census will be participating in the “Digi-Mobile” action as a provider for smart phone software and services. If you require a secure remote management solution for your corporate assets or a specialized security intelligence platform that fully utilizes today’s smart-phone/tablet technologies, then contact us today!

The Digi-Mobile Action funds greek companies that wish to integrate smart phone technologies into their businesses and products. To see if your business is eligible for participation to this action, please visit the Digi-Mobile portal or the relevant StartupGreece site.

In anticipation of Dan Rosenberg’s talk on exploiting the Linux kernel’s SLOB memory allocator at the Infiltrate security conference and because I recently had a discussion with some friends about the different kernel memory allocators in Linux, I decided to write this quick introduction. I will present some of the allocators’ characteristics and also provide references to public work on exploitation techniques.

Netvolution v2.5.8 is vulnerable to a blind SQL injection attack in the HTTP “referer” header. A malicious user may utilize this vulnerability to modify content on the vulnerable website, inject malicious javascript code to a visitor’s browser, collect CMS usernames and plaintext passwords and, in some cases, execute commands on the system hosting the database server. This is a critical vulnerability since it does not require authentication and its exploitation may go undetected.

My presentation slides from this year’s FOSSCOMM security sessions are now (also) available here.

The talk, entitled “Performing Digital Forensics with Open Source tools”, described the phases of the digital forensics investigation process and showed how these could be carried out with the aid of open source tools. The Q&A with students, administrators and security engineers in the audience led to a very interesting discussion on best practices for incident response.

All in all the presentation was a great success and I would like to thank both the organizers and the audience for making this such a wonderful event!

Presentation Material

• Presentation Slides (pdf)

census has participated once again at AthCon, the leading technical IT security conference in Greece. Our work entitled “Introducing the Parasite” presented a small device that is capable of creating a physical backdoor in an otherwise protected network.

census is happy to be participating for the second time at AthCon, the leading technical IT security conference in Greece! At this year’s conference, our researcher Nikos Tsagkarakis will be presenting the “Parasite”, a small device that is capable of creating a physical backdoor in an otherwise protected network.

census will be participating at the ELLAK 2011 conference panel on “Doing business with Open Source Software”. This session will take place on May 21st 2011 at 15:30, at the Ceremony Hall of the National Technological University of Athens.

census is proud to have participated in FOSSCOMM 2011, the annual hellenic conference that brings together Free/OSS communities and developers for a 2-day marathon of talks, workshops and technical discussions!

census researchers Patroklos Argyroudis and Dimitris Glynos will be presenting their Blackhat EU 2011 paper entitled “Protecting the Core — Kernel Exploitation Mitigations” at the upcoming OWASP Greek Chapter meeting in Athens.

Black Hat Europe 2011 is now over and we are very happy to have participated once again in the best European IT security conference!

Continuing from our last year’s presentation, our talk this year focused on operating system kernel protections. Specifically, our researchers Patroklos Argyroudis and Dimitris Glynos collected their experiences from kernel exploit development and presented the ways in which modern operating systems protect their kernels from memory corruption attacks.