A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Ambush – Catching Intruders At Any Point Derbycon 2012 (Hacking Illustrated Series InfoSec Tutorial Videos)

Ambush – Catching Intruders At Any Point
Derbycon 2012

Intrusion detection and prevention systems monitor a point or set of points such as a network connection. In response, malware authors hide traffic through these points with encryption, encoding, and obfuscation. This presentation will demonstrate a different strategy, based not on another point but on the flexibility to add almost any point dynamically, with a new function call hooking system, capable of intercepting virtually any set of API functions system-wide. This is in contrast to existing HIPS’s, which are limited to functions chosen during design and only monitor certain actions, such as file and registry edits. It uses dynamic code generation to expand on existing hooking techniques, overcoming challenges with different function definitions, architectures, and associated calling conventions.

Matt “scriptjunkie” Weeks

Matt Weeks has performed research in mathematics in chaos and cryptology, and focuses on information security. He enjoys finding ways to break application security, writing shellcode, and creating post-exploitation techniques. Also known as scriptjunkie, he has developed for the Metasploit framework, wrote the sessionthief MITM tool, has spoken at conferences such as DEFCON and Black Hat, and broke a cryptosystem based on chaos theory. He runs the site http://www.scriptjunkie.us/
 

Back to Derbycon 2012 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast