Slide 1
Slide 1
Slide 1
Slide 1
Slide 1
Slide 1

PRESENTATION MATERIALS

PHOTOS / VIDEOS

Official conference photos and HD videos will be made available in the next 2-3 weeks. Please follow @hitbsecconf on Twitter for links or join our Facebook Group

Alex Bazhanyuk (Reverse Engineer, CISS) & Nikita Tarakanov (Reverse Engineer, CISS)

PRESENTATION TITLE:   Automatically Searching for Vulnerabilities: How to Use Taint Analysis to Find Security Bugs

PRESENTATION ABSTRACT:

In this presentation, we will discuss The System of Automatic Searching for Vulnerabilities (SASV).

We will show how to use SASV and how to find vulnerabilities in fully automatic mode. We will demonstrate automatic process of finding security bugs in the kernel drivers of the Windows Operating System and describe in depth the key mechanisms of SASV.

The SASV framework was developed based on the integration of IDA Pro and BitBlaze. The key mechanism of SASV is to implement taint propagation algorithm. We will talk about some real life examples, and some advanced algorithms, like: static taint analysis.

ABOUT ALEX BAZHANYUK

I take part in the BitBlaze project: http://bitblaze.cs.berkeley.edu/ and work as a reverse engineering in CISS (Center of Innovative Security Solutions) http://cisscompany.com/ My responsibilities include development fuzzing R0 (syscall,ioctl), R3 (browsers, office suites, Flash) and binary analysis. You can follow me on Twitter @ABazhanyuk

ABOUT NIKITA TARAKANOV

Nikita has worked as a security researcher in Positive Technologies, Vupen Security and CISS. He is the author of some materials about kernel vulnerabilities and exploitation in kernel land and currently, does vulnerability research relating to the problem surrounding the automatic searching of vulnerabilities.

Okura Hotel Amsterdam
Ferdinand Bolstraat 333, 1072 LH Amsterdam,
The Netherlands

1-Day Intensive Training Sessions – 21st of May / 0900 – 1800

 

SPECIAL OPS 1  - WIRELESS SECURITY KUNGF00

SPECIAL OPS 2  – THE ART OF EXPLOITING SQL INJECTION FLAWS

SPECIAL OPS 3 – MOBILE APPLICATION HACKING – ATTACK & DEFENSE



2-Day Hands on Training Sessions – 22nd – 23rd of May / 0900 – 1800

TECH TRAINING 1  – HUNTING WEB ATTACKERS

TECH TRAINING 2  – ADVANCED LINUX EXPLOITATION METHODS

TECH TRAINING 3  - ADVANCED APPLICATION HACKING – ATTACKS, EXPLOITS & DEFENSE

 

 



3-Day Hands on Training Sessions – 21st, 22nd & 23rd of May / 0900 – 1800

TECH TRAINING 4  – THE EXPLOIT LABORATORY: ADVANCED EDITION




QUAD TRACK CONFERENCE – 24th & 25th of May / 0900 – 1800

Featuring keynotes by BRUCE SCHNEIER and ANDY ELLIS



EVENT ORGANIZER

LOCAL PARTNER

PLATINUM SPONSORS

GOLD SPONSORS

TITANIUM SPONSOR (POST CONFERENCE RECEPTION + SPEAKER RECEPTION)

SILVER SPONSOR

HACKWEEKDAY SPONSOR

ALCO_PWN SPONSOR (POST CONFERENCE RECEPTION)

HITB LAB / SIGINT SPONSOR

NETWORK SPONSORS AND UPLINK

ADDITIONAL SUPPORT BY

SUPPORTING MEDIA

FRIENDS OF HITB

Copyright © 2012 Hack In The Box | http://www.hackinthebox.org

( / 10 )