Ever wondered about the attack surface of graphics drivers on Windows? Are they similar to other drivers? Do they expose ioctl’s? In this talk from Ilja, all those questions will be answered and more. Whether you’re a security researcher, a developer looking for some security guidance when writing these drivers, or just generally curious about driver internals, there’s something here for you. The research presented focuses both on C/C++ code, when available, as well as reverse engineering of these drivers.

About Ilja van Sprundel
Ilja van Sprundel is the Director of Penetration Testing at IOActive. His primary expertise centres on penetration testing and vulnerability assessments. Van Sprundel has designed custom security solutions for software development companies, the telecommunications industry, the financial services sector, and non-profit organisations around the world. Furthermore, he played a pivotal role in security review of Windows Vista. Van Sprundel has written numerous white papers and is a well-respected author in the security community. He is also frequently invited to speak at security conferences around the world. Most recently he presented at PacSec, Ruxcon, BlueHat, CanSecWest, 44Con, and EUSecWest.

About PacSec
The PacSec meeting provides an opportunity for foreign specialists to be exposed to Japanese innovation and markets and collaborate on practical solutions to computer security issues. In a relaxed setting with a mixture of material bilingually translated in both English and Japanese, the eminent technologists can socialize and attend training sessions.

The presenters are experienced security professionals at the vanguard of leading information security technology as well as experienced instructors who have prepared tutorials intended to help you stay abreast of the latest developments in this rapidly moving technological field. The best, and brightest, have assembled unique new material to help you maintain your technological leadership – which they will present at this conference.

About IOActive
IOActive is a comprehensive, high-end information security services firm with a long and established track record in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment through to chip reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, USA, with global operations through the Americas, EMEA and Asia Pac regions. Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

 ###

Seattle, USA — October 24, 2014 – IOActive, Inc., the leading global provider of hardware, software, and wetware security services, announced today that Cesar Cerrudo, Chief Technology Officer for IOActive Labs, and Chris Valasek, Director of Vehicle Security Research for IOActive, will present their ground-breaking research at the ekoparty Security Conference.

IOActive Speakers

Cesar Cerrudo, Chief Technology Officer for IOActive Labs Hacking US (and UK, Australia, France, etc.) Traffic Control Systems
Date & Time:         Thursday October 30, 2014 at 09:30 AM
Cesar recently conducted research involving devices used by traffic control systems in important cities around the world, including the US, UK, France, Australia, and China. The end result, Cesar was able to hack into and exploit these devices.

In this presentation, Cesar will tell the whole story: how the devices were acquired, the research and onsite tests he conducted, the vulnerabilities he discovered, and how they can be exploited. Cesar will conclude his presentation with demonstrations of cyberwar-style attacks against the vulnerable devices.

Chris Valasek, Director of Vehicle Security Research
Remote Automotive Attack Surfaces
Date & Time:         Friday October 31, 2014 at 19:20 PM
Automotive security concerns have gone from the fringe to the mainstream as researchers have demonstrated modern vehicles’ susceptibility to local and remote attacks. A malicious attacker could exploit remote vulnerabilities to execute a wide range of remote attacks, from enabling a microphone and eavesdropping to turning the steering wheel to disabling the brakes.

Each manufacturer designs its fleets differently; therefore, remote threat analysis must avoid generalities. Unfortunately, research has only been presented on three or four particular vehicles. In his talk, Chris takes a step back and examines the automotive networks of a large number of manufacturers from a security perspective. Using this larger dataset Chris begins to answer questions like: Are some cars more secure from remote compromise than others? Has automotive network security changed for the better (or worse) in the last five years? What does the future of automotive security hold? How can we protect our vehicles from attack moving forward?

About Cesar Cerrudo
Cesar Cerrudo is CTO for IOActive Labs, where he leads the team in producing ongoing, cutting-edge research in the areas of SCADA, mobile device, application security, and more. Formerly the founder and CEO of Argeniss Consulting – which was acquired by IOActive – Cesar is a world-renowned security researcher and specialist in application security.

