AppSec Europe 2016 has ended
Back To Schedule
Thursday, June 30 • 14:10 - 14:55
Bug Hunting on the Dark Side

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

A defender has to secure all entries to a system. If only one entry is not secured the system will eventually be owned. One single mistake is enough. This is often frustrating because everybody makes mistakes and defenders usually have to operate on the passive end. 

Fortunately, _everybody_ makes mistakes. Even the attackers. In this presentation, we are going to show a collection of bugs and mistakes that help to turn the tables on the adversary: 
* Simple typos that ruin the otherwise stealthy APT campaign. 
* Thoroughly planned command & control architectures that fall apart because of overlooked crypto dependencies. 
* Bugs in malware that render the functionality useless. 

There will be plenty of examples from the OWASP top 10 vulnerabilities that attackers and malware authors have run in to: SQL injections, remote file inclusion vulnerabilities, broken session management, server mis-configurations, broken random numbers generators, ... 

Hilarious, scary, and a lot of face palms

avatar for Felix Leder

Felix Leder

Director Detection Technology, Blue Coat
Felix Leder leads the detection technology research at Blue Coat. Taking things apart has been a life time passion for him. His hobbies, like collecting bugs in malware and botnet takeovers, have resulted in successful take-downs of large malicious networks. As a member of The Honeynet... Read More →

Thursday June 30, 2016 14:10 - 14:55 CEST
Room A (Michelangelo Ballroom Sect. 3)