Presentation Title: Finding Secrets in ISAPI
Presentation Details:

Developers programming in C/C++ hide secrets in code. Assumptions are made that no one can read the content of a binary. This talk will give a brief introduction on how to start performing binary analysis, how to circumvent some basic debugger checks and how to find secrets hidden in code. The example code that is demonstrated is an ISAPI which will be decompiled and demonstrated to help find the secret as well as look to writing an exploit. The talk will be mostly demonstration based and would require some basic understanding of programming concepts.

About Nish

Nishchal Bhalla is a specialist in product testing, code reviews, web application testing, host and network reviews.

He has coauthored “Buffer Overflow Attacks: Detect, Exploit & Prevent”and is a contributing author for “Windows XP Professional Security” and “HackNotes: Network Security”. Nish has also been involved in the open source projects such as OWASP and YASSP. He has also written articles for securityfocus.com and also spoken at web seminars for Global Knowledge and University of Florida.

Prior to joining Security Compass, Nish was a Principal Consultant at Foundstone, where he performed numerous security reviews for major software companies, online banking and trading web sites, and e-commerce sites. He also helped develop and teach the “Secure Coding” class, the Ultimate Hacking, Ultimate Web Hacking and Ultimate Hacking Expert classes. Prior to working at Foundstone, Nish provided engineering and security consulting services as an independent consultant to a variety of organizations including Sun Microsystems, Lucent Technologies, TD Waterhouse & The Axa Group.

Nish holds his Masters in Parallel Processing from Sheffield University, is a post graduate in Finance from Strathclyde University and a Bachelor in Commerce from Bangalore University.