Confidence - (19-20.11 2009 Warszawa)
Język: polski | english


Moti Joseph

Temat: Microsoft patches little sister but forgets big brother

Język: angielski

Bio:
Moti Joseph has been involved in computer security since 2000. For the past 7 years, he has been working on reverse engineering exploit code and developing security products. He is currently a Senior Security Researcher with Websense Security Labs.

 

Abstrakt:
This presentation introduces methods used by hackers/attackers to hunt vulnerabilities in Microsoft Windows products, such as Internet Explorer and the Windows operating system. These include reverse engineering, surfing the Web, and diffing Microsoft modules. The presentation also covers why these methods are innovative or significant, and includes an important tutorial. Attackers can use these methods to hunt for zero-day exploits.
Summary of the points we plan to cover:

  • Introduce past zero-day exploits
  • Discuss how they were found
  • Why attackers hunt for zero-days
  • How a programmer’s bug is a hacker’s treasure
  • Microsoft silently fixed vulnerabilities
  • Hunting zero-days the easy way: DIFFING!