XCon2007 XFocus Information Security Conference ...

Aditya K Sood Aditya K Sood
关于 Aditya K Sood Founder, SecNiche Security ( Website: http://www.secniche.org ) Independent Security Researcher having experience of more than 5 years. Love to work on Reverse Engineering , Incore protocol analysis , Web application insecurities , penetration testing. Initiated Cutting Edge Research for Web Application Security. A Project to anlyze vulnerability vectors in web application. The research is featured at FIRST as Global Security news. Website: http://cera.secniche.org. Running my own research labs i.e. Mlabs:Digital Intelligence. The lab holds my Research work. Website: http://mlabs.secniche.org Release number of advisories related to GOOGLE , AOL , MSN ,Verisign , Microsoft ,JWIG ,ORKUT etc. for inheriting SQL injections, redirection vulnerabilities, application security flaws etc. Discover the Google Metacharcater Spamdexing Bug and Yahoo Search Engine Phishing Vulnerability. Holding a BE in computers and MS in Cyber Law and Information from Indian Institute of Information Technology (IIIT-A). Author for the number of security related articles published and released at the packetstormsecurity portal, Info Sec writers, Open RCE , Linux security, XSSED, MLabs , knowledge cave , Secniche etc . Information Security Writer for Hakin9, Linux+, Information Security Magazines.etc. Projects you can find at SecNiche For Latest Happenings: His blog : http://zeroknock.blogspot.com Social Networking project with Whitedust , http://www.hakspace.net
议题名称 : Exploiting 4J Jargon - JSON, BISON - JUMP - JNLP - JWIG Traversing Through Java Based Web Technologies 议题介绍: The talk strictly adheres to the attack base that favors the exploitation of web based Java technology. The core revolves around the web exploitation. The point of talk is to understand the hidden artifacts of these technologies that dismantle that functioning of web. The deep aspect of serialization attacks and other security paradigm will be discussed. The exploitation realm of JSON-Bison will be stripped off with definite techniques. The JNLP, JWIG and JUMP will be traversed through featured techniques. The work is an outcome of my analysis and in depth research. These defined issues can be exploited in any sense. it requires detail talk. The web 2.0 has become the attack base for surmounting attacks. These technologies serve the base. So a generic work is required to look into the mal functional aspects of these technologies. 知识需要: standards-based presentation using XHTML and CSS; dynamic display and interaction using the Document Object Model; data interchange and manipulation using XML and XSLT; asynchronous data retrieval using XMLHttpRequest; JavaScript binding everything together.

Aditya K Sood Aditya K Sood

关于 Aditya K Sood

Founder, SecNiche Security ( Website: http://www.secniche.org )

Independent Security Researcher having experience of more than 5 years. Love to work on Reverse Engineering , Incore protocol analysis , Web application insecurities , penetration testing.
Initiated Cutting Edge Research for Web Application Security. A Project to anlyze vulnerability vectors in web application. The research is featured at FIRST as Global Security news. Website: http://cera.secniche.org.
Running my own research labs i.e. Mlabs:Digital Intelligence. The lab holds my Research work. Website: http://mlabs.secniche.org
Release number of advisories related to GOOGLE , AOL , MSN ,Verisign , Microsoft ,JWIG ,ORKUT etc. for inheriting SQL injections, redirection vulnerabilities, application security flaws etc.
Discover the Google Metacharcater Spamdexing Bug and Yahoo Search Engine Phishing Vulnerability.
Holding a BE in computers and MS in Cyber Law and Information from Indian Institute of Information Technology (IIIT-A).
Author for the number of security related articles published and released at the packetstormsecurity portal, Info Sec writers, Open RCE , Linux security, XSSED, MLabs , knowledge cave , Secniche etc .
Information Security Writer for Hakin9, Linux+, Information Security Magazines.etc.
Projects you can find at SecNiche

议题名称 :

Exploiting 4J Jargon - JSON, BISON - JUMP - JNLP - JWIG Traversing Through Java Based Web Technologies

