Make Way for the Sizzling ROOTCON 6 – Hacker Conference

July 10, 2012 by Jay Turla

Information security and hacking conferences or gatherings are awesome events where you can hang out with cool people, a good environment where you can listen to topics related to computer security and security researches, and play challenging games like Capture the Flag (CTF), Hacker Jeopardy, Wireless Cracking and other random stuffs that showcase solutions, products, techniques and critical tips to build and enhance your security practices and skills. And so guys, lemme introduce you to ROOTCON which is another international hacker conference you ought not to miss!

ROOTCON is an annual Hacker Conference and Information Security gathering held in the Philippines and was founded by Dax Labrador a.k.a semprix. It is back again for action with its theme “Cyber Espionage this year”. The conferences aims to share best practices and technologies through talks by qualified speakers and demos of exciting stuff (hacks, tools, tips, disclosures, cyber warfare, cyber espionage, etc). It will be held on September 7-8, 2012 at Cebu Parklane Hotel, Cebu City, Philippines. ROOTCON is open to everyone and that previous participants have included InfoSec personnel, developers, programmers, engineers, hackers, businessmen, students, lawyers, feds, and the like.


ROOTCON comes from the two words “ROOT” (super user on Unix systems) and “CON” (conference). ROOTCON operation started on December 27, 2008 which was registered as DEFCON Group 6332, and carried the name DEFCONPH. The group held two small gatherings under DEFCONPH – known as the BeerTalks.

After the two consecutive gatherings, DEFCON brought up their copyright protection concerns, having observed that the Philippine Hacker and InfoSec group was carrying a name very similar to theirs. DEFCONPH was then renamed PinoyGreyHat, under which one conference was held before the founder finally decided to re brand to a more neutral and conference-friendly name: ROOTCON. The name was officially changed on August 9, 2010. With the same crew and team on board, ROOTCON is still the premier international hacking conference in the Philippines.

The recent ROOTCON 5 Hackers Conference which was last held last September 2011 at Cebu Parklane Hotel, highlighted topics like Information Security, Web Application Attacks, Cyber Warfare, Cyber Crime, Lock picking, Vulnerability Discovery, Wireless Attacks, Reverse Engineering, Malware, Security Tools, Patch Management, Tools 101, and many more. The activities that were organized last year include; Hackista Challenge (CTF), Hacker Jeopardy, WiFi Warrior (WiFi Cracking), Gaming Rigs showcase, beer drinking, after conference parties and many more. Here are some pictures from the previous con:

People from Trend Micro Talks about Zeus Botnet’s History, Configuration and Threats

Some of the speakers and panelists last year

A ROOTCON goon or crew playing Batman: Arkham City

After con party

Activities This Year

And because ROOTCON is a hacker conference, there are lots of amazing and cool stuffs in store for this year’s conference; the pre-con event H4x0r BBQ (on September 6, 2012), the WiFi ShootOut, Hacker Jeopardy, Hackista Challenge (Capture the Flag or CTF), WiFi Warrior, Awesome Talks, and many more to mention. Cool swags, t-shirts, prizes, electronic badges and collectible items will also be given to participants!

Topics and Talks

Here are the tracks for this year’s con with their respective speakers and descriptions:

1. AdverGaming The System by Chris “PaperGhost” Boyd

The speaker for this topic is Christopher “Paperghost” Boyd who is a Senior Threat Researcher for GFI Software, a six time former Microsoft MVP in Consumer Security and former Director of Research for FaceTime Security Labs. He has given talks at RSA, InfoSec Europe and SecTor, and has been thanked by Google for his contributions to responsible disclosure and has been credited with finding the first instance of a rogue web browser installing without permission, the first Twitter DIY Botnet kit and the first rootkit in an IM bundle.

His presentation will look at the history, development and the current state of in game advertising and how it affects you. Game advertising is becoming more visible (and in some cases, more intrusive) in the world of console, PC and mobile gaming. In many cases, disclosure related to what’s happening with your PII is as bad (if not worse) than the poor practices of the Adware industry prior to clean ups brought about by the FTC and the NYAG.

