census will be sponsoring the 3rd InfoCom Security conference, that will be held on April 10th, 2013 at the Divani Caravel hotel in Athens, Greece.

census participated in the “Network Security and Cyberwarfare” event organized by the Hellenic Air Force Academy (Σχολή Ικάρων).

census was one of the sponsors of the OWASP AppSec Research 2012 conference, held at the University of Athens, Greece on July 10-12th, 2012. Besides helping out with the CTF challenge, Census researchers also provided a technical talk on Heap Exploitation Abstraction.

This year’s OWASP AppSec Research conference took place in Athens, Greece and we were planning to be there as participants. However, the day before the conference, Konstantinos Papapanagiotou (General Chair) asked if we could do a presentation to replace a cancelled talk. Myself and Chariton Karamitas agreed to help and spend around three hours preparing a talk on heap exploitation abstraction, a subject dear to us.

This year we have presented our research work at Black Hat USA 2012, the leading information security conference. Our researchers Patroklos Argyroudis and Chariton Karamitas visited Caesar’s Palace at Las Vegas, Nevada and delivered the talk.

Our presentation was titled “Exploiting the jemalloc Memory Allocator: Owning Firefox’s Heap” and described in detail attack primitives against jemalloc and how these can be used to exploit heap overflow and use-after-free vulnerabilities that affect the Mozilla Firefox browser.

census researchers will be presenting “Exploiting the jemalloc Memory Allocator: Owning Firefox’s Heap”, an in-depth security analysis of the jemalloc memory allocator at Black Hat USA 2012. The focus will be on offensive techniques and the identification of attack vectors, while the Mozilla Firefox browser will be used as a case study.

The Black Hat USA 2012 conference will be held in Las Vegas, Nevada. We hope to see you there!

Update: The presentation slides are now available here.

AthCon 2012 is now over and what a great event that was!

Our talk this year, entitled “Packing Heat!”, described ways in which PE executables can be packed to evade AntiVirus (AV) detection during penetration tests.

census is excited to be participating for the third time at AthCon, the leading technical IT security conference in Greece. This year, our researcher Dimitris Glynos will be presenting a new design for executable packing that allows penetration testers to hide malicious payloads from a wide variety of antivirus engines.

My presentation slides from this year’s FOSSCOMM security sessions are now (also) available here.

The talk, entitled “Performing Digital Forensics with Open Source tools”, described the phases of the digital forensics investigation process and showed how these could be carried out with the aid of open source tools. The Q&A with students, administrators and security engineers in the audience led to a very interesting discussion on best practices for incident response.

All in all the presentation was a great success and I would like to thank both the organizers and the audience for making this such a wonderful event!

Presentation Material

• Presentation Slides (pdf)

census has participated once again at AthCon, the leading technical IT security conference in Greece. Our work entitled “Introducing the Parasite” presented a small device that is capable of creating a physical backdoor in an otherwise protected network.