Presented at
ToorCon San Diego 13 (2011),
Oct. 8, 2011, 1 p.m.
(50 minutes).
In a world where executables are designed to thwart exploitation, attackers are often forced to take chances: the work-arounds for many modern defenses are often good enough to succeed, but not without generating some crashes along the way.
Building on this premise, we have been engineering tools for collecting Windows crash dumps from networked systems, and building an analytics framework designed to answer the following question: was the crash caused by a routine malfunction, or by a failed exploit?
For Toorcon 13, we will be discussing some of the basics about Windows crash dumps, and about the evidence that probabilistic exploitation techniques can leave behind in them. We will spill the beans on how our analytics tools function, and describe our ideas for follow-up work in this direction.
Presenters:
-
Tim Carstens
Tim Carstens & Mikhail Davidov are security consultants at Leviathan Security Group.
-
Mikhail Davidov
Tim Carstens & Mikhail Davidov are security consultants at Leviathan Security Group.
Similar Presentations: