BLOG

How to enhance penetration testing through vulnerability research

The slides from my short presentation on “How to enhance penetration testing through vulnerability research” from the 3rd Infocom Security conference, are now available here (in Greek).

Heap Exploitation Abstraction by Example - OWASP AppSec Research 2012

This year’s OWASP AppSec Research conference took place in Athens, Greece and we were planning to be there as participants. However, the day before the conference, Konstantinos Papapanagiotou (General Chair) asked if we could do a presentation to replace a cancelled talk. Myself and Chariton Karamitas agreed to help and spend around three hours preparing a talk on heap exploitation abstraction, a subject dear to us.

Black Hat USA 2012 update

This year we have presented our jemalloc exploitation research work at Black Hat USA 2012, the leading information security conference. Our researchers Patroklos Argyroudis and Chariton Karamitas visited Caesar’s Palace at Las Vegas, Nevada and delivered the talk.

Packing Heat - AthCon 2012 update

AthCon 2012 is now over and what a great event that was! Our talk this year, entitled “Packing Heat!”, described ways in which PE executables can be packed to evade AntiVirus (AV) detection during penetration tests. Specifically, the talk presented a new type of packer; a packer that generates metamorphic executables. Each executable generated by this type of packer both looks different on-disk and behaves differently at runtime.