议题介绍:

The talk strictly adheres to the attack base that favors the exploitation of web based Java technology. The core revolves around the web exploitation. The point of talk is to understand the hidden artifacts of these technologies that dismantle that functioning of web. The deep aspect of serialization attacks and other security paradigm will be discussed. The exploitation realm of JSON-Bison will be stripped off with definite techniques. The JNLP, JWIG and JUMP will be traversed through featured techniques. The work is an outcome of my analysis and in depth research. These defined issues can be exploited in any sense. it requires detail talk. The web 2.0 has become the attack base for surmounting attacks. These technologies serve the base. So a generic work is required to look into the mal functional aspects of these technologies.

知识需要:

standards-based presentation using XHTML and CSS;
dynamic display and interaction using the Document Object Model;
data interchange and manipulation using XML and XSLT;
asynchronous data retrieval using XMLHttpRequest;
JavaScript binding everything together.

Damian Hasse
关于 Damian Hasse Damian Hasse, Lead Security Software Engineer at Microsoft, leads a team of security researchers that investigate vulnerabilities and security threats as part of the Microsoft Security Response Center (MSRC). The team works on every MSRC case to help improve the guidance and protection we provide to customers through our security updates and bulletins by discovering additional attack vectors, new exploitation techniques and adapting quickly to stay ahead of the ever evolving security ecosystem. This team also provides forward looking security guidance to product teams within Microsoft, impacting products before and after release.
议题名称 : School of hard knocks things you can learn from working with MSRC 议题介绍: Several MSRC cases will be explained, revealing code flaws, describing attack vectors, understanding what the security engineering arm of MSRC, SWI React, did to validate the fixes and more importantly how Microsoft continues to refine the security engineering process to prevent this kinds of problems in future releases.

Damian Hasse

关于 Damian Hasse: Damian Hasse, Lead Security Software Engineer at Microsoft, leads a team of security researchers that investigate vulnerabilities and security threats as part of the Microsoft Security Response Center (MSRC). The team works on every MSRC case to help improve the guidance and protection we provide to customers through our security updates and bulletins by discovering additional attack vectors, new exploitation techniques and adapting quickly to stay ahead of the ever evolving security ecosystem. This team also provides forward looking security guidance to product teams within Microsoft, impacting products before and after release.

议题名称 :: School of hard knocks things you can learn from working with MSRC
议题介绍:: Several MSRC cases will be explained, revealing code flaws, describing attack vectors, understanding what the security engineering arm of MSRC, SWI React, did to validate the fixes and more importantly how Microsoft continues to refine the security engineering process to prevent this kinds of problems in future releases.

Linxer
关于 Linxer linxer，大成天下-数据安全实验室资深研究员，专注反病毒领域，对Linux内核有浓厚兴趣。
议题名称 : AV引擎之虚拟机脱壳技术议题介绍: 目前，越来越多的病毒和木马出于加密或免杀的目的，对自身进行加壳处理，这给目前主流的反病毒检测技术：特征码匹配，带来很多挑战。本议题讨论基于虚拟机技术的脱壳方法，从X86 CPU仿真，PE Loader和Windows系统特性仿真方面对反病毒引擎中的虚拟机脱壳技术进行分析。

Linxer

关于 Linxer: linxer，大成天下-数据安全实验室资深研究员，专注反病毒领域，对Linux内核有浓厚兴趣。

议题名称 :: AV引擎之虚拟机脱壳技术
议题介绍:: 目前，越来越多的病毒和木马出于加密或免杀的目的，对自身进行加壳处理，这给目前主流的反病毒检测技术：特征码匹配，带来很多挑战。本议题讨论基于虚拟机技术的脱壳方法，从X86 CPU仿真，PE Loader和Windows系统特性仿真方面对反病毒引擎中的虚拟机脱壳技术进行分析。

