TyphoonCon 2020 Speaker
Nicolas Waisman has experience in all areas of offensive-related software security, from vulnerability analysis to exploit and trojan development. Nico is an internationally recognized heap expert and has taught governments and commercial sector students from all over the world in both private and public classroom settings, presenting some of his research at conferences such as Black Hat, Pacsec, Syscan, Ekoparty and many others. Nico is currently the head of the GitHub Security Lab whose mission is to help secure the world open source code.
Nicolas Waisman | Head of the GitHub Security Lab
Location: Courtyard by Marriott Seoul Namdaemun, Seoul, Korea
Title: A study on Linux Kernel variant analysis
Date: June 18th, 2020
BIO
Nicolas Waisman has experience in all areas of offensive-related software security, from vulnerability analysis to exploit and trojan development. Nico is an internationally recognized heap expert and has taught governments and commercial sector students from all over the world in both private and public classroom settings, presenting some of his research at conferences such as Black Hat, Pacsec, Syscan, Ekoparty and many others. Nico is currently the head of the GitHub Security Lab whose mission is to help secure the world open source code.
LECTURE DETAILS
In 1906, the Italian essayist and philosopher George Santayana wrote in his book The Life of Reason: The Phases of Human Progress: “Those who cannot remember the past are condemned to repeat it”, that idea was stamped in the soul of the Github Security team, which decided to embark on a four-month journey to perform Variant Analysis on the Linux Kernel to see what they would be able to learn, from past vulnerabilities. As a result, the team found more than 9 different vulnerabilities in the Linux Kernel that goes from buffer overflow triggerable remotely through Wifi to all sort of Denial of Services in multiple drivers.
During his presentation, Nicolas will show different examples of Linux Kernel vulnerabilities, how to model the bug class and how we can use each new vulnerability as a lesson for the future.