{"id":9177,"date":"2012-05-24T09:57:32","date_gmt":"2012-05-24T07:57:32","guid":{"rendered":"https:\/\/www.corelan.be\/?p=9177"},"modified":"2012-05-24T09:57:32","modified_gmt":"2012-05-24T07:57:32","slug":"hitb2012ams-day-1-intro-and-keynote","status":"publish","type":"post","link":"https:\/\/www.corelan.be\/index.php\/2012\/05\/24\/hitb2012ams-day-1-intro-and-keynote\/","title":{"rendered":"HITB2012AMS Day 1 - Intro and Keynote"},"content":{"rendered":"

Introduction<\/h3>\n

Good morning everyone,<\/p>\n

After spending a couple of hours on the train, picking up my HITB badge, meeting with some of the organizers and having a great evening hanging out with Steven Seeley<\/a>, Roberto Suggi Liverani<\/a>, Nicolas Gr\u00e9goire<\/a>, Andy Ellis<\/a>, Didier Stevens<\/a>,\u00a0and some other folks, conference time has arrived.<\/p>\n

\"Rps20120524<\/p>\n

With the conference taking place at the Okura hotel, the setting is brilliant and the view over Amsterdam is just phenomenal\u2026 well, at least from my room it is \ud83d\ude42<\/p>\n

\"20120524<\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

The speaker line-up looks promising and I hope the talks will be as technical as I expect them to be (based on the descriptions). I look forward meeting old friends and making some new ones. \u00a0The weather is just awesome, so if you're at the conference and happen to see me\u2026 yes, I'm thirsty.<\/p>\n

\"Breakfast<\/p>\n

As promised, I'm going to try to take notes during a couple of presentations, and going to post them right after a talk has finished. \u00a0The plan is to create individual blog posts, which should make it easy for you to see when new content has been uploaded.\u00a0The official Twitter hashtag for Hack In The Box 2012 Amsterdam is #HITB2012AMS, make sure to keep an eye on that feed for updates about the conference. \u00a0If you want to be informed when a new talk has been posted, just follow me on Twitter<\/a>.<\/p>\n

Anyways, it's time for my first contribution at HITB\u2026 covering the keynote talk of Day 1.<\/p>\n

 <\/p>\n

Getting Ahead of the Security Poverty Line (Andy Ellis)<\/h3>\n

Andy Ellis, the CSO at Akamai, has the privilege to kick-start the 2012 edition of Hack In The Box Amsterdam.<\/p>\n

\"Rps20120524<\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

Andy starts by mentioning that success metrics are often measured based on the number of phone calls you get at night. \u00a0He continues by explaining a case where a very low-cost, low-tech solution was used to provide evidence to a jury in a murder case, because the CCTV system had a proprietary - and very buggy - player and they were concerned the player would skip the frames that contained the evidence, when played in court. \u00a0They simply made screenshots of every single frame, put it in a powerpoint, and printed it out.<\/p>\n

The Security Poverity Line refers to the fact that many organizations don't have enough resources to implement perceived basic security needs. \u00a0 \u00a0This often leads to the\u00a0\"I can't even do the barest minimum to cover my ass, so I'd better not do anything but cover my ass\" Security Substitence Syndrome. \u00a0 \u00a0The reality is, Andy explains, that with every step forward, the undone work increases risk and makes future steps harder.<\/p>\n

How to \"measure\" a security program ? \u00a0Andy explains that Value = Resources * Capabilities. \u00a0 Resources = time + money. \u00a0 Capabilities = skill * effort * effectiveness. The environment where people need to work in, the guidance they will receive, is fundamentally important for the effectiveness of those people. \u00a0 Just having people is not good enough, you'll need to use their capabilities in a good way. \u00a0 That also means they should get training or be able to attend conferences :). \u00a0 \u00a0In other words, if you have limited resources, you'll need to work on your capabilities and see what you can do with less.<\/p>\n

How much security is \"good enough\" ? Businesses are all about taking risk, so to answer this question you'll need to figure out how much risk you are willing to take. \u00a0Andy identifies various levels of security values and explains that anything below the \"Enough to fool the standard auditor\" is below the security poverty line.<\/p>\n

