Technical conferences often present new and innovative research concerning vulnerability assessment, exploitation and mitigation controls. New offensive and defensive techniques have been evolving for well over a decade. In parallel to this, targeted attacks and the zero-day black-market have created a powerful underground economy that threatens the world’s wealthiest enterprises.

Unfortunately in all this madness, the fundamental practice of vulnerability management has been neglected. Large enterprises often have huge IT estates ripe with technicalities, politics, and organisational constraints. It would seem that relying purely on COTS solutions to manage vulnerabilities is deemed an easy way to tick a compliance box but is never a primary fool-proof solution for managing known vulnerabilities.

The goal of this presentation is to shift the mindset for how large organizations address the challenges of vulnerability management.  A walk-through on architecting and implementing custom vulnerability management technologies will be done - for each component, different options will be presented where possible plus discussion on both technological and process challenges.  The presentation will demonstrate that logical analysis and innovation can significantly evolve a typical COTS approach and give a more realist perspective on this difficult domain.

Matt is a thought leader in procrastination and enjoys spicy food with beer.

If you thought from the title that either was unlikely this presentation will prove you wrong.

Modern Java web frameworks are very complex and are used by some of the most critical web frontends (banks, airlines, etc). However, due to the nature of Java, a lot of people using such frameworks assume that they are immune to certain classes of vulnerabilities and thus use no exploitation mitigation techniques at all.

I'll discuss the current state of (in)security in some of the popular Java web frameworks (e.g. Spring, Struts2) based on my security review, which involved spending no more than one week on each framework. In most cases, I was able to get a shell in a HelloWorld application within 3-4 days.

The presentation will also cover some of the ways to harden web applications built using these frameworks.

Meder Kydyraliev has been working in the area of web app security for the past six years. He's worked as a security consultant for one of the Big 4 and currently works in Google Security Team. Meder has contributed some of his time to open-source projects such as xprobe2 and webscarab and was a speaker at conferences such as HackInTheBox, Syscan and Bellua.

In the last five years, virtualisation software has been massively adopted by companies as a means to reduce costs, achieve instant scalability and possibly better their security through isolation. Recent numbers indicate that 78 per cent of companies have their production servers virtualised, and 20 per cent of them actually only rely on virtualised servers.

 At the same time security auditing of such software poses unique challenges, in particular when it comes to dynamic testing.

In this presentation, I describe a methodology for the security assessment of virtualisation software based on switching the CPU mode to virtual 8086 mode in order to get access to the (possibly virtualised) hardware, that aims at being both generic (applicable to both x86 and x64 architectures) and extremely large in terms of code coverage. I have implemented this technology under the form of a dynamic testing tool which has proved to be very efficient in finding bugs in virtualisation software.

Jonathan is a security engineer specialised in low level vulnerability discovery. He has presented his research at some of the best conferences worldwide, including h2hc (Brazil), Hackito Ergo Sum (Paris) — of which he is one of the core organisers, Hack in the box (Amsterdam) and DEFCON (Las Vegas) among others.

Today’s information systems are giant mesh of complexity. Typical consumer systems have large numbers of software created by different software manufactures installed on their machines. This mesh of software creates an ecosystem, where software is intertwined and in some cases dependant on each other. When one piece of the ecosystem gets out of line, it can have a dramatic effect on the ecosystem as a whole. A small vulnerability or even an ‘annoying’ behaviour from one piece of software can alter the behaviour of a 2nd piece of software, a behavior which a 3rd piece of software is depending on for a security decision.

Enter the world of blended vulnerabilities and attacks.

This talk will discuss the details of various ‘blended’ attacks and demonstrates the chaining of seeming low risk vulnerabilities and unusual design decisions from popular software together to create a higher risk exploit.

Billy Rios is currently a security researcher for Google where he studies emerging security threats and technologies. Before Google, Billy was a Security Program Manager at Microsoft where he helped secure several high profile software projects including Internet Explorer. Prior to his roles at Google and Microsoft, Billy was a penetration tester, making his living by outsmarting security teams, bypassing security measures, and demonstrating the business risk of security exposures to executives and organisational decision makers.

Before his life as a penetration tester, Billy worked as an Information Assurance Analyst for the Defense Information Systems Agency (DISA). While at DISA, Billy helped protect Department of Defense (DoD) information systems by performing network intrusion detection, vulnerability analysis, incident handling, and formal incident reporting on security related events involving DoD information systems. Before attacking and defending information systems, Billy was an active duty Officer in the United States Marine Corps.

