Hardening a browser is especially interesting because exploitation tends to be so interactive. Browser exploitation essentially has memory sporks -- read & write primitives giving exploits a chance to really have their way with the address space. So hardening browsers is quite difficult indeed because defenses like NX memory and ASLR can be trivially bypassed with the right vulnerability -- and many UaF flaws become just that. What's new for Ekoparty===>I'll be announcing a browser exploitation challenge and provide unprotected and protected browser builds for people to try to exploit. For people that have never done browser exploitation, they will learn how easy it can be. For people who have already done browser exploitation, they will learn how frustrating it could become!
Sobre Alex Rad
Alex Rad has been playing wargames and solving security problems for a little while now. In the security industry, he looks to push boundaries and raise the bar. He has spoken at WWDC, Ekoparty '12 on IC reverse engineering., Codegate about critical cryptographic flaws in popular mobile messengers, NSC about pagetable security.
Aquí te presenta su conferencia: