EH-Net

Columns => Gates => Topic started by: ChrisG on February 17, 2008, 10:42:22 PM


Title: shmoocon 08 day 3
Post by: ChrisG on February 17, 2008, 10:42:22 PM
alright Day3!

started the morning off right with coffee then off to Valsmith and Danny Quist talking about Malware Software Armoring Circumvention. very cool stuff and, for me, in that sit in a talk about things you dont know what much about. the offensive-computing.net guys built a tool (saffron) that can basically kick all these packer's asses and can allow you to unpack all different kinds of binaries that have been packed with different tools so you can disassemble them and do malware analysis.

Their slides and code are already up:
http://www.offensivecomputing.net/?q=node/637

keeping with the theme of stuff i that was above my skill level, next up was Vulncatcher: Fun with Vtrace and Programmatic Debugging by atlas. very cool talk on using some programmatic debugging to find vulnerabilities in different types of code and different types of data structures.
You can check out atlas' site for more info: http://atlas.r4780y.com/cgi-bin/atlas

He was also nice enough to do an interview with LSO after DEFCON:
http://www.learnsecurityonline.com/index.php?option=com_content&task=view&id=229&Itemid=46

Last up was dre and marcin from TS/SCI Security talking about Path X: Explosive Security Testing Tools using XPath. From their blog: "In this talk, we’ll discuss how using XPath can aid security testing during unit tests and in the integration phase of the software development lifecycle. By using XPath, it’s easier to share data between both open source and commercial quality testing, source code analysis tools and web application scanners."

http://www.tssci-security.com/archives/2008/02/17/path-x-explosive-security-testing/

After that I had to bug out, get home, and get ready for the week. thanks again to Don for the ticket!

Title: Re: shmoocon 08 day 3
Post by: don on February 18, 2008, 09:15:03 AM
No problem. Glad you had a good time.

Thanks for the report. I know how difficult it can be to squeeze all this stuff into a busy work schedule much less write about it, too. And with Black Hat DC just a couple days away, a big thanks goes right back at ya.

Maybe one of these days I can pay you in real money for all you do for EH-Net instead of just throwing tickets and books your way. I know you're not complaining, but I felt it should be said.

Don



Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com