[ :: mainpage :: register :: conference :: training :: call for papers (CFP) :: the venue ]
[ :: capture the flag (CTF) :: press/media :: conference agenda :: contact us ]
[ :: forum :: sponsors :: past conferences :: conference kit (PDF) ]

Wes Brown (Founder, Ephemeral Security)

Filed under: Main Page — Administrator @ 10:38 am

May 19, 2006

Presentation Title: MOSREF: Using Cryptography and Injectable Virtual Machines in Security
Presentation Details:

Mosquito is a secure remote execution framework available via LGPL that combines high-grade cryptography and a small efficient virtual machine on both ends to ensure that intellectual property is protected. It also presents a dynamic environment on a target host that can be reprogrammed on the fly over a secure communications channel to fit the current situation.

The virtual machine was written from scratch for this purpose, with a built in cryptography library, and was optimized for size with an eye towards being able to inject it. The virtual machine’s native programming environment is a Scheme-derived Lisp-family language, with an optimizing bytecode compiler. It is also cross-platform using ANSI C and GCC, currently running on OpenBSD, Darwin, Linux, and Win32. Compiled bytecode is portable between these platforms, much like Pascal’s P-code.

The comprehensive talk will cover the framework and methodologies that went into creating a secure remote execution environment. The algorithms used to secure communication channels will be discussed. The virtual machine and language themselves will be covered in some detail along with examples. Additionally, there will be a demonstration of writing an exploit in this framework, and using it to inject a virtual machine on a remote host.

About Wes

Wes Brown is a long-time network security practitioner who specializes in code reviews, web application assessments, penetration testing, and tools development.

Prior to joining Accuvant as a senior security consultant, Wes worked for Internet Security System’s X-Force Consulting team. He conducted hundreds of penetration tests and web application assessments for ISS clients ranging from the smallest to Fortune 500 companies. He was also responsible for many of the in-house tools that helped the external assessment consulting practice succeed. He also can be frequently seen at industry conferences, having spoken at Defcon in the past.

In founding Ephemeral Security, Wes hopes to advance the state of the art in network security by doing innovative and original research work. When not conducting consulting work, he has spent the last year and half on the Mosquito Environment along with other members of his company.

Currently, he is hard at work as one of Accuvant’s lead consultants which gives him an opportunity to test the tools and environments that is developed as part of Ephemeral Security’s research efforts. He does the majority of the automation and tools that streamlines the assessment practice’s engagements, increasing quality while reducing turnaround time. Of course, Wes also does conventional consulting with a keen focus on code reviews and application assessments.

Ephemeral Security: http://www.ephemeralsecurity.com



Event Organizer


Hack In The Box (M) Sdn. Bhd.

Supported & Endorsed By


Malaysian Communications and Multimedia Commission (MCMC)


Malaysian Administrative Modernisation & Management Planning Unit

Platinum Sponsors


Foundstone - A division of McAfee Inc.

Microsoft Corporation

Main Sponsors

Cisco Systems

Lucent Technologies - Bell Labs Innovations

Official Airline Partner


Internet Bandwidth Sponsor


AIMS - Malaysia's Telecommunications Hub

Official Hotel


Westin Kuala Lumpur

CTF Sponsor


Ascendsys

CTF Prize Sponsor


Scan Associates Berhad.


Our Speakers Are Supported By:


Bellua Asia Pacific


Core Security Technologies

Media Partners:

InfoSec News

(ISN) InfoSec News

Virus Bulletin online magazine is dedicated exclusively to reporting and analysing malicious computer programs and spam. The annual Virus Bulletin conference is cited by many in the industry as the anti-malware event of the year.

Insecure Magazine

Phrack Magazine

Hakin9 Magazine

Supporting Organizations


HERT


ISECOM - Insititue for Security and Open Methodologies


IT Underground


Chaos Computer Club (Germany)


X-Focus China

Zone-H Defacement Mirror


Xatrix Security


SyScan


Special Interest Group in Security & Information InteGrity Singapore