Luis Miras
关于 Luis Miras Luis Miras is the lead vulnerability researcher at Intrusion Inc. He has done work for leading consulting firms and recently has done work for Chumby. His interests include vulnerability research, binary analysis, and hardware/software reversing. In the past he has worked in digital design, and embedded programming.
议题名称 : Other Wireless: New ways to get Pwned 议题介绍: There are many other wireless devices besides Wifi and Bluetooth. This talk examines the security of some of these devices, including wireless keyboards, mice, and presenters. Many of these devices are designed to be as cost effective as possible. These cost reductions directly impact their security. Examples of chip level sniffing will be shown as well as chip level injection attacks allowing an attacker to control the target system. The hardware used in these devices will be examined along with an attacker toolkit consisting of low cost hardware and software.

Luis Miras

关于 Luis Miras: Luis Miras is the lead vulnerability researcher at Intrusion Inc. He has done work for leading consulting firms and recently has done work for Chumby. His interests include vulnerability research, binary analysis, and hardware/software reversing. In the past he has worked in digital design, and embedded programming.

议题名称 :: Other Wireless: New ways to get Pwned
议题介绍:: There are many other wireless devices besides Wifi and Bluetooth. This talk examines the security of some of these devices, including wireless keyboards, mice, and presenters. Many of these devices are designed to be as cost effective as possible. These cost reductions directly impact their security. Examples of chip level sniffing will be shown as well as chip level injection attacks allowing an attacker to control the target system. The hardware used in these devices will be examined along with an attacker toolkit consisting of low cost hardware and software.

Luo xiapu (Daniel)
关于 Luo xiapu (Daniel) 罗夏朴是香港理工大学的在读博士生, 系统分析员。他的研究包括有线和无线网络的安全，测量，管理和性能评价。他的研究成果发表在主要的国际安全会议上，如NDSS, ESORICS, IEEE/IFIP DSN, IFIP SEC 等。
议题名称 : 基于网络计数器的隐蔽信道议题介绍: 本议题介绍了两种新的网络隐藏通道，Cloak 和 WebShare。Cloak是一类基于时间的隐藏通道(timing channel)。它将信息嵌入到TCP报文和连接的组合关系之中。相比现有的基于时间的隐藏通道，Cloak有许多突出的特性：高带宽，可靠传输，多变种以适应不同的环境。WebShare是一类基于存储的隐藏通道(storage channel)。它利用网络上大量存在的计数器作为临时存储体，从而减弱了现有的网络隐藏通道的位置限制。本议题还将回顾现有的网络隐藏通道常用的方法。

Luo xiapu (Daniel)

关于 Luo xiapu (Daniel): 罗夏朴是香港理工大学的在读博士生, 系统分析员。他的研究包括有线和无线网络的安全，测量，管理和性能评价。他的研究成果发表在主要的国际安全会议上，如NDSS, ESORICS, IEEE/IFIP DSN, IFIP SEC 等。

议题名称 :: 基于网络计数器的隐蔽信道
议题介绍:: 本议题介绍了两种新的网络隐藏通道，Cloak 和 WebShare。Cloak是一类基于时间的隐藏通道(timing channel)。它将信息嵌入到TCP报文和连接的组合关系之中。相比现有的基于时间的隐藏通道，Cloak有许多突出的特性：高带宽，可靠传输，多变种以适应不同的环境。WebShare是一类基于存储的隐藏通道(storage channel)。它利用网络上大量存在的计数器作为临时存储体，从而减弱了现有的网络隐藏通道的位置限制。本议题还将回顾现有的网络隐藏通道常用的方法。

