 million. Costs for calculating the MD5 collisions utilized in Flame are $1.4-14$ million. There are traces of several teams developing different modules for Flame. Raiu is an experienced speaker who can spice up the presentation with jokes etc. Really enjoyed.
After lunch break I attended to “SAP Slapping” by Dave Hartley (twitter: @nmonkee) from MWR InfoSecurity. Hartley presented SAP systems from penetration tester’s perspective. There is lot of attack surface at most SAP systems because of misconfigurations. This was totally new area in the infosec for me.
Fourth one I attended was “Burping up the serialized communication” by Miika Turkia / Nixu. Miika presented Burp Pro plug-in that he created with Ruby for testing serialized java fat client – server communication. Miika also presented one “zero-day” vulnerability in java. He has reported it already to Oracle two years ago.
Day ended with Solving the T2’12 Challenge.