Some Things That Every Vulnerability Developer Should Know presented at t2 2010

by Halvar Flake (zynamics ),

Tags: Security Exploitation Development


Summary : This session will discuss a number of techniques that, while public, have not received the attention they deserve from the vulnerability-development community.

The talk will focus on two aspects primarily: Leveraging visualization (as demonstrated in Gera's HeapDraw) to understand heap layout better, and using RTTI information to generate full UML-style class hierarchies from binaries. Finally, comments on how these things can be combined profitably will be provided.

Halvar Flake: Halvar Flake has been working on topics related to reverse engineering (and vulnerability research) for the last 11 years. He has repeatedly presented innovative research in the realm of reverse engineering and code analysis at various renowned security conferences (RSA, Blackhat Briefings, CanSecWest, SSTIC, DIMVA). Aside from his research activity, he has taught classes on code analysis, reverse engineering and vulnerability research to employees of various government organizations and large software vendors. Halvar founded zynamics in 2004 in order to further research into automation of reverse engineering and code analysis.