Stupid Compiler

Notes on things about stuff

I'm not dead yet…

with 2 comments

This site has never been updated all that regularly, I admit. This time, though, I have an excuse; I’ll be speaking at Blackhat DC and ShmooCon. Preparing for two talks in the same week on mostly disjoint topics has been taking up all my free time (and more). So, I apologize for no good technical posts recently, but I hope to change that post-cons. I have some ideas up my sleeve and I’ll be releasing some of the tools developed for the talks.

The Blackhat DC talk (4:45pm on Wednesday, February 3rd) is an elaboration of the last post on information leakage and the types of things we can do with it. The focus is the circumvention of Windows memory corruption mitigations (ASLR and DEP) using the addresses of leaked heap objects and predictable behaviors within the JIT compiler (examples using Adobe Flash).

The Shmoocon talk (4:00pm on Saturday, February 6th) focuses on a simple dynamic flow analysis (taint tracking) tool and the machinery needed to make it useful for auditing/reversing. Even if the taint tracking stuff isn’t your bag, I’ll be releasing a Pin tool that does full tracing of an execution and I hope the analysis engine will be abstract enough to allow others to write other analysis on top or to export the trace. This was submitted as a work-in-progress and it really is. I have a bunch of code-in-motion and a ton of python glue right now. I hope to clean everything up in time, but the glue will be the first thing neglected. My plan is to move the development of the tracing tool and analysis framework to a public hg repository. Oh, there is also an IDA plug-in involved (for interacting with the taint information). You can see the old test version of it in a screen shot from the DiffCov blog. Evidently Shmoocon will be streaming the talks, so if your timezone permits, you can heckle me live even if you don’t have a golden Shmoo ticket.

Lastly, I’ve never been to any industry hacker cons, so I’ll be trying to meet lots of people. Send me an e-mail and let me know where you’ll be if you want to meet up for a chat.


Written by dionthegod

January 18, 2010 at 11:00 pm

Posted in Uncategorized

2 Responses

Subscribe to comments with RSS.

  1. congrats :)
    I can’t wait to put my hands on the pintool!


    January 19, 2010 at 9:30 am

  2. Hey man. I saw the talk at shmoocon, and I am interested in taking a look at the code for BSO4. Please let me know when it is posted. I might be able to contribute a little to the development :)


    February 6, 2010 at 10:19 pm

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: