Blog
At the conference, many researchers from all over the world shared their discoveries and new tools. The Websense security researchers were especially interested in the presentation entitled "Buffer-track using Virtual Machine - Analyze known vulnerability and discover 0day," shared by Alert7 from McAfee Avert. During his presentation, Alert7 introduced a new method for discovering and analyzing underlying vulnerabilities. This method aims to use virtual machine technology in automated, fine-grained analysis of data streams. That shows us where the pollution data flow is going. If the pollution data flows to some special function, the researcher is alerted and the data is logged. This makes it easier to analyze and identify potential vulnerabilities.
Another very interesting presentation was "Advanced Bootkit: Tophet." Wenbing Zheng shared his new rootkit, called Tophet. In the rootkit, he uses a new method to hijack the kernel: hijacking NtBootdd.sys. In addition, the rootkit hides itself using a new technique called Object-Hijack.
Other researchers also gave amazing presentations on great topics, including rootkit protection techniques, Vista's new protection features, and more.
Thanks to all of the researchers who shared their discoveries, providing information that will help security companies to do more to protect their customers. Best wishes to the organizers of the XFocus Conference. We're looking forward next year's conference!
Security Researchers: Ulysses Wang, Jun Zhang