\"Rps20120524<\/p>\n

Usually, approaches below that line will probably decrease success over time, whereas other approaches might improve security. \u00a0Of course, adversaries are getting better too, Andy continues. He mentions HD Moore's law that suggests that \"the better Metasploit get, the better everyone gets\". \u00a0Andy uses the Low Orbit Ion Cannon tool as an example and explains that various versions were released and continue to get better. \u00a0Everybody can download this tool and use it. \u00a0 We might be using all of these tools for security, but adversaries can perfectly use the same tools for malicious purposes. \u00a0So if things are getting better for those people, companies need to find something to get better too.<\/p>\n

One approach, often employed by people below the poverty line, to make security value better is based on the set-point theory of risk tolerance. This technique is based on incident handling. \u00a0We think we're safe now, we'll fix issues when they happen, and we move on. \u00a0 In most cases, however, people don't really remove risk at that time. \u00a0 This approach is based on perceived risk and the human nature to create some stable equilibrium. \u00a0People will just accept the new level of risk, learn to live with it, and forget that things used to be better in the past. \u00a0 After all, the risk didn't just show up, it has been always there, so let's just increase the level we accept, absorb, and forget about. \u00a0It's a habit and becomes routine. \u00a0The actual risk is clearly higher than the perceived risk.<\/p>\n

A favorite technique employed by a lot of security companies is to scare businesses, try to make them believe risk is higher than what it really is. The only thing they do is increase the level of perceived risk, and not the actual risk. \u00a0 On top of that, there's a fair amount of security theatre. Vendors will try to sell things and claim it will decrease risk, while it only decreases perceived risk. \u00a0The often used technique is based on news articles. \u00a0 If a website in Azerbaijan gets DoS'ed, they'll try to sell you DDoS protection tools. \u00a0If a certain CEO loses some data, they'll try to sell you a full blown DLP solution.<\/p>\n

It's clear that, if you are below the poverty line and don't have big budgets, you may have to revert to using simple techniques. \u00a0As long as you do the right things and focus on the right things, some easy\/simple\/low cost solutions may decrease the real risk level.<\/p>\n

Security Awareness programs are often done wrong too, Andy continues. \u00a0 Auditors believe that if we just train employees with a basic security education, then of course we'll have no problems. \u00a0 A basic, standard security awareness program is put in place, based on a simple web-based automated tool, and some additional targeted training is added for certain cases. \u00a0 Basically, a tool shows a nice page, people have to click the \"I acknowledge\" button and information is stored in a database. When auditors show up, you can give them a printout of the database. \u00a0Of course, this has certain value, but the targeted training is what will make the difference. \u00a0 One of the things Akamai does is, when a targeted social engineering attack was discovered, employed via a phone call, a mail is sent out to all phone operators, with details about the attack.<\/p>\n

A lot of companies start using cloud based solutions, \u00a0basically allowing 3rd party companies to deal with your systems and data. \u00a0 In a typical process, the company defines requirements, evaluates vendors, selects a vendor and implements a solution. \u00a0To do things properly, you'll need to include security evaluation in the workflow, right from the start, and at every stage in the process.<\/p>\n

\"Rps20120524<\/p>\n

To sum things up, it's important to figure out what you can do what you CAN fix, instead of trying to fix all of the problems (or ignore they exist). \u00a0You will fail if you try to fix everything. \u00a0You will fail if you don't fix anything. \u00a0Pick a few targets and try to fix them without spending too much budget. \u00a0 If you do it right, you should be able to increase your security value over time. \u00a0Be creative.<\/p>\n

Slides : http:\/\/conference.hitb.org\/hitbsecconf2012ams\/materials\/KEYNOTE%201%20-%20Andy%20Ellis%20-%20Staying%20Ahead%20of%20the%20Security%20Poverty%20Line.pdf<\/a><\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