Billy has spoken at numerous security conferences including: Blackhat briefings, Bluehat, RSA and DEFCON. Billy holds a Bachelors degree in Business Administration, Master of Science degree in Information Systems, and a Master of Business Administration.

This presentation is based on the Verizon Business Data Breach Investigations Report1 (DBIR) and will be delivered by Mark Goudie, one of the co-authors of the report. The DBIR is a collaboration between the United States Secret Service Cyber Intelligence Section and Verizon Business to collect and analyse what we believe to be the world’s largest study of data breaches consisting of over 900 cases and 900 million compromised records across six years.

We have learned a great deal from this journey and we’re glad to have the opportunity to share these findings with you. As always, our goal is that the data and analysis presented in this report prove helpful to the planning and security efforts of the audience. To ensure we provide an informative and balanced view, the presentation will show the effects of these attacks from two perspectives, firstly the number data breaches and the number of records, or pieces of data stolen.

Mark Goudie is the Verizon Business Managing Principal for Investigative Response in Asia-Pacific and brings more than 20 years experience in IT to this role. He is a Melbourne resident and an experienced computer forensics investigator that has led many high profile data compromise investigations. He is an author of the Verizon Business Data Breach Investigations Report and is a regular speaker at industry conferences including AusCERT, OWASP, PCI DSS Compliance Conference, and the INTERPOL Information Security Conference.

More and more organisations think an automatic web scanner can replace pentesters. Even if it may be true in some cases, I will demonstrate that most web scanners don't do a decent job and cannot be used to ensure that a website is secure.

 Most arguments against web scanners are based on the fact that these scanners cannot understand the business logic behind applications however, we will see that scanners are not even able to properly find vulnerabilities like SQL injections or command injection vulnerabilities.

Based on commercial and open source tools, this presentation will take some examples of web vulnerabilities and go through each scanners results for good lulz.

Snyff is a French security consultant working in Melbourne. He specialises in web security and tries not to waste his time on mouse-over-click-jacking or any other ridiculous web vulnerabilities. He also enjoys playing with commercial web scanners and lolling at how shit they are. His hobbies include drinking Fat Yak, mirc32.exe, yelling at strangers and wearing Speedos.

Everyone wants better code coverage for their fuzzers. Work in the field has ranged from the extremely theoretical to the downright impossible. Recently, Microsoft and Charlie Miller both released research on using run-tracing to select a set of templates, in such a way that maximum code coverage is achieved. Trouble is, Microsoft has the advantage of source code access, and Charlie is using Valgrind.

The bad news for people fuzzing Windows files is that there have been no viable options for closed source targets. Well, now there are. We're releasing some scripts to mine search engines for templates, a scriptable run-tracer that doesn't suck, and the post-processing backend to select the minimal template set. We'll also drop some interesting fuzzing metrics based on our internal use of Prospector and probably an 0day or two.

Ben Nagy is a senior security researcher with COSEINC and has recently moved from Kuala Lumpur to hack with a view of the mountains in Kathmandu. For over a year he has been exploring ways to improve fuzzing scalability, especially against complex, closed source targets like Windows and Office. Previously working on liver destruction with eEye in Geneva and Bangkok, Ben has written whitepapers on a number of subjects and presented at conferences in Europe, Asia and Australia. Ben is probably that guy over there drinking beer and talking about Ruby.

In September Juliano Rizzo and Thai Duong unveiled their latest masterpiece: A padding oracle attack on the crypto implementation of the ASP.net framework allowed them to download any file. Their original presentation did not fully unveil how to practically implement the attack.

This hands-on presentation is the result of our notes and experience in developing a reliable exploit for the padding oracle attack against ASP.net.

It takes you from a simple CAPTCHA crack to a fully optimized padding oracle attack against ASP.net that bypasses all typical workarounds.

Nicolas Waisman joined Immunity in February 2004. Nicolas has experience in all areas of offense-related software security, from vulnerability analysis to exploit and trojan development. Nico is an internationally recognized heap expert and teaches Immunity's most advanced class, heap exploitation. Nico has taught governments and commercial sector students from all over the world in both private and public classroom settings.

