<< Previous Next >>
Reverse engineering
conform to any of the outlined topics below.
Special consideration will be given to papers addressing the following
topics:
* Reverse Engineering
* Protocol Analysis
* Cryptography
* Hardware Hacks
* Anything related to the number 9
- Routing device
- Visualization technique
--- Application security
- Web application vulnerability research
- Application reverse engineering and related automated tools
- Database security & attacks
- Protocol security & exploitation
- Advanced Trojans, worms and backdoor technique
- Encryption & decryption technique
Topics of interest include, but are not limited to:
o Mobile Device Security
o Virtualization, Hypervisor, and Cloud Security
o Malware Analysis
o Reverse Engineering
o Exploitation Techniques
o Rootkit Development
o Code Analysis
o Forensics and Anti-Forensics
o Embedded Device Security
* Data Loss Prevention
* Latest Web Hacking Techniques and Defense
* Hacking & Defense of virtual environments
* Cloud Security
* Fuzzing and vulnerability discovery
* Reverse Engineering - Malware & Botnet Analysis
Deadline
===============================================
* CFP dead line: January 31th, 2011
FRIDAY - 75 minute talks
James O'Gorman & Matthew Churchill - Digital Forensics - Footsteps in the Snow
Travis Goodspeed - Repurposing the TI EZ430 Development Tool
Ryan Sherstobitoff - The Evolution of Cyber Crime
Jared DeMott - AppSec A-Z: Reverse Engineering, Source Code Auditing, Fuzzing, and Exploitation
[*] WORKSHOP & SEMINAR
Pre-Registration: $1700
- Virtualization
- New bug digging
--- Application security
- Web application vulnerability research
- Application reverse engineering and related automated tools
- Database security & attacks
- Protocol security & exploitation
- Advanced Trojans, worms and backdoor technique
- Encryption & decryption technique
- Routing device
> - Routing device
> - Visualization technique
>
> --- Application security
> - Web application vulnerability research
> - Application reverse engineering and related automated tools
> - Database security & attacks
> - Protocol security & exploitation
> - Advanced Trojans, worms and backdoor technique
> - Encryption & decryption technique
>
*NEW* - Penetrating the Epoxy Curtain: Hands-On Silicon Hacking
Instructors: Bunnie & Christopher Tarnovsky
Availability: 9 seats left
I'm really excited about this workshop. It'll involve dissecting a
stored value smart card die and reverse engineering the transistors to
determine what the different parts of the chip do and by the end of
the course be able to circumvent some of the card's hardware access
controls. We're gearing this workshop towards software reverse
engineerers that want to learn more about how the hardware ticks and
get a better understanding for how things are implemented at the even
- Net Neutrality and Censorship
- Copyright
- Exploitation Techniques
- Video Game Culture and Art
- Cryptography and Cryptoanalysis
- Reverse Engineering
- Forensics and Anti-Forensics
- Web Security
- Electronic Music and Literature
- Retrocomputing
- Economical Systems - think about collapsing financial markets and
Topics of interest include, but are not limited to:
* Mobile Device Security
* Virtualisation, Hypervisor and Cloud Security
* Malware Analysis
* Reverse Engineering
* Exploitation Techniques
* Rootkit Development
* Code Analysis
* Forensics and Anti-Forensics
* Embedded Device Security
- VoIP Security
- Wireless Security
- Exploitation
- IPv6 Security
- Attack and Defense Techniques
- Reverse Engineering
- Application Security, Testing, Fuzzing
- Code Auditing
- Virtualization Security
- Malicious Code
- Databases Security
Topics of interest include, but are not limited to:
o Mobile Device Security
o Virtualization, Hypervisor, and Cloud Security
o Malware Analysis
o Reverse Engineering
o Exploitation Techniques
o Rootkit Development
o Code Analysis
o Forensics and Anti-Forensics
o Embedded Device Security
Checkmarx Research Lab presents a novel way to protect .NET assemblies
against reverse-engineering and recompilation. By injecting them with
commands that are activated only at the recompilation stage, the application
retroactively detects the reverse-engineering process and acts upon it.
