Chop Suey - An Exceptional Dish With A Side Of Buffer Overflows

Explore the intricacies of exception handling and buffer overflows in this 46-minute conference talk from nullcon. Delve into a year-long investigation of exploit primitives, their presence in real-world software, and the development of new exploits for existing vulnerabilities. Follow the speakers' journey as they uncover a novel exploitation technique while examining the path of exceptions from throw to catch handler. Gain insights into the SIGSEGV handler, root cause analysis, and the process of refining proof-of-concepts. Learn about the systematic approach to generalizing findings and their real-world implications. Discover how the speakers identified vulnerabilities in actual software and constructed exploits. Understand the disclosure process and responses received. Conclude with a Q&A session to address audience inquiries and further discuss the presented concepts.

Intro
On the Menu tonight
The SIGSEGV handler
Root cause analysis
What happened?
Refined PoC (easy)
Paper Plan
Generalization
Systematization
Does this actually affect real software
Finding a real-world vulnerability
Building the first exploit
The Reviews (excerpt/paraphrased)
Disclosure
Responses
Questions? Answers!