At the conference, Core Security Technical Support Engineer Dan Crowley will offer his latest presentation "Windows File Pseudonyms: Strange filenames" during which he will demonstrate how features not widely known in Windows path and filename normalization routines cause unexpected behavior and allow for potential attacks.
Crowley will specifically highlight how an attacker may be able use the technique to bypass filters, access control lists, intrusion detection systems and other defensive mechanisms, as well as alter the way that files are handled and processed, and make brute force attacks to enumerate files far more easily. The expert, whose responsibilities include working with Core Security Customers to ensure that they get the most out of their IMPACT Pro deployments, will also disclose and demonstrate real vulnerabilities and techniques for their exploitation developed for the scenarios being proposed. "The devil really is in the details here," said Crowley. "And with incomplete and sometimes vague documentation and the lack of source code available for an operating system that has been built and changed over the course of close to two decades now, there are lots and lots of details, most of which need to be understood before appropriate security mechanisms can be designed."
What: "Windows File Pseudonyms: Strange filenames and haiku" When: Friday, Feb. 5, 2010; 5:30-6p.m. ET Where: ShmooCon 2010, Wardman Park Marriott Who: Dan Crowley, Core Security Technical Support Engineer Crowley will also defend his title in the "Gringo Warrior" lock bypass competition. Core Security continues to feed the intelligence garnered via the work of its SCS consultants and CoreLabs research experts directly into its CORE IMPACT family of automated penetration testing solutions to ensure that organizations can proactively determine their exposure to such widely available vulnerabilities. For more information about the presentation or to schedule meetings with Core Security's experts at ShmooCon 2010, please contact Tim Whitman or Lauren O'Leary at 781-684-0770 or via email at: [email protected].
About Core Security Technologies Core Security Technologies is the leader in comprehensive penetration testing software solutions that IT executives rely on to expose vulnerabilities, measure operational risk and assure security effectiveness. The company's CORE IMPACT product family offers a comprehensive approach to assessing the security of network systems, endpoint systems, email users and web applications against complex threats. All CORE IMPACT security testing solutions are backed by trusted vulnerability research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com.