Risky Business #354 -- Breaking exploit automation

New compile-time tricks, split TLB tricks and MOAR...
20 Feb 2015 » Risky Business

On this week's show we're chatting with Assured Information Security senior research engineer Jacob Torrey about some work he's due to present at SysCAN and Infiltrate. It's called HARES, and it's basically a pretty impressive party trick that makes reverse engineering malware payloads a lot harder.

He's also been following some work around some compile-time tricks that make software builds unique. This can make your 0day a lot less useful because exploit has to be custom built for each target... think of it as a compile-time ASLR trick, but better.

NOTE: Originally this post said the compile-time tricks were Jacob's research. They're not, I got that mixed up. Soz. Been crook this week and I guess I've been a bit sloppy. The podcast still contains the incorrect assertion that the research Jacob is talking about is his own. I'll put a clarifying statement in next week's show. - Pat

This week's show is brought to you by BugCrowd, crowdsourced bug bounties. And we'll be chatting with Bugcrowd founder and CEO Casey Ellis about some interesting stuff this week -- like how to you take bug reports from people who don't speak english? Will a video do it?

We also chat about some comments made by Alex Stamos, the CISO of Yahoo, in a recent AppSec conference keynote. He says bug bounty crowds need to chill out; that until a few years ago they would have gone to prison for running SQLMap against a target and now they're
getting paid. He also says the CFAA makes bounty programs legally risky for participants and we're one prosecution away from blowing the whole model up.

We'll find out what Casey thinks about that.

Adam Boileau, as usual, joins us to discuss the week's news headlines.

Don't forget you can now support the Risky Business page via our Patreon campaign. Oh, and do add Patrick and Adam on Twitter if that's your thing.