Throughout his career, Cesar is credited with discovering and helping to eliminate dozens of vulnerabilities in leading applications including Microsoft SQL Server, Oracle database server, IBM DB2, Microsoft Windows, Yahoo! Messenger, and Twitter. He has a record of finding more than 50 vulnerabilities in Microsoft products and more than 20 in Microsoft Windows operating systems. Cesar has authored several white papers on database and application security as well as attacks and exploitation techniques based on his unique research. He has been invited to present at a variety of companies and conferences including Microsoft, Black Hat, Bellua, CanSecWest, EuSecWest, WebSec, HITB, Microsoft BlueHat, EkoParty, FRHACK, H2HC, Infiltrate, BlueHat, 8.8, Hackito Ergo Sum, NcN, and Defcon. Cesar collaborates with, and is regularly quoted in, print and online publications.

About Chris Valasek
Chris Valasek serves as the Director of Vehicle Security Research for IOActive where he is responsible for investigating current attack methodologies and trends. He also leads a variety of research and development projects.

Chris specializes in offensive research methodologies with a focus on reverse engineering and exploitation. Known for his extensive research in the automotive field, Chris was one of the first researchers to publicly discuss automotive security issues in detail. His release of code, data, and tools allowing vehicles to be physically controlled through the CAN bus garnered worldwide media attention.

Chris is also known for his exploitation and reverse engineering of Windows. As a Windows heap subject matter expert, Chris has been quoted in several technology publications and has given presentations on the subject at a number of conferences. He is also the Chairman of SummerCon, the nation’s oldest hacker conference.

Prior to working at IOActive, Chris served as Senior Security Research Scientist at Coverity, a leading development testing company based in San Francisco. At Coverity, Valasek served as General Security Council to the organization and led the C/C++ security initiative for the research laboratory. Chris also served as Senior Security Research Scientist at Accuvant, where he was a key member of the Labs Group and focused on binary analysis, exploitation techniques, consulting services, and long-term research projects.

About ekoparty
The essence of ekoparty is simple and comprehensive: It is an international conference with speakers from Latin America and over the world. With an excellent variety of topics, discussions, and direct participation, ekoparty demonstrates cutting-edge security research and development. The post-conference activities add an extra value to this event. All participants are invited to interact on a personal level in Lockpicking challenges or a Wardriving tour around the city in private transportation.

ekoparty Security Conference allows consultants, security officers, researchers, developers, technicians, system administrators, nerds, geeks, and technology enthusiasts to meet and enjoy the most important security discoveries.

About IOActive
IOActive is a comprehensive, high-end information security services firm with a long and established track record in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, USA, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github

Cesar recently conducted research involving devices used by traffic control systems in important cities around the world, including the US, UK, France, Australia, and China. The end result, Cesar was able to hack into and exploit these devices.

In this presentation, Cesar will tell the whole story: how the devices were acquired, the research and onsite tests he conducted, the vulnerabilities he discovered, and how they can be exploited. Cesar will conclude his presentation with demonstrations of cyberwar-style attacks against the vulnerable devices.

About Cesar Cerrudo
Cesar Cerrudo is CTO for IOActive Labs, where he leads the team in producing ongoing, cutting-edge research in the areas of SCADA, mobile device, application security, and more. Formerly the founder and CEO of Argeniss Consulting – which was acquired by IOActive – Cesar is a world-renowned security researcher and specialist in application security.

