I was at EUSecwest 2010 last week, to give a talk about binary diffing technology and my tool DarunGrim. The conference went from June 16th to June 17th. We had a fun time sharing our ideas and findings. Here are brief descriptions of the talks that I attended.
Rainbow Tables Reimplemented
Sebastian "naxxatoe" Graf
This talk was about reimplementing traditional rainbow tables in a more efficient way.The speaker has some source code and a table itself to release in the near future.
Having fun with Apple's IOKit
Ilja Van Sprundel, IOActive
The speaker presented some preliminary research on the IOKit from the perspective of the security researcher. It seems as if no one else has investigated this issue thoroughly, and it could be the next gold mine.
Vincent Berg, IOActive
This talk offered both basic and advanced material on auditing the code written in C#. C# is regarded as a generally secure language, but still there are many ways in which it can fail.
Escaping the Sandbox
Stephen Ridley, Matasano
This speaker described many types of sandboxes currently in use on Windows systems. He showed real examples and used debugger output to demonstrate various options that modern sandboxes are capable of providing. He also released a sandbox analysis toolkit called SandKit, which is available here.
DarunGrim - A Tool for Binary Diffing and Automatic Vulnerabilities Pattern Matching
Jeongwook (Matt) Oh
This was actually my presentation. I presented the technology of binary diffing. And, I proposed a new concept of smart binary diffing. I built a system for binary management and introduced a new index value called "security implication score". This score tells you which modification has more security implications. The package that contains all of these improvements will be released in a few weeks.
The presentation material is available here.
Fighting PDF Malware with ExeFilter
Philipe Lagadec, NATO/NC3A
PDF is a hot issue these days. And here's the tool to sanitize all your suspicious PDF files before you open them. This is a great open source project to implement a PDF normalizer that will remove any suspicious objects from the PDF files. The package is available from here.
Defending the Poor - Flash Defense
Joern Bratzkei, Recurity Labs
This presentation was about a project funded by the German government. The project page is here. The cool thing is that this is an open source project. The main functionality is normalization through recreation. It actually understands flash AVM code and rewrites it to be normalized and to be harmless. The only pitfall I'm seeing is that this currently supports only AVM1 code.
Hacking Oracle from Web Apps
Sumit Siddharth, 7Safe
Unfortunately, I was not able to attend all of this presentation. But the demonstration was cool. Using SQL injection, you can basically execute any commands you want on the server.
Location Aware DoS Attacks (how proposed IETF drafts can change the future of DoS)
Keith Myers & Jose Avila, ONZRA
This talk was about abusing EDNS to circumvent location-based DNS reponses. This technique will open a way to find the actual target the attacker is interested in, for DOS attacks.
Milking a horse or executing remote code in modern Java Web frameworks
Meder Kydryraliev, Google
The speaker presented a unique way to own a Java Web framework. By overwriting some internal variables using the Spring Web Framework vulnerability, he could own the Web server and could execute any command he wanted, using the bug. The related vulnerability is published here.
Legic Prime: Obscurity in Depth
Karsten Nohl & Hendryk Plötz, Security Research Labs
This talk was about breaking an RFID smart card called Legic Prime. This card was introduced more than a decade ago and has been known to be very safe against duplication or forgery. But two brilliant researchers cracked the underlying obfuscation logic and could duplicate or make any kind of card they wanted.
Hacking Printers for fun and profit
This talk was about owning printers. Printers could be a critical attack point in the future. There are many potential ways that they can be backdoored and used for collecting valuable information. Even more serious is that nobody seems to be paying attention to protecting printers, even though they can be easily misused. The full presentation file is here.
Ravishankar Borgaonkar & Kevin Redon, Technical University of Berlin
This talk was about exploiting a femtocell device. I had never heard about femotcell before. Basically it's a personal cell tower. You just connect it through broadband, and it will pass through all your cell phone and data traffic. In case you're out of coverage from your cell phone service provider, you can use this device to enable your cell phone to work through Internet connection. The device is supposed to be heavily protected. What the speakers accomplished was jailbreaking and rooting the device. And the device itself tries to gather location information from various sources like IP address and GPS signal. But they could all be circumvented like by using $12 GPS jammer and VPN connection to home network. Basically with the methods they presented, you can use your cellphone anywhere in the world without additional charges. They included some live demos. U.S. wireless service providers have similar devices, and this is a problem that we all need to pay more attention to.
That's it. This conference was unique, and a great experience for me. All subjects gave me something to think about. Thanks to @dragosr and the SecWest staff for inviting me to this great conference.
My next talk will be at Blackhat USA 2010 and Defcon 18, so if you're interested in binary diffing or locating vulnerabilities using static analysis, my talk may help you a lot. The title is "ExploitSpotting: Locating Vulnerabilities Out Of Vendor Patches Automatically".
See you there.