Nguyen Anh Quynh
关于 Nguyen Anh Quynh Nguyen Anh Quynh is a postdoctoral researcher at National Institute of Advanced Industrial Science and Technology (AIST), Japan . His research interests include computer security, networking, data forensic, virtualization, Trusted Computing and Operating System. His papers have been published in various academic conferences, such as ACM, IEEE, LNCS, Usenix among others. Quynh is a contributor of numerous open source projects (notably are Xen Virtual Machine and Linux kernel). He loves to get involved with the industry, and he gave talks at hacking conferences such as EusecWest, HackInTheBox, Hack.lu. Quynh obtained PhD degree of computer science in Keio University , Japan. He is also a member of VNSECURITY, a pioneer information security research group in Vietnam.
议题名称 : Xenprobes, A Lightweight User-space Probing Framework for Xen Virtual Machine 议题介绍: This presentation focuses on Xenprobes, a lightweight framework to probe the guest kernels of Xen Virtual Machine. Xenprobes is useful for various purposes such as as monitoring real-time status of production systems, analyzing performance bottlenecks, logging specific events or tracing problems of Xen-based guest kernel. Compared to other kernel probe solutions, Xenprobes introduces some unique advantages. To name a few: First, our framework puts the the breakpoint handlers in user-space, so it is significantly easier to develop and debug. Second, Xenprobes allows to probe multiple guests at the same time. Last but not least, Xenprobes supports all kind of Operating Systems supported by Xen.

Nguyen Anh Quynh

关于 Nguyen Anh Quynh: Nguyen Anh Quynh is a postdoctoral researcher at National Institute of Advanced Industrial Science and Technology (AIST), Japan . His research interests include computer security, networking, data forensic, virtualization, Trusted Computing and Operating System. His papers have been published in various academic conferences, such as ACM, IEEE, LNCS, Usenix among others. Quynh is a contributor of numerous open source projects (notably are Xen Virtual Machine and Linux kernel). He loves to get involved with the industry, and he gave talks at hacking conferences such as EusecWest, HackInTheBox, Hack.lu. Quynh obtained PhD degree of computer science in Keio University , Japan. He is also a member of VNSECURITY, a pioneer information security research group in Vietnam.

议题名称 :: Xenprobes, A Lightweight User-space Probing Framework for Xen Virtual Machine
议题介绍:: This presentation focuses on Xenprobes, a lightweight framework to probe the guest kernels of Xen Virtual Machine. Xenprobes is useful for various purposes such as as monitoring real-time status of production systems, analyzing performance bottlenecks, logging specific events or tracing problems of Xen-based guest kernel. Compared to other kernel probe solutions, Xenprobes introduces some unique advantages. To name a few: First, our framework puts the the breakpoint handlers in user-space, so it is significantly easier to develop and debug. Second, Xenprobes allows to probe multiple guests at the same time. Last but not least, Xenprobes supports all kind of Operating Systems supported by Xen.

Rodrigo Rubira Branco
关于 Rodrigo Rubira Branco Rodrigo Rubira Branco (BSDaemon) is a Software Engineer at IBM, member of the Advanced Linux Response Team (ALRT), part of the IBM Linux Technology Center (IBM/LTC) Brazil also working in the IBM Toolchain (Debugging) Team for PowerPC Architecture. He is the maintainer of the StMichael/StJude projects (www.sf.net/projects/stjude), the developer of the SCMorphism (www.kernelhacking.com/rodrigo) and has talks at the most important security-related events in Brazil (H2HC, SSI, CNASI). Rodrigo is also a member of the Rise Research (www.risesecurity.org).
Domingo Montanaro
关于 Domingo Montanaro Montanaro is an Information Security Specialist and Computer Forensics Expert, has been working with High Technology crime investigation for private companies including the financial market and also for law enforcement agencies as a Forensics Connoisseur. Expertise in Data Recovery, Incident Handling, Response and Tracking, Evidence Collection, Forensics (and Anti-Forensics) methodology and tools Research and Development and Information Leakage issues. Organizer of H2HC - Hackers 2 Hackers Conference (Latin America most important Hacking conference) . Invited professor of some universities for lessoning 关于 Computer Forensics, author of several articles/papers and Speaker in security related conferences as HackInTheBox Dubai 2007, VNSecon 2007, H2HC and SSI/ITA. Certifications: GCFA, MCSO
议题名称 : 内核Hack与反取证议题介绍: This presentation intend to cover specifically the most necessary and more undocumented area of the computer security: attacks to the core of the systems (Kernel-level attacks�which can defeat the existing security models). As all we know, security systems generally runs with the kernel privilegies (like pax, lids, selinux and more others) and can be bypassed if the kernel itself has been compromised. Attempts to protect the kernel mode (like canary protection into the kernel mode, introduced by Windows 2003 and pax-randkstack/noexec protections) exist, but are restrict in protecting the exploitation, not preventing the exploitation consequences. St. Michael is an open-source project, that covers Solaris and Linux (in the future, I plan to port it to NetBSD systems too) and try to offer a security integrity checks into that systems (it will check filesystem, kernel structures and MBR of the system against any attempt to change or any changes, and have the capability to recover the system or take it down). During the presentation, many test-attacks will be used to explain how the StMichael actually works to defeat/detect attacks. Also, a sample will be showed, using StMichael and many others kernel security related tools (special focus into PAX). Also, Anti-Forensics techniques will be discussed using hardware interrupts and other methodologies that certainly will almost defeat any kind of forensics analisys

Sun Bing
关于 Sun Bing 孙冰是一位非常优秀的信息安全研究人员，曾经在瑞星西门子等非常著名的公司工作。拥有7年以上的Windows 核心和安全技术（反病毒，防火墙，IPS等)的研究开发经验，特别深入的钻研于防止缓冲区溢出，rootkit检查和X86虚拟机技术。他曾经参与瑞星反病毒软件开发，在XFocus网站发表过“反病毒引擎设计”文章，负责设计和开发过桌面级安全产品LinkTrust IntraSec，曾在XCon2006、POC2006、EuSecWest2007和BlackHat EU 2007发表过演讲。
议题名称 : 利用英特尔南桥之“顶块交换”模式进行BIOS启动劫持议题介绍: 本议题将揭示一种全新的，利用英特尔ICHx（I/O Controller Hub）系列南桥芯片支持的所谓“顶块交换”（Top-Block Swap）模式进行BIOS启动劫持的方法。ICHx的“顶块交换”模式可以使固件集中器（Firmware Hub, FWH）中的顶端块（即BIOS启动块，Boot Block）与其它位置的区块进行交换，这样能够确保启动块即使在掉电情况下的安全升级，但由于目前很多BIOS代码编写上的疏忽，未在启动完成并将控制权交移操作系统前将该交换功能锁定，如此就使得一个原本的安全措施反而变成了一个严重的安全漏洞，其后运行的恶意程序能够非常容易地利用该交换功能对受害主机实施拒绝服务式攻击（DOS Attacks）导致其无法正常引导开机，或者直接注入一段客户化代码至交换区块使其在下一次启动后先于系统BIOS获得执行权进而控制整个系统。本文将详细讨论BIOS存储器芯片内存地址译码图、英特尔ICHx“顶块交换”模式的工作原理、可能的漏洞利用方法以及相应的防范措施。知识需要本议题要求观众具有相当的x86汇编语言和C语言编程能力，并深入理解PC机体系结构及基本部件，例如主板芯片组（南北桥）、BIOS、CMOS等。此外最好对x86处理器体系架构（保护模式、系统管理模式等）、Windows操作系统内核、及一些重要的硬件规范（PCI总线、ACPI、PnP BIOS、EFI等）也有一定的了解。

Sun Bing

关于 Sun Bing: 孙冰是一位非常优秀的信息安全研究人员，曾经在瑞星西门子等非常著名的公司工作。拥有7年以上的Windows 核心和安全技术（反病毒，防火墙，IPS等)的研究开发经验，特别深入的钻研于防止缓冲区溢出，rootkit检查和X86虚拟机技术。他曾经参与瑞星反病毒软件开发，在XFocus网站发表过“反病毒引擎设计”文章，负责设计和开发过桌面级安全产品LinkTrust IntraSec，曾在XCon2006、POC2006、EuSecWest2007和BlackHat EU 2007发表过演讲。

