Research and Development


  • GET IN THE RING0 (9/24/2015) - Presentation on how Windows kernel drivers work and where to look for vulnerabilities (as given at 44CON 2015).
  • How many bugs can a time server have? (11/7/2014) - Presentation on vulnerabilities in the Symmetricom (Micro Semi) S350i time server (as given at EMF Camp 2014). YouTube has a recording of the presentation as given by Tim and Mike.
  • 44CON uncovered (6/21/2014) - Presentation on system level vulnerabilities (as given at SnoopCon 2014). This talk references previous presentations including: “I miss LSD“ “Big Game Hunting: Simple techniques for bug hunting on big iron UNIX“ “Breaking the Links: Exploiting the Linker“
  • I miss LSD (9/15/2013) - Presentation on system level vulnerabilities (as given at 44CON 2013). A wise man once said (paraphrased) “if you want to find UNIX bugs, compare and contrast the Linux and Solaris man pages”. Following on from my previous work on linker bugs and more recently AIX (at 44CON 2012), we’ll look at some of the more […]
  • Big Game Hunting: Simple techniques for bug hunting on big iron UNIX (9/10/2012) - Presentation on auditing and bug hunting on AIX (as given at 44CON 2012). Simple techniques for bug hunting on big iron UNIX. The talk will build on the work previously done in my “Breaking The Links” paper but will focus on AIX and associated IBM products. The talk will include some new bugs as well […]
  • Breaking the Links: Exploiting the Linker (3/27/2012) - Presentation on exploiting linkers based on my paper (as given at Uncon 0×12 and CRESTCon 2010). I am currently working on an update to the paper which will focus on other UNIX like OS with the aim of sharing some of my findings at a future conference.
  • Attacking Windows Domains (2/16/2011) - CRESTCon presentation looking at the Windows Domain Authentication model. Windows Domains use a single sign on system, authenticate to one machine, you can then use that machine to access all of your available resources accross that domain. This is great for users but also for attackers. This presentation covers a number fo techniques and tools […]
  • Introducing Heyoka: DNS Tunneling 2.0 (3/24/2009) - Slides from SOURCE Boston 2009, presenting heyoka, a new DNS tunneling tool that uses spoofed traffic to avoid detection and multiple encodings to improve speed. By Alberto Revelli and Nico Leidecker.
  • OWASP AU 2009 Slides (3/19/2009) - Slides from OWASP Appsec Australia 2009.
  • Insecure Trends in Web 2.0 Applications (10/31/2008) - Non technical talk about insecure trends in Web 2.0 applications. Explains what’s wrong with today’s Web 2.0 applications and why new comers keep repeating these.
  • Flash Security (10/31/2008) - This presentation given at RIATalks, it’s about fundamental flash security issues, attack surface of Flash and secure development. During the presentation there was stealing data through vulnerable Crossdomain.xml files, you can download source code of this file –
  • Introduction To Format Strings (6/17/2008) - What? This presentation tries to cover the basics of format strings exploitation. Starting with an explanation of the legitimate use of Format Strings (Yin) moving onto how programming flaws can be exploited using this technique. Why? I spent many months getting my head around the nuances of FS exploitation so though I would put together […]
  • More Adventures in Format Strings (4/14/2008) - A follow up presentation to show more in-depth format string exploitation techniques. What? This presentation covers a method for exploiting format string vulnerabilities which is compared to techniques used for exploiting heap smashes. It does not not cover the basics of the vulnerability because these seem ten a panny. Why? Much work has been written […]
  • How to Detect and Exploit 99% of XSS Vulnerabilities (4/2/2008) - This presentation has given in Intercon 2007 (Portcullis’s internal conference), Talks about exploiting and identifying most common XSS vulnerabilities in real world. Examples include following types, Classic XSS Vulnerabilities In HTML Attributes In Comments In Javascript Blocks DOM Based XSS Flash Based XSS Direct Linking Presentation was heavily based on demonstration, so you need to […]
  • GUI Access Through SQL Injection (4/1/2008) - Slides presented by Alberto Revelli at OwaspDay II in Rome, 31/03/2008. They describe some SQL Injection tricks that can be used to get a full access to the DB server’s operating system. The examples are mainly focused on MS SQL Server, but the concepts are valid for other DBMS as well.

Twitter Feed