Category: Uncategorized

Join us in Amsterdam for Hack In The Box 2012

| March 3, 2012

Greetings, friends & jailbreakers!

We have some fabulous news to share with you today. Those of you who follow me on Twitter might have seen the mention I made a few weeks ago out our upcoming presentation at the 2012 Europe Hack in the Box security conference in May. The initial list of conference speakers was officially unveiled earlier this week, so we can finally share with all of you how over-the-top excited we are to have been allocated two 60-minute speaking slots! If you’ve ever wanted to learn how we find & exploit vulnerabilities for iOS jailbreaks − or even if you just want to meet & thank the developers (note: flattery will get you everywhere) − here’s your chance!

What is Hack in the Box?

Hack in the Box (or “HitB”) is a highly technical security conference, held annually in both Asia & Europe, that aims to enable the dissemination, discussion & sharing of new, ground-breaking attack & defense techniques that have never been seen or discussed in public before. Since its 2002 launch in Malaysia, HitB has grown steadily in size & scope to become what it is today: the “must attend” event on the annual calendars of many of the world’s best, most highly-regarded security professionals. This year, HitB’s European leg will be held from May 21st to 25th at the breathtaking, five-star Okura Hotel in one of our favorite cities in the world, Amsterdam! You can read lots more details about this thrill-filled conference, and why we’re so incredibly stoked to spend the week there, at the end of this post.

Who’s going to be there?

As we discussed in our last blog post, we pulled together the oh-so-impressive “2012 iOS Jailbreak Dream Team” from (literally) all corners of the earth to pool our collective knowledge & skills in order to perform the hacking magic necessary to complete the last two GreenPois0n jailbreaks released. For the first time in history, and for this conference only, all four of the core Dream Team members will be united (in person! not just on IRC!) to present all our hard work and answer all your burning questions: @pod2g, @pimskeks & I (@p0sixninja) from Chronic Dev Team, along with the inimitable @planetbeing from iPhone Dev Team!

To sweeten the deal even more: @iOPK (fellow Chronic Dev member) is flying in all the way from Australia to join the Dream Team presentation; @MuscleNerd (respected colleague from iPhone Dev Team) will be delivering a separate talk on the evolution & future of iPhone baseband unlocking; and our very-near-&-dear friend Itzhak “Zuk” Avraham (@ihackbanme, founder/CEO of security research & consulting firm zImperium LTD and the brilliant mastermind behind ANTI Project, aka Android Network Toolkit) is on deck to dazzle HitB attendees with his presentation (with partner Nir Goldshlager) on the bug bounty program they ran on Google.com & affiliated sites, an overview of the nearly 100 vulnerabilities & other security gaps found, and an in-depth look at some of the most interesting, complex & critical of these bugs.

What will we present?

Our presentations will primarily focus on the detailed inner workings (read: the amazingly innovative fusion of exploits within exploits) behind the Corona (A4) and Absinthe (A5) jailbreaks. Both of our 1-hour presentations will cover a wide range of material − we’ll have to make the most of every single one of our allotted 120 minutes to cram in all the ground-breaking information we want to share! To further whet your appetite, a few of the many topics we plan to present include:

  • iOS security basics
  • iOS format string attacks
  • iOS kernel heap overflows
  • iOS profile command injections
  • iOS application sandbox escape
  • How to bypass ASLR & DEP for all exploits listed above

Why are we doing this?

The main goal of Chronic Dev Team is & always has been to work together collaboratively (with both our own team’s members as well as other dedicated iOS hackers) in order to actively promote & contribute to the iOS jailbreaking community. In that vein, one reason we’re giving this presentation is in hopes that it will motivate & inspire others to add their own contributions to our thriving global community.

How can you participate?

Glad you asked… REGISTER NOW!!! No, seriously, like… do it as soon as you’re done reading this blog post. There are only 750 spots available for everyone in the entire world… and you do want to come learn all sorts of crazy hacking skills from the best & brightest (including your cherished friends from Chronic Dev and/or iOS Dream Teams)… don’t you?? Well, DO IT ALREADY! I assure you, you definitely should not wait until it’s too late & all the spots are taken! Because, if you do that, then we’ll be forced to go party all week in Amsterdam without you. And if you let that happen, you’ll be a verrrrrry sad panda. Don’t say we didn’t warn you.

