PHDays V: How to Build Your Shodan, Resist ROP Shellcodes and Automate Reverse Engineering

The Fifth International Forum on Practical Security Positive Hack Days will be held May 26 and 27, 2015 at the Moscow World Trade Center. The second wave of Call For Papers has recently completed, and today we bring to your attention a new portion of performances.

Automation - to help the reverse

Often, reverse engineering involves examining almost all of the code in a software system, and the main tool in such cases is the disassembler. Researchers face various difficulties - with determining the sequence of processing functions, differences in the versions of one system, the inability to fully debug and emulate code in embedded systems.

During his presentation, Anton Dorfman, who conducted a shellcode master class on PHDays III, will share his experience in creating a plug-in for automating reverse development based on IDAPython. Key features - preliminary automatic code analysis and transfer of results to other versions of the investigated system.

How to create your Shodan

The well-known information security researcher Igor Agievich ("Radio Monitoring Technologies") will talk about creating a search engine similar to " the worst Internet search engine " - Shodan.



The speaker will compare the developed system with analogues and present examples of interesting devices discovered by the new search engine.

We catch ROP shellcodes in network traffic

Remote exploitation of vulnerabilities is one of the most powerful tools of cybercriminals: this is how computer worms spread and important information is stolen. To circumvent protection, attackers developed a technique for writing shellcodes using reverse-oriented programming. The new class is called ROP shellcodes (from English return-oriented programming).

Svetlana Gaivoronskaya, a former member of the Bushwhackers CTF team, will present a utility that performs static and dynamic analysis of network traffic for the presence of ROP shellcodes in it. Last year, Svetlana, together with Ivan Petrov, presented a report on “ shellcode fishing for ARM ”.

Only a month to PHDays

The Positive Hack Days V International Practical Safety Forum will be held very soon. Formation of the competitive program and work on the formation of a grid of performances are in full swing - previous announcements ( first , second and third ) are available on Habré , as well as the presentation of the key speaker of PHDays - Whitfried Diffie .

In the near future we will publish the names of speakers and descriptions of all studies accepted in the program on the site. Follow our news and you will not miss anything interesting.



Now you can vote for your favorite performances - on the program pageforum you need to click the "I want to visit" button next to a report. Voting will help us to plan the loading of halls correctly.

You still have the opportunity to take part in PHDays V, but don’t delay buying tickets: there are very few of them left.

See you in May!