News Document Title:
====================
Pim Campers and Benjamin Kunz Mejri Speakers @ HITB Malaysia


Release Date:
=============
2011-08-08


Laboratory Article:
===================
Speakers: Benjamin Kunz Mejri(Germany) and Pim J.F. Campers (Netherlands)

The popular VOIP client Skype has been beaten?! As everyone knows Skype takes security very seriously according to their 
own words: The security of your information is of the utmost concern to us here at Skype and something we take very 
seriously  So we rose up to the challenge and tried to see if we could beat the system filters and/or software out of the box. 
This presentation will offer the first indepth view and analyses of the bugs that where found in skype by the vulnerability-lab.com 
research team (2011).  The presentation will also provide exclusive attack scheme from an attackers point of view 
which were also used for verification.

Buglist:
- Skype 5.3.x 2.2.x 5.2.x – Persistent Cross Site Scripting Vulnerability
- Skype 5.3.x 2.2.x 5.2.x – Persistent Software Vulnerability
- Skype v5.3.x – Transfer Standby Buffer Overflow Vulnerability
- Skype v5.3.x – DLL HIPS Buffer Overflow Vulnerability
- Skype v5.2.x and v5.3.x – Critical Pointer Vulnerability
- Skype v5.3.x v2.2.x v5.2.x – Denial of Service Vulnerability

Attack Schemes:
- Client Side Skype Exploitation (Local and Remote)
- Server Side Exploitation #1 (Local and Remote)
- Server Side Exploitation #2 (Local and Remote)
- Denial of Service Exploitation (Local and Remote)
- Buffer Overflow Exploitation #1 (Local)
- Buffer Overflow Exploitation #2 (Remote)
- Pointer Bug Exploitation (Local and Remote)

Also at the presentation if time lets us. Some videos, crash logs etc for those interested.

About us (Vulnerability Lab Team)

Benjamin Kunz M.(28) is active as a penetration tester and security analyst for private and public security firms, hosting entities, 
banks, isp(telecom) and ips. His specialties are security checks(penetrationtests) on services, software, applications, malware
 analysis, underground economy, military intelligence/cyberwar, reverse engineering, lectures and workshops about IT Security. 
During his work as a penetration tester and vulnerability researcher, many open- or closed source applications, software and 
services were formed more secure. In 1997, Benjamin K.M. founded a non-commercial and independent security research 
group called, Global Evolution – Security Research Group which is still active today.

From 2010 to 2011, Benjamin M. and Pim C. (Research Team) identified over 300 zero day vulnerabilities in well known 
products from companies such as DELL, Barracuda, Mozilla, Kaspersky, McAfee, Google, Cyberoam, Safari, Bitdefender, Asterisk, 
Telecom, PBX and SonicWall. In 2010 he founded the company Evolution Security. After the firm’s establishment arose the 
Vulnerability Lab as the legal european initiative for vulnerability researchers, analysts, penetration testers, and serious hacker 
groups. Ben is also the leader of the Contest + Vulnerability-Lab Research Team. He have a lot of stable references by solved 
events or contests like ePost SecCup, SCS2, EH2008, Har2009, Da-op3n and exclusive zero-day exploitation sessions/releases.

Pim J. F. Campers (24) has worked around five years in the IT Security sector. It began as a hobby, but after high school, he 
decided to expand his experience in the area of IT Security. His specialties are security checks on web applications, server and 
client applications, underground economy, bypass/crack filters or walls and risk/threat analysis. He currently works closely 
with academia and high class software manufacturers and companies.

Pim has joined the Global Evolution Research Team 2007. From 2010 to 2011, Pim J.C. and Benjamin M. (Research Team) identified 
over 300 zero day vulnerabilities in well known products from companies such as DELL, Mozilla, Kaspersky, McAfee, Google, 
Cyberoam, Safari, Bitdefender, Asterisk, Telecom, PBX and SonicWall. In 2010 he founded the company Evolution Security with
 Benjamin K.M.. After the firm’s establishment arose the european Vulnerability Lab as the legal european initiative for vulnerability 
researchers, analysts, penetration testers, and serious hacker groups. Pim is also the co-leader of the european Wargaming + 
Vulnerability-Lab Research Team and have a lot of stable references by solved events or contests like ePost SecCup, SCS2, EH2008, 
Har2009, Da-op3n and exclusive zero-day exploitation sessions/releases.

Conference: http://conference.hitb.org/
Speakers: http://conference.hitb.org/hitbsecconf2011kul/?page_id=24
#1 Sponsor: Microsoft Corporation