SlideShare une entreprise Scribd logo

CODE BLUE 2014 : [Keynote] IDA and digital security by Ilfak Guilfanov

CODE BLUE
CODE BLUE

This document discusses digital security and the evolution of software development tools. It summarizes the story of IDA, a disassembler and decompiler, from its origins as a hobby project to its current use. Improving digital security requires better tools for software analysis and testing, which have evolved greatly over the past decades but still have room for improvement.

Présentations et discours publics
1  sur  45
Télécharger pour lire hors ligne
IDA and digital security Hex-Rays Ilfak Guilfanov
2(c) 2014 Ilfak Guilfanov Presentation Outline  About me  Digital security is more important than ever  Evolution of development tools  Story of IDA  What we could do to improve the situation  Your feedback
3(c) 2014 Ilfak Guilfanov About myself  Started a programmer career more than 27 years ago  The author of IDA Pro and Decompiler  Founder and CEO of Hex-Rays  I have passion about programming and beautiful code – I'm not a reverse engineer but a software developer  I believe that efficient and robust software makes our lives better
4(c) 2014 Ilfak Guilfanov Digital security  We store more and more personal data digitally: – Medical records – Bank account info – Communications (emails, sms, etc) – Photos and videos – etc...  More and more (all?) decisions are taken based on digital data  Virtually all our devices are connected to each other, which makes them powerful and vulnerable at the same time
5(c) 2014 Ilfak Guilfanov Security: current state  Far from perfect  Most our software has vulnerability holes due to: – Design flaws (security was not built in from the start) – Buggy implementations – Poor or no testing – Changed environments  We will hear more stories about thousands of stolen credit cards, disclosed sensitive information, etc
6(c) 2014 Ilfak Guilfanov Everything is lost? Nope  I think that the situation is improving over time – The software improves – Most new systems get designed with security in mind – Society better handles digital security related issues
7(c) 2014 Ilfak Guilfanov Development methods are constantly improving  Compilers become better (the very first compilers would not issue any warnings!)  We have more compilers (clang, for example)  Programming languages evolve (initially c++ had no templates)  Better programming paradigms and design patterns  Better software revision systems  Agile and other development approaches
8(c) 2014 Ilfak Guilfanov Software analysis and testing  There are many source code analyzers on the net (25 years ago there was just “lint”)  Many testing frameworks appeared too  Debuggers, fuzzers, valgrind, etc
9(c) 2014 Ilfak Guilfanov How difficult was it to develop software in the past?  Overall, much harder than today. One proof of this difficulty is the software size (measured as the number of source lines of code, not as the size of the binary image)  Example, MS Windows (data from wikipedia) Year Operating System SLOC (mil) 1993 Windows NT 3.1 4-5 1994 Windows NT 3.5 7-8 1996 Windows NT 4.0 11-12 2000 Windows 2000 More than 29 2001 Windows XP 45 2003 Windows Server 2003 50
10(c) 2014 Ilfak Guilfanov Principal reasons of difficulty  Missing or inefficient development tools: editors, compilers, debuggers, code analyzers, testers, etc.  Slower computers  No memory protection or program isolation provided by the operating system  Immature programming paradigms and methodologies  Lack of program verification and testing tools  Let us take a tour
11(c) 2014 Ilfak Guilfanov Editor 'ed'  A text editor with virtually no visual feedback  Yet considered a powerful tool: – It has regular expressions – Programmable  Even modern Linux distributions still include it
12(c) 2014 Ilfak Guilfanov Compilers  No or little warnings  Could produce buggy code  Poor code optimization  However, as a software developer I still consider compiler writers as semi-gods :)  Turbo C compilers from Borland were a breath of fresh air
13(c) 2014 Ilfak Guilfanov Debuggers  My favorite was Turbo Debugger. Compared to other debuggers it was a feast to the eyes  Powerful, robust, can display the source code  Supported hardware and conditional breakpoints
14(c) 2014 Ilfak Guilfanov SoftICE: system level debugger  Can debug the entire operating system  Very powerful  Its popularity was a disadvantage in some cases, anti- SoftICE tricks were employed by some software (from wikipedia)
15(c) 2014 Ilfak Guilfanov Disassemblers  Debuggers were not enough in some cases – Programs get bigger – Algorithms became more complex – Anti-debugger tricks were used more often – More detailed analysis was required, especially for viruses – Compiler bugs required to check non-executable (object) files  Disassemblers would: – Analyze the program in depth – Show cross references – Assign meaningful names to functions and data – etc...
16(c) 2014 Ilfak Guilfanov The most popular disassembler: Sourcer  Sourcer from V Communications was a great tool  It was like magic for a newcomer, in fact – It would tell apart code from data – It would assign meaningful names and comments
17(c) 2014 Ilfak Guilfanov Sourcer: batch mode disassembler  The biggest shortcoming: it was a batch mode program  Could handle programs of limited size  Would occasionally misidentify code or data  Slow for big programs
18(c) 2014 Ilfak Guilfanov Interactivity is the answer  There was a disassembler called Dis*Doc from RJ Swantek  I haven't used it myself so can not tell you much  But I liked the idea very much: – No need to wait for the results – The user can browse the listing and annotate it – The user can guide the disassembler by marking locations as code or data – WYSIWIG (what you see is what you get) was a la mode at that time (remember 'ed'?)  This was the reason why I decided to create IDA
19(c) 2014 Ilfak Guilfanov Initial design and implementation  I tried a few approaches and rewritten the code at least 4 times before I hit the right thing  The result was either too heavy and slow, either too lightweight and limited  Remember about 640KB memory and slow processors!  I needed a robust and fast database
20(c) 2014 Ilfak Guilfanov Database choice  Requirements: – Fast – Capable of storing variable sized objects – Robust  I tried the available databases like Paradox from Borland but quickly abandoned the idea, they were way too slow  Fortunately my friend Pavel Rousnak implemented a B-tree engine  We are still using his database in IDA, upgraded and improved over many times but still the same code
21(c) 2014 Ilfak Guilfanov IDA 0.1, the first public version  It took me 6 months to implement version 0.1  The basic functionality was present but the user interface was ugly  It supported only x86 instructions  Yet it was interactive and working!
22(c) 2014 Ilfak Guilfanov IDA v2.09: nice text interface  IDA v2.09 was released in 1994  TurboVision library from Borland fixed the user interface  It was robust, supported 3 processor families (x86, i51, and z80), 8 input file types, had a built-in C like language  Since it was already over 500KB, it was a heavily overlayed program. I was saving every byte
23(c) 2014 Ilfak Guilfanov IDA v3.5b: with symbol files  It was released in 1996  It had symbol files (IDS), could run on OS/2, MS DOS extender, had loadable modules, etc  There were many other releases I won't mention in order not to bore you
24(c) 2014 Ilfak Guilfanov IDA Roadmap  My initial plans for IDA were really ambitious. They included: – AI (artificial intelligence) with a LISP like language – Building a binary program optimizer on top of IDA – Using IDA for binary translation – Building some kind of knowledge database about common program snippets and their meanings – IDA would point out suspicious or problematic parts of the code (vulnerability scanner?) – Etc,etc,etc  However, with ever growing users of IDA I was simply overwhelmed by the user requests and bug fixes  Even today it is like this
