Buenos Aires, AR—August 14, 2012. IOActive, a leading provider of application security, compliance, and smart grid security services, today announced that Cesar Cerrudo, their Chief Technology Officer of IOActive Labs, will present Easy Local Windows Kernel Exploitation at 8dot8 2012. 8dot8 was born out of a desire for a different type of Information Security Conference, one that isn’t organized for commercial purposes. Their aim is to be 100% technical for everyone interested in computer security. “The principal objective is to share the latest techniques being used, the latest kinds of attacks that have been seen, the ways in which they are carried out and how they are being defended against.” IOActive is proud to be a Gold Level sponsor of this event.
Cerrudo’s presentation will focus on common local kernel vulnerabilities that lack general, multi-version, and reliable ways to exploit them. In the past, interesting techniques have been published, but these methods are far from simple and won’t work across different versions of Windows. This presentation will show a couple of easy and reliable cross-platform techniques for exploiting common local Windows kernel vulnerabilities. These new techniques will even provide methods to exploit vulnerabilities that, until now, have been considered difficult or seemingly impossible to achieve.
WHAT Easy Local Windows Kernel Exploitation
WHERE Cine Arte Normandie. Santiago, Chili
WHEN October 18–19, 2012. Time TBD.
HOW For more information, visit the 8dot8 2012 website.
About Cesar Cerrudo
Cesar Cerrudo is CTO at IOActive Labs, where he leads the team to produce cutting-edge research in the areas of SCADA, mobile device, application security, and more. Formerly the founder and CEO of Argeniss Consulting—which was acquired by IOActive—Cesar is a world-renowned security researcher and specialist in application security.
Throughout his career, Cesar is credited with discovering and helping to eliminate dozens of vulnerabilities in leading applications including Microsoft SQL Server, Oracle Database Server, IBM DB2, Microsoft BizTalk Server, Microsoft Commerce Server, Microsoft Windows, and Yahoo! Messenger. Cesar also has authored several white papers on database and application security, and attacks and exploitation techniques, and he has been invited to present at a variety of companies and conferences including Microsoft, Black Hat, Bellua, CanSecWest, EuSecWest, WebSec, HITB, Microsoft BlueHat, EkoParty, FRHACK, H2HC, and Defcon. Cesar collaborates with and is regularly quoted in print and online publications including eWeek, ComputerWorld, and other leading journals.
About IOActive
Established in 1998, IOActive is an industry leader that offers comprehensive computer security services with specializations in smart grid technologies, software assurance, and compliance. Boasting a well-rounded and diverse clientele, IOActive works with a majority of Global 500 companies including power and utility, hardware, retail, financial, media, aerospace, high-tech, and software development organizations. As a home for highly skilled and experienced professionals, IOActive attracts talented consultants who contribute to the growing body of security knowledge by speaking at such elite conferences as Black Hat, Ruxcon, Defcon, BlueHat, CanSec, and WhatTheHack. For more information, visit www.ioactive.com.
-###-