Sunday, February 17, 2008

Shmoocon 08 Day 3


alright Day3!

started the morning off right with coffee then off to Valsmith and Danny Quist talking about Malware Software Armoring Circumvention. very cool stuff and, for me, in that sit in a talk about things you dont know what much about. the offensive-computing.net guys built a tool (saffron) that can basically kick all these packer's asses and can allow you to unpack all different kinds of binaries that have been packed with different tools so you can disassemble them and do malware analysis.

Their slides and code are already up:
http://www.offensivecomputing.net/?q=node/637

keeping with the theme of stuff i that was above my skill level, next up was Vulncatcher: Fun with Vtrace and Programmatic Debugging by atlas. very cool talk on using some programmatic debugging to find vulnerabilities in different types of code and different types of data structures.
You can check out atlas' site for more info: http://atlas.r4780y.com/cgi-bin/atlas

He was also nice enough to do an interview with LSO after DEFCON:
http://www.learnsecurityonline.com/index.php?option=com_content&task=view&id=229&Itemid=46

Last up was dre and marcin from TS/SCI Security talking about Path X: Explosive Security Testing Tools using XPath. From their blog: "In this talk, we’ll discuss how using XPath can aid security testing during unit tests and in the integration phase of the software development lifecycle. By using XPath, it’s easier to share data between both open source and commercial quality testing, source code analysis tools and web application scanners."

http://www.tssci-security.com/archives/2008/02/17/path-x-explosive-security-testing/

After that I had to bug out, get home, and get ready for the week. thanks again to Don for the ticket!
CG

No comments: