List

List

From Hack.lu 2010

Jump to: navigation, search

Contents

List of Talks

Keynote: Catching that butterfly

In May 2009, Defence Intelligence announced the discovery of a new botnet, branded "Mariposa"ˇ. This discovery was followed by months of investigation, aimed at bringing down the criminal network behind what was to become one of the largest botnets on record. Initial steps involved the creation of the Mariposa Working Group (MWG), comprising Defence Intelligence, the Georgia Tech Information Security Center and Panda Security, along with other international security experts and law enforcement agencies. The aim was to set up a task force to eradicate the 13 million node botnet and bring the perpetrators to justice. I will present the M to A story about "MARIPOSA" to hack.lu...

Bio of Bram De Blander

Started 10 years ago in the security industry as a corp support engineer @ Panda Security. After a couple of years of malware "fun", made responsible for virus incidents & threat research for PandaLabs in the Benelux Works dedicated in the Benelux on (in)Security awareness in order to help companies better defend and protect their critical data and key information systems.


Intelligence analysis: insights of underground traders, tools of trade and more

In this presentation one lingual expert, Fyodor.Y will walk through the process of building efficient intelligence analysis systems and will walk through sets of interesting, sometimes amusing findings that one discovers in underground internet trading ecosystem. Be ready for surprises.

Bio of Fyodor Yarochkin

Fyodor Yarochkin (TSTF, o0o.nu) is a security analyst at Armorize. He is happy programmer and AI hobbyst in his free time.


What ya lookin' at PUNK!

Your SE (Social Engineering) game is weak. You are a liar and a fake. You couldn’t manipulate someone with a iced cupcake and a bag of cash. Why? Because there is no TECH in it. The real game of SE lies in the ENGINEERING part. Wanna call out the SE “experts?” Wanna see if the person you are talking with is a liar? Want to read minds with just a glance? This talk will detail the black art of Psychosommatic Analysis. This taste will include face reading, breathing,posture, and other dead giveaway’s. Increase your poker game, become a human lie detector, or just have fun mis-directing the people who are trying to read you!

Bio of Chris Nickerson

Chris Nickerson is a (CISSP) whose main area of expertise is focused on Red Team Testing and Infosec Testing. In order to help companies better defend and protect their critical data and key information systems, he has created a blended methodology to assess, implement, and manage information security realistically and effectively. At Lares, Chris leads a team of security consultants who conduct Security Risk Assessments, which can cover everything from penetration testing, Application Testing and vulnerability assessments, to policy design, computer forensics, Social Engineering, Red Team Testing and regulatory compliance. Prior to starting Lares, Chris was Director of Security Services at Alternative Technology, a Sr. IT compliance at KPMG, Sr. Security Architect and Compliance Manager at Sprint Corporate Security, and developed an enterprise security design as network engineer for an international law firm. Chris is a member of OWASP, ISACA Denver and is also a featured member of TruTV's Tiger Team, a 30 minute reality television program showing the activities of actual Red Team tests and active assessments. Chris is also the co host of the Exotic liability Podcast. Chris is also the author of the upcoming “RED TEAM TESTING” book published by Elsevier/Syngress and a founding member of BSIDES.


AHA - Adaptive High-Interaction Honeypot Alternative

In the last decades honeypots became popular tools for risk assessment and information security monitoring. On the one hand security researchers invested a lot of efforts to make honeypots more stealthy and robust against attackers. One the other hand, attackers try to identify them. In the honeynet community, honeypots are even considered as tool to learn from attackers. For some honeypots fake services needs to be manually implemented, having as consequence that an expected attacker behavior needs to be known which is often not the case. Other honeypots are defined as high-interaction honeypots where attackers can use a full-blown operating system. However, little efforts were inducted to make these systems adaptive and intelligent. In this paper we propose an implementation of a high-interaction honeypot in order to optimize information retrieval from attackers, including measurements of their skills and their ethnic background.

Bio of Gerard Wagener

Gérard is a bi-national Ph.D. student in computer science at the University of Luxembourg and INPL Nancy, France. He is working in the global information security team at SES, a leading international satellite operator. His doctoral research focuses on adaptive decoying systems to improve intelligence gathering on attackers in computer networks. He is the founder and lead developer of the Adaptive Honeypot Framework, which serves as the solid foundation for constructing intelligent honeypots. Gérard comes from the malware research community, where he worked on projects such as sandboxes for monitoring and analyzing malicious software. In addition to these hands-down activities, his scientific work has investigated malware classification using phylogenetic trees and intelligent high-interaction honeypots driven by game theory.


Smart Cards As Stealthy "Leakers"

The use of smart cards is spreading over the world, mainly as a mode of payment, in public transportation or as SIM cards in mobile phones. These usages are widely adopted, in particular due to the security benefits delivered by these systems. But smart card technologies can also be used in an unconventional way to efficiently hide information. Smart cards have been designed as objects which ensure security in an untrustworthy environment. Their major function is to protect from the outside world and to hide its ways of working. A smart card is a pro- grammable device, close to a very small computer, in which it is possible to hide functionalities impossible to detect. Today, it becomes possible to use a smart card in an unconventional man- ner, by using its storage and cryptographic capacities to transport infor- mation in an undetectable way, under the cover of a harmless common object.

Bio of Vincent Guyot

Vincent Guyot is Associate Professor at ESIEA engineer school and Associate Research at LIP6 research lab. He holds a PhD in Networking and Security as well as an engineer diploma in Computer Science. He gives lectures at different universities, co-authored books and guest-edited journals, about smart card topic. His research interests include the areas of networking mobility and security, smart card and RFID.


Link Analysis & Passive Reconnaissance: A reconnaissance mission for the missing link - Applying social engineering techniques to criminal profiling and vice versa.

This essay explores how techniques used in passive reconnaissance can be used as an instrument to enhance criminal profiling techniques, and vice versa. It embarks on this exploration by analysing both concepts separately, first explaining the most common approaches to criminal profiling, followed by a discussion of what social engineering is and how it can be used as a passive reconnaissance technique. Then, both worlds are mixed together and social engineering techniques are applied to deductive, inductive and geographical profiling methods, while criminal profiling methods are applied to social engineering, to see if one can help the other to get better results than only using classic techniques. In theory, both social engineering and criminal profiling would benefit if methods are combined, but further research is required to put the theory into practice.

Bio of An Hilven

An Hilven is IT forensics & security consultant at i-Force by day, and IT Law student at the University of Edinburgh by night. She started her career at an Internet helpdesk, and crawled up the ladder to consultancy with pit-stops as a security analyst at Ubizen and Internet Security Systems, and later as a security engineer at Telindus. Somewhere along the way, she also got an MSc in digital forensics and a handful of certs. An's main interests are in the area of digital forensics, but also open source intelligence, (lack of) security awareness, proactive security and rulebase fine-tuning can fascinate and amuse her


Escaping from Protected Mode Internet Explorer

Protected Mode Internet Explorer was introduced in IE7 to mitigate the impact of zero-day exploits for IE, 3rd party add-ons and applications rendering internet content (e.g. PDFs). This talk demonstrate a zero-day bypass of the protection before explaining the technical underpinnings of the feature and the true nature of what protection the feature provides. The second half of the talk will discuss a number of generic attack patterns to elevate privilege using quirks in the design and implementation of the feature.

Bio of Tom Keetch

Tom Keetch is a Senior Application Security Specialist at Verizon Business within the EMEA Threat & Vulnerability Management practice. There he conducts application security reviews and acts as the SME for security code review in the region. Some of his key areas of interest are in exploit mitigation and defense in depth technologies as he prefers to try and reduce the risk posed by zero-day vulnerabilities instead of focusing on individual bugs.


Closer to metal: reverse-engineering the Broadcom NetExtreme's firmware

French researchers Loic Duflot and Yves-Alexis Perez discovered a major security flaw in the firmware of Broadcom network cards. The vulnerability is a buffer overflow leading to remote code execution on the device, which can then lead to OS corruption through DMA accesses. This raises the following question: how much can you trust your hardware when you don't even know how it operates behind your back, nor what the firmware code is actually doing? Given the lack of will from manufacturers to give details about their device internals, the best thing we can do is to retrieve this information by ourselves using reverse engineering techniques. Fortunately, Broadcom released part of their Ethernet card specifications. Nevertheless some details are still obscure, and firmware source code is not available... This presentation will focus on the reverse engineering study case of the Broadcom Ethernet NetExtreme family firmwares. Firstly, I detail a simplified view of the device architecture needed for further understanding : the embedded MIPS CPU, registers, internal memory layout, and the firmware bootstrap sequence. Developing our own Linux kernel module then allows us to quickly communicate with the device through PCI transactions, and offers read/write primitives on the device memory to userland processes. On top of that are built two home-made firmware debuggers: - InVitroDbg, a Qemu-based firmware emulator, dynamically interacting with device internal memory. - InVivoDbg, a complete MIPS code debugger, making use of dedicated device debug registers. InVivoDbg is strongly integrated with Metasm, the assembly manipulation suite, and has been extended to perform advanced code analysis: tracing the execution flow, call-graph visualization, playing and recording of memory accesses, and so forth. The firmware code can be executed and debugged in real-time in the Metasm IDA-like graphical interface. Using this robust instrumentation toolset, we were able to easily observe the firmware's behavior in its natural environment.

Bio fo Guillaume Delugre

Guillaume Delugré is a security researcher working at Sogeti ESEC R&D labs. He is mostly interested in reverse engineering and embedded devices. He has been working on the PDF file format for two years and now focuses on network card devices security.

All Your Baseband Are Belong To Us

Thus far attack scenarios against smartphones have concentrated on vulnerable software running on the application processor. The operating systems running on these processors are getting hardened by vendors as can be seen in the case of Apple’s iOS – the current release uses data execution prevention and code signing. In contrast, the GSM stack running on the baseband processor has been neglected. The advent of several open-source solutions for running GSM base stations has been a game-changer: Malicious base stations are not within the attack model assumed by the GSMA and ETSI. This paper explores the viability of attacks against the baseband processor of GSM cellular phones.

One of our resuls is the first over-the-air memory corruption exploitation of a GSM stack that results in malicious code being executed on the baseband processor. We explore vulnerable areas and identify common mistakes in GSM stacks. Last but not least we give an outlook on what the future - in the shape of attacks against 3GPP devices - will bring.

Bio of Ralf Philipp Weinmann

Ralf-Philipp Weinmann is a cryptologist at day, and a reverse-engineer at night. He has studied and obtained his Ph.D. at the Technical University of Darmstadt and currently is a postdoctoral researcher in the LACS laboratory of the University of Luxembourg.

Stealing credentials for impersonation in Microsoft environments

Most companies IT infrastructures are based on Microsoft Windows systems, usually nowadays build upon Windows Server 2008 and Windows 7-like flavors. The shift from Windows Server 2003 / XP to Server 2008 / Windows 7 has come with some more or less subtle changes in the default behavior on key components, cornerstones of the security of this kind of infrastructures. Amongst these changes some affect the authentication mechanism in place when systems and users are part of an Active Directory domain. Such evolutions like the withdrawal of weak cryptographic algorithms, DES is no longer supported for cryptosystems, are for the sake of security. This talk will explore these new default behaviors when they deal with domain authentication protocols and their consequences on the ability for an attacker to steal both system and users credentials. Stealth credential stealing is a crucial concern as it plays a enabling role during an ongoing intrusion. For pen-testers it consists very often as the first step into a target system that then offers the go ahead for more traditional and customary devastating stages. For attackers, credentials harvesting is a very efficient mean to durably stay within the target defense perimeter. Evolutions of domain authentication implementations change the usual techniques towards more innovative attacks. This is especially true in environments where security is particularly of a concern which usually translates with tightened configuration and disabling weak backward compatibility. In a first part, we will cursorily review the main changes in the defaults configuration of recent MS Windows systems as well as some advised hardening that might be in place on some security inclined environment. These settings tend to make usual credentials stealing and replay techniques inefficient. In a second part, we will present innovative techniques to tackle this new adversary environment and finally we will discuss stealthiness of these techniques for domain credential stealing. In conclusion the goal of this talk is twofold: - Update pen-testers artillery to step in customers networks when it comes to fully up-to-date/state of the art Windows professional environment. - Raise companies awareness on point of interest when designing and monitoring their business network especially when concerned by targeted attacks by resilient intruders. Beyond patching and state of the art system hardening, sysadmins need to have a deep understanding of involved protocols to fully appreciate consequences on checking a box in a obscure GUI.

Bio of Emmanuel Bouillon

Emmanuel Bouillon has been working in the Information Security field for more than a decade. Most of these years were spent as an INFOSEC expert within the French Atomic Energy Commission where he was in charge of a technical team dedicated to information security. Among its missions were incident handling, vulnerability assessment and penetration testing. Since 2009, Emmanuel Bouillon lives in the Netherlands working for an international organization as a Senior Information Assurance Scientist mainly focused on Cyber Defense issues. Emmanuel Bouillon has been a speaker in several international conferences like PacSec, BlackHat, #Days.


Office documents: new weapons of cyberwarfare

While AV vendors relentlessly claim to protect our computer against any kind of threats, even unknown ones, the major silent threat nowadays is Office documents. Working at the application level, is it possible to bypass any kind of protection and therefore access any internal ressources of a critical system. This is possible to do it silently, with absolutely no privilege. In this talk we are going to show how to attack computer through simple, innocent-looking word or OOWriter documents (or spreadsheets or PPT slides) and perform attacks like installing Trojan horses. The settings of our standard target is WIn 7 with no privileged session (no admin password no UAC) The summary of our talk is the following: Introduction Where and how to handle configuration of Office software (Microsoft Office AND OpenOffice) - The location of the configuration - General and user configuration - How to handle configuration Trusted and Signed macro in Office software - Trusted macro - Use of signed macro by certificate - How to bypass them Real example (demos) and scenarii of attacks.

Bio of Eric Filliol

Eric Filiol is the head of the Operational Cryptology and Virology at ESIEA a French Engineer School in Computer Science, Electronics and Control Science. He has spent 21 years in the French Army mainly as a ICT security expert (cryptanalysis, computer virology, cyberwarfare). He is also senior officer reservist in the French DoD. He holds a Engineer diploma in Cryptology, a PhD in applied mathematics and computer science and a Habilitation Thesis in Computer Science. His main research interest are Symmetric Cryptosystems analysis (especially from a combinatorial point of view), Computer virology (theoretical and experimental study of new form of malware and anti-malware technologies), Computer warfare techniques. He is also the Scientific Director of the European Institute in Computer Antivirus Research (EICAR) in Germany and the Editor-in-chief of the Journal in Computer Virology. He likes playing Bass Guitar (Jazz), running (marathon and half marathon) and good wine/food.


The evil karmetasploit upgrade ...the next version is coming

As part of my final research project, I implemented the functionality of Evilgrade, a framework focusing on the development of fake update servers, into Metasploit. All existing modules of Evilgrade were ported to the new system. In addition, other software were tested for weak update implementations and a couple of 0days were found, even in software with security background. The functionality of the new metasploit module got improved comparing to Evilgrad. Kar(ma)metapsploit was extended with new fake servers for the xmmp and sip protocols for capturing accounts...ending up with a more powerful tool and a lot of fun.

Bio of Veysel Oezer

Veysel Oezer holds a M.Sc. degree in Computer Science and has participated in several hacker conferences, like the Chaos Computer Congress, the Chaos Camp, hack.lu and so on. This year he gave a talk at nullcon. After his studies he worked several years as developer, at last for a MMOG company, but finally he became a security expert in automobile industry.


"Hacking Printers for fun and profit"

While more and more new devices (routers, smartphones, etc.) are getting connected to our SOHO/enterprise environments, all-colour hats are getting plenty of focus on their security: defend and harden on one side; exploit and develop malware on the other. - However, a special class of network devices (specifically network printers/scanners/MFPs), which are networked for more than 15 years, are constantly out of the modern security watchful eye. - And even though we entrust them even the most confidential documents or the most sacred credentials (LDAP, PINs, RFID badges, etc.), we don’t realize closely how weak and unsecured they are, despite the few minor security bulletins that started to pop-up here and there in the recent few months. - In this presentation, we will try to analyze the reasons why hacking network printers/MFPs is a reasonable and accomplishable idea. Also, we will take a look at current state of (weak) affairs in the vulnerability and security research available. Then we will try to envision types of possible exploitation scenarios, backed-up with a printer exploit demo(s). We will conclude the presentation with possible solutions and what can be done to protect ourselves as well as our network environments.

Bio of Andrei Costin

Born and grown-up in Moldova, Andrei is a Computer Science graduate of the Politechnic University of Bucharest where he did his thesis work in Biometrics and Image Processing. He is the author of the MiFare Classic Universal toolKit (MFCUK), the first publically available (FOSS) card-only key cracking tool for the MiFare Classic RFID card family. While starting out his IT-career in the Computer Games industry, he has worked in the Telecom field and is currently senior developer at a specialized firm producing custom embedded systems utilizing GSM/UMTS/GPS technologies. He is passionate about IT/App/Info security and has spoken at various security conferences. He usually doesn't have too much free time, but when he does he enjoys swimming, cyclying or just sunbathing under Cyprus' sun.


