haxsys.net

I recently had the wonderful pleasure of presenting with Tim Carstens at Toorcon 13 about a DARPA CINDER Initiative project we’ve been working on for the past year at Leviathan Security. The description and video follow.

In a world where executables are designed to thwart exploitation, attackers are often forced to take chances: the work-arounds for many modern defenses are often good enough to succeed, but not without generating some crashes along the way.

Building on this premise, we have been engineering tools for collecting Windows crash dumps from networked systems, and building an analytics framework designed to answer the following question: was the crash caused by a routine malfunction, or by a failed exploit?