Loading…
Back To Schedule
Thursday, September 18 • 10:30am - 11:15am
Use After Free Exploitation

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Use After Free vulnerabilities are the cause of a large number of web browser and client-side compromises. Software bugs residing on the heap can be difficult to detect through standard debugging and QA. This presentation will first define the Use After Free vulnerability class, and then dive deep into detecting the bug in a debugger and weaponizing it into a working exploit against Internet Explorer. We will also cover the concept of memory leaks which can allow for a complete Address Space Layout Randomization (ASLR) bypass.

Speakers
SS

Stephen Sims

Consultant
Stephen Sims is an industry expert with over 15 years of experience in information technology and security. Stephen currently works out of San Francisco as a consultant performing reverse engineering, exploit development, threat modeling, and penetration testing. Stephen has an... Read More →


Thursday September 18, 2014 10:30am - 11:15am MDT
Colorado Ballroom F [Breakers] Denver Marriott City Center