Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, June 30 • 14:10 - 14:55
Bug Hunting on the Dark Side

Sign up or log in to save this to your schedule and see who's attending!

A defender has to secure all entries to a system. If only one entry is not secured the system will eventually be owned. One single mistake is enough. This is often frustrating because everybody makes mistakes and defenders usually have to operate on the passive end. 

Fortunately, _everybody_ makes mistakes. Even the attackers. In this presentation, we are going to show a collection of bugs and mistakes that help to turn the tables on the adversary: 
* Simple typos that ruin the otherwise stealthy APT campaign. 
* Thoroughly planned command & control architectures that fall apart because of overlooked crypto dependencies. 
* Bugs in malware that render the functionality useless. 

There will be plenty of examples from the OWASP top 10 vulnerabilities that attackers and malware authors have run in to: SQL injections, remote file inclusion vulnerabilities, broken session management, server mis-configurations, broken random numbers generators, ... 

Hilarious, scary, and a lot of face palms

Speakers
avatar for Felix Leder

Felix Leder

Director Detection Technology, Blue Coat
Felix Leder leads the detection technology research at Blue Coat. Taking things apart has been a life time passion for him. His hobbies, like collecting bugs in malware and botnet takeovers, have resulted in successful take-downs of large malicious networks. As a member of The Honeynet Project, he is heavily involved in open source security and has been instrumental in developing a number of malware analysis solutions, including Cuckoo box... Read More →


Thursday June 30, 2016 14:10 - 14:55
Room A (Michelangelo Ballroom Sect. 3)

Attendees (32)