DAY 1 ( 25th April 2013 )
|
TIME
|
TOPIC
|
SPEAKER
|
| 0800 - 0900 |
Registration and Breakfast
|
|
| 0900 - 0915 |
Opening and Welcome Address
|
Thomas Lim
(@thomas_coseinc)
Organiser, SyScan'13, CEO, COSEINC
|
| 0915 - 1015 |
|
Dave Aitel(@daveaitel)
|
| 1015 - 1045 |
Cyber Coffee |
|
| 1045 - 1145 |
The talk will give an overview of different 'flavors' of static analysis - discussing both abstract interpretation and SMT-driven analyses, as well as attempts at leveraging the one for the other. A focus of the talk will be on discussing the capabilities and limitations of the individual approaches are - specifically what the origin of 'failure' is. Things that the talk will discuss:
- The differences between abstract interpretation and SMT-style analysis
- The difficulty of designing good abstract domains and the need for co-design between intermediate representations and abstract domains
- Subdirect products - or why combining different domains is inelegant and ugly in practice
- Precision loss due to iterative coarsening
- Inherent precision loss due to summarizing memory cells in complex data structures
- Approaches to refine and improve abstract interpretation using SMT solvers
- What bug classes are 'vulnerable' to static analysis, what bug classes are extremely hard to detect statically using today's theory
- Why browsers are the perfect storm for static analysis
|
Halvar Flake(@halvarflake)
|
| 1145 - 1200 |
Cyber Bar |
|
| 1200 - 1300 |
Modern malware use a lot of obfuscation techniques to make its code more
difficult to understand for malware analysts, with the hope of
preventing attempts to reverse engineer their codes. Unfortunately,
malware analysts are still reversing such nasty codes manually since
there are no reliable tools to help with this problem.
OptiCode is the answer to this headache. Our tool combines theorem
prover and compiler techniques to automatically find and remove the
obfuscated sections, then presents the cleaned code to the users.
Available as a Web-based tool and IDA plugin, OptiCode is user-friendly,
and supports both 32-bit and 64-bit Intel platforms.
In this talk, we will analyze the obfuscation techniques in use by
malware, and introduce the design and implementation of OptiCode. Some
cool demo will be presented, so the audience can see how OptiCode works
in reality.
|
Nguyen Anh Quynh
|
| 1300 - 1400 |
Cyber Lunch |
|
| 1400 - 1500 |
This talk introduces and discusses a novel, mostly unpublished technique to successfully
attack websites that are applied with state-of-the-art XSS protection. This attack labeled
Mutation-XSS (mXSS) is capable of bypassing high-end filter systems by utilizing the
browser and its unknown capabilities - every single f***** one of them.
We analyzed the type and number of high-profile websites and applications that are affected
by this kind of attack. Several live demos during the presentation will share these
impressions and help understanding, what mXSS is, why mXSS is possible and why it is of
importance for defenders as well as professional attackers to understand and examine mXSS
even further. The talk wraps up several years of research on this field, shows the abhorrent
findings, discusses the consequences and delivers a step-by-step guide on how to protect
against this kind of mayhem - with a strong focus on feasibility and scalability.
|
Mario Heiderich(@0x6D6172696F)
|
| 1500 - 1515 |
Cyber Bar |
|
| 1515 - 1615 |
The Sandy Bridge architecture introduces a fair amount of novel and
interesting processor features and architecture changes. Throwing the
right subset of these novelties into a magic soup and stirring well
allows detecting ROP with almost no performance impact and without any
binary modifications or rewriting. This presentation will show you how
(including Demo).
|
Georg Wicherski(@ochsff)
|
| 1615 - 1645 |
Cyber Coffee |
|
| 1645 - 1745 |
|
Barnaby Jack(@barnaby_jack)
|
| End of Day 1 |
| |
| 1745 - 2000 |
Cyber Networking Party@brewerkz |
|
The organizer reserves the rights to change the program.