For further reading:
http://checkmarx.com/NewsDetails.aspx?id=18&cat=3
Maty Siman, CISSP
www.checkmarx.com
disclosure policies should be respected. But you did manage to get some
nice press in CNET, huh?
By the way, I'm sure you actually executed code as POC rather than just
assuming that you could based on the calls you identified by reverse
engineering the binaries, right? I guess I'm also curious how you are
classifying this as "remotely exploitable" when what you describe in
your "detailed description" sounds more like you would have to get a
victim to go to your evil web site first or download your coffee
"recipe" somehow and feed them to the coffee maker, right? Or is the
maker actually listening for connections and the assumption is that
+ The early registration for the conference is now open.
+ We are offering three training courses this year.
-Advanced Reverse Engineering by Nicolas Brulez
-Binary vulnerabilities and Exploit Writing by Gerardo 'gera' Richarte
-Binary Literacy: Static Reverse Engineering by Rolf Rolles
check http://recon.cx/2008/training.html for more details
Suggested topics for submission of papers are listed below (but not limited to):
• Cyber Warfare
• Information Assurance
• Security Data Collection and Analysis
• Internet-based Terrorism and Espionage
• Reverse Engineering of Viruses and Worms
• Security Policy Implementation & Compliance
• Botnet Detection and Prevention
• Information Security Risk Management
• Economics of Information Security
• Computer & Network Forensics
The Security Masters Dojo courses available at PacSec in Tokyo
on November 27/28 2007 have been updated. The final list is:
Ultimate Web Hacking - Yeng-Min Chen (Japanese)
Reverse Engineering - Yuji Ukai (Japanese)
The Exploit Laboratory - Saumil Shah (English)
Advanced Honeypot Tactics - Thorsten Holz (English)
Advanced Linux Hardening - Andrea Barisani (English)
Bugfinding with the Immunity Debugger - Nicolas Waisman & Kostya
Kortchinski (English)
*NEW* - Penetrating the Epoxy Curtain: Hands-On Silicon Hacking
Instructors: Bunnie & Christopher Tarnovsky
Availability: 9 seats left
I'm really excited about this workshop. It'll involve dissecting a
stored value smart card die and reverse engineering the transistors to
determine what the different parts of the chip do and by the end of
the course be able to circumvent some of the card's hardware access
controls. We're gearing this workshop towards software reverse
engineerers that want to learn more about how the hardware ticks and
get a better understanding for how things are implemented at the even
Other Attacks
-------------
Note that this advisory is only about the insecure use of
the RC4 stream cipher, not about the fact that reverse
engineering is possible. Of course, utilities like LSrunasE
and Supercrypt cannot be secure against reverse engineering;
it will always be possible to reverse engineer the algorithm
and find the key within the binary.
However, encrypted passwords should not be very easily
http://www.vupen.com/english/services/ba-index.php
VUPEN Binary Analysis & Exploits Service provides private exploits and
in-depth technical analysis of the most significant public vulnerabilities
based on disassembly, reverse engineering, protocol analysis, and code
audit.
The service allows governments and major corporations to evaluate risks, and
protect infrastructures and assets against new threats. The service also
allows security vendors (IPS, IDS, AntiVirus) to supplement their internal
* Web application security
* Techniques for development of secure software and systems
* Hardware hacking, embedded systems and other electronic devices
* Mobile devices exploitation, Symbian, P2K and bluetooth technologies
* Analysis of virus, worms and all sorts of malwares
* Reverse engineering
* Rootkits
* Security in Wi-Fi and VoIP environments
* Information about smartcard and RFID security and similars
* Technical approach to alternative operating systems
* Denial of service attacks and/or countermeasures
http://www.vupen.com/english/services/ba-index.php
VUPEN Binary Analysis & Exploits Service provides private exploits and
in-depth technical analysis of the most significant public vulnerabilities
based on disassembly, reverse engineering, protocol analysis, and code
audit.
