Core Security Developers Selected to Present at CanSecWest



Leading Security Experts to Discuss Smart Phone Insecurities and

Persistent BIOS Infection

Boston, MA - March 16, 2009 - Core Security Technologies, provider of the CORE IMPACT family of comprehensive enterprise security testing solutions, today announced that three of its CoreLabs exploit authoring and vulnerability research experts – Alfredo Ortega, Anibal Sacco and Nico Economou, have been selected to serve as speakers at the upcoming CanSecWest conference being held in Vancouver from March 16-20.


Who: Alfredo Ortega and Nico Economou, Core Security Technologies

What: “Multiplatform iPhone, Android Shellcode and other smart phone insecurities”

Where: CanSecWest - Sheraton Wall Centre - Vancouver, B.C.

When: Wednesday, March 18, 3:00 p.m. EST

Presentation Details

Smartphones are becoming a ubiquitous communications platform, but many potential security risks reside in the devices with few technological barriers to prevent them. This talk will highlight the device architectures and onboard protection measures offered in three major smartphone platforms: Google Android, Apple iPhone and Microsoft Windows Mobile. A multi-platform ARM shellcode and other possible attacks will also be demonstrated during the event, which will illustrate just how easily attackers could compromise your wireless device.

Alfredo Ortega and Nicolas Economou

Alfredo Ortega works at Core Security Technologies as an Exploit Writer, OpenBSD, FreeBSD and Linux Platform Manager. He is pursuing a PhD at ITBA, Instituto Tecnológico de Buenos Aires, and has been a speaker at several security and computer science conferences including Black Hat, Defcon and Ekoparty. His hobbies include FPGA synthesis and security research.

Nicolas Economou has worked for the last 3 years as an Exploit Writer at Core Security Technologies creating exploits for multiple platforms including Mac OS X, Windows, Linux and iPhone. In his free time he enjoys creating tools (including disassemblers and debuggers) to help in the reverse engineering process.

Who: Anibal Sacco and Alfredo Ortega, Core Security Technologies

What: “Persistent BIOS Infection”

Where: CanSecWest - Sheraton Wall Centre - Vancouver, B.C.

When: Thursday, March 19, 8:00 a.m. EST

Presentation Details

When developing rootkits, one of the biggest problems is executing the malicious code, surviving reboots and remaining undetected. This talk will demonstrate how malicious code can be injected into commercial BIOS firmware. Instead of utilizing other rootkit methods which make use of the ACPI specification, Core Security has focused on a binary generic implementation independent of the installed OS to simulate how attackers can take control of a system.

Anibal Sacco

Anibal Sacco is a Senior Exploit Writer and Reverse Engineer at Core Security Technologies. He has been researching vulnerabilities and developing exploits for Windows, OS X and Linux for 3 years.  Afterfocusing for some time on Microsoft Windows kernel-mode vulnerabilities, he has recently moved on to exploring Apple OS X vulnerabilities.

For more information about these presentations or to schedule meetings with Core Security’s experts at CanSecWest 2009, please contact Tim Whitman or Megan Prock at 781-684-0770 or email  

About CanSecWest

CanSecWest, the world’s most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field.

More information is available at  

About Core Security Technologies

Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company’s flagship product, CORE IMPACT, is the first automated penetration testing product for assessing specific information security threats to an organization. Penetration testing evaluates overall network security and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core augments its leading technology solution with world-class security consulting services, including penetration testing, software security auditing and related training. Based in Boston, Mass. and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at


Tim Whitman or Megan Prock         

Schwartz Communications 


Mon, March 16