25(c) 2014 Ilfak Guilfanov Datarescue and IDA  I was lucky that Mr. Pierre Vandevenne got interested in IDA. His contribution can not be overestimated  Datarescue converted my hobby project into a commercial program in 1996  The first GUI version of IDA was built there, in 1999  We made a long and very interesting way together  BTW, Pierre found the lady we use for IDA logo
26(c) 2014 Ilfak Guilfanov PC Magazine: Technical Excellence Award  In 2001 IDA Pro was nominated as a finalist of the Annual Awards for Technical Excellence  We went to Las Vegas to participate in the award ceremony  We lost the competition... to Microsoft's Visual Studio .NET  It was still fun :)
27(c) 2014 Ilfak Guilfanov IDA and pirates  Unfortunately we were plagued by piracy  There were more pirates than legitimate users  Pirates were eating our time and resources  A typical conversation would start with a compliment from a stranger; he would ask for a “little help” in the second message  It was even boring, so predictable  I do not understand when clever people pirate software and then shamelessly ask for help. Probably they aren't that clever after all
28(c) 2014 Ilfak Guilfanov IDA piracy map 2006  Just a map of places where a pirated version of IDA was used (circa 2006) (from www.datarescue.com)
29(c) 2014 Ilfak Guilfanov Decompiler: a plugin on top of IDA  Was greatly inspired by Cristina Cifuentes' PhD thesis on decompilation  After reading the thesis it was clear how to build a decompiler  But the devil is in the details... many subproblems were still not solved. For them: – Come up with an idea how to solve it – Implement it – Test it – Throw away and start over if it did not work  “Wash, rinse, repeat” – for years... (I liked it!)  The first attempts were made in 1998 or even earlier  The first public version appeared in 2007
30(c) 2014 Ilfak Guilfanov Decompiler details  Decompilation is a complex problem, insolvable in general  Very time consuming to develop  Seemingly minor design mistakes haunt and hinder development  One has to cut corners in order to come up with a working decompiler  Question: which corners to cut?
31(c) 2014 Ilfak Guilfanov Hex-Rays  Unfortunately Pierre decided to quit in 2007  I had to continue with the decompiler alone  Hex-Rays quickly became a strong and passionate team – We do care about our code – We want to publish as bug free software as we can – We care about our users
32(c) 2014 Ilfak Guilfanov Why IDA, after all  I created IDA because there was no interactive and robust disassembler at that time; on the other hand there was a strong need in such a tool  I kept maintaining IDA all these years because – IDA helps to solve some problems we face, like viruses – IDA improves our digital security – IDA users are very nice people in general (legit ones)  Like any tool IDA can be used for lowly deeds. Examples: – Cracking software – Stealing code and algorithms
33(c) 2014 Ilfak Guilfanov IDA as a seeing aid  I usually compare it to a microscope  Basically useless to general public but indispensable to professionals  Requires skills to use it efficiently
34(c) 2014 Ilfak Guilfanov Who uses IDA?  This is a frequent question  I can only mention some users categories: – Anti-virus companies – Security oriented organizations – Governments and military – Hobbyists – Shady persons of all kinds – Pirates (the dogs bark but the caravan goes on)  Overall it is a motley crew
35(c) 2014 Ilfak Guilfanov How IDA improves digital security  Our legit users are white hats (or at least they pretend to be so :)  IDA itself is not in the spotlight and stays in shadow but many of our users are famous security researchers  We are glad they we can help them with their tasks  We want IDA to be safe for them (and for all our users)
36(c) 2014 Ilfak Guilfanov How we improve security of IDA  We run tests  We compile our code with various compilers on different platforms  We use code reviews  We use lint, valgrind, and other verification tools  User reports are handled by the developers (there are no first/second help lines). This ensures that developers really suffer from their bugs :)
37(c) 2014 Ilfak Guilfanov Testing IDA  We continuously work on improving our coding style  We keep adding more test cases. Every new reported bug ideally creates a new test case  We keep adding more testing methods – We have an extensive test suite for our analysis engine – We recently added tests for the user interface – We have a constantly growing set of decompiler tests – Our decompilation test suite is about 500GB (only output files)  Virtually every day we add a couple of new test cases  There are dedicated computers for running tests  We have a bug bounty program for critical bugs  We know that we are still not testing IDA enough
38(c) 2014 Ilfak Guilfanov Bug bounty  The idea is simple: if you find a critical bug in IDA, we will pay you a bounty  Many other companies do that; we think that it is really a good idea  It is difficult to come up with a reliable exploit for IDA: – IDA kernel is personalized for each user – We use ASLR – IDA randomizes the heap at the start – We use stack canaries – Our stack is not executable  Nevertheless we offer bounties for memory corruption bugs even if there is no POC code
39(c) 2014 Ilfak Guilfanov Things to improve in the nearest future  We have to add a fuzzer to out test methods  A good static code analyzer is in the plans (in the past we used one quite famous one but were disappointed)  More tests for the debuggers (since we support remote debugging for all platforms, there are 24 possible combinations of local and remote computers)  More tests for IDA Python
40(c) 2014 Ilfak Guilfanov Why is security hard? Because we are blind  Making a watertight liquid recipient is hard for a blind person. He has to palpate it entirely to ensure there are no holes  If he misses a tiniest hole, the liquid will leak out  The same for us with security: we are essentially blind to security holes and can see only the most obvious ones  This means that humans are hopelessly bad when it comes to security, at least today  We need help, we need tools so we can see the light
41(c) 2014 Ilfak Guilfanov Computers to rescue us  Since us humans can not cope with the task, our only hope are computers  Computers can – Test our software – Monitor its use – Prove its correctness – Serve as a seeing aid – Eventually computers would develop software
42(c) 2014 Ilfak Guilfanov Testing  Unfortunately it is impossible to test all cases  Not an excuse to abandon testing altogether  Testing must be continuous  Test as many different aspects as possible  Think as an attacker, try to foresee the possible scenarios  Keep adding tests for all newly discovered bugs  Write a test case before fixing the bug
43(c) 2014 Ilfak Guilfanov Monitoring systems  The digital world changes over time  New threats and attack vectors are discovered  We must monitor our systems  Many solutions exist: Tripwire, Nessus, OSSEC, …  Simple custom scripts have the advantage of being unknown to the attackers
44(c) 2014 Ilfak Guilfanov Proving the software correctness  Software verification tools  Need support from the programming languages – C++ is not the best language for verification – If not, at least good coding practices must be adopted – Unfortunately this comes with a price to pay (MISRA et other guidelines)  Code generation tools  Eventually these tools will become mainstream
45(c) 2014 Ilfak Guilfanov Thank you! Thank you for your attention! Questions?