2. Keynote ++ Cyber Espionage – How to sell a country by Morris Fedeli

This presentation is about Cyber Espionage which according to Morris Fedeli “has emerged as a major force in our information age. Traveling at the speed of light fortunes are made and destroyed, companies skyrocket to success while others quietly disappear. Governments on an all media blitz need to reassure its people that it is still in control.

The art of Cyber Espionage practiced by a few is becoming a major tool in the modern world to gain advantage over corporate competitors and even between countries. BEWARE, we are all a target!” Morris Fedeli is a Key Note Speaker, TV/Radio Show Presenter, Business Trainer, eBusiness/ICT Consultant, Project Manager, Publisher, Expert Witness and University Lecturer. A qualified computer professional, lay magistrate, computer systems engineer and trainer, he holds several qualifications including an MBA in Technology Management/Information Technology from Deakin University.

3. Crypto and PKI – Weapons For Mass Liberation by Lawrence Hughes

Lawrence Hughes will talk about the end-to-end nature of IPv6 which according to him will make it essentially impossible for the government to monitor or control the flow of information – combined with crypto that’s a Weapon of Mass Liberation. A tool that should be in everyone’s personal arsenal.

Mr. Hughes founded InfoWeapons Corporation to create high quality, simple-to-use, end-user tools as a response to the general lack of secure communication and IPv6 Ready tools currently available. He has authored the book “Internet E-mail: Protocols, Standards and Implementations”, having been heavily involved with Internet e-mail security for many years. His book is still one of the leading books on E-mail.

Prior to founding InfoWeapons, he was the co-founder (along with Jay Chaudhry) and initial CTO of CipherTrust in the US. CipherTrust is the maker of the IronMail™ Hardened E-mail Proxy appliance. Before that, he was a Senior Security Consultant at VeriSign where he created and taught their certification courseware internationally. All throughout his career, he has been constantly creating products and courseware in the areas of cryptography, digital signatures, digital envelopes, digital certificates, Public Key Infrastructure (PKI), secure transport protocols and secure E-mail, as well as hardened security appliances to protect digital communication.

4. Espionage in Cybertopia: A Government’s Tale by Sven “Zedian” Herpig

The presentation of zedian or z_edian will deal with espionage done to the public sector by various of different actors. It will therefore map the stakeholders in cyber espionage, incentives, threat levels, tools as well as damage and an illustration by using examples such as Ghostnet.Some of these threats are transferable to the private sector even though denial-of-service and cyber vandalism still prevails in this sector.For the InfoSec community it shall show which sectors have to be improved in and give an analysis of why and what is going on – on what can be the outcome – of cyber espionage which is a hot topic already today.

Sven is a friend of mine and my fellow blogger at the ProjectX Blog – Information Security Redefined. He is an advocate for a free cyberspace without state-shackles. z_edian lectured and researches in the field of international relations and information and communication technologies. He authored ‘Life and War in Cyberspace’ which has been published in January 2012. He is also a Ph.D Student in the field of ‘Strategic Implications of Cyber Warfare for the Nation-State’.

5. A Brief View In Prioritizing Website Security + Demo by Nitrob

This presentation will be handled by a teenage home brewed PHP application developer named n1tr0b and who is also the behind the Xiumi Framework. He is also a former leader of a hacking group in the Philippines and writes for the ProjectX Blog – Information Security Redefined.

The presentation is about the importance of prioritizing website security in different points of views. It provides “the audience enough information about the damages of exploitation of a website and how to put an end to it. Also a short security code work for the following attacks:

XSS ( Cross Site Scripting )

LFI / RFI ( Local File Inclusion / Remote File Inclusion )

SQLi (SQL Injection)

CSRF ( Cross Site Request Forgery)

RCE ( Remote Code Exploitation )

6. Introduction to Web Dojo and Backdoor Shells + Demo by shipcode (Jay Turla)

This is my presentation which will is an introduction about two free and open source vulnerable web applications used for practicing your Web Fu skills like sql injection, cross site scripting, html injection, javascript injection, click jacking, local file inclusion, authentication bypass methods, remote code execution and many more. Below are the demos that will be presented for attacking these two web applications:

1. Authentication Bypass Method with Simple SQL Injection

2. Manual SQL Injection

3. Dumping like a boss with SQLMap

4. Local File Inclusion 101

5. Command Execution plus IRC bot backdoor effect

A presentation about backdoor shells will also be introduced and inserted.