Showing differences between disassembled functions

In this presentation we show how to use visualization techniques to improve in the long-standing problem of reverse engineering of patches during vulnerability discovery and analysis. Reversing patches presents at least two problems: that of detecting differences and that of analyzing them. Typically, the researcher will use a reverse-engineering tool (e.g., bindiff, patchdiff) to identify changes in basic blocks through combinations heuristics and will manually analyze the nature of the changes. However, these tools only identify basic blocks that are in one and not the other graph, or syntactic changes within the same basic block. They add no further value to the analysis. This presentation targets the analysis problem by introducing a scheme for rapidly visualizing the differences between the two graphs of the basic-block graphs for the two binaries in a single graphical visualization. Using novel visualization techniques, namely preattentive attributes, we have improved over prior art by being able to highlight changes while allowing the researcher to browse through the code. We will demonstrate the tool analyzing patches and re-discovering the underlying vulnerabilities and how to exploit them. The techniques have been implemented as an IDA plugin and it is freely available under an open source license.

Bio of Aureliano Calvo

In May 2007, I joined Corelabs, Core Security's research lab. Here I specialized in web application security, visualization and cryptography.

I am also a Computer Scientist from University of Buenos Aires (UBA). My previous work experience includes more than 15 years of professional experience developing software. And I am proficient in many programming languages and platforms.


Detecting Hardware Keyloggers

Hardware keyloggers are tiny devices that are plugged between a computer keyboard and a computer. They are available for PS/2 as well as USB keyboards. Once plugged, they are able to record all key strokes and store them using an internal memory. Current models have various megabytes of memory, store the recorded data encrypted, support timestamping of the keyboard events and some even can transfer the key strokes wireless. However the main focus of hardware keyloggers is to stay undetected. Most manufacturers promote their models cannot be detected by software and thus have an advantage over software based keyloggers. But not just the manufacturers claim hardware keyloggers as undetectable, also the common belief does. However that's not correct. Hardware keyloggers make slight changes to the interaction between the keyboard and the computer. These changes can be detected by software and used to determine whether a hardware keylogger is present or not. For example some USB keyloggers change the USB signaling rate or act as USB hub. These changes are quite obvious and can be detected easily. When trying to detect PS/2 keyloggers, it gets more difficult. Nevertheless it is possible. When the PS/2 keylogger is plugged and it is tapping the wire active (this means the data is redirected via the microcontroller of the keylogger), this influences the transfer rate between the keyboard controller (KBC) on the motherboard and the microprocessor in the keyboard. Measuring this time delay, hardware keyloggers can be detected. During the talk an introduction to hardware keyloggers will be given. This introduction covers their features, how they work and gives a short market overview. Afterwards various techniques will be described to detect hardware keyloggers. Some of them are theoretically as they didn't work for the tested models. However others are practical and can be used in real case scenarios. For each technique a detailed presentation will be given, explaining the basic idea, the necessary technical background and the results in practice. Finally a proof of concept tool will be released, that implements some of the techniques to detect PS/2 and USB hardware keyloggers.

Bio of Fabian Mihailowitsch

Fabian Mihailowitsch studied information technology with course specialization in software engineering and worked as a Java software developer for three years. However in 2008 he decided to make his hobby to his profession. He joined a German consulting company and works as IT security consultant since then. In his job he performs code reviewís and does penetration tests of different kinds of applications and networks. In his free time (spent on IT-security) he likes to develop and play around with linux rootkits. Recently his private research led him to hardware based keyloggers.


Dynamic, Metamorphic (and open source) Virtual Machines

Virtual Machines are not new in the computer security field, Most of the time a classical definition of a virtual machines is a ”software implementation that executes programs like a physical machine”. But in our case we will talk about virtual machines as a simple (and lightweight) software to protect a piece of code. For example, you can used a virtual machine to transform a virus into a new form which bypassed an antivirus, or to protect a new algorithm against reverse engineering (the analyze will be more longer). Nowadays, you have only virtual machine which are either static or closed source. That’s why we will present an open source implementation of virtual machine, which is a few part of our new tool ”Heimdall” (by using our framework called ”Libthor” , in python). Our virtual machine used some features of the framework like PRNG to hide integers, or metamorphic code (by using same techniques as metamorph, or more advanced techniques like Van Wijngaarden grammars) to have new efficiently version at each generation by applying transformations on the virtual machine code. The bytecode of the virtual machine is done by using an intermediate representation to tranform X86 assembly instructions. The final bytecode will be dynamic, and for the same piece of X86 code, the bytecode will be unique. The core of the virtual machine is in C language, but we must create dynamic piece of code to handle the bytecode or the state of the virtual machine (because all is dynamic in our VM like context, informations ....). At the end of the generation of a new virtual machine, we can used it like a shared library or like a shellcode which can be loaded anywhere in the memory.

