Summercon.org

the two resident summercon doctors will be presenting, with approval from the space pope, a short interpretive dance on android security. if it pleases the court, the dance will be followed by a crip-walking, beat-boxing narration of our doctoral theses.

This talk will focus around why ASLR is a key mitigation and the need of info leaks for reliable exploitation. Mainly I will focus on the vulnerability (CVE-2012-0769) described at: http://zhodiac.hispahack.com/my-stuff/security/Flash_ASLR_bypass.pdf Also, I will cover two sandbox bypass vulnerabilities at the Flash broker.

Do you suffer from IDAddiction, collaboration compulsion, analysis paralysis, introspection inadequacies, and other such defects? Are you tired of not moving forward with reversing? Are you sick of having 0-ways to find 0-days? Are you trying to except that sometimes there is no catch? Are you the type to recover from type recovery? Does Ida not put out the desired analysis, even though you jmp to her beck and call? Does her language conflict with your values a bit? Does she insult you with indirect references? Do you find yourself waking up in your adobe, interrupted by streams of recorded memories flashing through your head, heaps of empty containers stacked about, unintelligible pages of messages scrawled upon the windows? Have your peers challenged you about your faults addressing dependencies, and have you responded? Has your application to access other recovery programs been denied? Let us give you some pointers, to help you address your dysfunction and lack of structure. Let Aaron and Brandon be your sponsors and step you through the Busticati 0xC step program to program recovery.

We are taught that networking stacks, though checksumming, cause all damaged packets to be dropped. Loosely speaking, this is horseshit. Strictly speaking, the stack only drops those with bad checksums. This lecture will show you how to gamble on common radio noise to write strings which, when sent inside of packets, sometimes fall out and become their own packets. Since you control the string, you control all fields of the injected packet, including the CRC. This exploit works with no physical or software control of the radio transmitter, only the choice of a string inside an upper-layer, unencrypted radio packet. Perfectly compliant implementations of the affected protocols are vulnerable. http://travisgoodspeed.blogspot.com/2011/09/remotely-exploiting-phy-layer.html http://www.usenix.org/events/woot11/tech/final_files/Goodspeed.pdf

In this talk, Julien discusses the amenability of source-level static analysis to find some of the major security vulnerabilities of the last decade using the HAVOC tool (the Heap Aware Verifier for C/C++) employed at Microsoft Security. The presentation covers analysis of object oriented constructs in common C++ code as well as inter-procedural bit-level analysis and loop analysis. The approach is based on translating C and C++ programs into an intermediate form for consumption by theorem prover Boogie and SMT solver Z3. HAVOC users make use of annotations and instrumentations to guide static analysis, thus compromising automation for more configurability. Practical scalability and refinement of the approach are also discussed based on three years of experiments on checking security properties in Microsoft codebase.

Bug hunting on Android becomes more and more challenging. Analyzing more interesting targets require more then logcat and the debugger, sometimes you really want to change the target process. This talk will present an simple and easy way to do binary instrumentation on Android (ARM). We will do a full walk through of the instrumentation tool and show a few examples of what we did with it.

This presentation will be a discussion of my personal research into the financials of hacking and the bleak discoveries I came across as an infosec professional venturing into the business-side of our work. Namely, discrepancies in accounting, lack of disclosure around hacks and ballpark estimates being the standard. I will also give my recommendation on how we can best adjust our accounting for hack attacks based on the actual workflow of someone who deals with these situations. As it stands now, these numbers are too far removed from the reality of security so I will talk about how we need to focus on resource use at all levels, etc.

What ever the twitter vote decides it should be (re: vtrace content).