Turing Clube/Inception: The extended edition
Data: Quarta-feira, 14 de dezembro de 2011
Local: Garoa Hacker Clube
Palestra: Inception: The extended edition
"Sometimes, the best way to advance is in reverse". (Eldad Eilam / Reversing: Secrest of Reverse Engineering)
Every time any new vulnerability comes out we should be ready to understand it, in order to perform its exploitation or even to build defenses. Reverse engineering is one of the most powerful approaches.
Many talks have been done in the last years, as well as too many useless information has been given by security community: some talks have addressed particular frameworks, specific tools and a few libraries. No practical demonstration and/or tips and tricks regarding vulnerabilities, leaving the "black magic" hidden to the audience.
This talk will share some tips and trick learned during real vulnerability reversing process, such as: gathering information about the vulnerability; understand the weakness type; preparing the vulnerable ecosystem; building a toolbox to be used; reversing the vulnerability; etc... It will show, using very detailed demonstration, how to achieve the state-of-art building exploitation and defenses, using your own exploitation skills.
The "black magic" will be finally unveiled, showing how to use tools (public available) to understand and apply reverse engineering to a vulnerability.
Nelson Brito is just another Computer/Network Security Researcher Enthusiast, who has an addiction of playing with computer systems' (in)security on his spare time, and lives in a wonderful city: Rio de Janeiro.
As a sought-after speaker, he has presented to professionals, enthusiasts, and researchers on some security conferences, such as: IME Cryptology Week (2000/2001), CNASI (2000/2004/2005), CONIP (2004), SERPRO TIC (2006), ITA SSI (2006), H2HC (2006/2009/2010), FEBRABAN CIAB Workshop (2009), Web Security Forum (2011), PH-Neutral (2011), among others.
By the way, Nelson Brito is the author of:
- T50: and Experimental Mixed Packet Injector
- ENG++ SQL Fingerprint.
- Permutation Oriented Programming