TippingPoint | DVLabs | RECON 08 Day 3

▼ 2008
- ▼ November (4)
- ► October (7)
  - (loading)
- ► September (9)
  - (loading)
- ► August (16)
  - (loading)
- ► July (9)
  - (loading)
- ► June (11)
  - (loading)
- ► May (1)
  - (loading)
- ► April (4)
  - (loading)
- ► March (6)
  - (loading)
- ► February (4)
  - (loading)
- ► January (1)
  - (loading)
► 2007
- ► December (1)
  - (loading)
- ► November (5)
  - (loading)
- ► October (4)
  - (loading)
- ► September (1)
  - (loading)
- ► August (2)
  - (loading)
- ► July (9)
  - (loading)
- ► June (4)
  - (loading)
- ► May (8)
  - (loading)

RECON 08 Day 3

By Pedram Amini
Mon 16 Jun 2008 13:56pm
2159 Views
0 Comments
Link

It's Monday and I'm back at our Austin headquarters with the team. We had a great time at RECON and in Montreal. Big thanks to the conference organizers and the high quality speakers. Three more interesting talks to mention on the final day of the conference...

Pablo Sole from Immunity gave an overview of how Python scripting within ImmunityDbg can be used to assist in reverse engineering Adobe Reader. This talk was short, sweet and to the point. He demonstrated some usable examples for extracting bug details from a high level advisory.

Gera from CORE Security spoke about a couple of interesting tools which he will be releasing soon via the PaiMei GoogleCode repository and the CORE OSS site. He first demo-ed an iterative decompiling framework allowing researchers to quickly and easily "code out" and compile manually decompiled binary code. The framework makes it easy to reference global variables and make un-exported subroutine calls. He then demoed a simple script he wrote to replace IDA as a disassembler on top of PaiMei and the PIDA/pGraph structures. Interesting toys to play with. Gera is a great researcher and an excellent speaker, he kept the audience on their toes with his hilarious antics.

The last talk we could catch before jetting for our flight was Tiller Beauchamp's talk on his Ruby DTrace and debugger wrappers. This is a presentation I wanted to catch earlier in the year at BlackHat EU so I'm glad to have gotten the chance to see it at RECON. Tiller presented a variety of use cases for the DTrace wrapper on the MacOS platform including code coverage recording, run-time stack and heap integrity checks, code hooking, etc... A lot of the functionality you get out of PaiMei on the Microsoft Windows front you can get on the MacOS front with RETrace and with the additional performance benefits of being in the kernel. I look forward to tinkering with this framework when I find the reason/motivation to do some MacOS research.

Unfortunately RECON is only officially held every other year, so we'll see the Montreal crew in 2 years.

Tags:

Published On: 2008-06-16 13:56:59

Comments post a comment

No comments.

Trackback

RECON 08 Day 3

Comments post a comment

Published Advisories

Upcoming Advisories

Blog Entries