Anatomy of an Arbitrary Code Execution Exploit
When: Tue December 09, 2014 07:30 PM to 09:00 PM
Speaker: Allan Cecil
Location: O'Reilly Media
This talk is all about dissecting exactly what happens when a program stops doing what the designers designed it to do and starts doing what an attacker (or in this case, the presenter) wants it to do. I’ll cover using a virtual machine environment of a simple system under Linux to step through all phases of an arbitrary code execution (ACE) exploit, including corrupting a data structure, out-of-bounds memory manipulation, pointer manipulation, and ultimately execution of arbitrary code. I’ll be demonstrating memory viewer and disassembly tools to show the exact instructions being processed as they happen.
The simple system in question? A Zilog Z80 processor, running inside of a Super Game Boy. Come for the dissection, stay for some entertaining abuse of a live SNES console. This will largely be a no slides, full demo presentation and should have something of interest for everyone. See you there!