Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, September 18 • 10:30am - 11:15am
Use After Free Exploitation

Sign up or log in to save this to your schedule and see who's attending!

Use After Free vulnerabilities are the cause of a large number of web browser and client-side compromises. Software bugs residing on the heap can be difficult to detect through standard debugging and QA. This presentation will first define the Use After Free vulnerability class, and then dive deep into detecting the bug in a debugger and weaponizing it into a working exploit against Internet Explorer. We will also cover the concept of memory leaks which can allow for a complete Address Space Layout Randomization (ASLR) bypass.

Speakers
SS

Stephen Sims

Consultant
Stephen Sims is an industry expert with over 15 years of experience in information technology and security. Stephen currently works out of San Francisco as a consultant performing reverse engineering, exploit development, threat modeling, and penetration testing. Stephen has an MS in information assurance from Norwich University and is a course author and senior instructor for the SANS Institute. He is the author of SANS’ only... Read More →


Thursday September 18, 2014 10:30am - 11:15am
Colorado Ballroom F [Breakers] Denver Marriott City Center