SOURCE: Battelle

independent R&D organization, Battelle

July 31, 2015 12:37 ET

Battelle to Present Innovative Cybersecurity Research at Black Hat USA 2015 and DEF CON 23

Cybersecurity Researcher Chris Domas to Demonstrate Proof-of-Concept Code Exploiting x86 Features and New Methods for Countering Reverse Engineering

SAN FRANCISCO, CA--(Marketwired - July 31, 2015) - Battelle today announced that Cybersecurity Researcher Chris Domas has been selected to present innovative security research at the Black Hat USA 2015 and DEF CON 23 conferences. Taking place as back-to-back conferences in Las Vegas from Aug. 1 - 9, Black Hat and DEF CON gather the industry's leading security minds to explore the latest in hacking, information security risks, research and trends.

Domas will deliver the following presentations:

What: "The Memory Sinkhole - Unleashing an X86 Design Flaw Allowing Universal Privilege Escalation"

Who: Chris Domas, cybersecurity researcher

Where: Black Hat USA 2015, Mandalay Bay, Las Vegas, room: Mandalay Bay GH

When: Thursday, Aug. 6, 9:45 - 10:35 a.m. PDT

Presentation Details:
In x86, beyond ring 0 lie the more privileged realms of execution, where our code is invisible to AV, we have unfettered access to hardware, and can trivially preempt and modify the OS. The architecture has heaped layers upon layers of protections on these negative rings, but 40 years of x86 evolution have left a labyrinth of forgotten backdoors into the ultra-privileged modes. Lost in this byzantine maze of decades-old architecture improvements and patches, there lies a design flaw that's gone unnoticed for 20 years. In one of the most bizarre and complex vulnerabilities we've ever seen, we'll release proof-of-concept code exploiting the vast, unexplored wasteland of forgotten x86 features, to demonstrate how to jump malicious code from the paltry ring 0 into the deepest, darkest realms of the processor. Best of all, we'll do it with an architectural 0-day built into the silicon itself, directed against a uniquely vulnerable string of code running on every single system.

What: "REpsych: Psychological Warfare in Reverse Engineering"

Who: Chris Domas, cybersecurity researcher

Where: DEF CON 23, Paris Hotel Convention Center, Las Vegas, room: Vendome

When: Sunday, Aug. 9, 11 a.m. - 12 p.m. PDT

Presentation Details:
Your precious 0-day? That meticulously crafted exploit? The perfect foothold? At some point, they'll be captured, dissected, and put on display. Reverse engineers. When they begin snooping through your hard work, it pays to have planned out your defense ahead of time. You can take the traditional defensive route -- encryption, obfuscation, anti-debugging -- or you can go on the offense, and attack the heart and soul of anyone who dare look at your perfect code. With some carefully crafted assembly, we'll show how to break down a reverse engineer by sending them misleading, intimidating, and demoralizing messages through the control flow graphs of their favorite reverse engineering tools -- turning their beloved IDA (Hopper, BinNavi, Radare, etc.) into unwitting weapons for devastating psychological warfare in reverse engineering.

About Battelle
Every day, the people of Battelle apply science and technology to solving what matters most. At major technology centers and national laboratories around the world, Battelle conducts research and development, designs and manufactures products, and delivers critical services for government and commercial customers. Headquartered in Columbus, Ohio since its founding in 1929, Battelle serves the national security, health and life sciences, and energy and environmental industries. For more information, visit www.battelle.org.

Contact Information