Shellcode is the crux of any exploit being run today. It dictates what the exploit aims to gain from its use — without shellcode the exploit does nothing. Understanding what shellcode does can be a major step in the incident handling process. Shellcode can do anything you can imagine code could do. Not every shellcode used in an exploit downloads malware or spawns a shell.

Times have changed and the targets have updated their protection. Shellcode today could be a straight forward API call to download a file and execute it or it could be code to just disable/create a firewall rule on your windows server.

Catching an exploit is a great step in understanding the purpose of an attack. Extracting and reviewing the shellcode will allow you to streamline your incident handlers to collect malware and focus their reviews on particular services or applications.

This talk will demonstrate methods on captured exploits for extracting shellcode and understanding its purpose.

Matt is a Senior Threat Analysis escalation engineer located in the Brisbane SOC. He is working on getting his SANS GIAC Reverse Engineering Malware certification (and hopes to have this cert prior to presenting ). Working in the SOC gives Matt a great perspective on active exploitation in the wild and the techniques used by malware authors and pentesters. Matt has a considerable employment history including deployment, pentesting and network administration.

After using the Linux kernels native kprobe API for security purposes, it was a natural thought that using kprobes for anti-security was quite viable as well. I will be discussing the application of kprobes in general, some of the kprobe internals, and examples with proof of concept rootkit technology, and methods of hooking functions for other purposes using kprobes - despite certain constraints that are implemented into the kprobe interface.

 The pros and cons of using kprobes for modifying kernel code will be discussed. I will also go over methods of preventing kprobe malware detection, as well as methods of detecting kprobes even when they are unlinked or hidden from sysfs.

Ryan O'Neill is a professional computer security researcher from the USA whose job entails kernel development for many innovative and exciting projects that fall under such categories as anti-forensics, forensics, RE, and solutions for exploitation prevention — the list goes on.

Ryan holds a secret government clearance and works mostly on projects funded by the DoD Through an un-named (but super elite and unique) company based in the US.

Ryan has been a security hobbyist since 1999 when he first installed Linux and began programming in C. Immediately security became an interest and over the years Ryan has learned and developed a broad range of hacker technology such as exploits, rootkits, and anti-forensic technology. Of course, this has not been without the help of friends and mentors along the way.

 Ryan would say that he loves the security aspect of engineering code because of the vast amount of space left open for creativity and solving hard problems that sometimes require an artistic mindset... not to mention the everyday experience to learn something new.

Virtualisation and cloud computing technologies provide a unique set of security problems. Where one host runs multiple virtual guests, a new inter-guest attack surface is exposed. Several recent vulnerabilities have taken advantage of this, allowing for inter-guest attacks. This talk describes the key categories of virtualisation related vulnerabilities, narrated by a time line of critical CVEs. Defence attempts are also discussed, with emphasis on SELinux and the efforts of the sVirt project.

David Jorm is a software engineer and technical writer based in Brisbane. He has worked on superannuation fund infrastructure, web apps security, optical character recognition, meteorological synoptic networks, Chinese hotel reservations and mental health education initiatives. He currently works as a technical writer for Red Hat, specialising in virtualisation products. He also runs an international autonomous worker collective for web application development and studies Geography, Mathematics and Chinese at the University of Queensland.

This presentation aims to explain why security consultancies are losing the war in providing meaningful value to clients in Australia and what the security industry must do to affect positive change. Conversely, this talk will also cater to potential clients who wish to commission penetration tests what they need to do in order to gain the greatest value from them by creating an environment that is accepting of the problems and a willingness to properly remediate findings.

This talk is not intended to pinpoint blame but rather provide an industry update with some context. While the conclusions can be debated, the evidence presented will be irrefutable that changes are needed.

This presentation will be delivered by someone who has walked both sides of the fence - the client's side having hired multiple professional penetration testing teams and driven remediation efforts, to the consulting side and seeing the commercial realities facing consultancies and the pain experienced by multiple clients.

Jarrod Loidl is a Senior Security Consultant with Dimension Data specialising in Risk and Design services. He has presented at the Melbourne AISA and OWASP chapters as well as Dimension Data clients around the country. He holds a strong interest in security architecture, penetration testing and pragmatic approaches to security and risk management.

With the growing popularity of Computer Forensics and Electronic Discovery in both law enforcement and the private sector the recent focus has very much shifted towards vendors creating bigger, better and faster programs to analyse, examine, search and recover electronic evidence.

Point and click tools and training courses churn out today’s ‘certified’ examiners, many of which forget the most important and fundamental tools of a good forensic operator: Deep knowledge and Skills.

Using real world case examples I will show how cases can be won or lost not on the power of the software used, but on the in-depth understanding of operator. I'll also give examples of how accurate results can be achieved using standard non-forensic tools and Open Source utilities.

Adam has over 15 years of experience in the IT industry specialising in data conversion, data recovery, computer forensics, and electronic discovery. He has given evidence in just about every major court jurisdiction in Australia on everything from high profile corporate crime to murder cases, as well as performing large scale investigations for the ACCC, ASIC, and the CDPP among others. He designed and developed the protocols for the conversion of all legacy computer media for the national archives of Australia and has managed some of the largest e-discovery jobs performed in the country.

There has been a rise in the popularity of picking locks for fun in the last decade. Through live demonstrations, this presentation will introduce the unfamiliar to the weaknesses of pin-tumbler locks. An informal hands-on workshop and discussion will follow.

Graeme is an IT professional by day, and can usually be found playing music and drinking in overpriced Melbourne bars by night. After he has mastered picking locks, the unicyle is next.

An in-depth look into Data Execution Prevention on Windows systems, and how it can be bypassed. Multiple different bypass techniques will be explained in technical detail, covering Windows 2003 through to Windows 7. Examples will cover both stack and heap exploitation scenarios, and will cover DEP opt-in/out/permanent states.

Having conducted vulnerability assessments, network reviews, and penetration tests for the majority of the large companies in New Zealand, Insomnia founder Brett Moore brings  over six years experience in information security. During this time, Brett has also worked with companies such as SUN Microsystems, Skype Limited and Microsoft Corporation by reporting and helping to fix security vulnerabilities in their products. Brett has released numerous whitepapers and technical postings related to security issues and has spoken at security conferences both locally and overseas, including BlackHat, DEFCON, Ruxcon, and the invitation only Microsoft internal security conference called BlueHat.

The Kindle is an e-book reader device with a number of unique features. There are a number of security layers in this device, all of which are easily defeated. In this talk Peter will discuss the existing methods of bypassing these security layers and then onto some non-conventional uses of one particular feature: the celluar data connection. The outcome of which the establishment of an SSH tunnel via this device. Tethering your kindle? Yes.

Peter Hannay is a PhD student, researcher and lecturer based at Edith Cowan University in Perth Western Australia. His PhD research is focused on the acquisition and analysis of data from small and embedded devices. In addition to this he is involved in smart grid research and other projects under the banner of the SECAU research organisation.

Sooner or later, most IT folks will be asked to do some form of investigation, whether it's looking into misuse of email or the Internet, investigating a system compromise or even a rogue employee stealing company secrets. Most will have the technical skills and interest to help, but can easily get caught in the minefield of technical, legal and procedural traps that computer forensic investigations entail. Based on the philosophy that it's always good to learn from mistakes - especially someone else's - this presentation will be full of war stories and practical advice to help you get results while staying well clear of the deep stuff.

Nick started life as an IT auditor before moving into IT security back in the 90s, when companies started connecting to the Internet. He worked in the High Tech Crime team of the Australian Federal Police on cases ranging from counter terrorism to computer hacking, before joining Deloitte's Forensic practice in 2005. Last year he started his own independent computer forensic company based in Sydney and hasn't seen much daylight since. Today his investigations include financial fraud, corruption, employee misconduct, theft of IP, authenticity of evidence, commercial litigation, e-discovery, online child abuse and even a bit of good old fashioned SQL injection.

This talk will show an attempt to build the typical manual reverse engineering process of identifying what data structures a program uses into an automated tool that you could run before ever having to look at a binary.

Along the way we will look at some specific implementation details, some prior work in this area, and some ideas interesting tools and ideas from academia that I stumbled into while trying to attempt this, examine what I did wrong, how doing it wrong helped and hindered me, and possibly release a working tool for people to use.

kuza55 isn't really sure why he still goes by his handle, given you can pretty easily find his real name by now, however he's been giving presentations (mostly on web security) with it since 2007 at conferences such as CCC, Bluehat, XCon and Ruxcon. Currently kuza55 is working for Azimuth Security where he gets to build cool stuff like the above in his work time!

