Past Meetup

Reverse Engineering, Cracking, Compromising Software Security & Mitigations

This Meetup is past

25 people went

Location image of event venue

Details

OWASP NZ (https://www.owasp.org/index.php/New_Zealand) Christchurch is hosting this event. We're pleased to have Rob Gilmour: Senior Software Engineer, Technical Support at JADE Software Corporation Ltd talking on this topic.

Rob has 30+ Years cracking experience on Zialog Z80, Motorola 68000 & x86 Architectures, along with coding experience in Assembler, C++, C#, JADE, VB.

Presentation Topics

Think like a cracker, not like a developer.

• In order for you to develop stronger protection you need to understand how a cracker willapproach a target.

• What to do and what not to do. Your error messages provide too much information.

Common misconceptions, don’t be naïve, you’re not that good!

• I’m smarter

• Crackers are uncreative, unemployed and undisciplined

My custom crypto algo is better than “xyz”

I’ll only offer a demo version for public download

Why APPLE moving to Intel architecture has greatly assisted the cracker.

• Software compiled for both platforms has made the PC crackers job a lot easier. I will showyou why.

Grind the bastards down.

• A persistent cracker will almost always win. I’ll give you some help on playing the long gameso it will make their job so much more difficult.

RSA is a bad protection strategy.

• I’ll show you why RSA implemented outside a Server/Client relationship is pointless.

How did they do that?

• I’ll show how it’s done:

• - Keygenning

• - Patching

• - Bruteforce

• - Dumping a running target and rebuilding import table and relocation data

• - Serial fishing

• - Using a custom coded debugger for a specific target

• - Man-in-the-middle attacks

• - Dongle emulation, snooping

• - Loaders

• - Decompiling ASM, C++, C#

• - Installer injection

Online registered user benefits obtained by nefarious means.

Tighten up your web security, I can come through the front door too.

What matters to you?

Sell it or give it away.Is my time spent on protection productive or futile?

Big thanks to Dimension Data (http://www.dimensiondata.com/en-NZ) for providing the venue, network, and internet access.

BinaryMist (http://binarymist.net/) Limited will be providing food and drinks.