Security
radare demystified
after 1.0
radare is a libre framework and a set of tools to ease several tasks related to reverse engineering, exploiting, forensics, binary patching, .. this year, the project gets 10 year old.
In the process, the design evolved and several new functionalities has appeared, defining better development rules, improving code reviews and introducing RDD and fuzzing as part of the development process. Constant refactoring, writing usage examples and documentation and giving talks, to enlarge the community has been key elements to reach the great user base and health the project lives nowadays.
This year, in order to celebrate the 10th anniversary, the author organized the first r2con, a congress around the tool that aims to be an excuse for sharing knowledge, tools, scripts about what different parties and people is doing with it.
The congress was pretty successful and allowed to meet developers, users and other interested parties for learning more about the future of the tool and understanding its capabilities.
This talk will show the evolution and structure of the project, its roots, some of the most notorious capabilities, showing several usage examples to let the attendees the power in functionalities and extensibility the tool provides.
The target for this talk is everyone, from beginners to experts, from curious to skeptics.
Additional information
| Type | lecture |
|---|---|
| Language | English |
More sessions
| 12/27/16 |
Certificate transparency - what is it, and what can be done with it?
|
| 12/27/16 |
Hardware is often considered as an abstract layer that behaves correctly, just executing instructions and outputting a result. However, the internal state of the hardware leaks information about the programs that are executing. In this talk, we focus on how to extract information from the execution of simple x86 instructions that do not require any privileges. Beyond classical cache-based side-channel attacks, we demonstrate how to perform cache attacks without a single memory access, as well as ...
|
| 12/27/16 |
PHP-7 is a new version of the most prevalent server-side language in use today. Like previous version, this version is also vulnerable to memory corruptions. However, the language has gone through extensive changes and none of previous exploitation techniques are relevant. In this talk, we explore the new memory internals of the language from exploiters and vulnerability researchers point of view. We will explain newly found vulnerabilities in the 'unserialize' mechanism of the language and ...
|
| 12/27/16 |
Follow the steps taken to crack a conditional access and scrambling system used in millions of TV set-top-boxes across North America. From circuit board to chemical decapsulation, optical ROM extraction, glitching, and reverse engineering custom hardware cryptographic features. This talk describes the techniques used to breach the security of satellite and cable TV systems that have remained secure after 15+ years in use.
|
| 12/27/16 |
Heads is an open source custom firmware and OS configuration for laptops and servers that aims to provide slightly better physical security and protection for data on the system. Unlike Tails, which aims to be a stateless OS that leaves no trace on the computer of its presence, Heads is intended for the case where you need to store data and state on the computer. It targets specific models of commodity hardware and takes advantage of lessons learned from several years of vulnerability research. ...
|
| 12/27/16 |
We analyze the generation and management of WPA2 group keys. These keys protect broadcast and multicast Wi-Fi traffic. We discovered several issues and illustrate their importance by decrypting all group (and unicast) traffic of a typical Wi-Fi network.
|
| 12/27/16 |
We present DROWN, a novel cross-protocol attack on TLS that uses a server supporting SSLv2 as an oracle to decrypt modern TLS connections. Using Internet-wide scans, we find that 33% of all HTTPS servers are vulnerable to this protocol-level attack.
|