Recommandé

CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...
CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...
CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...
CODE BLUE
 
IDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki ChidaIDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki Chida
CODE BLUE
 
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...
CODE BLUE
 
Practical Security Assessments of IoT Devices and Systems
Practical Security Assessments of IoT Devices and Systems Practical Security Assessments of IoT Devices and Systems
Practical Security Assessments of IoT Devices and Systems
Ollie Whitehouse
 
Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)
Security Weekly
 
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
CODE BLUE
 
Brief Tour about Android Security
Brief Tour about Android SecurityBrief Tour about Android Security
Brief Tour about Android Security
National Cheng Kung University
 
Software Attacks on Hardware Wallets
Software Attacks on Hardware WalletsSoftware Attacks on Hardware Wallets
Software Attacks on Hardware Wallets
Riscure
 

Recommandé

CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...
CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...
CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...
CODE BLUE
 
IDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki ChidaIDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki Chida
CODE BLUE
 
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...
CODE BLUE
 
Practical Security Assessments of IoT Devices and Systems
Practical Security Assessments of IoT Devices and Systems Practical Security Assessments of IoT Devices and Systems
Practical Security Assessments of IoT Devices and Systems
Ollie Whitehouse
 
Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)
Security Weekly
 
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
CODE BLUE
 
Brief Tour about Android Security
Brief Tour about Android SecurityBrief Tour about Android Security
Brief Tour about Android Security
National Cheng Kung University
 
Software Attacks on Hardware Wallets
Software Attacks on Hardware WalletsSoftware Attacks on Hardware Wallets
Software Attacks on Hardware Wallets
Riscure
 
Stealing sensitive data from android phones the hacker way
Stealing sensitive data from android phones the hacker wayStealing sensitive data from android phones the hacker way
Stealing sensitive data from android phones the hacker way
n|u - The Open Security Community
 
Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013
Stephan Chenette
 
Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008
guest642391
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3m
Prem Kumar (OSCP)
 
Making and breaking security in embedded devices
Making and breaking security in embedded devicesMaking and breaking security in embedded devices
Making and breaking security in embedded devices
Yashin Mehaboobe
 
Security Technology Arms Race - Hack in the Box 2021 keynote
Security Technology Arms Race - Hack in the Box 2021 keynoteSecurity Technology Arms Race - Hack in the Box 2021 keynote
Security Technology Arms Race - Hack in the Box 2021 keynote
MarkDowd13
 
CheapSCAte: Attacking IoT with less than $60
CheapSCAte: Attacking IoT with less than $60CheapSCAte: Attacking IoT with less than $60
CheapSCAte: Attacking IoT with less than $60
Riscure
 
Jailbreaking iOS
Jailbreaking iOSJailbreaking iOS
Jailbreaking iOS
Kai Aras
 
iOS jailbreaking
iOS jailbreakingiOS jailbreaking
iOS jailbreaking
Varun Luthra
 
Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23
Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23
Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23
Chase Schultz
 
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
Stephan Chenette
 
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...
Kuniyasu Suzaki
 
Man in the NFC by Haoqi Shan and Qing Yang
Man in the NFC by Haoqi Shan and Qing YangMan in the NFC by Haoqi Shan and Qing Yang
Man in the NFC by Haoqi Shan and Qing Yang
CODE BLUE
 
from Realtime Operating systems to unlocking iPhones in less than 30 slides
from Realtime Operating systems to unlocking iPhones in less than 30 slidesfrom Realtime Operating systems to unlocking iPhones in less than 30 slides
from Realtime Operating systems to unlocking iPhones in less than 30 slides
Kai Aras
 
Gone in a flash pdf
Gone in a flash pdfGone in a flash pdf
Gone in a flash pdf
AndrewRJamieson
 
Fuzzing
FuzzingFuzzing
Fuzzing
Khalegh Salehi
 
Security Best Practices for Mobile Development @ Dreamforce 2013
Security Best Practices for Mobile Development @ Dreamforce 2013Security Best Practices for Mobile Development @ Dreamforce 2013
Security Best Practices for Mobile Development @ Dreamforce 2013
Tom Gersic
 
PEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot SecurelyPEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot Securely
Niek Timmers
 
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...
BlueHat Security Conference
 
Android Security Overview and Safe Practices for Web-Based Android Applications
Android Security Overview and Safe Practices for Web-Based Android ApplicationsAndroid Security Overview and Safe Practices for Web-Based Android Applications
Android Security Overview and Safe Practices for Web-Based Android Applications
h4oxer
 
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
Cyber Security Alliance
 
Using Technology to Make People More Powerful
Using Technology to Make People More PowerfulUsing Technology to Make People More Powerful
Using Technology to Make People More Powerful
Ian Heron
 

Contenu connexe

Tendances

Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013
Stephan Chenette
 
Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23
Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23
Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23
Chase Schultz
 
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
Stephan Chenette
 
Man in the NFC by Haoqi Shan and Qing Yang
Man in the NFC by Haoqi Shan and Qing YangMan in the NFC by Haoqi Shan and Qing Yang
Man in the NFC by Haoqi Shan and Qing Yang
CODE BLUE
 
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...
BlueHat Security Conference
 

Tendances (20)

Stealing sensitive data from android phones the hacker way
Stealing sensitive data from android phones the hacker wayStealing sensitive data from android phones the hacker way
Stealing sensitive data from android phones the hacker way
 
Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013
 
Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3m
 
Making and breaking security in embedded devices
Making and breaking security in embedded devicesMaking and breaking security in embedded devices
Making and breaking security in embedded devices
 
Security Technology Arms Race - Hack in the Box 2021 keynote
Security Technology Arms Race - Hack in the Box 2021 keynoteSecurity Technology Arms Race - Hack in the Box 2021 keynote
Security Technology Arms Race - Hack in the Box 2021 keynote
 
CheapSCAte: Attacking IoT with less than $60
CheapSCAte: Attacking IoT with less than $60CheapSCAte: Attacking IoT with less than $60
CheapSCAte: Attacking IoT with less than $60
 
Jailbreaking iOS
Jailbreaking iOSJailbreaking iOS
Jailbreaking iOS
 
iOS jailbreaking
iOS jailbreakingiOS jailbreaking
iOS jailbreaking
 
Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23
Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23
Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23
 
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
 
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...
 
Man in the NFC by Haoqi Shan and Qing Yang
Man in the NFC by Haoqi Shan and Qing YangMan in the NFC by Haoqi Shan and Qing Yang
Man in the NFC by Haoqi Shan and Qing Yang
 
from Realtime Operating systems to unlocking iPhones in less than 30 slides
from Realtime Operating systems to unlocking iPhones in less than 30 slidesfrom Realtime Operating systems to unlocking iPhones in less than 30 slides
from Realtime Operating systems to unlocking iPhones in less than 30 slides
 
Gone in a flash pdf
Gone in a flash pdfGone in a flash pdf
Gone in a flash pdf
 
Fuzzing
FuzzingFuzzing
Fuzzing
 
Security Best Practices for Mobile Development @ Dreamforce 2013
Security Best Practices for Mobile Development @ Dreamforce 2013Security Best Practices for Mobile Development @ Dreamforce 2013
Security Best Practices for Mobile Development @ Dreamforce 2013
 
PEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot SecurelyPEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot Securely
 
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...
BlueHat v17 || Extracting Secrets from Silicon – A New Generation of Bug Hunt...
 