Don’t worry guys, I will share my presentation here in Infosec Institute after I’m done presenting this topic in the conference. 🙂

7. Mac Binary Analysis: A Sn3ak Peak by Christopher Daniel So

In this presentation, techniques of code analysis of Mac binaries for reverse engineers and additional background information will be presented by Christopher Daniel So who is a Threat Analyst in Trend Micro’s Analysis Team, Core-Tech Department.

8. SOUL System by Joshua Lat

This is a talk about the “SOUL System: Secure Online USB Login System” which won first place in the recent Kaspersky Student Conference International Cup 2012 held last May 11 to 13 at the Delft University of Technology in The Netherlands and in the Kaspersky Student Conference (Asia Pacific & MEA Cup 2012) at the City University of Hong Kong.

9. Surviving at ROOTCON (ROOTCON 101) by Encrypted

This topic will be presented by one of the ROOTCON goons named Encrypted. The presentation will deal on how to survive at ROOTCON as CON-Goers. How ROOTCON was planned, how to contribute, how to be ub3rAw4s()me during the CON.

Encrypted will also discuss about the day mechanics of the activities, such as Hackista Challenge, WiFi Warrior etc…etc….

10. Randomized or Obfuscated Text Detection by Reginald Wong

Recent malwares have been using obfuscation techniques to hide its code from Antivirus software. Making use of emulation is very effective but would probably result in a slow performing machine especially when your valid apps are getting scanned from malwares. Thus, before a full emulation can be done, a static detection can help minimize this slow performance. Detecting the existence of obfuscated text segregates valid applications from malwares. This topic shows different methods on how to determine if a certain text is rather randomized. Reginald Wong who is the head of the heuristics team at GFI Software Philippines will help you detect malwares before they get in to your system.

11. Virtualization, A New Risk by Tikbalang

The topic about the advent of virtualization will be discussed by Tikbalang who is a ROOTCON goon, ISO27001 Probationary Auditor, Certified Ethical Hacker, MCSE, and MCSA. Benefits:

1. Lower number of physical servers – helps reduce hardware maintenance costs because of a lower number of physical servers.

2. By implementing a server consolidation strategy – helps increase the space utilization efficiency in data center.

3. By having each application within its own “virtual server” – helps prevent one application from impacting another application when upgrades or changes are made.

4. Develop a standard virtual server build that can be easily duplicated which will speed up server deployment.

5. Deploy multiple operating system technologies on a single hardware platform (i.e. Windows Server 2003, Linux, Windows 2000, etc).

12. Vulnerability assessment of commonly available personal safety boxes in the Philippines + Demo by Jolly Mongrel

The lock picking ninja of ROOTCON who goes by the handle Jolly Mongrel is back again. If you were able to attend ROOTCON 6, then you should remember him for his demos on common lock mechanisms, bypassing common padlocks and lock-picking a handcuff by just using a paperclip.. This time he will deal about the problems of personal safety boxes which stems from fundamental errors that could have been remedied at design conceptualization level. Moreover, lack of quality testing (adversarial pen-testing) and skewed functional priorities resulted in some boxes that could be opened surreptitiously; hence, compromise of its contents and further privilege escalation is possible beyond awareness. This presentation is done for research and consumer awareness purposes only.

13. Taking Down a Botnet – The Story Behind Rove Digital’s Takedown by Ryan Flores

Last November 2011, the FBI has publicly announced the takedown and arrest of a cybercrime gang operating in Estonia. This presentation gives details on how Trend Micro was able to help the FBI in the take down and arrest, while also giving insight on the time span, scale and complexity of an operation of this nature.

The speaker of this topic is a Research Manager for APAC and has has over 9 years of experience in computer security specializing in malware analysis, reverse engineering and various honeypot and detection technologies.


Posted: July 10, 2012
Jay Turla
View Profile

Jay Turla is a security consultant. He is interested in Linux, OpenVMS, penetration testing, tools development and vulnerability assessment. He is one of the goons of ROOTCON (Philippine Hackers Conference). You can follow his tweets @shipcod3.