RAVAGE – Runtime Analysis of Vulnerabilities and Generation of Exploits

Xiaoran Wang

Thu, 30th October 2014


Speaker Bio 1:
Xiaoran Wang
Xiaoran @0x1a0ranis a Senior Product Security Engineer at salesforce.com. He is passionate about security, especially web application security. He has presented at several conferences such as BlackHat USA, ToorCon, Hacker Halted, etc.

At work, he does architectural feature review for security, web penetration testing, security training, security automation, etc. In his personal time, he does security research in a variety of topics including exploit writing, malware analysis, vulnerability analysis, and tearing things apart. He has written many useful defensive tools as well. For example, he developed an add-on "Mixed Content Monitor" for Firefox to block and show the insecure resources loaded within https. He also developed "Process Injection Monitor" that does automatic malware analysis and extracts injected code to a binary when a malware process tries to inject itself into other processes.

Learning Objectives:

Xiaoran will explain:

  • To learn cutting edge research in the field of runtime analysis.
  • To get a free tool that is able to utilize the runtime analysis research to detect security vulnerabilities for Java application.
  • To learn about how about JVM internals and how to implement features in the JVM.