Tried, Tested and Proven

Tim Brown of Portcullis will be presenting ‘I miss LSD’ at the annual 44CON.

44CON is an annual Information Security Conference and Training event taking place at the Millenium Conference Centre in London. The event is designed to provide something for both the business and technical Information Security Professionals.

Tim was more than happy to share an overview of his presentation:

‘I miss LSD’

A wise man once said (paraphrased) “if you want to find UNIX bugs, compare and contrast the Linux and Solaris man pages”. Following on from my previous work on linker bugs and more recently AIX (at 44CON 2012), we’ll look at some of the more interesting areas of the POSIX specification, focusing on the various IPC mechanisms that can be found in modern POSIX alike OS as well as kernel land more generally. I’ll present some new tools I’ve written to aid in this analysis along with some discussion around how I uncovered potentially exploitable bugs in ~400 Debian GNU/Linux packages in a single day.

Tim’s previous presentation at the 44CON was on Big Game Hunting: Simple techniques for bug hunting on big iron UNIX.

Would you like to attend the 44CON?

Those interested in attending can apply directly at 44CON. Please visit their site for more information.