Archive for October, 2007

ToorCon 9

October 23, 2007

ToorCon is always one of my favorite conferences of the year, and this year was no different. Actually, I take that back, it WAS different, it was even better than usual. I got something out of almost every talk that I attended, and the conference ran very smoothly. The conference is small and intimate and the speaker badges are green… I really can’t ask for much more. This year the conference was split between the two days; the first day being traditional hour-long presentations whereas the second day took the cue from ToorCon Seattle (beta) and was entirely 20-minute turbo talks. I thought the conference format worked out really really well and provided a much larger breadth of subject-matter than would normally have been possible with entirely traditional-length talks.

Below are my thoughts on the various talks I attended.




October 15, 2007

Last week was Microsoft Patch Tuesday, and for once it actually affected me directly. The team I am part of at my new employer is responsible for reversing out patches such as these, determining the vulnerability that was patched, and developing ways to exploit or otherwise attack the software. From the advisories that were released, I ended up with ms07-055 which detailed a stack overflow in the Kodak Image Viewer which was used as the default image handling application on Windows 2000 systems. After spending most of Tuesday setting up VMWare and installing some tools like IDA Pro and BinDiff, I was able to get started.


New Employer: BreakingPoint Systems

October 1, 2007

Today I stepped into a new role as a Security Researcher for BreakingPoint Systems. I will be working with the team that handles the security component of the flagship product, the BPS-1000, which is a load and security testing appliance used to test network devices such as switches, firewalls, and the types of products my previous employer produces, Intrusion Prevention (or Detection) Systems. For the most part I’ll be developing “strikes”, which are essentially attacks and exploits packaged in such a way that the product can launch them and verify whether or not the device under test has properly blocked or otherwise handled the offensive traffic. It’s a welcome change to move over to the offensive side of the game again, which is really where I’m most comfortable.