CSI-SX 2008

CSI-SX is the new branding for the CSI NetSec conference, which is co-located with Interop Las Vegas, and is essentially the security-focused portion of the overall conference. As with the annual CSI conference, this conference targets a different demographic than I’m used to speaking for as the attendance is usually comprised of very large enterprise and government employees and I usually speak for conferences targeted at the research and hacker communities.

The night before the first day of conference sessions a speaker reception was held which I attended. I met a number of people from the conference staff whom I had not met before as well as a few of the other speakers. Surprisingly I was well-received by this crowd, even with my spiked green hair, which I’m sure they don’t see a lot of at this type of conference.

Below are my thoughts on the couple of talks I was able to attend.

The Rise of X-Morphic Exploitation

Gunter Ollmann, Director Security Strategy, IBM

Gunter’s talk was an excellent setup to mine because he really illustrated where a lot of the ‘drive by’ exploitation techniques are going and how it’s becoming an increasingly difficult problem to detect and block them with signature-based filter systems. He covered the definitions of various types of morphing that exploitation engines are using, how they are deployed to sites or linked into sites, and various methods that they use to obfuscate and encode the exploit code and payload, including multiple levels of encoding. Overall it was a very informative session.

Testing and Validation of Network Security Devices

Dustin D. Trammell, Security Researcher, BreakingPoint Systems, Inc.

This was my presentation, and I spoke about how content-aware firewalls and Intrusion Prevention Systems approach filtering network traffic for attacks against vulnerabilities, where they commonly fail or have deficiencies, and how to approach designing dynamic test cases for IPS filters to verify that they are blocking as many permutations of the attack as possible.

Bot and Botnet Taxonomy

Dr. Jose Nazario

This was a very interesting presentation of the various types of bots, what they do, how they behave, and how they communicate and are controlled. Jose presented a general taxonomy describing all these traits, then went through a number of specific bots describing them and their traits and how they related to the taxonomy.

Leave a Reply