Android Security Overview and Safe Practices for Web-Based Android Applications
Android Security Overview and Safe Practices for Web-Based Android ApplicationsAndroid Security Overview and Safe Practices for Web-Based Android Applications
Android Security Overview and Safe Practices for Web-Based Android Applications
 

Similaire à CODE BLUE 2014 : [Keynote] IDA and digital security by Ilfak Guilfanov

ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
Cyber Security Alliance
 
Int2 infosysmultimedia
Int2 infosysmultimediaInt2 infosysmultimedia
Int2 infosysmultimedia
itslides2009
 
DevOps and the cloud: all hail the (developer) king - Daniel Bryant, Steve Poole
DevOps and the cloud: all hail the (developer) king - Daniel Bryant, Steve PooleDevOps and the cloud: all hail the (developer) king - Daniel Bryant, Steve Poole
DevOps and the cloud: all hail the (developer) king - Daniel Bryant, Steve Poole
JAXLondon_Conference
 
AppSphere 15 - How AppDynamics is Shaking up the Synthetic Monitoring Product...
AppSphere 15 - How AppDynamics is Shaking up the Synthetic Monitoring Product...AppSphere 15 - How AppDynamics is Shaking up the Synthetic Monitoring Product...
AppSphere 15 - How AppDynamics is Shaking up the Synthetic Monitoring Product...
AppDynamics
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and Snyk
DevOps.com
 

Similaire à CODE BLUE 2014 : [Keynote] IDA and digital security by Ilfak Guilfanov (20)

ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile...
 
Using Technology to Make People More Powerful
Using Technology to Make People More PowerfulUsing Technology to Make People More Powerful
Using Technology to Make People More Powerful
 
TCC-MSCR
TCC-MSCRTCC-MSCR
TCC-MSCR
 
Int2 infosysmultimedia
Int2 infosysmultimediaInt2 infosysmultimedia
Int2 infosysmultimedia
 
From hello world to goodbye code
From hello world to goodbye codeFrom hello world to goodbye code
From hello world to goodbye code
 
No silver-bullllet-1
No silver-bullllet-1No silver-bullllet-1
No silver-bullllet-1
 
DevOps and the cloud: all hail the (developer) king - Daniel Bryant, Steve Poole
DevOps and the cloud: all hail the (developer) king - Daniel Bryant, Steve PooleDevOps and the cloud: all hail the (developer) king - Daniel Bryant, Steve Poole
DevOps and the cloud: all hail the (developer) king - Daniel Bryant, Steve Poole
 
DockerDay2015: Keynote
DockerDay2015: KeynoteDockerDay2015: Keynote
DockerDay2015: Keynote
 
JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"
JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"
JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"
 
LinuxCon Europe 2013
LinuxCon Europe 2013LinuxCon Europe 2013
LinuxCon Europe 2013
 
ABSE and AtomWeaver : A Quantum Leap in Software Development
ABSE and AtomWeaver : A Quantum Leap in Software DevelopmentABSE and AtomWeaver : A Quantum Leap in Software Development
ABSE and AtomWeaver : A Quantum Leap in Software Development
 
AppSphere 15 - How AppDynamics is Shaking up the Synthetic Monitoring Product...
AppSphere 15 - How AppDynamics is Shaking up the Synthetic Monitoring Product...AppSphere 15 - How AppDynamics is Shaking up the Synthetic Monitoring Product...
AppSphere 15 - How AppDynamics is Shaking up the Synthetic Monitoring Product...
 
UPDATED: Tablet Strategy Bootcamp
UPDATED: Tablet Strategy BootcampUPDATED: Tablet Strategy Bootcamp
UPDATED: Tablet Strategy Bootcamp
 
From open source labs to ceo methods and advice by sysfera
From open source labs to ceo methods and advice by sysferaFrom open source labs to ceo methods and advice by sysfera
From open source labs to ceo methods and advice by sysfera
 
CREATIVE TECHNOLOGY 7 QI-L1
CREATIVE TECHNOLOGY 7 QI-L1CREATIVE TECHNOLOGY 7 QI-L1
CREATIVE TECHNOLOGY 7 QI-L1
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and Snyk
 
DockerCon EU 2015: Day 1 General Session
DockerCon EU 2015: Day 1 General SessionDockerCon EU 2015: Day 1 General Session
DockerCon EU 2015: Day 1 General Session
 
MODULE_1_The History and Evolution of Java.pptx
MODULE_1_The History and Evolution of Java.pptxMODULE_1_The History and Evolution of Java.pptx
MODULE_1_The History and Evolution of Java.pptx
 
8 Principles for Enabling Build/Measure/Learn: Lean Engineering in Action
8 Principles for Enabling Build/Measure/Learn: Lean Engineering in Action8 Principles for Enabling Build/Measure/Learn: Lean Engineering in Action
8 Principles for Enabling Build/Measure/Learn: Lean Engineering in Action
 
Microsoft Tech Club Cairo University "MSTC'16 Builders and Developers " First...
Microsoft Tech Club Cairo University "MSTC'16 Builders and Developers " First...Microsoft Tech Club Cairo University "MSTC'16 Builders and Developers " First...
Microsoft Tech Club Cairo University "MSTC'16 Builders and Developers " First...
 