Throughout his career, Cesar is credited with discovering and helping to eliminate dozens of vulnerabilities in leading applications including Microsoft SQL Server, Oracle database server, IBM DB2, Microsoft Windows, Yahoo! Messenger, and Twitter. He has a record of finding more than 50 vulnerabilities in Microsoft products and more than 20 in Microsoft Windows operating systems. Cesar has authored several white papers on database and application security as well as attacks and exploitation techniques based on his unique research. He has been invited to present at a variety of companies and conferences including Microsoft, Black Hat, Bellua, CanSecWest, EuSecWest, WebSec, HITB, Microsoft BlueHat, EkoParty, FRHACK, H2HC, Infiltrate, BlueHat, 8.8, Hackito Ergo Sum, NcN, and Defcon. Cesar collaborates with, and is regularly quoted in, print and online publications.

About 8.8 Computer Security Conference
A group of security professionals in Chile were bored with the typical “computer security conferences” oriented towards management or organized for commercial purposes. To this end, we decided to organize a conference that is intended to be 100% technical and focused principally on sharing knowledge and experience.

We would like this to be an event where those responsible for information security and privacy of information: CIOs, CTOs, CISOs, ISOs, sysadmins, system architects, system developers, network administrators, security specialists, consultants, risk analysts, system administrators and students can share knowledge and their experiences in a relaxed and comfortable environment.

The principal objective is to share the latest techniques being used, the latest kinds of attacks that have been seen, the ways in which they are carried out and how they are being defended against.

About IOActive
IOActive is a comprehensive, high-end information security services firm with a long and established track record in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, USA, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github

Cesar recientemente realizo una investigación sobre dispositivos usados por sistemas de control de tráfico en importantes ciudades del mundo incluyendo a Estados Unidos, Reino Unido, Australia, Francia, Canadá, China, etc. Como resultado final Cesar pudo hackear y explotar estos dispositivos.

En esta presentación, Cesar contara toda la historia: como estos dispositivos fueron conseguidos, la investigación y los tests que se hicieron, las vulnerabilidades que encontró y como estas pueden ser explotadas. Cesar concluirá su presentación con descripciones y demostraciones de posibles ataques a estos dispositivos vulnerables.

Sobre Cesar Cerrudo
Cesar Cerrudo es CTO en IOActive Labs, donde lidera el equipo encargado de producir investigación sobre las últimas tecnologías en las aéreas de SCADA, dispositivos móviles, seguridad en aplicaciones y demás. Anteriormente fundador y CEO de Argeniss Consulting -empresa adquirida por IOActive- Cesar es un investigador en seguridad reconocido mundialmente especializado en seguridad en aplicaciones. A través de su carrera, Cesar ha descubierto y ayudado a eliminar decenas de vulnerabilidades en aplicaciones muy conocidas como ser Microsoft SQL Server, Oracle Database Server, IBM DB2, Microsoft Biztalk Server, Microsoft Windows y Yahoo! Messenger.

Cesar también ha publicado varios trabajos de investigación en seguridad en aplicaciones y base de datos, en ataques y técnicas de explotación de vulnerabilidades, él ha sido invitado a presentar el resultado de sus investigaciones en varias compañías y conferencias alrededor del mundo incluyendo Microsoft, Black Hat, Bellua, CanSecWest, EuSecWest, WebSec, HITB, Microsoft BlueHat, Ekoparty, FRHACK, H2HC, Defcon, Infiltrate, 8.8 y Hackito Ergo Sum.

Cesar colabora regularmente con comentarios y aportes técnicos en medios impresos y online.

Sobre 8.8 Computer Security Conference
Un grupo de profesionales relacionados a la seguridad de la información en distintos ámbitos en Chile aburridos con las típicas “conferencias de seguridad” orientados a la gerencia, gestión o organizadas para fines comerciales decidieron organizar una conferencia de hacking o 100% técnica, enfocada principalmente en compartir conocimientos y experiencias.

Nos gustaría que esto fuera un evento donde las personas interesadas en seguridad de la información: CIOs, CTOs, CISOs, ISOs, sysadmins, arquitectos de sistemas, desarrolladores de sistemas, administradores de red, especialistas en seguridad, consultores, analistas de riesgo, administradores de sistemas, estudiantes, hackers, geeks y muchos otros pueden compartir conocimientos y experiencias en un ambiente distendido y confortable.

