Core Security Experts to Showcase Industry Expertise During Multiple Speaking Engagements at Black Hat USA 2008


Leading Security Experts to Present on Cisco IOS Rootkits and Cyber Security in Federal Systems

BOSTON, MA - August 4, 2008 - Core Security Technologies, provider of CORE IMPACT, the most comprehensive product for proactive security testing, today announced that a pair of its most widely-respected experts will serve as featured speakers during the Black Hat USA 2008 conference, taking place August 2 to August 7 at Caesar’s Palace, Las Vegas.

The talks will include:

“Viral Infections in Cisco IOS”

When: Wednesday, August 6, 2008; 4:45 p.m. – 6:00 p.m. PT

Where: Roman Ballroom, Caesar’s Palace

Who: Ariel Futoransky, director of CoreLabs, the research arm of Core Security Technologies

Presentation Details:

Rootkits are very common in most popular Operating Systems, including Windows, Linux, Unix and any variant of those platforms, but they have rarely been observed in embedded OS's. This is primarily due to the fact that most embedded OS's are closed source; hence the internals of the OS are unknown, making any attempt to reverse engineer their underlying code very difficult.


In most of today’s real-world threat scenarios it's very common that when an attacker attempts to take control of a system he or she also desires to maintain access to it, so in many cases a rootkit is installed for that purpose. The rootkit seizes control of the entire system running on the involved hardware by hiding files, processes and network connections and by allowing unauthorized users to act as system administrators.

This session will demonstrate that a rootkit with those same characteristics can indeed be easily created and deployed on a closed source OS like Cisco IOS and run unnoticed by system administrators, surviving  most, if not all, reactive security measures that would typically be employed by experts in the field.

As proof of this concept, various methods for infecting an IOS target will be shown including examples of run-time patching and image binary patching. To discuss the binary patching technique from a practical point of view, a set of python scripts that provide the technique for inserting a generic rootkit implementation called DIK (Da IOS rootKit) will be introduced, which is written in plain C for IOS.  Other techniques such as run-time image infection will also be discussed in detail.

“Commission on Cyber Security for the 44th Presidency, Panel Discussion”

When: Wednesday, August 6, 2008; 6:00 p.m. – 7:15 p.m. PT

Where: Palace 3, Caesar’s Palace

Who: Tom Kellermann, vice president of security awareness at Core Security Technologies

Presentation Details:

The Center for Strategic and International Studies (CSIS) has established a Commission on Cyber Security for the 44th Presidency – the administration that will take office in January 2009. The goal of this nonpartisan commission is to develop recommendations for a comprehensive strategy to improve cyber security in federal systems and in critical infrastructure. Hear what is going on with the Cyber Security Commission, ask questions and provide input on what you think should be addressed at a Presidential level for the next administration.

About the Black Hat Conference

The Black Hat Briefings brings together a unique mix in security: the best minds from government agencies and global corporations with the most respected independent researchers and hackers, giving attendees the unique opportunity to network with peers and leading-edge practitioners. The Black Hat Briefings USA has grown to over 2,500 technically advanced attendees. Topics are diverse and range from RFID security, Windows Vista exploits, forensics and anti-forensics, rootkits, zero-day vulnerabilities, anomaly detection, hardware hacking and much more. Topics can also apply to the offensive initiatives of a group such as a pen test team or vulnerability researchers.

For more information about these presentations or to schedule meetings with Core Security’s experts at Black Hat USA 2008, please contact Tim Whitman or Justin Drake at 781-684-0770 or via email at:  

About Core Security Technologies

Core Security Technologies is the leader in comprehensive security testing software solutions that IT executives rely on to expose vulnerabilities, measure operational risk and assure security effectiveness. The company’s CORE IMPACT product family offers a comprehensive approach to assessing the security of network systems, endpoint systems, email users and web applications against complex threats. All CORE IMPACT security testing solutions are backed by trusted vulnerability research and leading-edge threat expertise from the company’s Security Consulting Services, CoreLabs and Engineering groups. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at


Tim Whitman or Justin Drake

Schwartz Communications 

781 684-0770

Mon, August 04