PAKCON II


PAKCON II ended on 13 December in Pearl Continental, Karachi, this week. It was nothing short of a blast.

The underground hacking and information security convention spanned over two days, covering eleven different, exceedingly insightful talks and a low-profile Capture the Flag (CtF) hacking contest. This time around, five of the eleven security speakers were from abroad from various security organisations. The rest six were local speakers. I was due to present a talk myself, but could not because of a tough academic schedule at the University which kept me occupied.

Detailed information about the speakers who presented this year is available here.

With a clean shave and a hot-water bath, I dove into my casual jeans and “hacker” t-shirt, putting on a sleeveless, front-open black sweater. I drove to the hotel in my white Swift and got off right next to the hall booked for the convention. It was the first time I had driven to the hotel, so I was naturally excited. As I was heading down to the entrance to the hotel, I spotted a couple of goons coming straight my way. With them was Ben, a security researcher from eEye Digital Security, who had flown in from Thailand to present a talk. I greeted him and others. As I soon found out, Ben had a heck of a ride, as he told me with a frown how he had had to spend five hours at the airport waiting. The next few hours were spent lingering in the hall, visualising how the hall would look next morning when all preparations would have been completed, and chatting with each other. Some of the goons, who were going to present talks and not least those who were going to go in for the first time, were taking turns to stand on the podium, getting the feel of it, practising their speeches, all the while trembling at the thought of having to speak the very next morning or day after in front of a large crowd. Ben was happily occupied with tweaking the sound system to adapt it to the length of the hall so that, presumably, those sitting at the back could hear the speakers without effort. He looked like a professional. Oh, wait. He is a professional. Heh!

Jahanzaib and I left off the hall, leaving the other goons inside, and headed straight to the hotel’s lobby to use the hotel’s wireless Internet connection. The connection was galloping with a consistent 50-KB/sec download rate. But, honest-to-goodness, we did not dowload porn. A few hours later, we retired to a local cafe outside, in front of and at a five minutes walks from the hotel, to have dinner. Done with the dinner, we rendezvoused with Faiz and, consequently, checked into our room, where we spent the better part of the night chatting and designing the CtF. At around about four, setting the alarm to ring at 8 sharp, we dosed off, hoping everything would go smoothly the next morning.

During day-1, I was involved most of the time with managing the CtF, so, unfortunately, missed a whole bunch of talks. I did not attend day-2, and consequently, as a friend put it out for me, I missed out on a bunch of cool talks.

Day-1 started off with Faiz, founder of PAKCON, delivering his talk on “Hackers Methodology and Incident Handling”. Struggling with getting the CtF ready with Jahanzaib, the other guy with whom I design and implement the CtF, I let the talk pass. The Information Technology minister had been invited to the convention, but, he turned out to be a major pain. The inauguration ceremony was thus postponed until an hour or two later when, not the minister, but his personal secretary showed up. The personal secretary to the IT minister mauled the audience, who clearly did not seem interested, with a nearly half an hour long speech, three quarters of which focused on the recent earthquake incident. With my head drooped into my clasped hands, I gathered up enough patience to listen through the speech.

Later on in the day, Jamil Villiani, a Security Program Manager in Microsoft’s Secure Windows Initiative (SWI) team, spoke on “Secure Development Lifecycle”. I doubt the amp or the microphone was suffering from any technical problem, but Mr Villiani spoke in a very low, somewhat inaudible tone. I thought I had heard him chatting at a high tone with Ben earlier. Nah! Next up was Ben from eEye Digital Security, whose talk was titled “Beyond NX: An Attackers guide to anti-exploitation technology for Windows”. With a native Australian accent, Ben managed to present a deeply technical talk in an interesting fashion, keeping the audience awake and focused on what was going on. During the Q/A session with Ben, I put up a question which convinced him to throw a t-shirt at me, and he would have, if only I had not been wearing a “Hacker” t-shirt myself. The t-shirt went off to someone else in the audience. Tough luck, eh!

Jawad Sarwana, an Advocate of the High Court of Sindh and Senior Associate with Abraham & Sarwana, mused on “Identifying Cyber Crime”. Amidst his talk, the IT minister appeared from no-where and demanded that an announcement of his arrival be made. Despite attempts to explain to him that a talk was already in motion, someone went up the stage, regretfully interrupted the ongoing talk and made an announcement. Sigh! It was relieving to see that the minister at least had the sense and decency to wait till the end of the talk to deliver his speech, which I did not bother to lend an ear to, anyway.

c0ntex, a hobbyist security researcher, pen-tester and exploit developer, had been due to present his talk on “0day: Heap-based Format String Bug in Real-/Helix-players on *nix” on day-2, but, for some reason, his slot was stashed up to the end of day-1. I had not known about that change myself, and was enlightened during a small conversation I had with him. It was his first talk, he wasn’t prepared properly, and was a little nervous. I wished him good luck. In a Scottish accent, he spoke about his discovery of an 0-day bug in Real-/Helix-players on *nix systems. He presented a live demo detailing how to get a root shell by exploting a format string bug in the real-/helix-player on a Debian-based system. I enjoyed the demo more as he played tinkered with gdb to grab offsets and EIP and EBP addresses and demonstrated how he overwrote the EIP to get root on the box. His was the last presentation of the day.

The CtF, meanwhile, had been going on the whole day side-by-side as the talks progressed. It too ended coincidentally with the end of c0ntex’s talk. Only three teams showed up, and the game designed was simple itself, though hard to crack in the sense that one of the system was extremely difficult to break in to both remotely and locally. It was an interesting CtF nonetheless, althought I must say not anywhere so interesting as the one Jahanzaib and I had designed for the GameHack earlier this year in August/September. The team that had had won the CtF at GameHack were proclaimed the winners of the CtF again. Kudos to them!

With that came an end to day-1. I headed home with a friend, took a bath, sat online for a while, and went to bed. Next morning, I did get up early to get ready to leave to attend day-2, but a severe gastric ailment kept me isolated. Unfortunately, I missed out on a couple of great talks on day-2. Now that I think of it, it seems both clear and logical to me that, given the fairly sensitive gastric system I possess, the food I had had multiple times from a small, local cafe outside of Pearl Continental Hotel during the time I stayed at PC was what caused the chain reaction, so to speak. Ah, well! I will prefer to stay hungry next time.

That’s about it. All in all, it was a great security event. It would have been even greater if I had presented a talk myself. Oh, well: there’s always next time. ;-)

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s