With great pleasure, SIG^2 hosted the blackhats for a meet-the-local-community successfully for the 2nd year running! The guys and gals had a Merry Christmas gift when they were given to golden opportunity to mingle with the best minds in the business up close! With Halvar Flake, S.K. Chong, David Aitel, The Grugg and Saumil Shah, indeed it is an early Christmas gathering! They lead a Bird's of a Feather(BoF) session with the session revolving roughly around the following topics:
the following topics:
1) Hurdles to reverse engineering
2) Overcoming anti-disassembling techniques
3) Overcoming anti-debugging techniques
4) Essence of bugs finding/exploit research

Photos here!

Who is Halvar Flake?

Halvar Flake is Black Hat's resident reverse engineer. Originating in the fields of copy protection, he moved more and more towards network security after realizing the potential for reverse engineering as a tool for vulnerability analysis. He spends most of his screen time in a disassembler (or developing extensions for the disassembler), likes to read source code diff's with his breakfast and enjoys giving talks about his research interests. He drinks tea but does not smoke camels.

Who is S.K. Chong?

S.K. Chong is Co-Founder and Security Consultant for SCAN Associates; a Malaysian based consulting and security Services Company. SCAN Associates is also two-time winner of the Capture the Flag hacking competition held last year in Malaysia. SK Chong is also the author of several white papers including "SQL Injection Walkthrough" and "Win32 Buffer Overflow Walkthrough". The paper detailed findings previously unknown exploit in Microsoft's SQL Server. Over the last 2 years, he has conducted more than 20 professional penetration testings on various local government and military agencies, financial and ISP companies as well as profession binary audit for company in Fortune 500. His primary interests include binary and code audits, exploit research and penetration testing.

Who is The Grugg?

The grugq has been researching anti-forensics for almost 5 years. Grugq has worked to secure the networks and hosts of global corporations, and hes also worked for security consultanting companies. His work as a security consultant was cut short by the publication of an article on anti-forensics. Currently, he slaves for a start-up, designing and writing IPS software.

Grugq has presented to the UK's largest forensic practioner group where he scared the police. In his spare time, grugq likes to drink and rant.

Who is David Aitel?

Dave Aitel is the founder of Immunity, Inc. and the primary developer of CANVAS and the SPIKE Application Assessment Suite. His previous experience, both within the US Government and the private sector has given him a broad background in exploit development, training, and speaking. He has discovered numerous new vulnerabilities in products such as Microsoft IIS, SQL Server 2000, and RealServer.

Immunity, Inc. is a New York City based consulting and security software products firm. CANVAS, Immunity's flagship product, is a sophisticated exploit development and demonstration framework.

Who is Saumil Shah?

Saumil Shah continues to lead the efforts in e-commerce security research and software development at Net-Square. He is the co-author of "Web Hacking: Attacks and Defense" published by Addison Wesley. He has had more than eight years experience with network security and has perfomed numerous ethical hacking exercises for many significant companies in the IT area. Saumil is a reg ular speaker at security conferences worldwide such as BlackHat, RSA, etc. Previously, Saumil held the position of Director of Indian operations with Foundstone Inc. in the US, and a senior consultant with Ernst & Young's Information Security Services. Saumil has also worked at the Indian Institute of Management, Ahmedabad, as a research assistant and is currently a visiting faculty member for their Management Development Programmes.

Saumil graduated from Purdue University with a master's degree in computer science and a strong research background in operating systems, networking, infomation security, and cryptography. He also holds a CISSP certification. He got his undergraduate degree in computer engineering from Gujarat University, India. Saumil is also the author of "The Anti-Virus Book" (Tata McGraw-Hill, 1996)

Acknowledgements
Thanks to our sponsor, IDA for providing the venue for this event.

For your info, the Blackhat Asia training and conference will be held in Singapore from 16-19 Dec 2003. For more details, visit their website.

CPE
Please note that members who are SSCP/CISSP can accrue CPE credits by attending this event.

Updated: 20/12/2003
webmaster@security.org.sg