Introduction Good morning everyone, After spending a couple of hours on the train, picking up my HITB badge, meeting with some of the organizers and having a great evening hanging out with Steven Seeley, Roberto Suggi Liverani, Nicolas Gr\u00e9goire, Andy Ellis, Didier Stevens,\u00a0and some other folks, conference time has arrived. With the conference taking place … Continue reading \"HITB2012AMS Day 1 - Intro and Keynote\"<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[2250],"tags":[2775,2128,261],"class_list":["post-9177","post","type-post","status-publish","format-standard","hentry","category-cons-seminars","tag-hitb","tag-immunity-debugger","tag-corelan"],"yoast_head":"\nHITB2012AMS Day 1 - Intro and Keynote - Corelan | Exploit Development & Vulnerability Research<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.corelan.be\/index.php\/2012\/05\/24\/hitb2012ams-day-1-intro-and-keynote\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"HITB2012AMS Day 1 - Intro and Keynote - Corelan | Exploit Development & Vulnerability Research\" \/>\n<meta property=\"og:description\" content=\"Introduction Good morning everyone, After spending a couple of hours on the train, picking up my HITB badge, meeting with some of the organizers and having a great evening hanging out with Steven Seeley, Roberto Suggi Liverani, Nicolas Gr\u00e9goire, Andy Ellis, Didier Stevens,\u00a0and some other folks, conference time has arrived. With the conference taking place … Continue reading "HITB2012AMS Day 1 - Intro and Keynote"\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.corelan.be\/index.php\/2012\/05\/24\/hitb2012ams-day-1-intro-and-keynote\/\" \/>\n<meta property=\"og:site_name\" content=\"Corelan | Exploit Development & Vulnerability Research\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/corelanconsulting\" \/>\n<meta property=\"article:published_time\" content=\"2012-05-24T07:57:32+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.corelan.be\/wp-content\/uploads\/2012\/05\/rps20120524_020305_458.jpg\" \/>\n<meta name=\"author\" content=\"corelanc0d3r\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@corelanc0d3r\" \/>\n<meta name=\"twitter:site\" content=\"@corelanc0d3r\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"TechArticle\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2012\\\/05\\\/24\\\/hitb2012ams-day-1-intro-and-keynote\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2012\\\/05\\\/24\\\/hitb2012ams-day-1-intro-and-keynote\\\/\"},\"author\":{\"name\":\"corelanc0d3r\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/person\\\/3be5542b9b0a0787893db83a5ad68e8f\"},\"headline\":\"HITB2012AMS Day 1 - Intro and Keynote\",\"datePublished\":\"2012-05-24T07:57:32+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2012\\\/05\\\/24\\\/hitb2012ams-day-1-intro-and-keynote\\\/\"},\"wordCount\":1336,\"publisher\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2012\\\/05\\\/24\\\/hitb2012ams-day-1-intro-and-keynote\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.corelan.be\\\/wp-content\\\/uploads\\\/2012\\\/05\\\/rps20120524_020305_458.jpg\",\"keywords\":[\"hitb\",\"immunity debugger\",\"corelan\"],\"articleSection\":[\"Cons and Seminars\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2012\\\/05\\\/24\\\/hitb2012ams-day-1-intro-and-keynote\\\/\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2012\\\/05\\\/24\\\/hitb2012ams-day-1-intro-and-keynote\\\/\",\"name\":\"HITB2012AMS Day 1 - Intro and Keynote - Corelan | Exploit Development & Vulnerability Research\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2012\\\/05\\\/24\\\/hitb2012ams-day-1-intro-and-keynote\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2012\\\/05\\\/24\\\/hitb2012ams-day-1-intro-and-keynote\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.corelan.be\\\/wp-content\\\/uploads\\\/2012\\\/05\\\/rps20120524_020305_458.jpg\",\"datePublished\":\"2012-05-24T07:57:32+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2012\\\/05\\\/24\\\/hitb2012ams-day-1-intro-and-keynote\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2012\\\/05\\\/24\\\/hitb2012ams-day-1-intro-and-keynote\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2012\\\/05\\\/24\\\/hitb2012ams-day-1-intro-and-keynote\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/wp-content\\\/uploads\\\/2012\\\/05\\\/rps20120524_020305_458.jpg\",\"contentUrl\":\"https:\\\/\\\/www.corelan.be\\\/wp-content\\\/uploads\\\/2012\\\/05\\\/rps20120524_020305_458.