议题名称 :: 利用英特尔南桥之“顶块交换”模式进行BIOS启动劫持
议题介绍:: 本议题将揭示一种全新的，利用英特尔ICHx（I/O Controller Hub）系列南桥芯片支持的所谓“顶块交换”（Top-Block Swap）模式进行BIOS启动劫持的方法。ICHx的“顶块交换”模式可以使固件集中器（Firmware Hub, FWH）中的顶端块（即BIOS启动块，Boot Block）与其它位置的区块进行交换，这样能够确保启动块即使在掉电情况下的安全升级，但由于目前很多BIOS代码编写上的疏忽，未在启动完成并将控制权交移操作系统前将该交换功能锁定，如此就使得一个原本的安全措施反而变成了一个严重的安全漏洞，其后运行的恶意程序能够非常容易地利用该交换功能对受害主机实施拒绝服务式攻击（DOS Attacks）导致其无法正常引导开机，或者直接注入一段客户化代码至交换区块使其在下一次启动后先于系统BIOS获得执行权进而控制整个系统。本文将详细讨论BIOS存储器芯片内存地址译码图、英特尔ICHx“顶块交换”模式的工作原理、可能的漏洞利用方法以及相应的防范措施。
知识需要: 本议题要求观众具有相当的x86汇编语言和C语言编程能力，并深入理解PC机体系结构及基本部件，例如主板芯片组（南北桥）、BIOS、CMOS等。此外最好对x86处理器体系架构（保护模式、系统管理模式等）、Windows操作系统内核、及一些重要的硬件规范（PCI总线、ACPI、PnP BIOS、EFI等）也有一定的了解。

张翼(xyzreg)
关于张翼张翼，xyzreg，安全技术研究人员，现就读于江苏大学信息安全系。主要研究方向就是Windows系统内核、高级恶意软件技术、漏洞挖掘、网络信息对抗、安全软件研发。
议题名称 : 高级恶意软件技术新挑战--突破主动防御议题介绍: 主动防御技术已被杀毒软件、软件防火墙、HIPS等安全软件广泛采用，现有的后门木马、Rootkit等恶意软件面临严峻考验。无论传统的恶意软件功能有多强大隐蔽性有多高，初次安装以及工作时都会被主动防御功能拦截并提示用户，使其无法正常安装和工作。本议题阐述了主动防御技术的应用现状和原理，并深入Windows系统内核详细讲解突破主动防御的各种方法和思路。知识需要 Windows系统机制恶意软件技术安全软件工作原理主动防御现状

张翼(xyzreg)

关于张翼: 张翼，xyzreg，安全技术研究人员，现就读于江苏大学信息安全系。主要研究方向就是Windows系统内核、高级恶意软件技术、漏洞挖掘、网络信息对抗、安全软件研发。

议题名称 :

高级恶意软件技术新挑战--突破主动防御

议题介绍:

主动防御技术已被杀毒软件、软件防火墙、HIPS等安全软件广泛采用，现有的后门木马、Rootkit等恶意软件面临严峻考验。无论传统的恶意软件功能有多强大隐蔽性有多高，初次安装以及工作时都会被主动防御功能拦截并提示用户，使其无法正常安装和工作。本议题阐述了主动防御技术的应用现状和原理，并深入Windows系统内核详细讲解突破主动防御的各种方法和思路。

知识需要

Windows系统机制
恶意软件技术
安全软件工作原理
主动防御现状

Yarochkin Fyodor
关于 Yarochkin Fyodor
议题名称 : 有助于黑客的私人助理议题介绍: 这个议题将会演示一个Fyodor在过去一年一直研究的项目，这个项目的基础概念是创建一个智能的环境，在这个环境里信息能够被网络工具和以手工的方式存储和分享。在这个平台下网络渗透过程实现自动化，包括信息采集，数据分析和攻击阶段，并且可以自动化的数据分类和自我学习。

