.

shmoocon 08 day 3

<<

LSOChris

Post Sun Feb 17, 2008 11:42 pm

shmoocon 08 day 3

alright Day3!

started the morning off right with coffee then off to Valsmith and Danny Quist talking about Malware Software Armoring Circumvention. very cool stuff and, for me, in that sit in a talk about things you dont know what much about. the offensive-computing.net guys built a tool (saffron) that can basically kick all these packer's asses and can allow you to unpack all different kinds of binaries that have been packed with different tools so you can disassemble them and do malware analysis.

Their slides and code are already up:
http://www.offensivecomputing.net/?q=node/637

keeping with the theme of stuff i that was above my skill level, next up was Vulncatcher: Fun with Vtrace and Programmatic Debugging by atlas. very cool talk on using some programmatic debugging to find vulnerabilities in different types of code and different types of data structures.
You can check out atlas' site for more info: http://atlas.r4780y.com/cgi-bin/atlas

He was also nice enough to do an interview with LSO after DEFCON:
http://www.learnsecurityonline.com/inde ... &Itemid=46

Last up was dre and marcin from TS/SCI Security talking about Path X: Explosive Security Testing Tools using XPath. From their blog: "In this talk, we’ll discuss how using XPath can aid security testing during unit tests and in the integration phase of the software development lifecycle. By using XPath, it’s easier to share data between both open source and commercial quality testing, source code analysis tools and web application scanners."

http://www.tssci-security.com/archives/ ... y-testing/

After that I had to bug out, get home, and get ready for the week. thanks again to Don for the ticket!
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Mon Feb 18, 2008 10:15 am

Re: shmoocon 08 day 3

No problem. Glad you had a good time.

Thanks for the report. I know how difficult it can be to squeeze all this stuff into a busy work schedule much less write about it, too. And with Black Hat DC just a couple days away, a big thanks goes right back at ya.

Maybe one of these days I can pay you in real money for all you do for EH-Net instead of just throwing tickets and books your way. I know you're not complaining, but I felt it should be said.

Don
CISSP, MCSE, CSTA, Security+ SME

Return to Gates

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software