Web 2.0/RIA applications are using advanced web technologies like Ajax, Flash/Flex and Silverlight. These technologies form the presentation layer of next generation applications. One of the ways to assess security of these applications is by performing reverse engineering techniques across all these components. Understanding of decompiling methodologies for Flash/Flex and Silverlight can help in discovering potential vulnerabilities residing across application base.

At the same time effective use of Javascript debugger can help in performing reverse engineering Ajax driven applications. During this talk we will define methodologies and approaches for performing reverse engineering to detect client side XSS, logical layer vulnerabilities, authorization bypasses, weak JSON calls, XML stream poisoning points, abusing Javascript, DOM hacking etc. We will go over some interesting tools and scripts which you can use at your work to secure your Web 2.0 applications.

As many have predicted, 2010 will be the "Year of the Sandbox". We will probably see many Commercial Off-The-Shelf (COTS) products using these sand-boxing technologies in the very near future starting this year.

This presentation will discuss and demonstrate practical techniques for the evasion and escape of "Sand-boxing" technologies. Many techniques have been discussed but only vaguely at popular security conferences. Very little *actual*code and demonstrations have been performed.

This presentation will consist mostly of demonstrations and review of actual code. I believe that most technical security talks these days don't need to be longer than 20 minutes, so I only want to use my time to talk about real things and demonstrate real tools. I will demonstrate tools and techniques using Chromium and custom written "sandbox" examples. Some such subversion techniques discussed will be:

• Injecting Interpreters into Sandboxes to test from the inside out
• Using Kernel Mode debuggers to assist you (token exchange, IO, handle creation, IPC) windbg scripts incl.
• Token Sniping/Stealing (whatever you call it)
• Token inspection tools (includes a .h'd and dll'd version of Matt Conover's dumptoken.c modified to include more Native API helpers)
• Handle Sniping/Stealing (whatever you call it)
• User32 Messaging tricks (no, not just SetWindowsHook ;-)

None of these above techniques in this talk will be without example code or demonstrations! In addition to the above, this presentation will try to “fill in the gaps” where there seems to be a lot of vagaries around tokens and DACLs. Additionally I will talk about some of the practical considerations that makes deploying a sandbox with COTS products impractical on WindowsXP.

There will be some other "goodies" that were also discovered in the course of this research such as: how to detect kernel mode debuggers from userspace, how userspace debugging works under the hood, (yet) undisclosed Chrome bugs, etc. I will also talk a bit about some areas of interest I wish to focus on in the future regarding these topics.

Technological advances have finally placed GSM tools within the reach of security researchers and hackers. Finally it is possible to directly explore the lowest levels of the GSM stack.

This talk focuses on both sides of the GSM network where the users and network directly interact: the Um (air) interface.

The primary technological focus of this talk is on the exposed interfaces between the GSM networks and users. This covers the base station system -- the network components which communicate with mobile phones -- and the base band -- the component of the mobile phone which communicates with the network.

During the talk the two main components of the attack system will be demoed - malicious basestations and malicious basebands. The base station enables fuzzing mobile phone basebands, as well as other attacks. The baseband is used to test GSM network equipment for flaws, as well as exploit backend systems.

Trust us, you'll *want* to turn off your phone for the duration of this talk!

Among web application security experts there is the popular believe that low level vulnerabilities like buffer overflows and other kinds of memory corruption vulnerabilities do not matter for web application security. In addition to that the increasing use of exploit mitigation techniques on modern web servers make many believe that exploiting remote memory corruptions in webserver software is over. But is it really?

This talk will introduce the idea of returning into the PHP interpreter from memory corruption vulnerabilities and discuss the requirements and feasibility of different ways to do that. This idea will then be applied to a yet undisclosed PHP vulnerability, which is exposed to remote attackers in several widespread PHP applications. Different aspects of this vulnerability will be analyzed and it will be explained how they can be abused in remote information leak and memory corruption exploits. The creation of such a remote code execution exploit will then be detailed step by step.

It has been a long time since researchers started looking for Office vulnerabilities. Not only keep patching vulnerabilities, Microsoft has also implemented many advanced and effective memory protection techniques to against malicious Office document attack.

Exploiting Office document has been getting harder and harder. Recently many researchers have changed to work on PDF, Flash, and other document formats. Has Office document become safer now? We don't think so. In this paper, you will see the Office document is still yummy!

This work introduces three major steps that how we effectively exploit an Office document:

1. how to defeat DEP protection;
2. how to defeat ASLR protection;
3. get a free exploit.

Thousands of malware are being detected each day and the sheer volume made it impossible to perform manual analysis on each of them.

This talk will introduce CAMAL (COSEINC Automated Malware Analysis Lab) an automated malware analysis framework that can produce both static and network analysis snapshots of a malware.

The main objective of such a framework is to speed up a malware analyst's job by automatically profiling the malware's binary characteristics, its interaction with the operating system, its access to the file system and its communication through the network.

During the talk, we will be first discuss the general framework, followed by technical details on how the whole process can be automated seamlessly. We will also touch on the potential usage of such a framework and how it can help to provide an accurate malware characterization within a shorter timeframe.