HITCON 2012 Review and slides

After more than 30h inside planes and airports, I’m finally back home! Asia 2012 tour is over 🙂

HITCON was really great and well organized. It was bigger than I expected, with lots of curious and cool people. Went in the mood and took many pictures with everyone – there goes my anonymity!

My speaking slot was after lunch, which is a tough one. I could only spot half a dozen sleeping so I might have done a good job. Presentation could have been better but I had no time to practice it – sorry :-(.

Taipei is a nice city and I enjoyed trying all kinds of food and travelling around (I especially loved the Shilin Night Market!).

Had great discussions with Andrey from Elcomsoft, Ryan from Microsoft, Fyodor, William from Nexusguard, Brad and his brother from Verisign and so many others. I wasn’t a great fan of conferences but they are really a good place to meet new people and have interesting discussions (no ego trips, no rockstars).

I definitely recommend HITCON and I hope my contribution helped it to get even better and keep growing. Their hard work deserves it. Thank you to everyone that made the conference possible.

As most probably know now, my presentation was about Mac OS malware, introducing a new PoC infector using an easy to implement code injection technique. I’m still not sure if I will release the code for the infector and library. What I’m releasing is the code for the utility I used to calculate the available free space for potential code injection. It’s available at Github here. I named it calcspace.

The presentation slides are available here.

Btw, you should definitely do a chown -R root:root /Applications, especially if you have any helper binaries installed with your normal user permissions. That 1/2 dayz is really stupid and must be fixed 🙂

Have fun,
fG!

 

One thought on “HITCON 2012 Review and slides

  1. Glad to hear you like Taipei! I’m from Taiwan and I’m just starting my journey on reverse engineering on Macs. Your tutorials are very big help! Hope you can write more interesting articles! Thank you!

Leave a Reply

Your email address will not be published. Required fields are marked *