PHDays V: how to make your Shodan, resist ROP shellcodes and automate reverse engineering

The Fifth International Forum on Practical Safety Positive Hack Days will be held on May 26 and 27, 2015 in the Moscow International Trade Center. The second wave of Call For Papers has recently completed, and today we are bringing to your attention a new batch of speeches.

Automation - to help reverser

Often, reverse engineering implies examining almost the entire code of a software system, and the disassembler is the main tool in such cases. Researchers are faced with various difficulties - with the definition of the sequence of processing functions, differences in the versions of one system, the inability to fully debug and emulate code in embedded systems.
')
During his speech, Anton Dorfman, who conducted a shellcode master class on PHDays III, will share his experience in creating a plug-in to automate reverse engineering based on IDAPython. Key features - preliminary automatic code analysis and transfer of results to other versions of the system under study.

How to create your Shodan

The well-known IB researcher Igor Agiyevich (“Radio Monitoring Technologies”) will talk about the creation of a search engine similar to the “ most terrible Internet search engine ” - Shodan.



The speaker will compare the developed system with analogues and present examples of interesting devices discovered by the new search engine.

We catch ROP shellcodes in network traffic

Remote exploitation of vulnerabilities is one of the most powerful tools of cybercriminals: this is how computer worms spread and important information is stolen. To bypass the protection, the attackers developed a shellcode writing technique using return-oriented programming. The new class is called ROP shellcodes (from English return-oriented programming).

Former member of Bushwhackers CTF-team Svetlana Gayvoronskaya will present a utility that performs static and dynamic analysis of network traffic for the presence of ROP shellcodes in it. Last year, Svetlana, together with Ivan Petrov, presented a report on " catching shellcode for ARM ".

Up to PHDays just a month

The international forum on practical safety Positive Hack Days V will take place very soon. The formation of a competitive program and the formation of a grid of speeches are in full swing - previous announcements are available at Habré ( first , second and third ), as well as the presentation of the key speaker of PHDays - Whitfried Diffie .

In the near future, we will publish on the site the names of the speakers and descriptions of all research accepted in the program. Follow our news and you will not miss anything interesting.



Already, you can vote for your favorite speeches - on the forum program page you need to click the "I want to visit" button next to this or that report. Voting will help us properly plan the loading of the halls.

You still have the opportunity to take part in PHDays V, but do not pull up with the purchase of tickets: there are very few of them left.

See you in May!