HITB Amsterdam 2010 quick thoughtsMon 05 July 2010 by alex
Just last week, a few lucky people from our lab did attend the HITB Conference in Amsterdam (the first time for HITB in Europe!)
We had a really great time there.
Damien and Christophe gave a presentation about the subversion of the Windows 7 x64 kernel using DMA attacks, from a specially-crafted cardbus (PCMCIA) hardware component. The slides are available here, or directly from the conference's website.
Yoann and myself provided a Metasm training, where the goal is to learn to harness the Metasm framework by practising on specially designed examples. We also held a live HITB lab, mixing practical demonstrations and discussions with the audience about the framework.
The other presentations were pretty varied, but one great feature of HITB is the various labs (2 hour sessions) and hackerspaces doing live interactive demos on various subjects. Especially, the Arduino lab was the occasion to try our hands on this great hardware. We were given a few samples to play with, and a few other components (leds, resistors, a few arduino extension "shield"). Add the USB cable, and you're ready to go.This was the occasion to create the classic but timeless "blinking led", and the inevitable "Knight rider". It is indeed very easy to program, cheap, and fully open-source, so thanks again to the workshop organizers, especially fish_, for this experience!
The conference was overall very interesting, with always some great things going on somewhere, and we look forward to next year's edition.
In a few days, Yoann and myself will also attend the RECON conference as speakers. During our talk, we will show how Metasm allows to efficiently build a multi-platform code tracing tool. We will demonstrate the use of the tool on various debugging environment, including a specific target to debug the firmware live off a network card, which is running inside the NIC chip (not on the main CPU).
In case you are in Montreal at this time, come see us, either to discuss about Metasm and hardcore reverse engineering, or simply to share a beer (or two). Do not hesitate to drop us a message!