Plus de CODE BLUE

[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
CODE BLUE
 
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
CODE BLUE
 
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman [cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
CODE BLUE
 
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka [cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
CODE BLUE
 
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
CODE BLUE
 
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
CODE BLUE
 
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
CODE BLUE
 
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
CODE BLUE
 
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
CODE BLUE
 
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
CODE BLUE
 
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
CODE BLUE
 

Plus de CODE BLUE (20)

[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
 
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl
 
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
 
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman [cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
 
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
 
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka [cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
 
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
 
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
 
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
 
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
 
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
 
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
 
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
 

Dernier

Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
raffaeleoman
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
Kayode Fayemi
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
Kayode Fayemi
 
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
amilabibi1
 
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
David Celestin
 

Dernier (15)

Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
 
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdfSOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
 
My Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle BaileyMy Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle Bailey
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
 
ICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdfICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdf
 
Digital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of DrupalDigital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of Drupal
 
lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar Training
 
Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIIDreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio III
 
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfAWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
 
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
 
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
 
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfThe workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
 
Dreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video TreatmentDreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video Treatment
 

CODE BLUE 2014 : [Keynote] IDA and digital security by Ilfak Guilfanov

  • 1. IDA and digital security Hex-Rays Ilfak Guilfanov
  • 2. 2(c) 2014 Ilfak Guilfanov Presentation Outline  About me  Digital security is more important than ever  Evolution of development tools  Story of IDA  What we could do to improve the situation  Your feedback
  • 3. 3(c) 2014 Ilfak Guilfanov About myself  Started a programmer career more than 27 years ago  The author of IDA Pro and Decompiler  Founder and CEO of Hex-Rays  I have passion about programming and beautiful code – I'm not a reverse engineer but a software developer  I believe that efficient and robust software makes our lives better
  • 4. 4(c) 2014 Ilfak Guilfanov Digital security  We store more and more personal data digitally: – Medical records – Bank account info – Communications (emails, sms, etc) – Photos and videos – etc...  More and more (all?) decisions are taken based on digital data  Virtually all our devices are connected to each other, which makes them powerful and vulnerable at the same time
  • 5. 5(c) 2014 Ilfak Guilfanov Security: current state  Far from perfect  Most our software has vulnerability holes due to: – Design flaws (security was not built in from the start) – Buggy implementations – Poor or no testing – Changed environments  We will hear more stories about thousands of stolen credit cards, disclosed sensitive information, etc
  • 6. 6(c) 2014 Ilfak Guilfanov Everything is lost? Nope  I think that the situation is improving over time – The software improves – Most new systems get designed with security in mind – Society better handles digital security related issues
  • 7. 7(c) 2014 Ilfak Guilfanov Development methods are constantly improving  Compilers become better (the very first compilers would not issue any warnings!)  We have more compilers (clang, for example)  Programming languages evolve (initially c++ had no templates)  Better programming paradigms and design patterns  Better software revision systems  Agile and other development approaches
  • 8. 8(c) 2014 Ilfak Guilfanov Software analysis and testing  There are many source code analyzers on the net (25 years ago there was just “lint”)  Many testing frameworks appeared too  Debuggers, fuzzers, valgrind, etc
  • 9. 9(c) 2014 Ilfak Guilfanov How difficult was it to develop software in the past?  Overall, much harder than today. One proof of this difficulty is the software size (measured as the number of source lines of code, not as the size of the binary image)  Example, MS Windows (data from wikipedia) Year Operating System SLOC (mil) 1993 Windows NT 3.1 4-5 1994 Windows NT 3.5 7-8 1996 Windows NT 4.0 11-12 2000 Windows 2000 More than 29 2001 Windows XP 45 2003 Windows Server 2003 50
