Blog Archives

Derbycon 7 – JReFrameworker: One Year Later

Abstract:  JReFrameworker is a Java bytecode manipulation tool released at DEFCON 24 that lowers the barrier to entry for developing Managed Code Rootkits in the Java Virtual Machine. Bytecode manipulations are written entirely in source code, removing the need for any pre-requisite knowledge of bytecode internals and allowing anyone with a basic working knowledge of […]

Categories: Talks

MathWorks 2017 Research Summit – Demystifying Cybersecurity for CPS Community

Abstract: It is challenging for the cyber-physical systems (CPS) community to understand the essentials of cybersecurity. “Security Patch” or the “Kill Switch for WannaCry” jargon is at best oversimplified and superficial to convey essential cybersecurity knowledge. Cybersecurity problems are often rooted in the complex CPS software. For the CPS community, the challenge is to understand […]

Categories: Talks

2017 ACSS Conference Keynote Talk – Euler, the 336 Million Dollar Software Patent: Reflecting on How to Solve Hard Software Problems

Abstract:  The size and complexity of software, the labor cost of programming, and the dire consequences of software malfunction have made it a nightmare to maintain software-intensive cyber-physical systems. Agile development, programming languages, component libraries etc. help but they do not suffice to ensure correctness and cost-effective maintenance of complex software. The central question is: […]

Categories: Talks

ISU Cybersecurity Seminar Series – Exploring the space in between bugs and malware

Abstract: We live in an age of software problems with catastrophic consequences. An extra goto in Apple’s SSL implementation compromised certificate checks for the better part of a year. An erroneous integer conversion in the Ariane 5 launch destroyed the European Space Agency rocket and its cargo valued at 500 million dollars. Often the problem […]

Categories: Talks

IASTATE/ECPE 2016 – Euler, the 336 Million Dollar Software Patent, and Reflecting on How to Solve Hard Software Problems

Abstract:  The size and complexity of software, the labor cost of programming, and the dire consequences of software malfunctioning have made it a nightmare to maintain software-intensive cyber-physical systems. Agile development, programming languages, component libraries etc. help but they do not suffice to ensure correctness and cost-effective maintenance of complex software. The central question is: […]

Categories: Talks

DEFCON 24 – Developing Managed Code Rootkits for the Java Runtime Environment

Abstract: Managed Code Rootkits (MCRs) are terrifying post-exploitation attacks that open the doors for cementing and expanding a foothold in a target network. While the concept isn’t new, practical tools for developing MCRs don’t currently exist. Erez Metula released ReFrameworker in 2010 with the ability to inject attack modules into the C# runtime, paving the […]

Categories: Talks

AICSSC 2014 – Euler and the 336 million dollar software patent

Keynote speech “Euler and the 336 million dollar software patent” was given by Dr. Suresh Kothari. Venue: All India IEEE Computer Society Student Congress 2014 (AICSSC), Pune, India, December 13, 2014 Author: Suresh Kothari

Categories: Talks

INDICON 2014 – Cyber bombs are ticking, what is there to protect us

Keynote speech “Cyber bombs are ticking, what is there to protect us.” was given by Dr. Suresh Kothari. Venue: The 11th IEEE India Conference for Emerging Trends and Innovation in Technology (INDICON 2014), December 11-13 2014, Yashada, Pune, India Author: Suresh Kothari

Categories: Talks

DERBYCON 4.0 – A Bug or Malware? Catastrophic consequences either way.

Abstract: We live in an age of software problems with catastrophic consequences. An extra goto in Apple’s SSL implementation comprised certificate checks for the better part of a year. An erroneous integer conversion in the Ariane 5 launch destroyed the European Space Agency rocket and its cargo valued at 500 million dollars. Often the problem […]

Categories: Talks