Director of Security Intelligence to present findings of research on Microsoft’s web browser
Seattle, WA ― April 10, 2013. – IOActive, Inc., a leading provider of application security, compliance and smart grid security services, today announced that its director of security intelligence, Christopher Valasek, will present An Examination of String Allocations in Internet Explorer 9 at SOURCE Boston 2013.
Allocation of memory, specifically user_controlled strings, has played a major role in browser exploitation, especially with regards to heap spraying. The underlying knowledge of JavaScript string allocations were widely understood from Internet Explorer 6 through 7. However, while heap spray attacks adapted to changes in Internet Explorer 8–9, public foundational knowledge did not keep pace.
Valasek’s presentation will discuss a brief history of string allocations from Internet Explorer 6 to Internet Explorer 8 then explore current memory management methods for Internet Explorer 9. The presentation will conclude with a look at how newly acquired knowledge can be useful for browser exploitation.
WHAT: An examination of string allocations in IE9
WHERE: SOURCE Boston, Marriott Tremont, Boston, MA, USA
WHEN: April 16, 2013 at 13:00
About SOURCE The SOURCE Conference has been created to bridge the gap between technical excellence and business acumen within the security industry. SOURCE fosters a community of learning where business and security professionals come together to gain knowledge and skills, network with peers, and advance their careers and professional development. SOURCE enables individuals, teams, and organizations to leverage information to improve decision-making, optimize performance, and achieve business objectives.
About Christopher Valasek Christopher Valasek is the Director of Security Intelligence at IOActive. He specializes in attack methodologies, reverse engineering, and exploitation techniques. Valasek is widely regarded for his research on Windows heap exploitation, he also regularly speaks on the security industry conference circuit on a variety of topics. His previous tenures include Coverity, Accuvant LABS, and IBM/ISS. Valasek is also the Chairman of SummerCon, the nation’s oldest hacker conference. Chris holds a B.S. in Computer Science from the University of Pittsburgh.
About IOActive
Established in 1998, IOActive is an industry leader that offers comprehensive computer security services with specializations in smart grid technologies, software assurance, and compliance. Boasting a well-rounded and diverse clientele, IOActive works with a majority of Global 500 companies including power and utility, hardware, retail, financial, media, aerospace, healthcare, high-tech, and software development organizations. As a home for highly skilled and experienced professionals, IOActive attracts talented consultants who contribute to the growing body of security knowledge by speaking at such elite conferences as Black Hat, Ruxcon, Defcon, BlueHat, CanSec, and WhatTheHack. For more information, visit www.ioactive.comor call +1.866.760.0222.
-###-