Black Hat events have always been a world-class source for the latest intel on malware and security exploits, and today's trio of Briefings, taking place March 14 and 15 at Black Hat Europe 2013, continue that tradition.
Thursday, March 14th's Practical Attacks Against MDM Solutions, Lacoon Security researchers Michael Shaulov and Daniel Brodie will put the focus on so-called spyphones. These compromised handsets, oft-employed as surveillance apparatus of nation-states, covertly monitor text messages, geo-location info, and even the unwitting bearer's immediate surroundings. But how are these attacks launched? Shaulov and Brodie will present novel proof-of-concept attack techniques, on both iOS and Android, bypassing traditional mobile malware detection measures and common Mobile Device Management features like encryption.
On Friday, Coseinc's Nguyen Anh Quynh will present OptiSig: Semantic Signature for Metamorphic Malware, in which he'll walk attendees through new techniques solving a persistent problem: the ability of metamorphic malware to evade detection by traditional, string-pattern-matching anti-virus software. After touching on popular malware mutation techniques, Quynh will segue into "semantic signatures," which can often detect metamorphic code even after it's gone through several transformations. He'll wrap by introducing OptiSig, an x86/x64 toolset that uses semantic signature techniques to sniff out metamorphic code.
Finally, in Advanced Heap Manipulation in Windows 8, Fortinet's Zhenhua Liu will delve into the nuts and bolts of Windows 8 kernel pool and heap manipulation. Improvements to exploit mitigation make such attacks more difficult in Microsoft's latest OS, Liu will demonstrate that reliable heap exploitation is still achievable in some circumstances, given proper heap layout crafting. This "Heap Feng Shui" lets an attacker precisely manipulate heap layout (kernel and user), which opens the doors to a variety of further exploits.