DC9723/OWASPIL January 2018 Meeting
When: 28 of January, 2018 from 18:30 to 22:00
Where: SafeBreach Offices in Tel-Aviv (Yosef Karo 18, 4th floor, Tel Aviv.)
This month we are doing a joint meeting with OWASP IL.
As always, the talks are free and there is no need to register. Come and bring your friends.
The talks will be uploaded to youtube a week after the meeting.
You can watch the previous talks at https://www.dc9723.org
*We need more talks, please consider submitting a talk for the next DC9723 meeting. For more details and questions, please contact firstname.lastname@example.org
Jumping into Heaven’s Gate – Yarden Shafir
The old days of 32bit applications are long bygone, nowadays most Operating Systems are running in a 64bit environment, requiring 64bit applications.
So how can a 64bit Operating System run a 32bit legacy Application?
The native 64bit environment cannot directly support the execution of a 32bit Application.
32bit Applications expect several surrounding pillars which help it perform necessary actions,
and those no longer exist in a 64bit environment.
However, in practice Windows contains many secrets, and one of those secrets is the WoW64
The Wow64 Subsystem supplies a natural environment for the legacy 32bit Application and enables anyone to run them on newer 64bit Operating Systems without any trouble.
How the subsystem actually does this remains a question to many.
Any Application, whatever its type, begins its execution in 64bit mode.
The Operating System then relentlessly moves forward to the 32bit world by loading the WoW64 Subsystem, in order to let the 32bit Application execute freely.
In this talk we will dive into the WoW64 Subsystem and explain how a 32bit Application performs 64bit (native) system calls.
We will also see how it is possible to exploit this mechanism in order to create smarter malware that evade Next-Generation and Previous-Generation AV products.
Breaking obfuscations – Tomer Zait
During this Session I will demonstrate working with deobfuscation tools I created, of-the-shelf tools and how to create similar tools on your own . In addition, I will touch Android deobfuscation in practice and the obfuscation attack surface each language provides.