Threat Research & Response Blog
This year's Black Hat Europe Conference 2011, with Microsoft as one of the sponsors, was held in Barcelona Spain. The first briefings were held March 17th, when speakers began to present various research papers on a lot of very interesting topics. This is also a good opportunity to meet other researchers, to exchange ideas and to find out new and exciting things.
The first day was a full day (good thing that I saw Camp Nou, home of FC Barcelona, when I first arrived :)), with presentations that delve right into the "kernel" of things. For example there was a talk on by Patroklos Argyroudis & Dimitrios Glynos on 'Kernel Exploitation Mitigations' that showed ways to defeat kernel exploits for various operating systems. Another VERY interesting presentation was 'Rootkit Detection via Kernel Tunneling', where Mihai Chiriac presented a custom dynamic instrumentation framework that analyzes execution flow and helps in detection/cleaning of active rootkits by "disarming" the malicious code. The day ended with a great presentation from Bruce Schneier about 'Cyberwar' and targeted attacks.
The second day was also very sunny and warm, and as a cherry on top of the cake, there were some awesome presentations. Just to name two, we had 'Cutting-edge denial of service mitigation', where Yuri Gushin and Alex Behar talked about some cool mitigation steps against denial of service attacks, mainly for HTTP servers, by using a non-interactive challenge/response mechanism.
There was also a good presentation by George Hedfors that showed how a Cisco 7000-series based on NX-OS can be "0wned" by using an old remotely exploitable buffer overflow and then how to break out of the CLI environment using some undocumented features.
Having seen really interesting things and ideas, it's time to head back and put some of the knowledge gained here to good use. Signing off from Black Hat Europe 2011.-Andrei Saygo