O Outro Lado BSidesSP ed 3/Reversing Patches for Exploit Creation Pen-Testing or Just Fun
Palestra Reversing Patches for Exploit Creation, Pen-Testing or Just Fun!
Horário: 14:50 as 15:40
Duração: 40 minutos (mais 10 minutos para perguntas e respostas)
Local: Associação Cultural Cecília
Nota: A palestra será em inglês
How many times have you wondered what really gets fixed inthe security patches released by vendors? Are you curious to find new vulnerabilities that could be introduced due to faulty patches? This talk will go over some basic reversing techniques that anyone can use to read what exactly gets fixed in patches. These techniques can be used to write your own exploit which can be helpful for pen-testing. Malware authors use similar techniques to create malware that targets unpatched systems. This is a fast and very cost effective approach and has been used extensively by malware authors. The talk will demonstrate how easy it is to reverse patches and will highlight the urgent need to apply patches to protect against such attacks.
Bharat Jogi is a Security Professional with over 4 years of experience which includes research on vulnerabilities, malware, protocol analysis, evolving attack vectors and signature development. He continues to work for Qualys Inc. where he researchs the latest vulnerabilities in various products, reverse engineers binaries and malware and develops signatures to identify these threats. He hold a Masters degree in Computer Science from the University of Southern California and has been quoted in NetworkWord, SecurityCurve and other main stream media.