Interessantes os nomeados para "Best Server-Side Bug", "Best Client-Side Bug", "Best Privilege Escalation Bug". Engraçados, ou não, os "Lamest Vendor Response". E o prémio para as mais interessantes nomeações vai para... "Most Innovative Research":
- StackjackingJon Oberheide and Dan Rosenberg presented a set of techniques for exploiting Linux kernel vulnerabilities on grsec systems and inadvertantly started an arms race with spender and PaX Team. This work is a great example of research targeting one of the most difficult system to exploit.
- Understanding and Exploiting Flash ActionScript VulnerabilitiesThis research mainly answered two questions: 1) What are the inner mechanisms that cause Flash JIT-level vulnerabilities? 2) How to exploit them on modern operating systems? The answer to the first question lies in the way JIT engine performs the "verification process" (or the "bytecode verifier") of the program flow, which is not error-proof. Those errors enable potential exploitation situations. To answer the second question, the author introduced a situation deemed "Type/Atom Confusion". Then a novel technique called "IEEE-754 trick" was provided to read memory from the process when type confusion happens. Armed with those, Haifei Li was able to exploit Flash ActionScript JIT-level vulnerabilities on modern operating systems like Windows 7, bypassing both ASLR and DEP.
- Black Box Auditing Adobe ShockwaveThis presentation provides a very thorough review of the SmartHeap memory allocator in Adobe Shockwave. The talk focused on the methodology for reversing a large code base with no symbols and included many useful reverse engineering techniques.
- Securing the Kernel via Static Binary Rewriting and Program ShepherdingTo implement some of the ideas from pax-future.txt is one thing, to implement them through static analysis on Windows, rewriting drivers automagically, and have it all work preserving binary compatibility across a wide range of Windows versions: that's deserving of respect.
- Understanding the LFH heapThis seminal paper provides the most details overview of the Low Fragmentation Heap in Vista and Windows 7. Its importance to exploitation cannot be overstated!