ReconMontreal2018 2018 June 15, 2018 to June 15, 2018, Montreal, Canada

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Reverse Engineering Windows Defender Part II Alexei Bulazel Windows Defender Antivirus' mpengine.dll implements the core of Defender Antivirus' functionality in an enormous ~11 ...
Cloudy With a Chance of Malware Marika Chauvin In 2017, KASPERAGENT and a malware we’re calling Cloudy were identified emanating from threat actors ...
SiliVaccine: North Korea's weapon of Mass Detection Mark Lechtik , Michael Kajiloti Meet SiliVaccine - North Korea's national Anti-Virus solution. SiliVaccine is deployed widely and exclusively in ...
Breath of the RF Field James Chambers Nowadays any recent car up to 5 years old comes with something called “Infotainment”, this ...
Building a Damned Good Watch Travis Goodspeed In early 2018, I cloned a Casio 3208 calculator watch module with a new circuit ...
PreVice: Static Detection of Hooking Capabilities in Machine Code Derek Soeder , Claudiu Teodorescu , Andy Wortman In the future, static analysis catches hookers before they have a chance to act.We present ...
Meet Salinas, the first ever SMS-commanded Car Infotainment RAT Daniel Regalado , Ken Hsu , Gerardo Iglesias Nowadays any recent car up to 5 years old comes with something called “Infotainment”, this ...
Tracing Struct Accesses with Struct Stalker Jeff Dileo Struct Stalker is an LLDB script that instruments processes to trace struct/object accesses in C/C++ ...
Static instrumentation based on executable file formats Romain Thomas Many instrumentation techniques are based on modifying code or system environment of the target. It ...
Discovering the iOS Instruments Server Troy Bowman This presentation documents how I was able to reverse-engineer a privileged server running on iOS ...
Bushwhacking your way around a bootloader Rebecca ".bx" Shapiro Even when you have access to some binary's source code, it can still be challenging ...
Exploiting User-land vulnerabilities to Get Rogue App Installed Remotely on iOS 11 Liang Chen , Marco Grassi Apple has introduced several security enhancements to mitigate known attacks in iOS 11. Those enhancements ...
Malware Analysis and Automation using Binary Ninja Erika Noerenberg As threats have increased in prevalence and sophistication over the years, analysts simply need more ...
An Open-Source Machine-Code Decompiler Peter Matula , Marek Milkovič We present our machine-code decompiler called RetDec (Retargetable Decompiler). We have been developing RetDec in ...
Unknown Known DLLs and other Code Integrity Trust Violations Alex Ionescu , James Forshaw This talk will go over a number of code integrity technologies in Windows and their ...
Reverse Engineering Of Blockchain Smart Contracts Patrick Ventuzelo Many platforms using blockchain technology have emerged in 2017 and take the top 10 position ...
Rattle - an Ethereum EVM binary analysis framework Ryan Stortz The majority of smart contracts on the blockchain have no verified source code, but people ...
This Dump is a Puzzle Phoebe Queen Developing a puzzle solver to reconstruct embedded java firmwares from an unknown fragmented file system.
Sandbagility - Reverse Engineering Framework for Windows dynamic analysis Eddy Deligne , François Khourbiga There mainly three different approaches in malware reverse engineering: static, dynamic and sandboxed analysis. The ...
A Code Pirate's Cutlass Evm Large binaries produce giant call graphs and dividing up functionality in an automated way is ...
Taint-based return oriented programming François Khourbiga , Colas Le Guernic There are roughly two kinds of tools for return oriented programming (ROP): _syntactic_ tools that ...
Modern Linux Malware Exposed Mariano Graziano , Emanuele Cozzi The research on analysis and detection of malware has shown notable progresses over the years, ...
Analyzing TRISIS - the first Safety Instrumented System malware Jimmy Wylie , K. Reid Wightman Discovery of TRISIS/TRITON was a landmark event in the Industrical Control Systems (ICS) security community. ...
Sum Total of ISA Knowledge Alex Kropivny Hardware debug support or correct emulation often isn't available for embedded targets you'd like to ...
PWN Flash with Reflection and HashTables Tao Yan , Bo Qu Reflection is the ability of a program to examine, introspect, and modify its own structure ...
Create your own Fitness Tracker Firmware Jiska Classen , Daniel Wegemer The Fitbit ecosystem is briefly introduced to show how server, tracker and smartphone app work ...
Pwning Intel PIN Julian Kirsch , Zhechko Zhechev Binary instrumentation is a robust and powerful technique which facilitates binary code modification of computer ...