Anton Kochkov (xvilka) - Lead Developer at SecurityCode, Russia

Butterly and Schmidt - ERNW GmbH in Heidelberg, Germany

Daniel J. Bernstein (djb) - Research Professor, University of Illinois at Chicago

Halvar Flake - Reverse Engineer Lead, Google

Marc Ochsennmeier - Developer, PE Studio (

Matrosov & Rodionov - Senior Security Researchers, Intel and Eset



  Reversing firmware using radare2
 Anton Kochkov (xvilka)
  This talk will briefly describe modern computers (PC mostly) architecture, commonly used microcontrollers inside PC and laptops, their firmwares and reverse-engineering techiques of them. Most of the talk I'll use radare2, including demo sessions for a few firmware examples.
  Lead Developer at SecurityCode since 2013. During last several years I've focused on reverse-engineering of various firmwares: PC and its peripherals, ARM, MIPS, baseband processors, microcontrollers. Constant contributor to the coreboot project, radare2.

Leader of the Droid-Developers/Miledropedia project MEre project member.



  LTE vs Darwin: Return of the SON
 Butterly and Schmidt
  "LTE vs. Darwin - Return of the SON" is the third presentation in a series of talks we started writing for in the middle of 2013, aimed at giving a vast overview of LTE, suggested security features and presenting our research's findings and results. The first talk was held in January 2014 at ShmooCon, the second one at Hackito Ergo Sum, both where concerned with LTE basics, specs and theoretical flaws. Our current focus is on the Self Organizing and Self Configuring features, where we're acquiring new hardware and analyzing/rating specs. The talk will be packed with all new results we achieve during the summer months and a vast overview of the research already presented. We're going to give a short introduction on LTE basics (backend & technical) and will then be focusing on both protocols and devices which are involved in the SON process. Whilst working through the specs and identifying potential flaws in protocols, we're working on having a closer look at eNodeBs/HeNodeBs and will be writing further fuzzers/scanners for closer analysis. We will give a few demos and release our tools which have been created during the process.
  We're both experienced security researchers and pentesters. Having done various jobs in large enterprise environments, we know our way around protocols, packets and the systems behind them. Both of us work for ERNW GmbH in Heidelberg, Germany, and are part of the TROOPERS' conference team. As ERNW is fully independent, we have no affiliations to any other cooperations or vendors. We simply enjoy learning and breaking new things (the newer, the better), so we're rather passionate about our research in the field of LTE. We've collected various experience with mobile networks during our assignments and are now more than happy to share the results of own research. We're open to sharing knowledge, tools and thoughts, simply to make the world a safer place!



 Daniel J. Bernstein (djb)
  This is an invited talk by the famous cryptologist and programmer, Daniel J. Bernstein
  Daniel Julius Bernstein (sometimes known simply as djb; born October 29, 1971) is a mathematician, cryptologist, programmer, and research professor of computer science at the University of Illinois at Chicago. He is the author of the computer software programs qmail, publicfile, and djbdns.



 Halvar Flake
  Halvar Flake is a famous researcher in the areas of Reverse Engineering and Vulnerability Researcher
  Thomas Dullien (better known as Halvar Flake) has been working on topics related to reverse engineering (and vulnerability research) for the last 9 years. He has repeatedly presented innovative research in the realm of reverse engineering and code analysis at various renowned security conferences (RSA, Blackhat Briefings, CanSecWest, SSTIC, DIMVA).

Aside from his research activity, he has taught classes on code analysis, reverse engineering and vulnerability research to employees of various government organizations and large software vendors.

Halvar founded zynamics in 2004 in order to further research into automation of reverse engineering and code analysis. The company was acquired by Google in 2011.



  Potential and difficulties of Early Triage of Malware based on Static Analysis
 Marc Ochsennmeier
  A few years ago, I had the opportunity to present lectures on Windows Reverse-Engineering.

At that time, I was working as a software developer on obfuscation of executable for the protection against disassembling and reverse engineering.

Because of these lectures, I investigated in more detail the way the Windows loader works and the format of the Executable files and began to develop my own parser of Executable files.

What started as a mean to understand how Executable is designed and to support my lectures for students, evolved into a project to detect anomalies of executable and a way to proceed to an early triage of malware and Forensic investigation.

During the presentation, I will show the potential of early triage of malware based on the features of PeStudio, how I have implemented them and the challenges I faced (and still do) during my development. PeStudio is a unique tool that performs the static investigation of 32-bit and 64-bit executable. Malicious executable often attempts to hide its malicious behavior and to evade detection. In doing so, it generally presents anomalies and suspicious patterns. The goal of PeStudio is to detect these anomalies, provide indicators and score the trust for the executable being analyzed.
  Marc Ochsenmeier was born in Belgium and now works and lives with his family in Germany and has many years of professional experience focused on Windows operating systems and techniques like system hardening, intrusion detection, data loss prevention and other security related issues.

As a software developer, Marc has worked on various kind of projects like real-time operating systems for high speed trains, large scale network discovery and management software solution and Windows binary obfuscation.



  HexRaysCodeXplorer: object oriented RE for fun and profit
 Matrosov & Rodionov
  HexRaysCodeXplorer - Hex-Rays Decompiler plugin for easier code navigation. Here are the main features of the plugin:

- Automatic type REconstruction for C++ objects.
- C-tree graph visualization - a special tree-like structure representing a decompiled routine in c_itemt terms. Useful feature for understanding how the decompiler works.
- Navigation through virtual function calls in HexRays Pseudocode window.
- Object Explorer - useful interface for navigation through virtual tables (VTBL) structures.

In this presentation, the authors of HexRaysCodeXplorer will be discussing main functionality of the plugin and its application for reverse engineering. The authors will be presenting the algorithm for C++ type REconstruction. Also a special version of HexRaysCodeXplorer (H2HC edition) will be released with new features developed specially for H2Cconference. New features will be committed to GitHub from the stage.
  Alexander Matrosov (@matrosov)
Alexander has more than ten years of experience with malware analysis, reverse engineering and advanced exploitation techniques. Currently working at Intel as Senior Security REsearcher. In previous four years he worked at ESET as Senior Malware Researcher and Security Intelligence Team Lead. His experience on security research field since from 2003 for major Russian companies. He is also a Lecturer at Cryptology and Discrete Mathematics department of National Research Nuclear University in Moscow, and co-author of the research papers “Stuxnet Under the Microscope” and “The Evolution of TDL: Conquering x64” and is frequently invited to speak at security conferences (REcon, Ekoparty, CONFidence, ZeroNights, PHDays ...). Nowadays he specializes in the comprehensive analysis of complex threats, modern vectors of exploitation and hardware security research.

Eugene Rodionov (@vxradius)
Eugene Rodionov graduated with honors from the Information Security faculty of the Moscow Engineer-Physics Institute (State University) in 2009. He has been working in the past five years for several companies, performing software development, IT security audit and malware analysis. He currently works at ESET, one of the leading companies in the antimalware industry, where he performs analysis of complex threats. His interests include kernel-mode programming, anti-rootkit technologies, reverse engineering and cryptology. He is co-author of the research papers “Stuxnet Under the Microscope” and “TDL3: The Rootkit of All Evil?”. Eugene Rodionov also holds the position of Lecturer at the National Nuclear Research University MEPHI in Russia.