Context-keyed Payload Encoding - AthCon 2010

This Thursday I will be doing a talk on "Context-keyed payload encoding" at AthCon 2010.

AthCon is a fresh IT security conference that will take place on June 3rd 2010, in Athens, Greece.

My presentation will cover both shellcode detection and NIDS evasion themes, but will mostly focus on the "Context-keyed payload encoding" technique, that allows attackers to bypass many of today's state of the art intrusion detection systems.

I must say that I'm quite excited about this event, since I've been yearning for a Greece-based technical ITsec conference for many years now..

AthCon also gives us the opportunity to meet up with old friends and respected colleagues from the field. So yes, it's going to be both interesting and fun! :^)

Hope to see you there!

P.S. registration ends today; you may want to sign up fast!

the new yada yada operator

Perl 5.12 is out!

This release introduces a new operator, called the "yada yada" which looks like an ellipsis (...) and implements a placeholder for code.

So, the following snippet is now valid perl :-)

do {
    steal_underpants;
    ...;
    profit;
};

canaries, black hats and other magic tricks

Haven't updated my blog for some time now. Hmm, maybe it needs a new look.

I've been spending most of my free time on census research projects and PhD stuff. Hopefully I'll be finishing the darn thing this year.

Anyway, I recently did a quick writeup on how canary gets randomised nowadays in Linux apps. You can find it over here.

In other news, my workmate argp will be presenting both stack and heap smashing techniques for FreeBSD kernel exploitation at this year's BlackHat Europe (woohoo!). This will be a thorough examination for both attack vectors along with notes on safe kernel continuation. You don't wanna miss this!

That's all for now.