The Australian Communications and Media Authority (ACMA) are helping in the fight against botnets with the Australian Internet Security Initiative (AISI), an anti-botnet initiative developed in house.  This talk will provide an overview of our activities within the ACMA, focusing on the AISI, its data sources and technology used and related systems such as the Spam Intelligence Database (SID).

Mark Chaffe is a security professional living in Melbourne.  He works in the e-Security Operations Section at the Australian Communications and Media Authority.

The Australian Federal Police's High Tech Crime Investigations area deals with an increasingly wide variety of cases and incidents each year. In this presentation you will be taken through a few of the more interesting cases and incidents with an eye to providing the audience with an insight into the types of work the AFP are tasked to undertake each day.

Alex has been in IT security for almost 10 years, his background is in (legitimate) online casinos and banking IT security. He is currently fighting the good fight with the AFP's High Tech Crime Operations/Investigations area. He is a Queenslander who is trying to deal with the weather in Melbourne where he now lives.

Silvio developed a signature based Malware detection system using control flow graphs as features for his Masters work. Two academic papers were published during this time. He continues the work on malware classification in his PhD. The work is distinguished from previous research by being able to approach the speed and efficiency of traditional Antivirus, yet with the significantly increased effectiveness of using control flow based signatures. Control flow is seen a more accurate identifier of malware variants and relies on fingerprinting program structure instead of the byte-level content. The system is designed to scale for potential applications including desktop Antivirus, E-Mail and Internet gateways.

Silvio Cesare is a PhD student at Deakin University. He has recently submitted a Masters thesis on ‘Fast Automated Unpacking and Classification of Malware’ to CQ University. Silvio has previously worked in the United States, France, and his home of Australia in the security industry before pursuing academic studies. His past work includes being the Scanner Architect for vulnerability management company Qualys. He has presented at academic and industry security conferences including Blackhat and Cansecwest. Silvio presented at the first Ruxcon in 2003 documenting vulnerabilities resulting from an audit of the open source operating system kernels. He has published full papers for partial results of his Masters thesis at AINA2010 and AusPDC2010.

Hackerspaces are creative places for geeks. They're workshops full of equipment, tools and materials, where people come together to work on projects, share ideas and collaborate.  Ever wanted to use a 3D printer?  Cut metal in a CNC miller?  Need a soldering iron at 3am?  Then hackerspaces are for you.

Robots & Dinosaurs runs a space for hackers in Sydney. It has a DNA sequencing machine, a MakerBot 3D printer, multiple CNCs, a furnace, a woodworking shed, two sewing machines, ADSL2 and a frankly unreasonable number of soldering irons. It's also a really open community: every geek is right at home. People work on a huge range of projects in a big communal space. There are active spaces in every capital city, which you can find at hackerspaces.org.

Hackerspaces embrace open standards, including the Open Hardware Definitions, open source software, and collaborative software sites.

A show and tell of some member’s projects will be done including 3D printers, quadcopters and animatronic squid hats, amongst others.

Gavin Smith is the president of Robots & Dinosaurs, the Sydney Hackerspace. He built a MakerBot 3D printer, and runs it at the space alongside a CNC milling machine and ‘Mr DNA’, the DNA sequencing machine.  He competed in Rocket Car Day XII, beating several other cars with his innovative 'big block of wood' design. Professionally he's a robotics and automation engineer, and worked on commissioning the storage ring RF system at the Australian Synchotron.

Project 25 (P25) is the standard used by police and emergency first-responders across the US, Australia and New Zealand. OP25 is a free software project we've initiated that allows us to receive, analyse and transmit P25 traffic using the USRP/GNUradio software-defined radio suite.

This presentation will give an introduction to the basics of software-defined radio using the GNURadio framework, provide a detailed analysis of some of the security flaws present in P25 and show how these can be exploited to conduct targeted denial-of-service attacks and key-recovery attacks.

Steve Glass is a researcher living in Queensland who's been working in he area of wireless networks, network security and cryptography. For fun Steve likes to play the trumpet, enjoys cycling and rows narrow, unstable boats on the Gold Coast's shark-infested waterways.

Matt Robert is an independent security researcher with an interest in GNUradio, wireless/RF technology and cryptography. He is employed as a IT Infrastructure engineer. In his spare time he enjoys flying competition aerobatics in a small, high powered biplane called the Pitts Special over the outskirts of Sydney.