  • 10. 10(c) 2014 Ilfak Guilfanov Principal reasons of difficulty  Missing or inefficient development tools: editors, compilers, debuggers, code analyzers, testers, etc.  Slower computers  No memory protection or program isolation provided by the operating system  Immature programming paradigms and methodologies  Lack of program verification and testing tools  Let us take a tour
  • 11. 11(c) 2014 Ilfak Guilfanov Editor 'ed'  A text editor with virtually no visual feedback  Yet considered a powerful tool: – It has regular expressions – Programmable  Even modern Linux distributions still include it
  • 12. 12(c) 2014 Ilfak Guilfanov Compilers  No or little warnings  Could produce buggy code  Poor code optimization  However, as a software developer I still consider compiler writers as semi-gods :)  Turbo C compilers from Borland were a breath of fresh air
  • 13. 13(c) 2014 Ilfak Guilfanov Debuggers  My favorite was Turbo Debugger. Compared to other debuggers it was a feast to the eyes  Powerful, robust, can display the source code  Supported hardware and conditional breakpoints
  • 14. 14(c) 2014 Ilfak Guilfanov SoftICE: system level debugger  Can debug the entire operating system  Very powerful  Its popularity was a disadvantage in some cases, anti- SoftICE tricks were employed by some software (from wikipedia)
  • 15. 15(c) 2014 Ilfak Guilfanov Disassemblers  Debuggers were not enough in some cases – Programs get bigger – Algorithms became more complex – Anti-debugger tricks were used more often – More detailed analysis was required, especially for viruses – Compiler bugs required to check non-executable (object) files  Disassemblers would: – Analyze the program in depth – Show cross references – Assign meaningful names to functions and data – etc...
  • 16. 16(c) 2014 Ilfak Guilfanov The most popular disassembler: Sourcer  Sourcer from V Communications was a great tool  It was like magic for a newcomer, in fact – It would tell apart code from data – It would assign meaningful names and comments
  • 17. 17(c) 2014 Ilfak Guilfanov Sourcer: batch mode disassembler  The biggest shortcoming: it was a batch mode program  Could handle programs of limited size  Would occasionally misidentify code or data  Slow for big programs
  • 18. 18(c) 2014 Ilfak Guilfanov Interactivity is the answer  There was a disassembler called Dis*Doc from RJ Swantek  I haven't used it myself so can not tell you much  But I liked the idea very much: – No need to wait for the results – The user can browse the listing and annotate it – The user can guide the disassembler by marking locations as code or data – WYSIWIG (what you see is what you get) was a la mode at that time (remember 'ed'?)  This was the reason why I decided to create IDA
  • 19. 19(c) 2014 Ilfak Guilfanov Initial design and implementation  I tried a few approaches and rewritten the code at least 4 times before I hit the right thing  The result was either too heavy and slow, either too lightweight and limited  Remember about 640KB memory and slow processors!  I needed a robust and fast database
  • 20. 20(c) 2014 Ilfak Guilfanov Database choice  Requirements: – Fast – Capable of storing variable sized objects – Robust  I tried the available databases like Paradox from Borland but quickly abandoned the idea, they were way too slow  Fortunately my friend Pavel Rousnak implemented a B-tree engine  We are still using his database in IDA, upgraded and improved over many times but still the same code
  • 21. 21(c) 2014 Ilfak Guilfanov IDA 0.1, the first public version  It took me 6 months to implement version 0.1  The basic functionality was present but the user interface was ugly  It supported only x86 instructions  Yet it was interactive and working!
  • 22. 22(c) 2014 Ilfak Guilfanov IDA v2.09: nice text interface  IDA v2.09 was released in 1994  TurboVision library from Borland fixed the user interface  It was robust, supported 3 processor families (x86, i51, and z80), 8 input file types, had a built-in C like language  Since it was already over 500KB, it was a heavily overlayed program. I was saving every byte
  • 23. 23(c) 2014 Ilfak Guilfanov IDA v3.5b: with symbol files  It was released in 1996  It had symbol files (IDS), could run on OS/2, MS DOS extender, had loadable modules, etc  There were many other releases I won't mention in order not to bore you
  • 24. 24(c) 2014 Ilfak Guilfanov IDA Roadmap  My initial plans for IDA were really ambitious. They included: – AI (artificial intelligence) with a LISP like language – Building a binary program optimizer on top of IDA – Using IDA for binary translation – Building some kind of knowledge database about common program snippets and their meanings – IDA would point out suspicious or problematic parts of the code (vulnerability scanner?) – Etc,etc,etc  However, with ever growing users of IDA I was simply overwhelmed by the user requests and bug fixes  Even today it is like this
  • 25. 25(c) 2014 Ilfak Guilfanov Datarescue and IDA  I was lucky that Mr. Pierre Vandevenne got interested in IDA. His contribution can not be overestimated  Datarescue converted my hobby project into a commercial program in 1996  The first GUI version of IDA was built there, in 1999  We made a long and very interesting way together  BTW, Pierre found the lady we use for IDA logo
  • 26. 26(c) 2014 Ilfak Guilfanov PC Magazine: Technical Excellence Award  In 2001 IDA Pro was nominated as a finalist of the Annual Awards for Technical Excellence  We went to Las Vegas to participate in the award ceremony  We lost the competition... to Microsoft's Visual Studio .NET  It was still fun :)
  • 27. 27(c) 2014 Ilfak Guilfanov IDA and pirates  Unfortunately we were plagued by piracy  There were more pirates than legitimate users  Pirates were eating our time and resources  A typical conversation would start with a compliment from a stranger; he would ask for a “little help” in the second message  It was even boring, so predictable  I do not understand when clever people pirate software and then shamelessly ask for help. Probably they aren't that clever after all
  • 28. 28(c) 2014 Ilfak Guilfanov IDA piracy map 2006  Just a map of places where a pirated version of IDA was used (circa 2006) (from www.datarescue.com)
