The first day of the conference began with an informal gathering in the conference area of the Penta Renaissance Hotel. The area contained the vendor booths (one of which was running a Wii giveaway that attracted much conference go-er attention), a Capture the Flag scoreboard, and registration desks. We began the day by meeting up with some of our ZDI researchers and indulging in the provided, and much needed, coffee.
The first talk was scheduled for about 9am. Paul Simmonds from ICI gave the keynote speech entitled "The Business Case for removing your perimeter".
Our talk was scheduled for noon that day, so we spent the following blocks of time performing some last minute preparations. During that time the following talks were given:
- Stefano Zanero from Secure Network on Observing the Tidal Waves of Malware
- Marcel Holtmann from the BlueZ Project titled New Security Model of Bluetooth 2.1
- Tyler Moore from the University of Cambridge on the Economics of Information Security
- fukami on Flash Security Basics
Following our talk was lunch, and then a presentation from Dave Aitel entitled "Windows Heap Protection: Bypassing requires understanding". Dave went over the rising difficulties in the field of exploitation and how Immunity Debugger addresses the issues. He went over the advantages of Python based tools and the inherent extensibility available in the language. Then the meat of the presentation was given. Dave comprehensively went over the difficulties involved with heap exploitation and methods by which a researcher can methodically bypass some heap protections through understanding the intricacies involved with various heap manipulations. Immunity Debugger was the star of the show in this regard with it's heap enumeration and analysis abilities and exploitation-specific features.
After attending Dave's talk, our 2 hours of sleep and jetlag caught up with us and we retired for a couple hours.
Day two of the conference started off with a keynote presentation by Jeff Moss of Blackhat fame. Jeff gave a 50 minute discourse on reasonable disclosure. This topic always results in some debate and the aftermath of this talk was no exception. Following Moss' talk we had a few discussions with conference go-ers regarding the ZDI and corresponding issues of disclosure.
The next talk we attended was Halvar Flake's on "Automated structural classification of malware". The talk was interesting as it delves into some of the more technical aspects of disassembling malware and performing low level analysis of code patterns and other such things which I have a penchant for. Halvar discussed Sabre Security's VxClass and how it performs some it's comparisons to classify both unknown and existing malware.
During the same slot as Halvar was Nguyen Anh Quynh's talk on "Hijacking Virtual Machine Execution for Fun and Profit". I had already seen Nguyen give this talk a month ago when Pedram and I spoke at Blackhat Japan.
Some of the other talks that we would have liked to attend included:
- Sylvester Keil and Clemens Kolbitsch on Fuzzing and Exploiting Wireless Drivers
- Rich Smith: Doppelgänger - novel protection against unknown file format vulnerabilities
- David Litchfield: A Discussion on Memory-Resident Backdoors in Oracle