Bio of Anthony Desnos

Anthony Desnos is currently a research engineer at ESIEA (Operational Cryptology and Virology Laboratory) in Laval, France. He is involved in a number of open source security projects, including Draugr, ERESI. He had been speaker in various security/virology/information warfares conferences on different topics, including hack.lu, eicar, eciw, iawacs. You can reach him through his website at: http://www.esiea-recherche.eu or http://perso.t0t0.fr


Breaching BlackBerry security: review and exploit demonstration.

Recently, due to increased media attention to the domain of mobile security, certain intelligentsia believes that the genuine concerns reported in the media are just “another sales rhetoric” of the anti-virus companies. This talk represents a different view of the problem and aims to present the actual situation in the current mobile security with BlackBerry smartphone being the subject of the presentation. According to recent reports, the Research In Motion’s (RIM) BlackBerry handheld devices currently hold the second largest market share amongst the world’s Smartphone devices at 18%. The BlackBerry smartphone has the reputation of being the most secure mobile platform and, as a result, often chosen by enterprises and government organizations as the preferred mobile device. Thus, the BlackBerry device undoubtedly deserves the attention as well as thorough analysis of its underlying security framework. This talk will discuss the current state of BlackBerry malware, illustrate the use of BlackBerry API for developing nifty malicious applications and will dive into the technical details of the included malicious applications.

Bio of Mayank Aggarwal

Mayank Aggarwal is a mobile security researcher at Global Threat Center, SMobile Systems, a company dedicated exclusively to secure smartphones. His job responsibility includes malware analysis, detecting security loopholes in smartphone’s and reverse engineering. In 2009, he received a Master’s degree in Electrical & Computer Engineering from The Ohio State University, USA. He is a Sun Certified Java Programmer (SCJP) and a Certified Ethical Hacker (CEH). He has written articles on mobile security for leading industry publications and presented a talk on “Cellular Mobile Security” in NY Cyber Security Conference 2010.


Exploit Delivery - Tricks and Techniques

It has been a decade since I started talking about computer security. 10 years have witnessed a change in threat landscapes, attack targets, exploits, techniques and damage. Two eco-systems are slowly and surely converging into one. On one hand, we have the application layer. Much has been talked about it. There is a steady trickling flow of XSS, XSRF, SQL injection and the usual suspects. Some of them are under the guise of "Web 2.0", and some of them are as ancient as CGI attacks of 1999. On the other hand, we have the desktop. Dominating the desktop is the browser, with its horde of assistants. Exploitation in this space has accelerated in the last 3 years.

How will the threat landscape change with the advent of new technologies and services? New standards are emerging, and the darling child of the web is HTML 5. A closer look at standards reveals and awful mess. Are the standards mitigating any security concerns? More importantly, will browser vendors and web application developers really respect the standards? The browser wars taught us that "might is right". If everyone breaks the web, that becomes a new adopted standard. New technologies, coupled with popular online services make for some very interesting exploit delivery techniques.

This talk explores some innovative exploit delivery techniques that are born as a result of bloated standards and services designed without much thought towards security. We cover techniques where exploits can be delivered through URL shorteners and images. We take a look at some browser exploits. This talk ends with a discussion on exploit sophistication, ranging from highly polished and elegant techniques such as Return Oriented Programming to the downright crude and ugly techniques such as DLL Hijacking. How will we combine all this together? And will Anti-Virus still save us all?

Bio of Saumil Shah

Saumil Shah is the founder and CEO of Net-Square, providing cutting edge information security services to clients around the globe. Saumil is an internationally recognized speaker and instructor, having regularly presented at conferences like Blackhat, RSA, CanSecWest, PacSec, EUSecWest, Hack.lu, Hack-in-the-box and others. He has authored two books titled "Web Hacking: Attacks and Defense" and "The Anti-Virus Book".

Saumil graduated with an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time breaking software, flying kites, traveling around the world and taking pictures.