Yarochkin Fyodor

关于 Yarochkin Fyodor

议题名称 :: 有助于黑客的私人助理
议题介绍:: 这个议题将会演示一个Fyodor在过去一年一直研究的项目，这个项目的基础概念是创建一个智能的环境，在这个环境里信息能够被网络工具和以手工的方式存储和分享。在这个平台下网络渗透过程实现自动化，包括信息采集，数据分析和攻击阶段，并且可以自动化的数据分类和自我学习。

夏超
关于夏超 Xia Chao is a master of the ShangHai JiaoTong University, his main research direction is Vulnerability Discovery in Lab of Cryptography & Information Security . 夏超是上海交通大学的研究生，他在上海交通大学密码与信息安全实验室主要的研究方向就是漏洞挖掘。
议题名称 : 二进制环境下的缓冲区溢出漏洞动态挖掘议题介绍: 这个议题提出了一种在二进制环境下挖掘缓冲区溢出漏洞的新方法。采用动态与静态挖掘技术相结合，对二进制环境下的程序更进一步的查找漏洞。静态方法主要对二进制程序的结构进行分析，包括函数的调用关系，函数内部的结构（循环和选择分支），函数栈帧的特征；动态模拟的方法为程序和函数提供了一个虚拟的运行环境，能使程序在运行的过程中结合一些静态特性，得到该函数的签名，即缓冲区读写语义。最终判定程序中是否有缓冲区溢出

夏超

关于夏超: Xia Chao is a master of the ShangHai JiaoTong University, his main research direction is Vulnerability Discovery in Lab of Cryptography & Information Security . 夏超是上海交通大学的研究生，他在上海交通大学密码与信息安全实验室主要的研究方向就是漏洞挖掘。

议题名称 :: 二进制环境下的缓冲区溢出漏洞动态挖掘
议题介绍:: 这个议题提出了一种在二进制环境下挖掘缓冲区溢出漏洞的新方法。采用动态与静态挖掘技术相结合，对二进制环境下的程序更进一步的查找漏洞。静态方法主要对二进制程序的结构进行分析，包括函数的调用关系，函数内部的结构（循环和选择分支），函数栈帧的特征；动态模拟的方法为程序和函数提供了一个虚拟的运行环境，能使程序在运行的过程中结合一些静态特性，得到该函数的签名，即缓冲区读写语义。最终判定程序中是否有缓冲区溢出

Eric Lien
关于 Eric Lien CEH认证专家，工作于台湾D-SWAT小组（Draytek Security Warning and Anti-attack Team)，擅长程序设计，网络安全和计算机取证。现在致力于研究反病毒和内容安全管理
议题名称 : P2P模糊协议与加密封包的分析议题介绍: 这个议题关注于讲述如何探测P2P模糊协议与加密封包，例如Skype、eMule和Winny，防火墙和IPS/IDP探测他们都是非常困难的。这个议题将会讲述分析过程和评定这些怪异和陌生的协议和数据包。一个确定的和基于行为的探测方法将被在一个SOHO级的路由器VirgorPro上实现。知识需要熟悉TCP/IP协议熟悉Ethereal/Wireshark/Sniffer工具

Eric Lien

关于 Eric Lien: CEH认证专家，工作于台湾D-SWAT小组（Draytek Security Warning and Anti-attack Team)，擅长程序设计，网络安全和计算机取证。现在致力于研究反病毒和内容安全管理

议题名称 :

P2P模糊协议与加密封包的分析

议题介绍:

这个议题关注于讲述如何探测P2P模糊协议与加密封包，例如Skype、eMule和Winny，防火墙和IPS/IDP探测他们都是非常困难的。这个议题将会讲述分析过程和评定这些怪异和陌生的协议和数据包。一个确定的和基于行为的探测方法将被在一个SOHO级的路由器VirgorPro上实现。

知识需要

熟悉TCP/IP协议
熟悉Ethereal/Wireshark/Sniffer工具