News Document Title:
====================
Speaker accepted after Call for Paper for Defcon 20 in Las Vegas


Release Date:
=============
2012-05-30


Laboratory Article:
===================
The Speaker and Researcher Benjamin Kunz Mejri has been accepted after the call for paper of the Defcon 20 (2012) in Las Vegas.
After Ben was in 2008 in Las Vegas he decided this year to try a call for paper with the following track ...


Track: 		Skype VoIP Software Vulnerabilities: Advanced 0Day Exploitation
Speaker:	Benjamin Kunz Mejri Administration (Founder), Vulnerability-Lab

This presentation will offer the advanced, in-depth view and analysis of the 0day vulnerabilities found in Skype by the 
vulnerability-lab research team in 2011/12. The presentation will provide new exclusive attack schemes from an attacker's and 
victim's point of view, which were also used for verification of our findings. The presentation impacts code reviews, technical 
details of different own discovered vulnerabilities, an exploitation video demonstration, and verification pictures as review.

- Attack Schemes (8)
-- Client Side Attack Scheme (Skype API Service Vulnerability)
-- Server-Side Attack Scheme #1 (Skype 5.3.x 2.2.x 5.2.x - Persistent Profile Vulnerability #1)
-- Server-Side Attack Scheme #2 (Skype 5.3.x 2.2.x 5.2.x - Persistent Software Vulnerability)
-- Server-Side Attack Scheme #3 (Skype 5.8x 5.5x - Corruption and Persistent Vulnerability)
-- Denial of Service Attack Scheme #1 (Skype v5.3.x v2.2.x v5.2.x - Denial of Service Vulnerability)
-- Pointer Corruption Attack Scheme (Skype 2.8.x and 5.3.x - Memory Corruption Vulnerability)
-- Memory Corruption Attack Scheme #1 (Skype v5.6.59.x - Memory Corruption Vulnerability)
-- Memory Corruption Attack Scheme #2 (Skype v5.6.59.x - Memory Corruption Vulnerability)
-- Buffer Overflow Attack Scheme #1 (Transfer Buffer Overflow Vulnerability x64)
-- Web Service and API Attack Scheme (API Validation Service Vulnerability)

Combined with the new attack scheme(s) he will also provide the 0day vulnerabilities with background on his own created maps ...

- Advisories (8) (Full Technical Details and PoC)
-- Skype 5.3.x 2.2.x 5.2.x - Persistent Profile Vulnerability #1
-- Skype v5.3.x v2.2.x v5.2.x - Denial of Service Vulnerability
-- Skype 5.3.x 2.2.x 5.2.x - Persistent Software Vulnerability
-- Skype 2.8.x and 5.3.x - Memory Corruption Vulnerability
-- Skype v5.3.x - Transfer Buffer Overflow Vulnerability x64
-- Skype v5.6.59.x - Memory Corruption Vulnerability
-- Skype 5.8x 5.5x - Corruption and Persistent Vulnerability
-- Skype API - Persistent Service Vulnerability

In his presentation Benjamin Kunz Mejri (28) will also talk about the cooperation between Skype security, Microsoft as new company 
owner and independent vulnerability researchers. The complete content is free downloadable and can be reviewed by visitors during 
the talk. In his talk he will also explain how to trace user ip address with different techniques out of the software context.

- Tracing with Bugs and Software Configuration Mistakes
-- Tracing via protocol configuration mistakes
-- Tracing via Persistent Threats

A PDF with all details will be available during the presentation.

- Skype Software Vulnerabilities - 0 Day Exploitation 2011/2012
-- (PDF: Downloadable - Impatcs: Review, Poc, Technical details and Co. ...)

All provided vulnerabilities have been verified by the Skype security team. The talk perspective is changing between the researcher, 
penetration tester, victim, and software developer. This makes the talk very attractive to different kind of developers, researchers, 
analysts, exploiters or penetration testers.


Speaker Information:
Benjamin Kunz Mejri (28) is active as a penetration tester and security analyst for private and public security firms, hosting 
entities, banks, isp(telecom) and ips. His specialties are security checks(penetration tests) on services, software, applications, 
malware analysis, underground economy, government protection or cyberwar analysis, reverse engineering, lectures or presentations and 
workshops about IT Security. During his work as a penetration tester and vulnerability researcher, many open- or closed source 
applications, software and services were formed more secure. In 1997, Benjamin K.M. founded a non-commercial and independent security 
research group called, "Global Evolution - Security Research Group" which is still active today.

From 2010 to 2011, Benjamin M. and Pim C. (Research Team) identified over 300 zero day vulnerabilities in well known products from 
companies such as DELL, Barracuda, Mozilla, Kaspersky, McAfee, Google, Fortigate, Opera, Cyberoam, Safari, Endian, Skype, Asterisk, Astaro, 
PBX, SonicWall. In 2010 he founded the company "Evolution Security". After the firm's establishment arose the Vulnerability Lab as 
the legal european initiative for vulnerability researchers, analysts, penetration testers, and serious hacker groups. Ben is also the 
leader of the Contest + VLab Research Team. He have a lot of stable references by solved events, interviews or contests/wargames like 
ePost SecCup, SCS2, 27c3, EH2008, Har2009, Da-op3n andamp; he provids exclusive zero-day exploitation sessions/releases.

Team Website:			http://www.vulnerability-lab.com/team.php

Article Defcon - Speaker Page:	https://www.defcon.org/html/defcon-20/dc-20-speakers.html#Mejri