Marshall Beddoe and Chris Abad The Siphon Project

Channel:
United States All Hacking Cons
Subscribers:
5,970
Published on ● Video Link: https://www.youtube.com/watch?v=VW9XCv0mvL4


Duration: 1:09:27
1 views
0

HalVar Flake - Reverse Engineer, Black Hat.
Hit them where it hurts: Finding holes in COTS software

Application security is crucial in any modern networked environment. While many security architectures can survive a single critical service "developing" a major security vulnerability few will survive the seperate "development" of several vulnerabilities
for several critical systems at once.

While everybody knows that commercial-off-the-shelf (COTS) software is usually full of bugs, few researchers outside of government organizations actually analyze the disassembly of COTS software for common programming mistakes such as buffer overruns and format string vulnerabilities. This speech will introduce you to the topic of analyzing COTS software for (in)security.

An overview over various problematic C/C++ coding mistakes will be given with specific detail on how these mistakes translate to the underlying assembly language (specifically IA32/x86 assembly). After the audience is familiar with spotting these mistakes, the focus of the speech will shift towards automating the boring and repetitive task when auditing COTS software -- programs which automatically find suspicious constructs in the binaries will be explained & demonstrated.

The last focus of the presentation will be a demonstration of how the techniques discussed would be applied to a major networking infrastructure product such as a commercial and widely used firewall.

HalVar Flake is BlackHat's new resident reverse engineer. Originating in the fields of copy protection and digital rights management, he gravitated more and more towards network securityover time as he realized that constructive copy protection is more or less fighting windmills. After writing his first few exploits he was hooked and realized that reverse engineering experience is a very handy asset when dealing with COTS software. With extensive experience in reverse engineering, network security, penetration testing and exploit development he recently joined BlackHat as their main reverse engineer.

Black Hat - USA - 2001 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2021-12-25Simple Nomad and Todd Sabin The RAZOR Warez
2021-12-25Richard Thieme Defending the Information Web New Ways of Thinking About Security
2021-12-25Last Stage Of Delirium Research Group UNIX Assembly Codes Development for Vulnerabilities
2021-12-25Steven Christey CVE Behind the Scenes The Complexity of Being Simple
2021-12-25Andrew van der Stock Alternatives to Honeypots
2021-12-25Robert Hansen htaccess Scripts in Apache Environments
2021-12-25Mandy Andress Wireless LAN Security
2021-12-25Thomas Olofsson Building a Blind IP Spoofed Portscanning Tool
2021-12-25Brian Martin and B K DeLong Lessons Learned From attrition org
2021-12-25Halvar Flake Hit Them Where It Hurts Finding Holes in COTS Software Part 2
2021-12-25Marshall Beddoe and Chris Abad The Siphon Project
2021-12-25Tim Newsham Cracking WEP Keys
2021-12-25Ian Goldberg Breaking 80211 WEP
2021-12-25Bruce Schneier Paradigms Lost Engineering vs Risk Management
2021-12-25Martin Roesch Snort
2021-12-25Chad R Skipper Polymorphism and Intrusion Detection Systems
2021-12-25Chip Andrews SQL Security Revisited
2021-12-25James Bamford Researching Secrets Part II
2021-12-25Mike Beekey ARP Vulnerabilities Indefensible Local Network Attacks
2021-12-25Jay Beale Attacking and Defending BIND DJBDNS DNS Servers
2021-12-25Cory Scott Systems Management in an Untrusted Network


Tags:
security
computer
cyber
internet
technology
hacking
attack
digital
virus
information
hack
online
crime
password
code
web
thief
protection
network
scam
fraud
secure
identity
criminal
phishing
software
safety
theft
system
firewall
communication
business
privacy
binary
account
spy
programmer
program
spyware
hacked
hacking conference
conference
learn
how to
2022
2021
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
Marshall Beddoe
Chris Abad