  • 29. 29(c) 2014 Ilfak Guilfanov Decompiler: a plugin on top of IDA  Was greatly inspired by Cristina Cifuentes' PhD thesis on decompilation  After reading the thesis it was clear how to build a decompiler  But the devil is in the details... many subproblems were still not solved. For them: – Come up with an idea how to solve it – Implement it – Test it – Throw away and start over if it did not work  “Wash, rinse, repeat” – for years... (I liked it!)  The first attempts were made in 1998 or even earlier  The first public version appeared in 2007
  • 30. 30(c) 2014 Ilfak Guilfanov Decompiler details  Decompilation is a complex problem, insolvable in general  Very time consuming to develop  Seemingly minor design mistakes haunt and hinder development  One has to cut corners in order to come up with a working decompiler  Question: which corners to cut?
  • 31. 31(c) 2014 Ilfak Guilfanov Hex-Rays  Unfortunately Pierre decided to quit in 2007  I had to continue with the decompiler alone  Hex-Rays quickly became a strong and passionate team – We do care about our code – We want to publish as bug free software as we can – We care about our users
  • 32. 32(c) 2014 Ilfak Guilfanov Why IDA, after all  I created IDA because there was no interactive and robust disassembler at that time; on the other hand there was a strong need in such a tool  I kept maintaining IDA all these years because – IDA helps to solve some problems we face, like viruses – IDA improves our digital security – IDA users are very nice people in general (legit ones)  Like any tool IDA can be used for lowly deeds. Examples: – Cracking software – Stealing code and algorithms
  • 33. 33(c) 2014 Ilfak Guilfanov IDA as a seeing aid  I usually compare it to a microscope  Basically useless to general public but indispensable to professionals  Requires skills to use it efficiently
  • 34. 34(c) 2014 Ilfak Guilfanov Who uses IDA?  This is a frequent question  I can only mention some users categories: – Anti-virus companies – Security oriented organizations – Governments and military – Hobbyists – Shady persons of all kinds – Pirates (the dogs bark but the caravan goes on)  Overall it is a motley crew
  • 35. 35(c) 2014 Ilfak Guilfanov How IDA improves digital security  Our legit users are white hats (or at least they pretend to be so :)  IDA itself is not in the spotlight and stays in shadow but many of our users are famous security researchers  We are glad they we can help them with their tasks  We want IDA to be safe for them (and for all our users)
  • 36. 36(c) 2014 Ilfak Guilfanov How we improve security of IDA  We run tests  We compile our code with various compilers on different platforms  We use code reviews  We use lint, valgrind, and other verification tools  User reports are handled by the developers (there are no first/second help lines). This ensures that developers really suffer from their bugs :)
  • 37. 37(c) 2014 Ilfak Guilfanov Testing IDA  We continuously work on improving our coding style  We keep adding more test cases. Every new reported bug ideally creates a new test case  We keep adding more testing methods – We have an extensive test suite for our analysis engine – We recently added tests for the user interface – We have a constantly growing set of decompiler tests – Our decompilation test suite is about 500GB (only output files)  Virtually every day we add a couple of new test cases  There are dedicated computers for running tests  We have a bug bounty program for critical bugs  We know that we are still not testing IDA enough
  • 38. 38(c) 2014 Ilfak Guilfanov Bug bounty  The idea is simple: if you find a critical bug in IDA, we will pay you a bounty  Many other companies do that; we think that it is really a good idea  It is difficult to come up with a reliable exploit for IDA: – IDA kernel is personalized for each user – We use ASLR – IDA randomizes the heap at the start – We use stack canaries – Our stack is not executable  Nevertheless we offer bounties for memory corruption bugs even if there is no POC code
  • 39. 39(c) 2014 Ilfak Guilfanov Things to improve in the nearest future  We have to add a fuzzer to out test methods  A good static code analyzer is in the plans (in the past we used one quite famous one but were disappointed)  More tests for the debuggers (since we support remote debugging for all platforms, there are 24 possible combinations of local and remote computers)  More tests for IDA Python
  • 40. 40(c) 2014 Ilfak Guilfanov Why is security hard? Because we are blind  Making a watertight liquid recipient is hard for a blind person. He has to palpate it entirely to ensure there are no holes  If he misses a tiniest hole, the liquid will leak out  The same for us with security: we are essentially blind to security holes and can see only the most obvious ones  This means that humans are hopelessly bad when it comes to security, at least today  We need help, we need tools so we can see the light
  • 41. 41(c) 2014 Ilfak Guilfanov Computers to rescue us  Since us humans can not cope with the task, our only hope are computers  Computers can – Test our software – Monitor its use – Prove its correctness – Serve as a seeing aid – Eventually computers would develop software
  • 42. 42(c) 2014 Ilfak Guilfanov Testing  Unfortunately it is impossible to test all cases  Not an excuse to abandon testing altogether  Testing must be continuous  Test as many different aspects as possible  Think as an attacker, try to foresee the possible scenarios  Keep adding tests for all newly discovered bugs  Write a test case before fixing the bug
  • 43. 43(c) 2014 Ilfak Guilfanov Monitoring systems  The digital world changes over time  New threats and attack vectors are discovered  We must monitor our systems  Many solutions exist: Tripwire, Nessus, OSSEC, …  Simple custom scripts have the advantage of being unknown to the attackers
  • 44. 44(c) 2014 Ilfak Guilfanov Proving the software correctness  Software verification tools  Need support from the programming languages – C++ is not the best language for verification – If not, at least good coding practices must be adopted – Unfortunately this comes with a price to pay (MISRA et other guidelines)  Code generation tools  Eventually these tools will become mainstream
  • 45. 45(c) 2014 Ilfak Guilfanov Thank you! Thank you for your attention! Questions?