If, unfortunately, you find yourself in a heart-breaking situation in which you really want to come, but are unable to join us for the week due to financial woes, prior commitments, overprotective parental units, visa issues, or any other super-lame-but-I-guess-legitimate reason… do not despair! You can still display your undying support & affection for Chronic Dev Team & Hack in the Box in other ways, such as: following @HITBSecConf & @hackinthebox on Twitter; sharing this blog post (via this permalink) with your friends & family through Facebook, Twitter, or your alternate social media platform of choice; or dropping by the HitB IRC channel to chat with new friends & the vibrant community about the upcoming conference, how much you love Chronic Dev Team, and/or any other topics that perpendiculate your triangle (e.g. mobile security, jailbreaks, hacking, iOS devices, booth babes, Amsterdam, debauchery, etc).

Tell me more about HITBSecConf?

For the past ten years, HitB events in Asia, the Middle East & Europe have brought together under one roof an eclectic, unique mix of security professionals, researchers, law enforcement & members of the hacker underground − all of whom share the singular goal of helping to increase their collective knowledge & understanding of technical security issues. Run as a not-for-profit, community-backed effort, the Hack in the Box series has grown into the largest network security conference in the Asia Pacific & Middle East regions.

This year’s HitB European edition is a week-long extravaganza, offering attendees three days of hands-on, deep technical training courses, followed by two days of quad-track panels & presentations delivered with gusto & enthusiasm by numerous of the world’s best & most highly-regarded security experts.

The first part of this jam-packed week (May 21-23) will be dedicated to 1-, 2- & 3-day hands-on intensive & technical training sessions on a variety of cutting-edge hacking/security topics − including our personal favorite, which we can’t wait to attend ourselves, the “Black Belt” Edition of the world-renowned Exploit Laboratory. (Warning: n00bs need not apply!) Other courses will focus on intriguing, innovative topics in the headlines of modern security news, including: WiFi “kungf00″ & related ninja skills; the ever-useful art of exploiting SQL injection flaws; an intro to mobile application hacking + an advanced session on static code analysis & reverse engineering; how & where to hunt for malicious web attackers in the ongoing cyber war; and advanced Linux exploitation methods taught in the form of a Wargame. And don’t worry, this ain’t gonna be some boring textbook regurgitation… each of these hands-on courses will be led by accomplished security experts from all over the globe − and we here at Chronic Dev are so very eager to attend & learn even more ninja hacking “tricks” to hide up our respective sleeves!

Then…the event we’ve all been waiting for with bated breath − the quad-track conference (May 24-25), including two whole hours of presentations by your very own iOS Hacking Dream Team! This year’s event will also feature keynotes on yet-to-be-announced topics from both Andy Ellis (Chief Security Officer of Akamai) and globally renowned crypto guru Bruce Schneier (Chief Security Technology Officer of BT)… and, of course, tons of additional 1- to 2-hour presentations from a bunch of other international security experts − the net sum of which is guaranteed** to leave you smarter, more prepared & infinitely more attractive to the opposite sex than when you arrived. (**Note: not actually guaranteed at all; but remember, confidence is sexy!)

And, in case you’re not already psyched enough to register & book a flight right-this-very-minute, there will also be an exhilarating two-day team-based attack & defense Capture The Flag competition (three members per team) called Bank0verflow − which you probably shouldn’t even bother to enter, because it’s a widely accepted fact that Chronic Dev is going to dominate; a technology & exhibition area, open to the public, showcasing various European hacker-spaces and an inevitable sprinkling of booth babes hot enough to give your girlfriend a wicked case of the crazy-jealousies; and a lock-picking village run by the friendly folks from TOOOL Netherlands (aka The Open Organization of Lock Pickers).

Oh, yeah… did we mention this is all going down in Amsterdam?? Can’t wait to see you there!!!

DON’T DELAY − REGISTER TODAY!!!