Finding Secrets In Isapi presented at HITBSecConf Malaysia 2006

by Nishbhalla ,

Tags: Security Web

Summary : Presentation Title:Presentation Details:Developers programming in C/C++ hide secrets in code. Assumptions are made that no one can read the content of a binary. This talk will give a brief introduction on how to start performing binary analysis, how to circumvent some basic debugger checks and how to find secrets hidden in code. The example code that is demonstrated is an ISAPI which will be decompiled and demonstrated to help find the secret as well as look to writing an exploit. The talk will be mostly demonstration based and would require some basic understanding of programming concepts.About NishNishchal Bhalla is a specialist in product testing, code reviews, web application testing, host and network reviews.He has coauthored xe2u20acu0153Buffer Overflow Attacks: Detect, Exploit & Preventxe2u20acx9dand is a contributing author for xe2u20acu0153Windows XP Professional Securityxe2u20acx9d and xe2u20acu0153HackNotes: Network Securityxe2u20acx9d. Nish has also been involved in the open source projects such as OWASP and YASSP. He has also written articles for and also spoken at web seminars for Global Knowledge and University of Florida.Prior to joining Security Compass, Nish was a Principal Consultant at Foundstone, where he performed numerous security reviews for major software companies, online banking and trading web sites, and e-commerce sites. He also helped develop and teach the xe2u20acu0153Secure Codingxe2u20acx9d class, the Ultimate Hacking, Ultimate Web Hacking and Ultimate Hacking Expert classes. Prior to working at Foundstone, Nish provided engineering and security consulting services as an independent consultant to a variety of organizations including Sun Microsystems, Lucent Technologies, TD Waterhouse & The Axa Group.Nish holds his Masters in Parallel Processing from Sheffield University, is a post graduate in Finance from Strathclyde University and a Bachelor in Commerce from Bangalore University.