New reverse engineering technique using API hooking and sysenter hooking, and capturing of cash card access

Kenji Aiko

The technique of using API hooking and sysenter hooking has been researched by many reverse engineers for years. In particular, we can use the techniques, which exists in a kind of the underground rootkit community, to hide arbitrary programs. For this reason, most people may think the technique is an underground skill because general applications don't employ it. But I think this is an important technique which is helpful in reverse engineering. When we analyse some software, we have to read assemble code, but this is very troublesome. Even if we are excellent engineers, it is difficult for us to read huge amounts of assemble code. To be precise, we need to read an assemble code to analyse some software, but our purpose is to analyse several pieces of software quickly and more easily than now, rather than read an assemble code. Consequently, I will propose a new reverse engineering technique using an API hooking and sysenter hooking. By using this technique, we'll be able to analyse software quickly and more easily than now. Lastly, I will do a demonstration that demonstrates capturing the communication data of a cash card reader and a cash card using API hooking.

Web application Security depending on Browser


Browsers have a lot of peculiar behaviors and specifications that is not vulnerabilities


To grasp enough about that is needed when developing secure Web Application.

This talk will look deeper about issues depending on the peculiar

behavior or specifications of browsers.

HTML Binary Hacks 2008 YATTA!


All your browser are belong to us.

Developing Obfuscator targets VC++ projects

Shuzo Kashihara

This session will talk about the developing and the automating of the obfuscator by using the assembly souce code of the VC++ (Visual Studio 2005).

XSS worm intermediate the Flash

Daiki Fukumori

In the past, the web worm "Samy" and "Yamanner" spread like a wild fire, and there's the hybrid web worm "Jitko", highly contagious enhanced by the vulnerability audit tools. This session will discuss about the possibilities of the worm which spread extensively, seacretely, absolutely, with the intermediation of the Flash.

Eliminating Fear and Uncertainty in Malware Incident Response with Malware Experience Lab

Youki Kadobayashi, Ph.D.

Security countermeasures today are mainly focused on preventive measures such as NAC; incident response measures are not gaining attention, partly due to the limited number of available products.

Furthermore, incident response tends to stop "the fire", without making sure that malwares are completely removed from the affected computers.

In this session, we introduce our activities in Malware Experience Lab, which enables us to experience malware infection, propagation and concealment, without immediate need to stop them.