Presented at
REcon 2008,
June 14, 2008, 5:30 p.m.
(60 minutes).
Every day more and more programmers are making the switch from traditional compiled languages such as C to more modern dynamic and interpreted languages such as Ruby and Python. We're seeing software ranging from video games to security tools written in these higher level languages and often released in binary form so as to protect the source. This talk focuses on Python with specific discussions revolving around extracting dynamic type information, disassembling code objects, and modifying runtime state statically. A real world complex example is demonstrated, hacking cheats into an MMORPG written in Python. This results in hilarious video demonstrations.
Presenters:
-
Aaron Portnoy
Aaron Portnoy is a researcher within TippingPoint's security research group. His responsibilities include reverse engineering, vulnerability discovery, and tool development. Aaron has discovered critical vulnerabilities affecting a wide range of enterprise vendors including: Microsoft, RSA, Adobe, Citrix, Symantec, Hewlett-Packard, IBM and others. Additionally, Aaron has spoken at BlackHat US, BlackHat Japan, Microsoft BlueHat, Toorcon Seattle, and DeepSec.
-
Ali Rizvi-Santiago
Ali Rizvi-Santiago is a researcher within TippingPoint's security research group. His responsibilities include developing RE related tools, and applying RE to his daily tasks. Prior to TippingPoint he has dabbled in various technology related positions, deploying/supporting RAD Communications equipment, heading the network for Data Transfer Solutions and developing GIS applications under Space Imaging.
Links:
Similar Presentations: