Author: Halvar Flake / @halvarflake
Date & Time: Thurs. 3, nov. - 9:00 to 09:45
In spite of being central to everything that is going on in IT security, the concept of "exploit" is surprisingly poorly formalized and understood only on an intuitive level by security practitioners. This lack of clear definition has all sorts of negative side-effects: From ineffictive teaching to muddled thinking about mitigations.
In this talk, I will make an attempt to more clearly define what it is that attackers do when they write an exploit - and then talk about what this means for mitigations and secure coding.
Biography: Thomas Dullien / Halvar Flake started work in reverse engineering and digital rights management in the mid-90s, and began to apply reverse engineering to vulnerability research shortly thereafter. He pioneered early windows heap exploitaiton, patch diffing / bindiffing and various other reverse engineering techniques.
In 2004, he started zynamics, a company focused on reverse engineering technologies. He continued to publish about reverse engineering, ROP gadget search, and knowledge management technologies in relation to reverse engineering.
In 2011, zynamics was acquired by Google, and Halvar spent the next few years working on defensive technologies that leveraged the then hot buzzwords "big data" and "machine learning". In summer 2015, Halvar received the lifetime achievement Pwnie, and decided to take a year off to travel, read, and surf.