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2012\\\/05\\\/24\\\/hitb2012ams-day-1-intro-and-keynote\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.corelan.be\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"HITB2012AMS Day 1 – Intro and Keynote\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#website\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/\",\"name\":\"Corelan CyberSecurity Research\",\"description\":\"Corelan publishes in-depth tutorials on exploit development, Windows exploitation, vulnerability research, heap internals, reverse engineering and security tooling used by professionals worldwide.\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.corelan.be\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#organization\",\"name\":\"Corelan CyberSecurity Research\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/corelanlogo2_small-20.png\",\"contentUrl\":\"https:\\\/\\\/www.corelan.be\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/corelanlogo2_small-20.png\",\"width\":200,\"height\":200,\"caption\":\"Corelan CyberSecurity Research\"},\"image\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/corelanconsulting\",\"https:\\\/\\\/x.com\\\/corelanc0d3r\",\"https:\\\/\\\/x.com\\\/corelanconsulting\",\"https:\\\/\\\/instagram.com\\\/corelanconsult\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/person\\\/3be5542b9b0a0787893db83a5ad68e8f\",\"name\":\"corelanc0d3r\",\"pronouns\":\"he\\\/him\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x\",\"caption\":\"corelanc0d3r\"},\"description\":\"Peter Van Eeckhoutte is the founder of Corelan and a globally recognized expert in exploit development and vulnerability research. With over two decades in IT security, he built Corelan into a respected platform for deep technical research, hands-on training, and knowledge sharing. Known for his influential exploit development tutorials, tools, and real-world training, Peter combines a strong research mindset with a passion for education\u2014helping security professionals understand not just how exploits work, but why.\",\"sameAs\":[\"https:\\\/\\\/www.corelan-training.com\",\"https:\\\/\\\/instagram.com\\\/corelanc0d3r\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/petervaneeckhoutte\\\/\",\"https:\\\/\\\/x.com\\\/corelanc0d3r\"],\"url\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/author\\\/admin0\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"HITB2012AMS Day 1 - Intro and Keynote - Corelan | Exploit Development & Vulnerability Research","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.corelan.be\/index.php\/2012\/05\/24\/hitb2012ams-day-1-intro-and-keynote\/","og_locale":"en_US","og_type":"article","og_title":"HITB2012AMS Day 1 - Intro and Keynote - Corelan | Exploit Development & Vulnerability Research","og_description":"Introduction Good morning everyone, After spending a couple of hours on the train, picking up my HITB badge, meeting with some of the organizers and having a great evening hanging out with Steven Seeley, Roberto Suggi Liverani, Nicolas Gr\u00e9goire, Andy Ellis, Didier Stevens,\u00a0and some other folks, conference time has arrived. With the conference taking place … Continue reading \"HITB2012AMS Day 1 - Intro and Keynote\"","og_url":"https:\/\/www.corelan.be\/index.php\/2012\/05\/24\/hitb2012ams-day-1-intro-and-keynote\/","og_site_name":"Corelan | Exploit Development & Vulnerability Research","article_publisher":"https:\/\/www.facebook.com\/corelanconsulting","article_published_time":"2012-05-24T07:57:32+00:00","og_image":[{"url":"https:\/\/www.corelan.be\/wp-content\/uploads\/2012\/05\/rps20120524_020305_458.jpg","type":"","width":"","height":""}],"author":"corelanc0d3r","twitter_card":"summary_large_image","twitter_creator":"@corelanc0d3r","twitter_site":"@corelanc0d3r","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"TechArticle","@id":"https:\/\/www.corelan.be\/index.php\/2012\/05\/24\/hitb2012ams-day-1-intro-and-keynote\/#article","isPartOf":{"@id":"https:\/\/www.corelan.be\/index.php\/2012\/05\/24\/hitb2012ams-day-1-intro-and-keynote\/"},"author":{"name":"corelanc0d3r","@id":"https:\/\/www.corelan.be\/#\/schema\/person\/3be5542b9b0a0787893db83a5ad68e8f"},"headline":"HITB2012AMS Day 1 - Intro and Keynote","datePublished":"2012-05-24T07:57:32+00:00","mainEntityOfPage":{"@id":"https:\/\/www.corelan.be\/index.php\/2012\/05\/24\/hitb2012ams-day-1-intro-and-keynote\/"},"wordCount":1336,"publisher":{"@id":"https:\/\/www.corelan.be\/#organization"},"image":{"@id":"https:\/\/www.corelan.be\/index.php\/2012\/05\/24\/hitb2012ams-day-1-intro-and-keynote\/#primaryimage"},"thumbnailUrl":"https:\/\/www.corelan.be\/wp-content\/uploads\/2012\/05\/rps20120524_020305_458.jpg","keywords":["hitb","immunity