El objetivo principal es compartir experiencias, conocer las últimas técnicas que se usan, los últimos tipos de ataques registrados, la forma en que ellos se concretan y cómo se repelen.

Sobre IOActive
IOActive es una firma de servicios especializados en seguridad de la información con un largo y establecido track record entregando excelentes servicios de seguridad a sus clientes. Nuestros equipos de investigación y consultoría de fama mundial ofrecen un porfolio de servicios de seguridad especializados que van desde tests de penetración y auditoria de código de aplicaciones hasta ingeniería inversa de semiconductores. Empresas globales a lo largo de cada industria continúan confiando en IOACtive sus más sensibles y críticos aspectos de seguridad. Fundada en 1998, IOActive tiene su casa central en Seattle, Estados Unidos, con operaciones globales a través de las regiones de América, EMEA y Asia Pac. Visite www.ioactive.com para más información.  Siga a IOActive en Twitter: http://twitter.com/ioactive.

-###-

This mini workshop, based on Eireann’s successful 44Con workshop earlier this year, will introduce you to Industrial Ethernet Switches and their vulnerabilities. These switches are used in environments with industrial automation equipment, such as substations, factories, refineries, and ports; in other words, SCADA and ICS switches.

During this workshop, Eireann will discuss several vulnerabilities and share the methods he used to discover them as well as techniques for exploiting them. Eireann will teach you about bad session entropy, sidejacking, CSRF, brute forcing MD5, DoS in the context of industrial processes, and carving default private keys from firmware images. Essentially, he will tell you “how I found the bugs in my CVE list for 2013-2014” by breaking Industrial Ethernet Switches.

This is partially a hands-on workshop, with pcaps, network forensics, binary analysis, and web application vulnerabilities. You will become familiar with how these switches are used and do some light traffic analysis and firmware reverse engineering. So, bring along your laptop with Wireshark installed!

About Éireann Leverett
Eireann Leverett is a Senior Consultant at IOActive where he focuses on Smart Grid and SCADA systems. He studied Artificial Intelligence (AI) and Software Engineering at Edinburgh University and went on to get his Masters in Advanced Computer Science at Cambridge. He studied under Frank Stajano and Jon Crowcroft in Cambridge’s computer security group. In between, he worked for five years at GE Energy and did a six-month engagement with ABB in their corporate research department.

About OWASP
OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security. We advocate approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all of these areas. We can be found at www.owasp.org.

OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative and open way. The OWASP Foundation is a not-for-profit entity that ensures the project’s long-term success.

About IOActive
IOActive is a comprehensive, high-end information security services firm with a long and established track record in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, USA, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

-###-

What, the car got hacked – how? We all take the technology we use every day for granted, especially items that have been around for a while, such as the car. Many of us think about the physical security of cars in terms of locks and immobilizers, but as technology innovation moves forward, so should our view of security. The connected car is no longer an abstract concept, but a reality in almost every new car produced today. Unfortunately for the consumer, there is not much information available regarding the security precautions taken when developing the modern automobile.

In his keynote presentation, Chris Valasek will discuss the connected car, its apparent testing methodologies, and the current and future security issues facing everyday drivers across the world.

About Chris Valasek
Chris Valasek is the Director of Vehicle Security Research at IOActive. In this role, Valasek is responsible for overseeing the automobile services business unit within IOActive, while also investigating current attack methodologies and trends. In addition to this, he leads a variety of research and development projects.

Valasek specializes in offensive research methodologies with a focus on reverse engineering and exploitation. Known for his extensive research in the automotive field, Valasek was one of the first researchers to publicly discuss automotive security issues in detail. His release of code, data, and tools allowing vehicles to be physically controlled through the CAN bus garnered worldwide media attention.

