The post Features theme customization appeared first on MalCon.

The Panel discussion  will focus on the use of 0-days – and its implication for creating the next war – bringing peace!

Some of the questions we will try to discuss:

• What is the impact of 0-days from the context of electronic warfare?
• What all in the name of National Security?
• Can 0-days be termed as the next generation weapons?
• Buying and selling 0-days – Crossing the line of Ethics?
• War & Peace – Opportunity or Business as usual?

The panel will have representatives from both the Government and Corporate!

The post War and Peace with 0-days – The BIG Talk appeared first on MalCon.

Presented by: Shantanu Gawde

The post Windows Phone – Malware prototype appeared first on MalCon.

Presented by: Ucha Gobejishvili

The post Project Calypso, Art of Infection {Google Chrome 0-day} appeared first on MalCon.

Shantanu Gawde is an credible and young security researcher empaneled in the prestigious National Security Database program for credible and highly skilled security professionals, supported by the Government of India. Shantanu is very fond of reading and enjoy reading books related to astronomy, science and autobiographies of leading personalities.

He enjoys writing poetry and watching TV.

MalCon 2012 – Windows Phone Malware Demonstration

MalCon 2011 – Malware utilizing Xbox Kinect

The post Shantanu Gawde appeared first on MalCon.

MalCon 2012 – Google Chrome 0-day

Execute any exe remotely on the target using the latest Chrome browser. 0-day demonstration!

The post Ucha Gobejishvili appeared first on MalCon.

Well honestly, sometimes we DO worry about some speakers not being able to make it.. due to various reasons.. (visa mostly )

1. Research on latest technologies from a malicious angle.. for example – last year, we presented a malware that utilized xbox Kinect.. we realized that in coming days, motion sensing technologies would soon come to televisions and even laptops.. and they are here In some ways, the research was a bit ahead of its time.. but that’s the point.. seeing what can go wrong and proving it! (imagine infecting your TV using motion sensor – with a malware that gets activated when you give a Kung-fu pose!)
2. Hacking everyday things around you – Now there is so much to talk about this.. but look around.. what about the Delhi Metro Travel Card.. or the DTH Box? Or how about extending the aurdino to do something interesting in a malicious way? It is only limited by your imagination – and we would love to see some crazy work on these lines…
3. Also, It is not always about writing code – perhaps you have something inspiring to share.. on subjects such as reality hacking.. or even philosophy of malware coding and research.. whip it up and send it!

The post MalCon 2012 – How to get shortlisted? appeared first on MalCon.

So, I was left with a mammoth task.Its not that I’ve never designed a CTF contest before.. infact I do that for all my workshops & training sessions. But this one was different. We do malcon every year not because it earns us something.. or because we get perks for doing it. Infact, we make no money out of it at all. We do it because it was our dream. We’ve learnt about 90% of what we know by reading ‘tuts’ n textfiles on the internet, created by generous & highly talented people. We wanted to do our bit too. Malcon is not about spreading malwares. Its about generating proactive research by good people to build secure systems.

Well, so here I was, with no idea at all about how am gonna design this CTM thingy. And then it happened. I have this weird ‘moment’ once in a while where I get bombarded with loads of crazy ideas. Thats how the idea of creating a Virtual-Machine based challenge came to my mind. But there were 2 major problems.

1. I had no experience in creating a VM manually.
2. I wanted it to be simple enough so that even a common man can attempt it.

At first, I had to create a VM myself to prove that its possible. I know that there are thousands of articles on that available but this one had to be simple. The idea was to create a VM architecture that was as simple as possible so that the ones attempting it do not end up getting demoralized. While, the VM-Code or the ‘Bootrom’ as I call it, can be complex enough to deliver the quality & standards that we at malcon are fanatic about.

The good part was, I have considerable understanding & experience with programming as well as reverse-engineering. I’ve got past experience with creating some really complex & effective anti-reversing routines too. So, I figured out that this one wont be as tough as I thought it would be, initially. How wrong was I.

To begin with, I named my Abstract Processor as ‘Aod8′. Then, I tried to design it similar to the intel-processors am comfortable with. Although, I figured out that I dont need more than 15 Instructions in my instruction-set to create a complex CTM, I thought that maybe someone, someday might wanna write some cool program for it & thats the only reason why I endedup having about 40 instructions in all. Once the design part of it was over & I was almost sure that I had the required instructions in there, it was time to code the processor.My first choice was ‘PERL’. Its easy to program in, robust with REGEX & more importantly I didnot have to mess with variable types.Ah, I think I forgot to mention that in order to keep the CTM easy to attempt, I designed the processor to work with ‘Byte’ sized instructions & data. Most people are not comfortable with handling data at ‘bit’ level.So, that was the reason behind this super simplistic Aod8 Architecture design.

Well, the PERL idea was disastrous. Initially I struggled a little with type conversion. Then again…I never write the entire code at one stretch, ever. I write some..then test it thoroughly & then go further. When am trying a new idea or a theory, I am totally impatient to see if it works or not. So obviously, the first instructions I implemented in my Aod8 processor were the ones that’ll allow me to print a character on the screen.. so that if it works as expected, I can jump up & down & celebrate victory. But but but… the way I’ve designed it, I can only print one character at a time.That too, if I send the ‘output’ opcode, it’ll fetch the byte at the current location of the stack-pointer on the stack & print it.Now, lets say I want to print ‘A’ on the screen. For that, I’ll have to first push its ascii code onto the stack. As you can see, I cannot directly push data onto the stack either.For that, I’ll have to move the ascii code to a GPR like ‘A’ or ‘B’, then push it onto the stack, then call the ‘output’ instruction. In essence, the set of instructions to print a char ‘A’ on the screen in Aod8 Assembly would be:

mov a,65
mov [sp],a
output
halt

[ Well, I've already uploaded all the Tools, source-codes & everything related to my Aod8 project on GitHub & you can find them here: https://github.com/Aodrulez/Aod8 ]

Read more here : http://aodrulez.blogspot.in/

The post The making of Malcon 2011 CTM appeared first on MalCon.

Greetz to all our fans, worldwide!

It’s that time of the year when we keep aside our daily lives & turn into digital psychopaths. We hope you are ready for another dose of high quality live destruction demos! We are back for the third edition of MalCon! This time around, apart from the regular malware stuff, it’s going to be the “Electronic Warfare”. We are looking for the craziest hacks ever. We are looking for papers on hacking into Telephone networks, Data cards, Routers, Television Sets, Microwave ovens and so on! If you have one on hacking an Electricity Post, we are game for that too!

There are no predefined numbers of slots & if we get just two good submissions, we’ll have just two presentations at the event. Period.

Submit your papers here:

https://cmt.research.microsoft.com/MALCON2012

The post MalCon 2012 CFP appeared first on MalCon.

Details to be announced soon!

The post MalCon 2012 – Capture the Mal (CTM) Challenge appeared first on MalCon.