debugger","corelan"],"articleSection":["Cons and Seminars"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.corelan.be\/index.php\/2012\/05\/24\/hitb2012ams-day-1-intro-and-keynote\/","url":"https:\/\/www.corelan.be\/index.php\/2012\/05\/24\/hitb2012ams-day-1-intro-and-keynote\/","name":"HITB2012AMS Day 1 - Intro and Keynote - Corelan | Exploit Development & Vulnerability Research","isPartOf":{"@id":"https:\/\/www.corelan.be\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.corelan.be\/index.php\/2012\/05\/24\/hitb2012ams-day-1-intro-and-keynote\/#primaryimage"},"image":{"@id":"https:\/\/www.corelan.be\/index.php\/2012\/05\/24\/hitb2012ams-day-1-intro-and-keynote\/#primaryimage"},"thumbnailUrl":"https:\/\/www.corelan.be\/wp-content\/uploads\/2012\/05\/rps20120524_020305_458.jpg","datePublished":"2012-05-24T07:57:32+00:00","breadcrumb":{"@id":"https:\/\/www.corelan.be\/index.php\/2012\/05\/24\/hitb2012ams-day-1-intro-and-keynote\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.corelan.be\/index.php\/2012\/05\/24\/hitb2012ams-day-1-intro-and-keynote\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.corelan.be\/index.php\/2012\/05\/24\/hitb2012ams-day-1-intro-and-keynote\/#primaryimage","url":"https:\/\/www.corelan.be\/wp-content\/uploads\/2012\/05\/rps20120524_020305_458.jpg","contentUrl":"https:\/\/www.corelan.be\/wp-content\/uploads\/2012\/05\/rps20120524_020305_458.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.corelan.be\/index.php\/2012\/05\/24\/hitb2012ams-day-1-intro-and-keynote\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.corelan.be\/"},{"@type":"ListItem","position":2,"name":"HITB2012AMS Day 1 – Intro and Keynote"}]},{"@type":"WebSite","@id":"https:\/\/www.corelan.be\/#website","url":"https:\/\/www.corelan.be\/","name":"Corelan CyberSecurity Research","description":"Corelan publishes in-depth tutorials on exploit development, Windows exploitation, vulnerability research, heap internals, reverse engineering and security tooling used by professionals worldwide.","publisher":{"@id":"https:\/\/www.corelan.be\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.corelan.be\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.corelan.be\/#organization","name":"Corelan CyberSecurity Research","url":"https:\/\/www.corelan.be\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.corelan.be\/#\/schema\/logo\/image\/","url":"https:\/\/www.corelan.be\/wp-content\/uploads\/2026\/03\/corelanlogo2_small-20.png","contentUrl":"https:\/\/www.corelan.be\/wp-content\/uploads\/2026\/03\/corelanlogo2_small-20.png","width":200,"height":200,"caption":"Corelan CyberSecurity Research"},"image":{"@id":"https:\/\/www.corelan.be\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/corelanconsulting","https:\/\/x.com\/corelanc0d3r","https:\/\/x.com\/corelanconsulting","https:\/\/instagram.com\/corelanconsult"]},{"@type":"Person","@id":"https:\/\/www.corelan.be\/#\/schema\/person\/3be5542b9b0a0787893db83a5ad68e8f","name":"corelanc0d3r","pronouns":"he\/him","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x","url":"https:\/\/secure.gravatar.com\/avatar\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x","caption":"corelanc0d3r"},"description":"Peter Van Eeckhoutte is the founder of Corelan and a globally recognized expert in exploit development and vulnerability research. With over two decades in IT security, he built Corelan into a respected platform for deep technical research, hands-on training, and knowledge sharing. Known for his influential exploit development tutorials, tools, and real-world training, Peter combines a strong research mindset with a passion for education\u2014helping security professionals understand not just how exploits work, but why.","sameAs":["https:\/\/www.corelan-training.com","https:\/\/instagram.com\/corelanc0d3r","https:\/\/www.linkedin.com\/in\/petervaneeckhoutte\/","https:\/\/x.com\/corelanc0d3r"],"url":"https:\/\/www.corelan.be\/index.php\/author\/admin0\/"}]}},"views":2226,"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/posts\/9177","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/comments?post=9177"}],"version-history":[{"count":0,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/posts\/9177\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/media?parent=9177"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/categories?post=9177"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/tags?post=9177"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}