Jarno Niemela F-Secure
download slides (PDF)
There are a lot of different hardening and best practice guides available which tell how operating system and applications should be hardened against attacks.
However, as anyone who has worked with corporate security knows, implementing hardening at corporate level is a rather expensive operation - and thus there is significant resistance to applying any measures that fall outside of standards and what is already known to work.
This research paper investigates different exploits used during 2012 and early 2013 and identifies which defensive measures would have been effective in blocking them, thus giving guidance as to which defensive measures should be applied first as they provide as wide a coverage as possible.
VB2013 takes place 2-4 October 2013 in Berlin, Germany.
The full programme for VB2013, including abstracts for each paper, can be viewed here.