Cracking Java Applications Using AOP exploits (part 1)
By Daniel Drozdzewski
Aspect Oriented Programming is a paradigm that aims to modularise software further by the separation of crosscutting concerns. Daniel will show us the basics of AOP and a simple, yet powerful idea behind the exploit.
Smashing the Stack
By Mariano Graxziano and Marco Balduzzi
For decades hackers have discovered and exploited the most concealed programming bugs. But how is it possible to leverage a buffer overflow to compromise software in modern operating systems? Mariano and Marco will introduce us to the basic principles of code exploitation. We will see what happens when a process is executed or terminated, and how a buffer overflow vulnerability can be leveraged to execute malicious code.
Defending Software: Protecting Your Software Against Exploiters
By Gary S. Milefsky
For many years, software development has been formalized around functional design, specification, architecture and system integration, using quality assurance to remove visible bugs or flaws in the software. However, these methodologies have not helped software engineers become more aware of coding flaws that result in exploitable holes, also known as software vulnerabilities. Gary shares with us MITRE’s “Vulnerability Theory” on Software Development.
Hijacking Software Updates with Evilgrade
By Mourad Ben Lakhua
Almost every modern application comes with a simple, built-in update mechanism. Usually it is sensible for users to accept updates that improve the security and operation of the program. Mourad shows how to attack users
via update systems. He also claims that software developers do not spend much time or effort on updates and secure delivery mechanisms, that’s why standard processes for updating applications make many users vulnerable.
How to Automate Fuzzing of Windows – Based GUI Applications
COM is a Microsoft technology that allows objects to communicate without the need for either object to know any details about the other, even the language it’s implemented in. Rudra will show us how to call COM components from Python and how to use COM extensions to automate the process of fuzzing GUI applications.
Interview with Ross Anderson
By Flemming Lauguaard
Security precautions taken by the airports are more security theatre than risk reduction. They’re there to convince the travelling public that >>something is being done< declaration that hacking may be interpreted as an act of war and tells us about the biggest threats to the banking and monetary world today.