This Is the X You Are Looking For

Presented at HOPE X (2014), July 19, 2014, 10 a.m. (60 minutes).

When you hear you are being profiled for which books you check out in a library, what do you do with this knowledge? Do you tell your friends to "evade," to not check these books out, or to find other means of getting this content? No. You tell everyone in the world to deliberately check these books out (and now we have had the pleasure of reading Catcher in the Rye). This talk is about looking signature detection in the face and confusing or saturating the tool or analyst. A number of techniques will be explored, including a fun malware signature trick called a tumor (it's OK, it's benign), and others focusing on open source Intrusion Detection Systems. There may be some random banter about grocery loyalty cards, too. Although this talk intends to be just as technical as expected at a conference like this, it will also be light, fun, and philosophical in nature. Expect a gratuitous slide deck, lots of terminal action, signatures in the nude, hex, and beautiful regex.


Presenters:

  • Eric Davisson / XlogicX as Eric (XlogicX) Davisson
    Eric (XlogicX) Davisson has obtained degrees in computer engineering, business, and criminal justice. He's recently obtained SANS certifications like GCIH and GCIA (incident handling and intrusion analyst, respectively), but he's no crime fighting businessman superhero with the superpower of alphabet soup trailing his name. He uses all of this knowledge in trade and for lulz. His interest is in the obscure. His favorite languages are assembly and Perl (because it treats regular expressions with the respect they deserve). Eric has been active in his local Phoenix 2600 community for well over a decade.

Links:

Similar Presentations: