Reverse engineering techniques to find security bugs: A...


Google Tech Talks
May 21, 2007

ABSTRACT

Alex Sotirov is a vulnerability engineer at determina. He will discuss some latest techniques in reverse engineering software to find vulnerabilities. Particularly, he'll discuss his technique that lead him to find the ANI bug (a critical new bug in WinXP and Vista).

Alex will describe the tools he uses for reverse engineering and show how he reverse engineered ANI Bug. He will continue to discussed Windows security mechanisms (ASLR, /GS) and describe how ANI exploit bypasses them. Credits: Speaker:Alex Sotirov







Channel: Howto
Uploaded: October 9, 2007 at 1:06 am
Author: googletechtalks

Length: 01:01:21
Rating: 3.82
Views: 6167

Tags: howto engineering google techniques reverse

Embed Code:


Video Comments:
elpaisitadeoro (September 6, 2008 at 5:46 am)
I hate his cracked voice and I can't stand it.. really. Also, when he makes that 'kissing' noise that snob people do.
6000068 (September 2, 2008 at 6:16 am)
Whatever he made up he has some really good insights here! Im also pleasently suprised to see someone confirm my idea's about these weaknesses of the named languages. *php/
sexyfrog (August 29, 2008 at 12:00 am)
an hour long? wtf is this, hax!
labbala (July 21, 2008 at 9:50 pm)
Hi didn't tell the whole true :there is no such api function called LoadCursorIconFromFileMapMcAfee called it :LoadAniIconhe made up the name for this and he showed evry one that IDA can show the debug symbol names when he edited the names of an undocumented subs!!!!!and ofcorse there is no ReadTags and ReadChanks .. he made up the name for those too....

1