Back from RECon 2012

This is mostly a cross-post from Nahuel’s blog.

Almost ten days ago, on June 16th 2012, my friend Nahuel Riva and I presented our first talk ever at RECon, in Montréal, Québec, Canada.

Our talk was titled “Dynamic Binary Instrumentation frameworks: I know you’re there spying on me“, and we presented about 20 techniques to detect if our code if being instrumented with a DBI-based tool, focusing on Pin, Intel’s DBI framework.

Some highlights from our experience at RECon:

  1. Montréal is a fantastic city. Delicious food, great beer, very nice people and a huge music festival: Les FrancoFolies!
  2. RECon conference was great. Top-level talks. RECon is  THE reverse engineering conference, period.
  3. Our talk (our first talk ever at a conference!) went fine. The minutes before our talk we were nervous, but fortunately that feeling disappeared as soon as we put our feet on the speaker’s platform.

You can find the slides for our talk here . During our talk we have released a tool called eXait (the eXtensible Anti Instrumentation Tester), a benchmark-like tool to test all the anti-instrumentation techniques we’ve discussed during our presentation. You can download eXait (source+binaries) here.

UPDATE: Here are a couple of blog posts by other people reviewing talks from RECon, including our talk:

SecuInside CTF 2012 – Beast Writeup

As usual, let me start this write up by saying thank you to my teammates, NCR and Archie!

In the Beast challenge of the SecuInside CTF 2012, we were presented with the following web page:

Note that I’ve added in red color the name of the fields for convenience.

The source code of this page was available:

Continue reading

Defcon 20 CTF Prequals 2012 – Forensics 300 Writeup

So Defcon 20 CTF Prequals 2012 has finished! As in PlaidCTF, I’d like to say thank you to my teammate, Archie!

Let’s start with the Forensics 300 writeup.

The description of the challenge was just “Please get my key back!“, and we were provided with a file named for300-47106ef450c4d70ae95212b93f11d05d.

Let’s start examining the file:

francisco@sherminator:~/Downloads$ file for300-47106ef450c4d70ae95212b93f11d05d
for300-47106ef450c4d70ae95212b93f11d05d: data

Continue reading