Security
Details
Happy New Year everyone! Starting in March, we will be meeting regularly on the fourth Tuesday of every month. In the meantime, availability at Assembly for January was limited to sharing a date with another group. With my utmost apologies about the short notice, and sincere thanks to the Ruby meetup for sharing their slot with us, we hope to see you for the following talks this Tuesday:
Exploiting binaries with Python for fun, but no profit
Ross Gibb
Successfully breaching a remote system using memory corruption is one of the most satisfying feelings in computer science. Of course, finding such vulnerabilities and writing a successful exploit in commercial software is no easy feat, not to mention the possible legal concerns. However, for budding reverse engineers and security researchers, capture-the-flag competitions provide a gateway to learning how to successfully find vulnerabilities and write exploits. The competitions provide vulnerable applications which contestants must find and exploit during the competition.
This talk will demystify how binary exploitation challenges within capture-the-flag competitions often work. A challenge from a recent competition will be solved live. The solution will demonstrate the use of reverse engineering tools, a debugger, and Python to find the vulnerability, come up with an exploitation plan, and finally create a working exploit. Attendees are not expected to have reverse engineering experience.
Tutorial (http://rossgibb.ca/ctf/2013_csaw_final_silkstreet/) / VM download (http://captf.com/2013/csaw-finals/csawfinals.zip)
Rails Security, Part 1
Gavin Miller
Brakeman, sql injection, xss, the real basic topics. Mostly just to set groundwork and cover the "start here" stuff.
(Gavin’s talk will be first.)
Security