YoVDO

The Info Leak Era on Software Exploitation

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Object-oriented programming Courses Software Security Courses Heap Overflows Courses Software Vulnerabilities Courses Stack Overflows Courses

Course Description

Overview

Explore advanced software exploitation techniques in this Black Hat USA 2012 conference talk. Delve into the era of information leaks and their impact on defeating Address Space Layout Randomization (ASLR). Learn why ASLR is crucial for preventing reliable exploitation and how other mitigations fall short without it. Discover various methods for converting vulnerabilities into information leaks, including partial stack overflows, heap overflows with heap massaging, and object manipulation through non-virtual calls. Examine real-world examples, such as CVE-2012-0769, and understand how to transform information leaks into Universal Cross-Site Scripting (UXSS) attacks. Gain insights into continuous distribution, element creation, and object reclamation techniques. Enhance your understanding of software security and exploitation strategies through this comprehensive presentation.

Syllabus

Introduction
Info Leaks
What is an Info Leak
Techniques
Continuous Distribution
Creating an Element
Reclaiming an Object
Converting Vulnerabilities
Stack Overflows
Partial Overflows
JavaScript String
Nonmetal Methods
This is not an info leak
CV
Bitmap
User Data
Base of dll
Final notes
Questions


Taught by

Black Hat

Related Courses

Pattern-Oriented Software Architectures: Programming Mobile Services for Android Handheld Systems
Vanderbilt University via Coursera Engineering Maintainable Android Apps
Vanderbilt University via Coursera Software Design as an Element of the Software Development Lifecycle
University of Colorado System via Coursera Secure Software Development
Pluralsight Secure Software Concepts for CSSLPĀ®
Pluralsight