In the aftermath of the recent Android stagefright vulnerabilities, efficient fuzz testing techniques and tools for the Android ecosystem are again in the spotlight. In this post we would like to share some of the fuzz testing experience we have gained through our projects and show how it can be applied in the Android world. Additionally, we’ll enlist some of the public contributions we’ve made to open source tools aiming to help the community focus more on the target and less on the tooling.
The talk, entitled “Performing Digital Forensics with Open Source tools”, described the phases of the digital forensics investigation process and showed how these could be carried out with the aid of open source tools. The Q&A with students, administrators and security engineers in the audience led to a very interesting discussion on best practices for incident response.
All in all the presentation was a great success and I would like to thank both the organizers and the audience for making this such a wonderful event!
- Presentation Slides (pdf)
Our talk presented an overview of the available free/open source software that can be used to build complete security solutions for public offices and infrastructure. Furthermore, we analysed recorded cyberwarfare incidents and how the open source model can aid in establishing robust defenses. The slides from our presentation are available here (in Greek).
We would like to cordially thank Professor Antonios Andreatos for inviting us to the event and congratulate him for his organisational efforts.
Our talk on Saturday will focus on security issues that manifest during software development using the C programming language. Although there has been extensive coverage of this topic in the past, our presentation will provide an up-to-date analysis of programming bugs that potentially lead to security issues.
During the lunch break on Saturday there will also be a PGP/CACert key signing party. See here for more details (in Greek).
We hope to see you there!
Update: Slides from this talk are available here.