Valasek is also known for his exploitation and reverse engineering of Windows. As a Windows heap subject matter expert, Valasek has been quoted in several technology publications and has given presentations on the subject at a number of conferences. He is also the Chairman of SummerCon, the nation’s oldest hacker conference.

About SecTor
SecTor is Canada’s Premier IT Security Conference, illuminating the Black Art of Security. Now entering its 8th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. The conference provides an unmatched opportunity for IT Professionals and Managers to connect with their peers and learn from their mentors.

About IOActive
IOActive is a comprehensive, high-end information security services firm with a long and established track record in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, USA, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

-###-

Utilities deploying Smart Grid and AMI systems face many serious security concerns ranging from the individual system components to the deployment architecture as whole. Achieving technical assurance requires developing processes and policies, participating in threat modeling, and performing penetration testing. Utilities want strong assurances that the devices they deploy in the field for the next 20 to 25 years are designed, hardened, and tested to resist attacks and subversion by malicious parties. Additionally, utilities want to validate their architecture design and test it for vulnerabilities before actual deployment begins.

To help meet these needs, utilities should look to how manufacturers develop their products and choose systems where security is a “baked-in” rather than a “bolted-on” component. Manufacturers must tightly weave and integrate security activities into their product development lifecycle activities, including developing security requirements, participating in threat modeling, adopting secure coding and design practices, and performing penetration testing.

This talk by Michael and Ido will focus on the technical assurances utilities can use to test their Smart Grid and AMI deployments as well as the security practices manufacturers should use to harden their products.

About Michael Milvich
Michael Milvich, Principal Security Consultant for IOActive, is experienced in exploit development, reverse engineering, fuzzing, network, and application testing. As a security consultant at IOActive he performs penetration testing; identifies system vulnerabilities; and designs custom security solutions for clients in software development, telecommunications, financial services, and non-profit organizations. Mr. Milvich’s focus has been on assessing industrial control systems within the electrical power industry and on testing embedded devices.

About Ido Dubrawsky
Ido Dubrawsky is a senior executive in information technology. During his twenty-year career, he has worked in information technology management, security product innovation, and revenue generation in the software and telecommunications industries. Mr. Dubrawsky has a substantial record of leveraging teams and technology to meet profit and goal expectations. He has demonstrated ability to align product development and security strategy with corporate goals through technical and business expertise.

About Itron Utility Week 
Itron Utility Week is the utility industry’s premier customer-focused event providing its customers the opportunity to learn from and collaborate with Itron employees, partners and industry leaders to drive better management of energy and water resources. This year the conference is focused on our customers and how they are being resourceful to improve their organizations, and the communities they live in, every day.

About IOActive
IOActive is a comprehensive, high-end information security services firm with a long and established track record in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, USA, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information.  Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github

Satellite Communications (SATCOM) play a vital role in the global telecommunications system. We live in a world where data is constantly flowing. It is clear that those who control communications traffic have a distinct advantage. The ability to disrupt, inspect, modify, or re-route traffic provides an invaluable opportunity to carry out attacks.

IOActive conducted SATCOM research focused on reverse engineering the freely and publicly available firmware updates for popular SATCOM technologies. They found that 100 per cent of the in-scope devices could be abused. The vulnerabilities they uncovered included multiple backdoors, hardcoded credentials, undocumented and/or insecure protocols, and weak encryption algorithms. These vulnerabilities could allow remote, unauthenticated attackers to fully compromise the affected products. In certain cases no user interaction is required to exploit the vulnerability, just sending a simple SMS or specially crafted message from one ship to another can do it.

In this presentation, Ruben will discuss the technical details of IOActive’s research, based largely on static firmware analysis via reverse engineering. The presentation will also include a live demo against two of these systems.

