About two months ago (April 15th 2015) I visited Miami and presented at the INFILTRATE Security Conference a talk on Firefox heap exploitation, titled “OR’LYEH? The Shadow over Firefox”. The organization of the conference was flawless and the people I met there were amazing. A special thank you to the Immunity team for being great hosts and for their helpful feedback.
Hello, my name is Andrzej Dyjak and I’m part of the research team here at CENSUS.
A few weeks ago (on May 26th) I gave a talk titled “DTrace + OS X = Fun” at CONFidence 2015 in which I have described how DTrace can be used in order to ease various tasks within the realm of dynamic analysis on the OS X platform.
The slides from this talk are now also available here.
CENSUS researcher Patroklos Argyroudis has recently presented a talk on heap exploitation abstraction at two conferences, namely ZeroNights 2014 (Moscow, Russia) and BalCCon 2014 (Novi Sad, Serbia). In the talk titled “Project Heapbleed”, Patroklos has collected the experience of exploiting allocators in various different target applications and platforms. He focused on practical, reusable heap attack primitives that aim to reduce the exploit development time and effort.
CENSUS researchers Alex Zacharis and Nikos Tsagkarakis presented their Point-of-Sale exploitation work entitled “PoS Attacking the Traveling Salesman” at this year’s DEFCON conference in Las Vegas, USA.
The talk illustrated vulnerabilities of airport point-of-sale systems that could be used by adversaries to collect passenger data.
Material from this talk can be found here:
The presentation was a success and caught the attention of various technology blogs:
We are thrilled to be participating again, for the fourth time actually, at AthCon, the leading technical IT security conference in Greece. This year, our researchers Patroklos Argyroudis and Chariton Karamitas will be presenting novel exploitation techniques against the Mozilla Firefox browser.