Nowadays security vulnerabilities are often published in a short, vague and incomplete way. We can hardly tell what the vulnerability is, what consequence it has, and what could mitigate it. This presentation will help uncover the details of a vulnerability and show you how to use decompiling tools to find the vulnerable code, how to identify vulnerable functions and parameters, and create exploits. With this information, you will have a better idea of what the real risk is, how to mitigate before patching, and be able to verify whether the patch really works – giving you a choice and control over what you do. The presentation will also review an advanced hacking technique and help attendees better understand Oracle CPU details.
Tuesday, Feb 25, 2014 – 4:00-5:00pm
Moscone West, Room 3006
About Qinglin Jiang
Qinglin Jiang has been working in the information security industry for over 10 years and is currently a senior security engineer at Ancestry.com. Jiang has various backgrounds of a system administrator, system architect, software engineer and security engineer. He has published several research papers in the security area. He has a lot of hands-on experience on Linux, Web Application and Network Security.