latest news
blog posts

Project Heapbleed

CENSUS researcher Patroklos Argyroudis has recently presented a talk on heap exploitation abstraction at two conferences, namely ZeroNights 2014 (Moscow, Russia) and BalCCon 2014 (Novi Sad, Serbia). In the talk titled “Project Heapbleed”, Patroklos has collected the experience of exploiting allocators in various different target applications and platforms. He focused on practical, reusable heap attack primitives that aim to reduce the exploit development time and effort.

 read more...

PoS Attacking the traveling salesman — DEFCON 2014

CENSUS researchers Alex Zacharis and Nikos Tsagkarakis presented their Point-of-Sale exploitation work entitled “PoS Attacking the Traveling Salesman” at this year’s DEFCON conference in Las Vegas, USA.

The talk illustrated vulnerabilities of airport point-of-sale systems that could be used by adversaries to collect passenger data.

Material from this talk can be found here:

The presentation was a success and caught the attention of various technology blogs:

We would like to thank the organizers of DEFCON for hosting this great event and hope to meet everyone again next year!

4th InfoCom Mobiles and Apps conference slides

Here are the slides for our recent (albeit short) talk on “Secure Mobile App SDLC”, as presented at the 4th Infocom Mobiles and Apps conference.

 read more...

4th InfoCom Mobiles and Apps conference

Census will be sponsoring the 4th InfoCom Mobiles and Apps conference, that will be held on February 12th, 2014 at the Divani Caravel hotel in Athens, Greece.

 read more...

Firefox Exploitation — AthCon 2013

We are thrilled to be participating again, for the fourth time actually, at AthCon, the leading technical IT security conference in Greece. This year, our researchers Patroklos Argyroudis and Chariton Karamitas will be presenting novel exploitation techniques against the Mozilla Firefox browser.

 read more...

3rd InfoCom Security conference

census will be sponsoring the 3rd InfoCom Security conference, that will be held on April 10th, 2013 at the Divani Caravel hotel in Athens, Greece.

 read more...

Presentations at Hellenic Air Force Academy and Hellenic Naval Academy

OWASP AppSec Research 2012

census was one of the sponsors of the OWASP AppSec Research 2012 conference, held at the University of Athens, Greece on July 10-12th, 2012. Besides helping out with the CTF challenge, Census researchers also provided a technical talk on Heap Exploitation Abstraction.

 read more...

Heap Exploitation Abstraction by Example — OWASP AppSec Research 2012

This year’s OWASP AppSec Research conference took place in Athens, Greece and we were planning to be there as participants. However, the day before the conference, Konstantinos Papapanagiotou (General Chair) asked if we could do a presentation to replace a cancelled talk. Myself and Chariton Karamitas agreed to help and spend around three hours preparing a talk on heap exploitation abstraction, a subject dear to us.

 read more...

Black Hat USA 2012 update

This year we have presented our research work at Black Hat USA 2012, the leading information security conference. Our researchers Patroklos Argyroudis and Chariton Karamitas visited Caesar’s Palace at Las Vegas, Nevada and delivered the talk.

Our presentation was titled “Exploiting the jemalloc Memory Allocator: Owning Firefox’s Heap” and described in detail attack primitives against jemalloc and how these can be used to exploit heap overflow and use-after-free vulnerabilities that affect the Mozilla Firefox browser.

 read more...