DFRWS 2011 Keynote Speakers

Sebastian Porst

Analyzing Adobe vulnerabilities: A technical and organizational perspective

Abstract: Adobe products like Adobe Reader or Adobe Flash have been the biggest targets of malicious attacks in the last few years. As a result of this, Adobe has begun to implement significant measures to improve the security of their products and many independent security researchers are now focusing on Adobe. I have experience working on both sides of the fence, first working independently on analyzing Adobe software and later working directly with Adobe on their vulnerability assessment. Using Flash as an example, I will describe the low level details of vulnerability research and file format analysis by describing a real life example of a Flash vulnerability that was exploited by malware in the wild and what is necessary to figure out what the bug was in Flash Player. Then, I will wrap it up by describing how this ties back to the processes Adobe put into place to work with external security researchers and partners, for example through the Microsoft MAPP program.

Bio: Sebastian Porst has been a binary file reverse engineer for more than ten years. After getting his Masters degree in Computer Science, he joined the German reverse engineering startup Zynamics where he was lead developer of the three popular reverse engineering tools BinNavi, BinCrowd, and PDF Dissector. PDF Dissector was successfully marketed to companies and government agencies around the world and quickly became the most powerful PDF malware analysis tool on the market.

Drawing on his experience with analyzing malware and security vulnerabilities in Adobe products, Sebastian was then hired by Microsoft and Adobe to become the primary vulnerability researcher for Adobe products on the Microsoft Active Protections Program (MAPP), a program that aims to supply program partners with advance notification about vulnerabilities before patch Tuesdays. In addition to his paid work, Sebastian is the lead developer of a collection of open source tools for Flash malware and vulnerability analysis and he has been speaking about reverse engineering at IT security conference around the world since 2008.

Christopher Day

Challenges and Opportunities for Digital Forensics in the Cloud

Abstract: This presentation will discuss the issues involved with acquiring digital evidence from virtualization systems such as VMware and Xen-based systems, as well as so-called cloud computing platforms that rely on these technologies to provide organizations and users with highly-scalable and distributed computing capabilities. Attendees will learn how virtualization systems work and the particular challenges they pose to the forensic investigator. In addition attendees will learn about the most common types of cloud computing platforms and how each introduces additional challenges for the investigator above and beyond those presented by virtualization technologies. The discussion will provide practitioners a primer for these increasingly common but, to some, still mysterious, technologies and platforms that they will likely be asked to perform forensics acquisitions and investigations on in the near future. This presentation will also present some practical techniques and procedures practitioners can utilize in their work with these systems.

Bio: Christopher Day joined Terremark Worldwide, Inc. in December 2005 as Senior Vice President, Secure Information Services. He is responsible for global information security services provided to Terremark customers both in the commercial and government sectors. Prior to Terremark, Mr. Day was Vice President for SteelCloud, a publicly traded network security product and services firm headquartered in Herndon, Virginia. Mr. Day was responsible for directing SteelCloud's investments in advanced technology as well as leading the design and development of SteelCloud's proprietary security systems.

With over fourteen years in the information security industry and working with Fortune 1000 companies and financial services firms in the United States, Latin America, Europe, the Middle East, Asia and Africa, Mr. Day has led numerous consulting projects in the areas of security audit, vulnerability assessment, computer forensics, and secure systems design. Christopher has also been involved with various security incidents dealing with system intrusions, theft of intellectual property, harassment, and fraud including serving as a testifying expert witness.

Mr. Day regularly lectures on computer forensics, incident response, intrusion detection/prevention, and wireless technology security. Christopher is a contributing author for the books Going Mobile: Building the Real-Time Enterprise with Mobile Applications that Work and Computer And Information Security Handbook. Mr. Day has been awarded two patents in the areas of Intrusion Detection (#7017186) and Wireless Network Security (#7020476), respectively, and has two others pending.

©2001-2016 DFRWS   |   dfrws [at] dfrws [dot] org  

DFRWS is a US 501(c)(3) non-profit organization.