CENSUS researcher Patroklos Argyroudis has recently presented a talk on heap exploitation abstraction at two conferences, namely ZeroNights 2014 (Moscow, Russia) and BalCCon 2014 (Novi Sad, Serbia). In the talk titled “Project Heapbleed”, Patroklos has collected the experience of exploiting allocators in various different target applications and platforms. He focused on practical, reusable heap attack primitives that aim to reduce the exploit development time and effort.
On Friday November 28th 2014, Dimitrios Glynos will give a presentation entitled “Protecting the Digital Now — CENSUS IT Security Works” at the FORTH Institute of Computer Science in Heraklion, Crete.
CENSUS researchers Alex Zacharis and Nikos Tsagkarakis presented their Point-of-Sale exploitation work entitled “PoS Attacking the Traveling Salesman” at this year’s DEFCON conference in Las Vegas, USA.
The talk illustrated vulnerabilities of airport point-of-sale systems that could be used by adversaries to collect passenger data.
Material from this talk can be found here:
The presentation was a success and caught the attention of various technology blogs:
We are thrilled to be participating again, for the fourth time actually, at AthCon, the leading technical IT security conference in Greece. This year, our researchers Patroklos Argyroudis and Chariton Karamitas will be presenting novel exploitation techniques against the Mozilla Firefox browser.
census researchers will be presenting “Exploiting the jemalloc Memory Allocator: Owning Firefox’s Heap”, an in-depth security analysis of the jemalloc memory allocator at Black Hat USA 2012. The focus will be on offensive techniques and the identification of attack vectors, while the Mozilla Firefox browser will be used as a case study.
The Black Hat USA 2012 conference will be held in Las Vegas, Nevada. We hope to see you there!
Update: The presentation slides are now available here.
census is excited to be participating for the third time at AthCon, the leading technical IT security conference in Greece. This year our researchers will be presenting a new design for executable packing that allows penetration testers to hide malicious payloads from a wide variety of antivirus engines.