Ilja van Sprundel
Bio: Ilja van Sprundel is experienced in exploit development and network and application testing. As IOActive’s Director of Penetration Testing he performs primarily gray-box penetration testing engagements on mobile (specializing in iOS) and runtime (specializing in Windows kernel) applications that require customized fuzzing and source code review, identifying system vulnerabilities and designing custom security solutions for clients in technology development telecommunications, and financial services.
van Sprundel specializes in the assessment of low-level kernel code and architecture/infrastructure design, having security reviewed literally hundreds of thousands of lines of code. However, as a Director, he also functions in a managerial capacity by overseeing penetration testing engagements, providing oversight regarding technical accuracy, serving as the point of contact between technical consultants and technical stakeholders, and ensuring that engagements are delivered on time and in alignment with customer’s expectations.
van Sprundel also is responsible to mentor and guide Associate-level consultants as they grow both their penetration testing and general consulting skillsets. He is the driver behind the team’s implementation of cutting-edge techniques and tools, guided by both research and successful exploits performed during client engagements.
Linux Desktop Insecurity
I used to use Linux and the bsd’s. Then mostly switched to windows 6-7 years ago. I recently found some spare time and got reacquainted with the unices. Over the past weeks, I’ve spend some time assessing the local security of modern desktop unices. as it turns out, things are a total mess.
A short layout of the presentation:
- local security of modern desktop unices
- attack surfaces
- bugs found
- X client libs (attack surface, bugs, how to use them correctly and securely)
- shadow library issue
- a model for more secure suid binaries