|
PRESENTATION:
|
High-performance Zero-knowledge Binary Hooking and Tracing with ROP Hooks with A-Trace (Eh-Trace)
|
|
PRESENTER(S):
|
Shane Macaulay, Director of Incident Readiness for IOActive
|
|
CONFERENCE:
|
|
|
LOCATION:
|
Sheraton Wall Centre Hotel, Vancouver, Canada
|
|
DATE & TIME:
|
March 18, 2016 at 13:30PM
|
Hooking, tracing, and code coverage analysis methods on Microsoft Windows are both awesome and complex–API Monitor (awesome) and Deviare2 (complex). They generally require three primitive components to be useful: logging infrastructure, symbol/argument recovery, and hook/trampoline generation (a way to install code ‘detours’ in-line).
In this presentation, Shane will demonstrate a zero-knowledge hooking and tracing platform. It does not require symbols or awareness of the count of arguments and provides configurable and substantial trace telemetry (register context), sufficient for coverage analysis. The platform executes very fast (not debugging) and requires no binary modifications (ROP hooking) to the application being analyzed.
About Shane Macaulay
Shane Macaulay is the director of incident readiness for IOActive and is experienced in enterprise-level network and application assessment and consultation.
Macaulay takes a deep, broad approach to security and has worked with every major UNIX distribution, Microsoft platform, and networking operating system. He has contributed to the security community by way of various papers, books, and technical applications, and he has discovered numerous compiler bugs (both native and managed), one of which was used to win the non-obvious source code backdoor contest at DefCon 2010.
Macaulay is an alumni member of the international security group The Honeynet Project and has worked with IBM, Bloomberg, @Stake/Symantec, financial exchanges/firms, and many high-tech industry giants.
About CanSecWest 2016
CanSecWest, the world’s most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. We give preference to new and innovative material, highlighting important, emergent technologies, techniques, or best industry practices.
About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.
###
Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github