EuSecWest08 roundup

EuSecWest08 is over and seems to have been another success. The change of venue from the Victoria Park Plaza to Leicester Square and the Sound nightclub was an interesting move, which could of gone either way but seemed to work for most people and gave the event a slightly more underground, edgy feel. It was also a great location for after hours socialising.

The standard of presentations and content was generally good, with a number of interesting topics and useful new tools being released. Highlights for me were:

  • Saumil Shah’s Teflon browser extension, which hooks javascript system calls such as document.write and replaces evil Javascript with harmless divs. This fits well with some of the recent evil JS research we have been doing, and we are going to do some collaboration here in the coming months.
  • Alberto Revelli gave an excellent talk on taking SQL Injection vulnerabilities on Windows platform to the next level and using SQLNinja to establish a working remote graphical desktop. Good to see old techniques like building executables from ASCII HTTP requests plus debug.exe coming back into fashion, and an excellent example of how to escalate control from an initial foothold.
  • Martyn Ruk’s review of IBM’s MQ middleware and identication of some surprisingly simple potential vulnerabilities in a number of areas. Good to see someone looking at MQ security and building tools for auditing MQ systems.

Hot topics for the press were Justin Ferguson’s talk on exploiting interpreted languages like Python and PERL, resulting in potentially remotely exploitable vulnerabilities in services like the recently released Google App Engine, and Sebastian Muniz’s talk on developing the first public Cisco IOS rootkit. Both were impressive and it will be interesting to see what happens in this space over the next few months.

I gave another lightning talk on Evil Javascript and SpamMonkey, which we hope to start making public soon. You can find the slides here.

As always, one of the best things about the event was the opportunity to meet up with interesting people in a relaxed environment and discuss what they were working on. It was also good to get a chance to catch up with friends and various industry people. Lots of interesting contacts and discussions, and hopefully we’ll release some research in the coming months that will have benefited from them. All in all, another interesting and enjoyable (sleep deprived) SecWest event.

Comments are closed.