About Ruben Santamarta
Ruben Santamarta is Principal Security Consultant at IOActive where he performs penetration testing, identifies system vulnerabilities, and designs custom security solutions for clients in software development, telecommunications, financial services, and non-profit organizations. He has over 10-years of experience working for the security industry in different roles such as malware analysis or exploit development. Ruben has found dozens of vulnerabilities in products from leading IT and ICS vendors, being these last ones where he is currently focused. Ruben has presented at international conferences such as Ekoparty, RootedCon, Black Hat USA, and AppSec DC.

About 4SICS
4SICS is Stockholm’s international summit on cyber security in SCADA and Industrial Control Systems. 4SICS gathers the most important ICS/SCADA cyber security stakeholders across critical industries, such as energy, oil & gas, water, transportation, and smartgrid.

4SICS gives you a great opportunity to listen to international top speakers in the field and meet the most experienced stakeholders. It will be a single-track, two-day summit with generous time slots for presentations as well as interaction and networking. The summit will offer an opportunity to not only to increase your knowledge of today’s ICS/SCADA security risks, but also to receive practical advice on how to manage them. Moreover, 4SICS attendees will have an opportunity to participate and play KIPS – the Kaspersky Industrial Protection Simulation.

About IOActive
IOActive is a comprehensive, high-end information security services firm with a long and established track record in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, USA, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information.  Follow IOActive on Twitter: http://twitter.com/ioactive.

-###-

Reverse engineering is not all binaries and byte-code. The black art also extends to networks and unobtainable game servers.

In this talk, Joseph will discuss the gruesome details of how he dug through the graveyards of console binaries and the mausoleums of forgotten network protocols – all completed in IOActive’s new state-of-the-art hardware lab – in order to stitch together the pieces necessary to bring his favourite game back to life. Joseph will examine the process of reverse engineering the game’s custom network protocols, from packet logs to low-level disassembly of client code.

About Joseph Tartaro
Joseph Tartaro is an experienced Security Consultant at IOActive, where he proves his talents working with platinum-level clients on network and application penetration. Joseph is highly experienced with wireless security practices, and is passionate about hardware hacking, programming, fuzzing, risk engineering, and all manner of exploitations. As a member of telephreak, he helps manage a VoIP PBX system for free public conferencing and communication. In his off time, he enjoys working on emulations and ROM hacking of retro video games.

About ToorCon San Diego
ToorCon is San Diego’s exclusive hacker conference. ToorCon attracts many of the top leaders in the computer security community and has been known for its small-conference atmosphere. Talks at ToorCon range from device hacking and reverse engineering, to protocol analysis, cryptographic algorithms, and all-around security issues. Each year ToorCon has a particular theme to the talks and is split into two parallel tracks. There are also vendor tables and games. Capture the Flag is one of the recurring games over the weekend.

About IOActive
IOActive is a comprehensive, high-end information security services firm with a long and established track record in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, USA, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information.  Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github

Reverse engineering is not all binaries and byte-code. The black art also extends to networks and unobtainable game servers.

In this talk, Joseph will discuss the gruesome details of how he dug through the graveyards of console binaries and the mausoleums of forgotten network protocols – all completed in IOActive’s new state-of-the-art hardware lab – in order to stitch together the pieces necessary to bring his favourite game back to life. Joseph will examine the process of reverse engineering the game’s custom network protocols, from packet logs to low-level disassembly of client code.

About Joseph Tartaro
Joseph Tartaro is an experienced Security Consultant at IOActive, where he proves his talents working with platinum-level clients on network and application penetration. Joseph is highly experienced with wireless security practices, and is passionate about hardware hacking, programming, fuzzing, risk engineering, and all manner of exploitations. As a member of telephreak, he helps manage a VoIP PBX system for free public conferencing and communication. In his off time, he enjoys working on emulations and ROM hacking of retro video games.

About Ruxcon
Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities and demonstrations presented by security experts from the Aus-Pacific region and invited guests from around the world. Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry, academics, to enthusiasts.

About IOActive
IOActive is a comprehensive, high-end information security services firm with a long and established track record in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, USA, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github