Menu > Articles de la revue de presse : - l'ensemble [tous | francophone] - par mots clé [tous] - par site [tous] - le tagwall [voir] - Top bi-hebdo de la revue de presse [Voir]

---

S'abonner au fil RSS global de la revue de presse

---

Présentation : In this talk, we will provide insight into both the documented and undocumented APIs available in Adobe Reader. Several code auditing techniques will be shared to aid in vulnerability discovery, along with numerous proofs-of-concept which highlight real-world examples. We ll detail out how to chain several unique issues to obtain execution in a privileged context. Finally, we ll describe how to construct an exploit that achieves remote code execution without the need for memory corruption. Speaker Bios Brian Gorenc is the manager of Vulnerability Research with Hewlett-Packard Security Research HPSR . In this role, Gorenc leads the Zero Day Initiative ZDI program, which is the world s largest vendor-agnostic bug bounty program. His focus includes analyzing and performing root-cause analysis on hundreds of zero-day vulnerabilities submitted by ZDI researchers from around the world. The ZDI works to expose and remediate weaknesses in the world s most popular software. Brian is also responsible for organizing the ever-popular Pwn2Own hacking competitions. Prior to joining HP, Gorenc worked for Lockheed Martin on the F-35 Joint Strike Fighter JSF program. In this role, he led the development effort on the Information Assurance IA products in the JSF s mission planning environment. Twitter maliciousinput Abdul-Aziz Hariri is a security researcher with Hewlett-Packard Security Research HPSR . In this role, Hariri analyzes and performs root-cause analysis on hundreds of vulnerabilities submitted to the Zero Day Initiative ZDI program, which is the world's largest vendor-agnostic bug bounty program. His focus includes performing root-cause analysis, fuzzing and exploit development. Prior to joining HP, Hariri worked as an independent security researcher and threat analyst for Morgan Stanley emergency response team. During his time as an independent researcher, he was profiled by Wired magazine in their 2012 article, Portrait of a Full-Time Bug Hunter . Twitter abdhariri Jasiel Spelman is a vulnerability analyst and exploit developer for the Zero Day Initiative ZDI program. His primary role involves performing root cause analysis on ZDI submissions to determine exploitability, followed by developing exploits for accepted cases. Prior to being part of ZDI, Jasiel was a member of the Digital Vaccine team where he wrote exploits for ZDI submissions, and helped develop the ReputationDV service from TippingPoint. Jasiel's focus started off in the networking world but then shifted to development until transitioning to security. He has a BA in Computer Science from the University of Texas at Austin. Twitter wanderingglitch HP s Zero Day Initiative, Twitter thezdi For More Information Please Visit - https www.defcon.org html defcon-23 dc-23-index.html

Les mots clés de la revue de presse pour cet article : adobe javascript
Les videos sur SecuObs pour les mots clés : adobe javascript
Les éléments de la revue Twitter pour les mots clé : adobe javascript





Les derniers articles du site "SecurityTube.Net" :

- TROOPERSCON - Crypto code the 9 circles of testing
- TROOPERSCON - Towards a LangSec Aware SDLC
- TROOPERSCON - Deep dive into SAP archive file formats
- TROOPERSCON - Thanks SAP for the vulnerabilities. Exploiting the unexploitable
- TROOPERSCON - An easy way into your multi-million dollar SAP systems An unknown default SAP account
- TROOPERSCON - One Tool To Rule Them All
- TROOPERSCON - Mind The Gap - Exploit Free Whitelisting Evasion Tactics
- TROOPERSCON - The Chimaera Processor
- TROOPERSCON - Lets Play Hide and Seek in the Cloud
- TROOPERSCON - Planes, Trains and Automobiles The Internet of Deadly Things

---

S'abonner au fil RSS global de la revue de presse

---