Hardening a
browser is especially interesting because exploitation tends to be so
interactive. Browser exploitation essentially has memory sporks -- read &
write primitives giving exploits a chance to really have their way with the
address space. So hardening browsers is quite difficult indeed because defenses
like NX memory and ASLR can be trivially bypassed with the right vulnerability
-- and many UaF flaws become just that. What's new for Ekoparty===>I'll be
announcing a browser exploitation challenge and provide unprotected and
protected browser builds for people to try to exploit. For people that have
never done browser exploitation, they will learn how easy it can be. For people
who have already done browser exploitation, they will learn how frustrating it
could become!
Sobre Alex
Rad
Alex Rad
has been playing wargames and solving security problems for a little while now.
In the security industry, he looks to push boundaries and raise the bar. He has
spoken at WWDC, Ekoparty '12 on IC reverse engineering., Codegate about
critical cryptographic flaws in popular mobile messengers, NSC about pagetable
security.
Aquí te presenta su conferencia:
Alexandru Radocea saluda a la ekoparty 10! from ekoparty on Vimeo.
No hay comentarios:
Publicar un comentario