I’m not dead yet…
Monday, January 18th, 2010This site has never been updated all that regularly, I admit. This time, though, I have an excuse; I’ll be speaking at Blackhat DC and ShmooCon. Preparing for two talks in the same week on mostly disjoint topics has been taking up all my free time (and more). So, I apologize for no good technical posts recently, but I hope to change that post-cons. I have some ideas up my sleeve and I’ll be releasing some of the tools developed for the talks.
The Blackhat DC talk(4:45pm on Wednesday, February 3rd) is an elaboration of the last post on information leakage and the types of things we can do with it. The focus is the circumvention of Windows memory corruption mitigations (ASLR and DEP) using the addresses of leaked heap objects and predictable behaviors within the JIT compiler (examples using Adobe Flash).
The Shmoocon talk(4:00pm on Saturday, February 6th) focuses on a simple dynamic flow analysis (taint tracking) tool and the machinery needed to make it useful for auditing/reversing. Even if the taint tracking stuff isn’t your bag, I’ll be releasing a Pin tool that does full tracing of an execution and I hope the analysis engine will be abstract enough to allow others to write other analysis on top or to export the trace. This was submitted as a work-in-progress and it really is. I have a bunch of code-in-motion and a ton of python glue right now. I hope to clean everything up in time, but the glue will be the first thing neglected. My plan is to move the development of the tracing tool and analysis framework to a public hg repository. Oh, there is also an IDA plug-in involved (for interacting with the taint information). You can see the old test version of it in a screen shot from the DiffCov blog. Evidently Shmoocon will be streaming the talks, so if your timezone permits, you can heckle me live even if you don’t have a golden Shmoo ticket.
Lastly, I’ve never been to any industry hacker cons, so I’ll be trying to meet lots of people. Send me an e-mail and let me know where you’ll be if you want to meet up for a chat.