The service allows governments and major corporations to evaluate risks, and
protect infrastructures and assets against new threats. The service also
allows security vendors (IPS, IDS, AntiVirus) to supplement their internal
by Deviant Ollam (TOOOL)
SAP Security In-Depth, by Mariano Nuez di Croce (Onapsis)
Web Testing & Exploiting Workshop, by Andrs Riancho & Nahuel Grisola (Bonsai)
Cracking WIFI for real by Cedric Blancher (EADS)
Hacking y Seguridad en VOIP by Giovanni Cruz Forero (BASE4)
Modern Malware Reverse Engineering by Joan Calvet (ESET)
Introduction to Cracking y Anti-Cracking by Ariel Coronel, Ricardo
Narvaja & Nahuel Riva (CORE)
For more detailed information: http://www.ekoparty.org/eng/trainings.php
http://www.vupen.com/english/services/ba-index.php
VUPEN Binary Analysis & Exploits Service provides private exploits and
in-depth technical analysis of the most significant public vulnerabilities
based on disassembly, reverse engineering, protocol analysis, and code
audit.
The service allows governments and major corporations to evaluate risks, and
protect infrastructures and assets against new threats. The service also
allows security vendors (IPS, IDS, AntiVirus) to supplement their internal
Eleytt - Company Information
============================
Eleytt Corporation is specialized in penetration testing, vulnerability
development, advanced reverse engineering and exploitation techniques.
Eleytt provides various security-related services: risk assessment,
security policy, security assurance, incident management, web
application security testing, continuous security assurance programs.
http://www.vupen.com/english/services/ba-index.php
VUPEN Binary Analysis & Exploits Service provides private exploits and
in-depth technical analysis of the most significant public vulnerabilities
based on disassembly, reverse engineering, protocol analysis, and code
audit.
The service allows governments and major corporations to evaluate risks, and
protect infrastructures and assets against new threats. The service also
allows security vendors (IPS, IDS, AntiVirus) to supplement their internal
Eleytt - Company Information
============================
Eleytt Corporation is specialized in penetration testing, vulnerability
development, advanced reverse engineering and exploitation techniques.
Eleytt provides various security-related services: risk assessment,
security policy, security assurance, incident management, web
application security testing, continuous security assurance programs.
Eleytt provides security audits for financial institutions and e-commerce.
Eleytt provides an in-depth security analysis - experienced security
http://www.vupen.com/english/services/ba-index.php
VUPEN Binary Analysis & Exploits Service provides private exploits and
in-depth technical analysis of the most significant public vulnerabilities
based on disassembly, reverse engineering, protocol analysis, and code
audit.
The service allows governments and major corporations to evaluate risks, and
protect infrastructures and assets against new threats. The service also
allows security vendors (IPS, IDS, AntiVirus) to supplement their internal
Long time no talk. If you will recall, a while back I was the CTO at
NETSEC and arranged funding and donations for the OpenBSD Crypto
Framework. At that same time I also did some consulting for the FBI,
for their GSA Technical Support Center, which was a cryptologic
reverse engineering project aimed at backdooring and implementing key
escrow mechanisms for smart card and other hardware-based computing
technologies.
My NDA with the FBI has recently expired, and I wanted to make you
aware of the fact that the FBI implemented a number of backdoors and
Defending a Social Network - Alex Rice, Facebook
Museum of API Obfuscation on Win32 - Masaki Suenaga, Symantec
!exploitable and Effective Fuzzing Strategies as a Regular Part of Test - Jason Shirk, Microsoft
Analyzing Word and Excel Document Encryption - Eric Filiol, ESIEA - Operational cryptology and Virology Lab
English Dojo: Auditing Java Security, Marc Schoenefeld
Japanese Dojo: Assembler Programming and Reverse Engineering Malware, Yuji Ukai, fourteenforty
Pacsec will be held on November 4 and 5th, in Aoyama, Tokyo.
CanSecWest 2010 CALL FOR PAPERS
<<Previous Next>>
|
