Blog

Project Heapbleed

I recently presented a talk on heap exploitation abstraction at two conferences, namely ZeroNights 2014 (Moscow, Russia) and BalCCon 2014 (Novi Sad, Serbia). The talk titled “Project Heapbleed”, collected the experience of exploiting allocators in various different target applications and platforms. The talk focused on practical, reusable heap attack primitives that aim to reduce the exploit development time and effort.

Using SystemTap to determine the exploitability of unbound memory overflows

Hello, my name is Nikos Naziridis and I am a security researcher at CENSUS. In this post, I will present how SystemTap and kernel instrumentation in general, could be used to aid the process of determining the exploitability of unbound memory overflows and the detection of thread race condition bugs.

IMAPPS14 — Secure Mobile App SDLC

Here are the slides for our recent (albeit short) talk on “Secure Mobile App SDLC”, as presented at the 4th Infocom Mobiles and Apps conference.

How to enhance penetration testing through vulnerability research

The slides from my short presentation on “How to enhance penetration testing through vulnerability research” from the 3rd Infocom Security conference, are now available here (in Greek).