Marion Marschalek (@pinkflawd) works at IKARUS Security Software GmbH based in Vienna, Austria. Her main fields of interest are malware research and malware incident response. Besides that Marion teaches basics of malware analysis at University of Applied Sciences St.Polten and writes articles for a magazine. In March this year Marion won the Female Reverse Engineering Challenge 2013, organized by RE professional Halvar Flake. You can find her report here.
Moti Joseph has been involved in computer security. In the last few years he has been working on reverse engineering exploit code and developing security products. Moti is a former speaker at Black Hat 2007, USA CONF2009, Poland Warsaw, POC 2009 & 2010, South Korea, ShakaCon 2009, USA, CONF2010, Poland Karkow, CONF2010, Poland Karkow, CHINA 2011 at Shanghai Jiao Tong University Turkey Istanbul, 2012 and SysCan2010 Taiwan,Taipe.
[Abstract] Systems evolve over time, patches are applied, holes are fixed, new features are added. Windows8 is the new flagship product of Microsoft, and as prepared as it can be for a world of white-, grey- and black-hat hackers. System components underlie a tough vulnerability assessment process and are updated frequently to sort out security problems even before they arise. But just too often it happens that these clever fixes are not applied globally to all components, but just to the newest version of a library.
Now we want to make use of exactly that fact to uncover potential vulnerabilities. What we aim for are the forgotten treasures in Windows7 libraries, holes that got fixed for the bigger brother at some point - but stay unfixed in Windows7 until today. We will present a tool that makes it easy to spot these forgotten vulnerabilities. We can keep track of different versions of libraries of different operating systems and automate the analysis process of a big file set. The focus lies on safe functions, which indicate a potential weakness when missing. The tool and its sources will be published for use of the community along with the conference talk.