Marion Marschalek

Malware Analyst at Cyphort Inc.

Marion Marschalek works at Cyphort Inc. Santa Clara, California as Malware Analyst and Threat Researcher. Also she teaches basics of malware analysis at University of Applied Sciences St. Pölten and writes articles for security magazines. She has spoken at international conferences such as Defcon Las Vegas, RSA San Francisco and POC Seoul.
In March last year she won the Female Reverse Engineering Challenge 2013, organized by RE professional Halvar Flake.

Presentation: What happens in Windows 8 stays in Windows 8

Systems evolve over time, patches are applied, holes are fixed, new features are added. Windows 10 is the new flagship product of Microsoft, and as prepared as it can be for a world of white-, grey- and black-hat hackers. System components underlie a tough vulnerability assessment process and are updated frequently to sort out security problems even before they arise. But just too often it happens that these clever fixes are not applied globally to all components, but just to the newest version of a library. Now we want to make use of exactly that fact to uncover potential vulnerabilities.

What we aim for are the forgotten treasures in Windows 8 libraries, holes that got fixed for the bigger brother at some point – but stay unfixed in Windows 8 until today. We will present a tool that makes it easy to spot these forgotten vulnerabilities. We can keep track of different versions of libraries of different operating systems and
automate the analysis process of a big file set. The focus lies on safe functions, which indicate a potential weakness when missing. The tool we show is flexible and extendible to integrate new features, adapt it to different database backends or generate new views on the data to analyse.

Presentation @DefCamp 2014