We expect to be an outlier there: we’re the only sponsor that offers consulting and custom engineering rather than just off-the-shelf products. We see this conference as an opportunity to learn more about the problems -and their root causes- that attendees face, and how we can help.
We’ve had tremendous success helping companies like Amazon and Facebook. But you don’t need to have Amazon- or Facebook-sized security problems to benefit from our tools and research. If you have difficult security challenges, we hope you’ll come speak with us.
Pick through our tools
We’re going to have a LIVE instance of our Cyber Reasoning System (CRS) at our booth. Recently, we used it to audit a much larger amount of code in less time, in greater detail, and at a lower cost than a human could. For granular details, come grab a copy of a CRS-driven security assessment we conducted on zlib for Mozilla.
Autonomous cyber defense systems happens to be the topic of the keynote by Michael Walker, the DARPA PM who ran the Cyber Grand Challenge. If you’re intrigued by what he says, swing by our booth to see the CRS in action.
The CRS is just one of a unique set of capabilities and proprietary tools that we’ve developed over the course of deep research engagements, some for DARPA. We’ll have other tools to share, such as:
- Challenge Binaries, which make it possible to objectively compare different bug-finding tools, program-analysis tools, patching strategies and exploit mitigations.
- Screen, which combines a set of LLVM passes that track branching behavior to help find side-channel vulnerabilities, and an associated web frontend that helps with identifying commits that introduce them.
- ProtoFuzz, a generic fuzzer for Google’s Protocol Buffers format. Instead of defining a new fuzzer generator for custom binary formats, ProtoFuzz automatically creates a fuzzer based on the same format definition that programs use.
- osquery for Windows, a port of Facebook’s open-source endpoint security tool. This allows you to treat your infrastructure as a database, turning operating system information into a format that can be queried using SQL-like statements. This functionality is invaluable for performing incident response, diagnosing systems operations problems, ensuring baseline security settings, and more.
That’s just the start. We’re prepared to discuss every tool that we’ve ever mentioned on this blog.
Bring us your problems.
If you’re coming to this conference with complex needs that don’t fit neatly into any one product category, come talk to us. Mark, Sophia, Yan, and Dan will be on hand to answer your questions. We’re especially keen to chat with you if you’re:
- Building low-level software, say in C or C++.
- Using crypto in new and interesting ways.
- Affected by resourced threat actors, reverse engineers, or fraudsters.
- Building your own hardware or firmware.
- Stuck on an intractable security problem that has eluded resolution. The more difficult the better.
Come find us at booth #104 in the sponsor pavilion.
Break a leg O’Reilly.
O’Reilly has put a lot of resources into their security conference. It fills a gap. We hope that it turns out well, and that they plan more events just like it in New York. See you there!