We have recently been asked to perform a number of security assessments which use Java serialised objects to communicate information between client and server. This approach is quite common, particularly in applications which implement some form of thick(ish) client. However, whenever I see these things flying across my proxy I always get excited and think "there has to be something wrong here..."

So is there something really wrong? What should we be concentrating on when trying to attack these applications?

Daniel is a security consultant with stratsec, specialising in application security assessment. He constantly tries to write an amazing bio and consistently falls short off the mark.

RFID technology is the new cool. It’s the access pass around our neck, the overpriced contactless train ticket that goes “ping” and the payment card that doesn’t bother with two factor authentication.

Even with issues with the underlying architecture, the majority of implementations out there haven’t quite thought things through (like getting rid of manufacturers keys and locking down the read/write access).

We’re going to melt back the noooiiiice looking plastic on RFIDs and see what’s inside before the government starts using them as mind control devices.

Edward works for a living. Does not feature as an expert on today tonight, does not have a blog, master’s degree, Armani suit, overpriced haircut, pink flashy lights, chrome plating or apple product.

This talk will be one part "Oh look what we can do when we have a Python API for converting code into equations and solving them" and one part "Here's why the world falls apart when we try to attack every problem in this way".

One popular method of automated reasoning in the past few years has been to build equational representations of code paths and then using an SMT solver resolve queries about their semantics. In this talk we will look at a number of problems that seem amenable to this type of analysis, including finding ROP gadgets, discovering variable ranges, searching for bugs resulting from arithmetic flaws, filtering valid paths, generating program inputs to trigger code and so on.

At their core many of these problems appear similar when looked at down the barrel of an SMT solver. On closer examination certain quirks divide them into those which are perfectly suited to such an approach and those that have to be beaten into submission, often with only a certain subset of the problem being solvable. Our goal will be to discover what problem attributes place them in each class by walking through implemented solutions for many of the tasks. Along the way the capabilities and limitations of the modern crop of SMT solvers will become apparent. We will conclude by mentioning some other techniques from static analysis that can be used alongside a SMT solver to complement its capabilities and alleviate some of the difficulties encountered.

Sean is a security researcher with Immunity. His primary interests are in software verification/program analysis and it's applications to vulnerability detection, reverse engineering and exploit development. Before joining Immunity Sean was a student at Oxford University where his research focused on combining run-time dataflow analysis and decision procedures for exploit generation.

[DnsÜberNOOBer] – A tongue in the cheek word used by the presenter to point out and express various frustrations while developing a DNS enumeration tool called DNSFootprint. The tool embodies years of research, epic programming failures, and the successes of a pentester that is one glass of red wine away from being certifiably obsessed with enumerating DNS.

The presenter aims to educate the “young ones” and re-educate the “experienced ones” in the dry art of DNS enumeration. DNS enumeration, or DNS footprinting as referred to by some, has a couple of must-have procedures that have been discussed in detail in public forums and past presentations. Yet in many cases the must-have steps are skipped, failed or just plainly ignored.

The presentation will give the audience a good once over of the basics highlighting tried and trusted techniques for DNS enumeration.
Continuing on from the basics the presentation delves into the details of affective targeted DNS enumeration. This includes improved existing techniques and new techniques that enabled the presenter to enumerate through continents of DNS while searching for his cigar cutter.

Jaco van Heerden is an IT Security Specialist with over 12 years experience in the industry, having held senior roles at various organizations including Nanoteq, SensePost and Dimension Data.

Jaco has had in-depth exposure to global organizations in various sectors including: government, military, financial and legal services, telecommunications, education, gaming and wagering, entertainment and healthcare.

Jaco is currently an independent consultant providing security consulting and penetration testing services.

Return-oriented programming is one of the most advanced attack techniques available today. This talk presents algorithms which allow an attacker to search for and compose gadgets regardless of the underlying architecture using the REIL meta language. We show a return-oriented compiler for the ARM architecture as a proof-of-concept implementation of the algorithms developed and discuess applications to the iPhoneOS platform. This compiler accepts inputs in an assembly-like language, simplifying the otherwise tedious gadget selection process by hand. Thus enabling the researcher to focus on the other parts of successful exploitation by minimizing the shellcode development time.

Tim Kornau is a developer and researcher at the zynamics GmbH. He has studied at the Ruhr-University in Bochum Germany and has a master in IT-Security. He has held lectures at the Ruhr-University Bochum mostly about offensive computer security and Malware research.