CrowdStrike to Present Three Talks at Black Hat 2013

Researchers Unveil New Security Vulnerabilities Impacting iPhone, Android and Windows Phones and Release a New Open-Source Tool that Facilitates Anonymous Analysis of Malware

Jul 29, 2013, 08:00 ET from CrowdStrike

IRVINE, Calif., July 29, 2013 /PRNewswire/ -- CrowdStrike, a global provider of security technologies and services focused on identifying advanced threats and targeted attacks, today announced that the company's world-renowned researchers are giving three talks at Black Hat 2013. These talks will reveal critical security vulnerabilities in processor architecture and operating systems used by most modern smartphone platforms; a new tool that enables security researchers to anonymously route their Internet traffic through the Tor network; and an in-depth investigation of a unique malware family along with the release of a new tool that automatically deobfuscates decompiled malware code.

"We are very excited to have such a great presence at Black Hat this year," said Adam Meyers, Vice President of Intelligence at CrowdStrike. "CrowdStrike's team put in a lot of work to bring forth some interesting presentations that underscore the importance of intelligence-driven security and to release some useful free tools back to the community."

Scores of security researchers competed to present their findings at Black Hat USA, where some of the industry's most critical vulnerabilities and threats are revealed each year. CrowdStrike's exceptional selection to present three different talks is due in part to its cadre of world class-security researchers who through technical excellence and dedication continuously push the boundaries of security and technology.

The three talks will include:

Tor... All-The-Things 
July 31, 3:30pm, Augustus 5 & 6 
In this presentation, CrowdStrike researcher Jason Geffner will unveil Tortilla, a new open-source tool that can protect malware analysts and security researchers during dynamic analysis of threats by transparently routing all traffic through the global Tor network, providing a degree of non-attribution and anonymity. This allows security researchers to observe malware during execution without tipping off the adversary as to the researchers' identity. Unlike other Tor tools, Tortilla integrates into Windows network stack forcing the malware to communicate over the Tor network. This presentation could redefine the potential of Tor for the security community, which is already one of the most accessible vehicles that security researchers can use to protect their identities.

End-to-End Analysis of a Domain Generating Algorithm Malware Family 
July 31, 2:15pm, Roman 2 
In this intriguing demonstration, CrowdStrike researcher Jason Geffner will walk attendees through an end-to-end analysis malware family utilizing a Domain Generating Algorithm. Geffner will not only describe the patterns and behavior of a highly-obfuscated malware family that has previously been very difficult to crack, but he will also provide investigative insight into the malware's author and accomplices. Furthermore, Geffner will release to the public a free open-source IDA Pro Hex-Rays plugin that can be used to de-obfuscate decompiled code. This will be a highly interesting and detailed analysis and exposure of an underground campaign that has been active for years.

Hacking Like in the Movies: Visualizing Page Tables for Local Exploitation 
August 1, 5pm, Palace 3 
CrowdStrike researchers Georg Wicherski and Alex Ionescu will discuss methods for attacking computers at a level below the operating system, enabling attackers to identify and exploit vulnerabilities that are unseen by conventional security software and difficult to prevent because they operate at the kernel level. The talk outlines methods for analyzing kernel-level bugs ("page table" vulnerabilities) across OS platforms, exposing potential security flaws not only in conventional computers, but in smart phones such as Android and iOS. Using this analysis method, researchers could not only find security flaws at the OS level and below, but they could even attack popular device drivers commonly used to set up new systems and peripherals. As in the movies, this new approach could expose a way that attackers could compromise virtually any device with an operating system. At the culmination of this talk, they will expose mapped memory in the ARM Linux Kernel which can facilitate bypassing Address Synchronization Layout Randomization (ASLR).

"We are very proud of the work that these researchers have pulled together and are looking forward to a great show where we can showcase our team, CrowdStrike Falcon active defense platform, and our adversary threat intelligence," Meyers said.

For more information on Black Hat 2013, visit

About CrowdStrike

CrowdStrike is a global provider of security technology and services focused on identifying advanced threats and targeted attacks. Using big data technologies, CrowdStrike's cloud-based next-generation threat protection platform leverages execution profiling and predictive security analytics instead of focusing on malware signatures, indicators of compromise, exploits, and vulnerabilities. The CrowdStrike Falcon Platform enables enterprises to identify unknown malware, detect zero-day threats, pinpoint advanced adversaries and attribution, and prevent damage from targeted attacks in real-time.  The core of the Falcon Platform is a global network of host-based detection sensors driven by world-class cyber threat intelligence to provide real-time detection and prevention capabilities to enterprises and governments worldwide.

You don't have a malware problem, you have an adversary problem™. | @CrowdStrike

SOURCE CrowdStrike